1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 # Use of this source code is governed by a BSD-style license that can be 3 # found in the LICENSE file. 4 5 { 6 'variables': { 7 'conditions': [ 8 ['OS=="linux"', { 9 'compile_suid_client': 1, 10 'compile_credentials': 1, 11 }, { 12 'compile_suid_client': 0, 13 'compile_credentials': 0, 14 }], 15 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64" or ' 16 'target_arch=="mipsel")', { 17 'compile_seccomp_bpf_demo': 1, 18 }, { 19 'compile_seccomp_bpf_demo': 0, 20 }], 21 ], 22 }, 23 'target_defaults': { 24 'target_conditions': [ 25 # All linux/ files will automatically be excluded on Android 26 # so make sure we re-include them explicitly. 27 ['OS == "android"', { 28 'sources/': [ 29 ['include', '^linux/'], 30 ], 31 }], 32 ], 33 }, 34 'targets': [ 35 # We have two principal targets: sandbox and sandbox_linux_unittests 36 # All other targets are listed as dependencies. 37 # There is one notable exception: for historical reasons, chrome_sandbox is 38 # the setuid sandbox and is its own target. 39 { 40 'target_name': 'sandbox', 41 'type': 'none', 42 'dependencies': [ 43 'sandbox_services', 44 ], 45 'conditions': [ 46 [ 'compile_suid_client==1', { 47 'dependencies': [ 48 'suid_sandbox_client', 49 ], 50 }], 51 # Compile seccomp BPF when we support it. 52 [ 'use_seccomp_bpf==1', { 53 'dependencies': [ 54 'seccomp_bpf', 55 'seccomp_bpf_helpers', 56 ], 57 }], 58 ], 59 }, 60 { 61 'target_name': 'sandbox_linux_test_utils', 62 'type': 'static_library', 63 'dependencies': [ 64 '../testing/gtest.gyp:gtest', 65 ], 66 'include_dirs': [ 67 '../..', 68 ], 69 'sources': [ 70 'tests/sandbox_test_runner.cc', 71 'tests/sandbox_test_runner.h', 72 'tests/sandbox_test_runner_function_pointer.cc', 73 'tests/sandbox_test_runner_function_pointer.h', 74 'tests/test_utils.cc', 75 'tests/test_utils.h', 76 'tests/unit_tests.cc', 77 'tests/unit_tests.h', 78 ], 79 'conditions': [ 80 [ 'use_seccomp_bpf==1', { 81 'sources': [ 82 'seccomp-bpf/bpf_tester_compatibility_delegate.h', 83 'seccomp-bpf/bpf_tests.h', 84 'seccomp-bpf/sandbox_bpf_test_runner.cc', 85 'seccomp-bpf/sandbox_bpf_test_runner.h', 86 ], 87 'dependencies': [ 88 'seccomp_bpf', 89 ] 90 }], 91 ], 92 }, 93 { 94 # The main sandboxing test target. 95 'target_name': 'sandbox_linux_unittests', 96 'includes': [ 97 'sandbox_linux_test_sources.gypi', 98 ], 99 'type': 'executable', 100 }, 101 { 102 # This target is the shared library used by Android APK (i.e. 103 # JNI-friendly) tests. 104 'target_name': 'sandbox_linux_jni_unittests', 105 'includes': [ 106 'sandbox_linux_test_sources.gypi', 107 ], 108 'type': 'shared_library', 109 'conditions': [ 110 [ 'OS == "android"', { 111 'dependencies': [ 112 '../testing/android/native_test.gyp:native_test_native_code', 113 ], 114 }], 115 ], 116 }, 117 { 118 'target_name': 'seccomp_bpf', 119 'type': '<(component)', 120 'sources': [ 121 'bpf_dsl/bpf_dsl.cc', 122 'bpf_dsl/bpf_dsl.h', 123 'bpf_dsl/cons.h', 124 'seccomp-bpf/basicblock.cc', 125 'seccomp-bpf/basicblock.h', 126 'seccomp-bpf/codegen.cc', 127 'seccomp-bpf/codegen.h', 128 'seccomp-bpf/die.cc', 129 'seccomp-bpf/die.h', 130 'seccomp-bpf/errorcode.cc', 131 'seccomp-bpf/errorcode.h', 132 'seccomp-bpf/instruction.h', 133 'seccomp-bpf/linux_seccomp.h', 134 'seccomp-bpf/sandbox_bpf.cc', 135 'seccomp-bpf/sandbox_bpf.h', 136 'seccomp-bpf/sandbox_bpf_policy.cc', 137 'seccomp-bpf/sandbox_bpf_policy.h', 138 'seccomp-bpf/syscall.cc', 139 'seccomp-bpf/syscall.h', 140 'seccomp-bpf/syscall_iterator.cc', 141 'seccomp-bpf/syscall_iterator.h', 142 'seccomp-bpf/trap.cc', 143 'seccomp-bpf/trap.h', 144 'seccomp-bpf/verifier.cc', 145 'seccomp-bpf/verifier.h', 146 ], 147 'dependencies': [ 148 '../base/base.gyp:base', 149 'sandbox_services_headers', 150 ], 151 'defines': [ 152 'SANDBOX_IMPLEMENTATION', 153 ], 154 'include_dirs': [ 155 '../..', 156 ], 157 }, 158 { 159 'target_name': 'seccomp_bpf_helpers', 160 'type': '<(component)', 161 'sources': [ 162 'seccomp-bpf-helpers/baseline_policy.cc', 163 'seccomp-bpf-helpers/baseline_policy.h', 164 'seccomp-bpf-helpers/sigsys_handlers.cc', 165 'seccomp-bpf-helpers/sigsys_handlers.h', 166 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc', 167 'seccomp-bpf-helpers/syscall_parameters_restrictions.h', 168 'seccomp-bpf-helpers/syscall_sets.cc', 