| OLD | NEW |
|---|
| (Empty) | |
| 1 # Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 # Use of this source code is governed by a BSD-style license that can be |
| 3 # found in the LICENSE file. |
| 4 |
| 5 import("//build/config/features.gni") |
| 6 |
| 7 declare_args() { |
| 8 compile_suid_client = is_linux |
| 9 |
| 10 compile_credentials = is_linux |
| 11 |
| 12 compile_seccomp_bpf_demo = |
| 13 (is_linux && (cpu_arch == "x86" || cpu_arch == "x64")) |
| 14 } |
| 15 |
| 16 # We have two principal targets: sandbox and sandbox_linux_unittests |
| 17 # All other targets are listed as dependencies. |
| 18 # There is one notable exception: for historical reasons, chrome_sandbox is |
| 19 # the setuid sandbox and is its own target. |
| 20 |
| 21 group("sandbox") { |
| 22 deps = [ |
| 23 ":sandbox_services", |
| 24 ] |
| 25 |
| 26 if (compile_suid_client) { |
| 27 deps += [ ":suid_sandbox_client" ] |
| 28 } |
| 29 if (use_seccomp_bpf) { |
| 30 deps += [ |
| 31 ":seccomp_bpf", |
| 32 ":seccomp_bpf_helpers", |
| 33 ] |
| 34 } |
| 35 } |
| 36 |
| 37 source_set("sandbox_linux_test_utils") { |
| 38 testonly = true |
| 39 sources = [ |
| 40 "tests/sandbox_test_runner.cc", |
| 41 "tests/sandbox_test_runner.h", |
| 42 "tests/sandbox_test_runner_function_pointer.cc", |
| 43 "tests/sandbox_test_runner_function_pointer.h", |
| 44 "tests/test_utils.cc", |
| 45 "tests/test_utils.h", |
| 46 "tests/unit_tests.cc", |
| 47 "tests/unit_tests.h", |
| 48 ] |
| 49 |
| 50 deps = [ |
| 51 "//testing/gtest", |
| 52 ] |
| 53 |
| 54 if (use_seccomp_bpf) { |
| 55 sources += [ |
| 56 "seccomp-bpf/bpf_tester_compatibility_delegate.h", |
| 57 "seccomp-bpf/bpf_tests.h", |
| 58 "seccomp-bpf/sandbox_bpf_test_runner.cc", |
| 59 "seccomp-bpf/sandbox_bpf_test_runner.h", |
| 60 ] |
| 61 deps += [ |
| 62 ":seccomp_bpf", |
| 63 ] |
| 64 } |
| 65 } |
| 66 |
| 67 # The main sandboxing test target. |
| 68 test("sandbox_linux_unittests") { |
| 69 sources = [ |
| 70 "services/broker_process_unittest.cc", |
| 71 "services/scoped_process_unittest.cc", |
| 72 "services/thread_helpers_unittests.cc", |
| 73 "services/yama_unittests.cc", |
| 74 "tests/main.cc", |
| 75 "tests/scoped_temporary_file.cc", |
| 76 "tests/scoped_temporary_file.h", |
| 77 "tests/scoped_temporary_file_unittest.cc", |
| 78 "tests/unit_tests_unittest.cc", |
| 79 ] |
| 80 |
| 81 deps = [ |
| 82 ":sandbox", |
| 83 ":sandbox_linux_test_utils", |
| 84 "//base", |
| 85 "//base/test:test_support", |
| 86 "//testing/gtest", |
| 87 ] |
| 88 |
| 89 if (is_linux) { |
| 90 # Don't use this on Android. |
| 91 libs = [ "rt" ] |
| 92 } |
| 93 |
| 94 if (compile_suid_client) { |
| 95 sources += [ |
| 96 "suid/client/setuid_sandbox_client_unittest.cc", |
| 97 ] |
| 98 } |
| 99 if (use_seccomp_bpf) { |
| 100 sources += [ |
| 101 "bpf_dsl/bpf_dsl_more_unittest.cc", |
| 102 "bpf_dsl/bpf_dsl_unittest.cc", |
| 103 "bpf_dsl/cons_unittest.cc", |
| 104 "seccomp-bpf-helpers/baseline_policy_unittest.cc", |
| 105 "seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc", |
| 106 "seccomp-bpf/bpf_tests_unittest.cc", |
| 107 "seccomp-bpf/codegen_unittest.cc", |
| 108 "seccomp-bpf/errorcode_unittest.cc", |
| 109 "seccomp-bpf/syscall_iterator_unittest.cc", |
