1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 # Use of this source code is governed by a BSD-style license that can be 3 # found in the LICENSE file. 4 5 { 6 'variables': { 7 'conditions': [ 8 ['OS=="linux"', { 9 'compile_suid_client': 1, 10 'compile_credentials': 1, 11 }, { 12 'compile_suid_client': 0, 13 'compile_credentials': 0, 14 }], 15 ['((OS=="linux" or OS=="android") and ' 16 '(target_arch=="ia32" or target_arch=="x64" or ' 17 'target_arch=="arm"))', { 18 'compile_seccomp_bpf': 1, 19 }, { 20 'compile_seccomp_bpf': 0, 21 }], 22 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64")', { 23 'compile_seccomp_bpf_demo': 1, 24 }, { 25 'compile_seccomp_bpf_demo': 0, 26 }], 27 ], 28 }, 29 'target_defaults': { 30 'target_conditions': [ 31 # All linux/ files will automatically be excluded on Android 32 # so make sure we re-include them explicitly. 33 ['OS == "android"', { 34 'sources/': [ 35 ['include', '^linux/'], 36 ], 37 }], 38 ], 39 }, 40 'targets': [ 41 # We have two principal targets: sandbox and sandbox_linux_unittests 42 # All other targets are listed as dependencies. 43 # FIXME(jln): for historial reasons, sandbox_linux is the setuid sandbox 44 # and is its own target. 45 { 46 'target_name': 'sandbox', 47 'type': 'none', 48 'dependencies': [ 49 'sandbox_services', 50 ], 51 'conditions': [ 52 [ 'compile_suid_client==1', { 53 'dependencies': [ 54 'suid_sandbox_client', 55 ], 56 }], 57 # Compile seccomp BPF when we support it. 58 [ 'compile_seccomp_bpf==1', { 59 'dependencies': [ 60 'seccomp_bpf', 61 'seccomp_bpf_helpers', 62 ], 63 }], 64 ], 65 }, 66 { 67 # The main sandboxing test target. 68 'target_name': 'sandbox_linux_unittests', 69 'includes': [ 70 'sandbox_linux_test_sources.gypi', 71 ], 72 'type': 'executable', 73 }, 74 { 75 # This target is the shared library used by Android APK (i.e. 76 # JNI-friendly) tests. 77 'target_name': 'sandbox_linux_jni_unittests', 78 'includes': [ 79 'sandbox_linux_test_sources.gypi', 80 ], 81 'type': 'shared_library', 82 'conditions': [ 83 [ 'OS == "android" and gtest_target_type == "shared_library"', { 84 'dependencies': [ 85 '../testing/android/native_test.gyp:native_test_native_code', 86 ], 87 'ldflags!': [ 88 # Remove warnings about text relocations, to prevent build 89 # failure. 90 '-Wl,--warn-shared-textrel' 91 ], 92 }], 93 ], 94 }, 95 { 96 'target_name': 'seccomp_bpf', 97 'type': 'static_library', 98 'sources': [ 99 'seccomp-bpf/basicblock.cc', 100 'seccomp-bpf/basicblock.h', 101 'seccomp-bpf/codegen.cc', 102 'seccomp-bpf/codegen.h', 103 'seccomp-bpf/die.cc', 104 'seccomp-bpf/die.h', 105 'seccomp-bpf/errorcode.cc', 106 'seccomp-bpf/errorcode.h', 107 'seccomp-bpf/instruction.h', 108 'seccomp-bpf/linux_seccomp.h', 109 'seccomp-bpf/sandbox_bpf.cc', 110 'seccomp-bpf/sandbox_bpf.h', 111 'seccomp-bpf/sandbox_bpf_policy.h', 112 'seccomp-bpf/syscall.cc', 113 'seccomp-bpf/syscall.h', 114 'seccomp-bpf/syscall_iterator.cc', 115 'seccomp-bpf/syscall_iterator.h', 116 'seccomp-bpf/trap.cc', 117 'seccomp-bpf/trap.h', 118 'seccomp-bpf/verifier.cc', 119 'seccomp-bpf/verifier.h', 120 ], 121 'dependencies': [ 122 '../base/base.gyp:base', 123 'sandbox_services_headers', 124 ], 125 'include_dirs': [ 126 '../..', 127 ], 128 }, 129 { 130 'target_name': 'seccomp_bpf_helpers', 131 'type': 'static_library', 132 'sources': [ 133 'seccomp-bpf-helpers/baseline_policy.cc', 134 'seccomp-bpf-helpers/baseline_policy.h', 135 'seccomp-bpf-helpers/sigsys_handlers.cc', 136 'seccomp-bpf-helpers/sigsys_handlers.h', 137 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc', 138 'seccomp-bpf-helpers/syscall_parameters_restrictions.h', 139 'seccomp-bpf-helpers/syscall_sets.cc', 140 'seccomp-bpf-helpers/syscall_sets.h', 141 ], 142 'dependencies': [ 143 ], 144 'include_dirs': [ 145 '../..', 146 ], 147 }, 148 { 149 # A demonstration program for the seccomp-bpf sandbox. 