169 'seccomp-bpf-helpers/syscall_sets.h', 170 ], 171 'dependencies': [ 172 '../base/base.gyp:base', 173 'seccomp_bpf', 174 ], 175 'defines': [ 176 'SANDBOX_IMPLEMENTATION', 177 ], 178 'include_dirs': [ 179 '../..', 180 ], 181 }, 182 { 183 # The setuid sandbox, for Linux 184 'target_name': 'chrome_sandbox', 185 'type': 'executable', 186 'sources': [ 187 'suid/common/sandbox.h', 188 'suid/common/suid_unsafe_environment_variables.h', 189 'suid/process_util.h', 190 'suid/process_util_linux.c', 191 'suid/sandbox.c', 192 ], 193 'cflags': [ 194 # For ULLONG_MAX 195 '-std=gnu99', 196 ], 197 'include_dirs': [ 198 '../..', 199 ], 200 # Do not use any sanitizer tools with this binary. http://crbug.com/382766 201 'cflags/': [ 202 ['exclude', '-fsanitize'], 203 ], 204 'ldflags/': [ 205 ['exclude', '-fsanitize'], 206 ], 207 }, 208 { 'target_name': 'sandbox_services', 209 'type': '<(component)', 210 'sources': [ 211 'services/broker_process.cc', 212 'services/broker_process.h', 213 'services/init_process_reaper.cc', 214 'services/init_process_reaper.h', 215 'services/scoped_process.cc', 216 'services/scoped_process.h', 217 'services/thread_helpers.cc', 218 'services/thread_helpers.h', 219 'services/yama.h', 220 'services/yama.cc', 221 ], 222 'dependencies': [ 223 '../base/base.gyp:base', 224 ], 225 'defines': [ 226 'SANDBOX_IMPLEMENTATION', 227 ], 228 'conditions': [ 229 ['compile_credentials==1', { 230 'sources': [ 231 'services/credentials.cc', 232 'services/credentials.h', 233 ], 234 'dependencies': [ 235 # for capabilities.cc. 236 '../build/linux/system.gyp:libcap', 237 ], 238 }], 239 ], 240 'include_dirs': [ 241 '..', 242 ], 243 }, 244 { 'target_name': 'sandbox_services_headers', 245 'type': 'none', 246 'sources': [ 247 'services/android_arm_ucontext.h', 248 'services/android_arm64_ucontext.h', 249 'services/android_futex.h', 250 'services/android_ucontext.h', 251 'services/android_i386_ucontext.h', 252 'services/android_mips_ucontext.h', 253 'services/arm_linux_syscalls.h', 254 'services/arm64_linux_syscalls.h', 255 'services/mips_linux_syscalls.h', 256 'services/linux_syscalls.h', 257 'services/x86_32_linux_syscalls.h', 258 'services/x86_64_linux_syscalls.h', 259 ], 260 'include_dirs': [ 261 '..', 262 ], 263 }, 264 { 265 # We make this its own target so that it does not interfere 266 # with our tests. 267 'target_name': 'libc_urandom_override', 268 'type': 'static_library', 269 'sources': [ 270 'services/libc_urandom_override.cc', 271 'services/libc_urandom_override.h', 272 ], 273 'dependencies': [ 274 '../base/base.gyp:base', 275 ], 276 'include_dirs': [ 277 '..', 278 ], 279 }, 280 { 281 'target_name': 'suid_sandbox_client', 282 'type': '<(component)', 283 'sources': [ 284 'suid/common/sandbox.h', 285 'suid/common/suid_unsafe_environment_variables.h', 286 'suid/client/setuid_sandbox_client.cc', 287 'suid/client/setuid_sandbox_client.h', 288 ], 289 'defines': [ 290 'SANDBOX_IMPLEMENTATION', 291 ], 292 'dependencies': [ 293 '../base/base.gyp:base', 294 'sandbox_services', 295 ], 296 'include_dirs': [ 297 '..', 298 ], 299 }, 300 ], 301 'conditions': [ 302 [ 'OS=="android"', { 303 'targets': [ 304 { 305 'target_name': 'sandbox_linux_unittests_stripped', 306 'type': 'none', 307 'dependencies': [ 'sandbox_linux_unittests' ], 308 'actions': [{ 309 'action_name': 'strip sandbox_linux_unittests', 310 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ], 311 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ], 312 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ], 313 }], 314 } 315 ], 316 }], 317 [ 'OS=="android"', { 318 'targets': [ 319 { 320 'target_name': 'sandbox_linux_jni_unittests_apk', 321 'type': 'none', 322 'variables': { 323 'test_suite_name': 'sandbox_linux_jni_unittests', 324 }, 325 'dependencies': [ 326 'sandbox_linux_jni_unittests', 327 ], 328 'includes': [ '../../build/apk_test.gypi' ], 329 } 330 ], 331 }], 332 ['test_isolation_mode != "noop"', { 333 'targets': [ 334 { 335 'target_name': 'sandbox_linux_unittests_run', 336 'type': 'none', 337 'dependencies': [ 338 'sandbox_linux_unittests', 339 ], 340 'includes': [ 341 '../../build/isolate.gypi', 342 '../sandbox_linux_unittests.isolate', 343 ], 344 'sources': [ 345 '../sandbox_linux_unittests.isolate', 346 ], 347 }, 348 ], 349 }], 350 ], 351 } 352