| 110 "seccomp-bpf/syscall_unittest.cc", |
| 111 ] |
| 112 } |
| 113 if (compile_credentials) { |
| 114 sources += [ |
| 115 "services/credentials_unittest.cc", |
| 116 "services/unix_domain_socket_unittest.cc", |
| 117 ] |
| 118 } |
| 119 } |
| 120 |
| 121 # TODO(GYP) Android version of this test. |
| 122 # { |
| 123 # # This target is the shared library used by Android APK (i.e. |
| 124 # # JNI-friendly) tests. |
| 125 # "target_name": "sandbox_linux_jni_unittests", |
| 126 # "includes": [ |
| 127 # "sandbox_linux_test_sources.gypi", |
| 128 # ], |
| 129 # "type": "shared_library", |
| 130 # "conditions": [ |
| 131 # [ "OS == "android"", { |
| 132 # "dependencies": [ |
| 133 # "../testing/android/native_test.gyp:native_test_native_code", |
| 134 # ], |
| 135 # }], |
| 136 # ], |
| 137 # }, |
| 138 |
| 139 component("seccomp_bpf") { |
| 140 sources = [ |
| 141 "bpf_dsl/bpf_dsl.cc", |
| 142 "bpf_dsl/bpf_dsl.h", |
| 143 "bpf_dsl/bpf_dsl_impl.h", |
| 144 "bpf_dsl/cons.h", |
| 145 "bpf_dsl/policy_compiler.cc", |
| 146 "bpf_dsl/policy_compiler.h", |
| 147 "bpf_dsl/trap_registry.h", |
| 148 "seccomp-bpf/basicblock.cc", |
| 149 "seccomp-bpf/basicblock.h", |
| 150 "seccomp-bpf/codegen.cc", |
| 151 "seccomp-bpf/codegen.h", |
| 152 "seccomp-bpf/die.cc", |
| 153 "seccomp-bpf/die.h", |
| 154 "seccomp-bpf/errorcode.cc", |
| 155 "seccomp-bpf/errorcode.h", |
| 156 "seccomp-bpf/instruction.h", |
| 157 "seccomp-bpf/linux_seccomp.h", |
| 158 "seccomp-bpf/sandbox_bpf.cc", |
| 159 "seccomp-bpf/sandbox_bpf.h", |
| 160 "seccomp-bpf/syscall.cc", |
| 161 "seccomp-bpf/syscall.h", |
| 162 "seccomp-bpf/syscall_iterator.cc", |
| 163 "seccomp-bpf/syscall_iterator.h", |
| 164 "seccomp-bpf/trap.cc", |
| 165 "seccomp-bpf/trap.h", |
| 166 "seccomp-bpf/verifier.cc", |
| 167 "seccomp-bpf/verifier.h", |
| 168 ] |
| 169 defines = [ "SANDBOX_IMPLEMENTATION" ] |
| 170 |
| 171 deps = [ |
| 172 ":sandbox_services_headers", |
| 173 "//base", |
| 174 ] |
| 175 } |
| 176 |
| 177 component("seccomp_bpf_helpers") { |
| 178 sources = [ |
| 179 "seccomp-bpf-helpers/baseline_policy.cc", |
| 180 "seccomp-bpf-helpers/baseline_policy.h", |
| 181 "seccomp-bpf-helpers/sigsys_handlers.cc", |
| 182 "seccomp-bpf-helpers/sigsys_handlers.h", |
| 183 "seccomp-bpf-helpers/syscall_parameters_restrictions.cc", |
| 184 "seccomp-bpf-helpers/syscall_parameters_restrictions.h", |
| 185 "seccomp-bpf-helpers/syscall_sets.cc", |
| 186 "seccomp-bpf-helpers/syscall_sets.h", |
| 187 ] |
| 188 defines = [ "SANDBOX_IMPLEMENTATION" ] |
| 189 |
| 190 deps = [ |
| 191 "//base", |
| 192 ":seccomp_bpf", |
| 193 ] |
| 194 } |
| 195 |
| 196 if (is_linux) { |
| 197 # The setuid sandbox for Linux. |
| 198 executable("chrome_sandbox") { |
| 199 sources = [ |
| 200 "suid/common/sandbox.h", |
| 201 "suid/common/suid_unsafe_environment_variables.h", |
| 202 "suid/process_util.h", |
| 203 "suid/process_util_linux.c", |
| 204 "suid/sandbox.c", |
| 205 ] |
| 206 |
| 207 cflags = [ |
| 208 # For ULLONG_MAX |
| 209 "-std=gnu99", |
| 210 # These files have a suspicious comparison. |
| 211 # TODO fix this and re-enable this warning. |
| 212 "-Wno-sign-compare", |
| 213 ] |
| 214 } |
| 215 } |
| 216 |
| 217 component("sandbox_services") { |
| 218 sources = [ |