150 'target_name': 'seccomp_bpf_demo', 151 'conditions': [ 152 ['compile_seccomp_bpf_demo==1', { 153 'type': 'executable', 154 'sources': [ 155 'seccomp-bpf/demo.cc', 156 ], 157 'dependencies': [ 158 'seccomp_bpf', 159 ], 160 }, { 161 'type': 'none', 162 }], 163 ], 164 'include_dirs': [ 165 '../../', 166 ], 167 }, 168 { 169 # The setuid sandbox, for Linux 170 'target_name': 'chrome_sandbox', 171 'type': 'executable', 172 'sources': [ 173 'suid/common/sandbox.h', 174 'suid/common/suid_unsafe_environment_variables.h', 175 'suid/linux_util.c', 176 'suid/linux_util.h', 177 'suid/process_util.h', 178 'suid/process_util_linux.c', 179 'suid/sandbox.c', 180 ], 181 'cflags': [ 182 # For ULLONG_MAX 183 '-std=gnu99', 184 ], 185 'include_dirs': [ 186 '../..', 187 ], 188 }, 189 { 'target_name': 'sandbox_services', 190 'type': 'static_library', 191 'sources': [ 192 'services/broker_process.cc', 193 'services/broker_process.h', 194 'services/init_process_reaper.cc', 195 'services/init_process_reaper.h', 196 'services/thread_helpers.cc', 197 'services/thread_helpers.h', 198 ], 199 'dependencies': [ 200 '../base/base.gyp:base', 201 ], 202 'conditions': [ 203 ['compile_credentials==1', { 204 'sources': [ 205 'services/credentials.cc', 206 'services/credentials.h', 207 ], 208 'dependencies': [ 209 # for capabilities.cc. 210 '../build/linux/system.gyp:libcap', 211 ], 212 }], 213 ], 214 'include_dirs': [ 215 '..', 216 ], 217 }, 218 { 'target_name': 'sandbox_services_headers', 219 'type': 'none', 220 'sources': [ 221 'services/android_arm_ucontext.h', 222 'services/android_ucontext.h', 223 'services/android_i386_ucontext.h', 224 'services/arm_linux_syscalls.h', 225 'services/linux_syscalls.h', 226 'services/x86_32_linux_syscalls.h', 227 'services/x86_64_linux_syscalls.h', 228 ], 229 'include_dirs': [ 230 '..', 231 ], 232 }, 233 { 234 # We make this its own target so that it does not interfere 235 # with our tests. 236 'target_name': 'libc_urandom_override', 237 'type': 'static_library', 238 'sources': [ 239 'services/libc_urandom_override.cc', 240 'services/libc_urandom_override.h', 241 ], 242 'dependencies': [ 243 '../base/base.gyp:base', 244 ], 245 'include_dirs': [ 246 '..', 247 ], 248 }, 249 { 250 'target_name': 'suid_sandbox_client', 251 'type': 'static_library', 252 'sources': [ 253 'suid/common/sandbox.h', 254 'suid/common/suid_unsafe_environment_variables.h', 255 'suid/client/setuid_sandbox_client.cc', 256 'suid/client/setuid_sandbox_client.h', 257 ], 258 'dependencies': [ 259 '../base/base.gyp:base', 260 'sandbox_services', 261 ], 262 'include_dirs': [ 263 '..', 264 ], 265 }, 266 ], 267 'conditions': [ 268 # Strategy copied from base_unittests_apk in base/base.gyp. 269 [ 'OS=="android" and gtest_target_type == "shared_library"', { 270 'targets': [ 271 { 272 'target_name': 'sandbox_linux_jni_unittests_apk', 273 'type': 'none', 274 'variables': { 275 'test_suite_name': 'sandbox_linux_jni_unittests', 276 'input_shlib_path': 277 '<(SHARED_LIB_DIR)/<(SHARED_LIB_PREFIX)' 278 'sandbox_linux_jni_unittests' 279 '<(SHARED_LIB_SUFFIX)', 280 }, 281 'dependencies': [ 282 'sandbox_linux_jni_unittests', 283 ], 284 'includes': [ '../../build/apk_test.gypi' ], 285 } 286 ], 287 }], 288 ], 289 } 290