| 219 "services/broker_process.cc", |
| 220 "services/broker_process.h", |
| 221 "services/init_process_reaper.cc", |
| 222 "services/init_process_reaper.h", |
| 223 "services/scoped_process.cc", |
| 224 "services/scoped_process.h", |
| 225 "services/thread_helpers.cc", |
| 226 "services/thread_helpers.h", |
| 227 "services/yama.h", |
| 228 "services/yama.cc", |
| 229 ] |
| 230 |
| 231 defines = [ "SANDBOX_IMPLEMENTATION" ] |
| 232 |
| 233 if (compile_credentials) { |
| 234 sources += [ |
| 235 "services/credentials.cc", |
| 236 "services/credentials.h", |
| 237 ] |
| 238 # For capabilities.cc. |
| 239 configs += [ "//build/config/linux:libcap" ] |
| 240 } |
| 241 |
| 242 deps = [ |
| 243 "//base", |
| 244 ] |
| 245 } |
| 246 |
| 247 source_set("sandbox_services_headers") { |
| 248 sources = [ |
| 249 "services/android_arm_ucontext.h", |
| 250 "services/android_arm64_ucontext.h", |
| 251 "services/android_futex.h", |
| 252 "services/android_ucontext.h", |
| 253 "services/android_i386_ucontext.h", |
| 254 "services/arm_linux_syscalls.h", |
| 255 "services/arm64_linux_syscalls.h", |
| 256 "services/linux_syscalls.h", |
| 257 "services/x86_32_linux_syscalls.h", |
| 258 "services/x86_64_linux_syscalls.h", |
| 259 ] |
| 260 } |
| 261 |
| 262 # We make this its own target so that it does not interfere with our tests. |
| 263 source_set("libc_urandom_override") { |
| 264 sources = [ |
| 265 "services/libc_urandom_override.cc", |
| 266 "services/libc_urandom_override.h", |
| 267 ] |
| 268 deps = [ |
| 269 "//base", |
| 270 ] |
| 271 } |
| 272 |
| 273 if (compile_suid_client) { |
| 274 component("suid_sandbox_client") { |
| 275 sources = [ |
| 276 "suid/common/sandbox.h", |
| 277 "suid/common/suid_unsafe_environment_variables.h", |
| 278 "suid/client/setuid_sandbox_client.cc", |
| 279 "suid/client/setuid_sandbox_client.h", |
| 280 ] |
| 281 defines = [ "SANDBOX_IMPLEMENTATION" ] |
| 282 |
| 283 deps = [ |
| 284 ":sandbox_services", |
| 285 "//base", |
| 286 ] |
| 287 } |
| 288 } |
| 289 |
| 290 if (is_android) { |
| 291 # TODO(GYP) enable this. Needs an android_strip wrapper python script. |
| 292 #action("sandbox_linux_unittests_stripped") { |
| 293 # script = "android_stip.py" |
| 294 # |
| 295 # in_file = "$root_out_dir/sandbox_linux_unittests" |
| 296 # |
| 297 # out_file = "$root_out_dir/sandbox_linux_unittests_stripped" |
| 298 # outputs = [ out_file ] |
| 299 # |
| 300 # args = [ |
| 301 # rebase_path(in_file, root_build_dir), |
| 302 # "-o", rebase_path(out_file, root_build_dir), |
| 303 # ] |
| 304 # |
| 305 # deps = [ |
| 306 # ":sandbox_linux_unittests", |
| 307 # ] |
| 308 #} |
| 309 |
| 310 # TODO(GYP) convert this. |
| 311 # { |
| 312 # 'target_name': 'sandbox_linux_jni_unittests_apk', |
| 313 # 'type': 'none', |
| 314 # 'variables': { |
| 315 # 'test_suite_name': 'sandbox_linux_jni_unittests', |
| 316 # }, |
| 317 # 'dependencies': [ |
| 318 # 'sandbox_linux_jni_unittests', |
| 319 # ], |
| 320 # 'includes': [ '../../build/apk_test.gypi' ], |
| 321 # } |
| 322 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 670183003:
Update from chromium 62675d9fb31fb8cedc40f68e78e8445a74f362e7 (Closed)
Base URL: git@github.com:domokit/mojo.git@master