• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2019 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#     https://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15cmake_minimum_required(VERSION 3.13..3.26)
16
17if(POLICY CMP0083)
18  cmake_policy(SET CMP0083 NEW)  # Add PIE flags when requested
19endif()
20
21if(POLICY CMP0135)
22  cmake_policy(SET CMP0135 NEW)  # Set download timestamp to current time
23endif()
24
25project(SandboxedAPI C CXX ASM)
26include(CTest)
27
28if(NOT CMAKE_SYSTEM_NAME MATCHES "Linux")
29  message(FATAL_ERROR "Sandboxed API is only supported on Linux")
30endif()
31
32# SAPI-wide setting for the language level
33set(SAPI_CXX_STANDARD 17)
34
35if(NOT CMAKE_CXX_STANDARD)
36  set(CMAKE_CXX_STANDARD ${SAPI_CXX_STANDARD})
37elseif(CMAKE_CXX_STANDARD LESS ${SAPI_CXX_STANDARD})
38  message(FATAL_ERROR
39    "Sandboxed API requires C++17. To ensure ABI compatibility"
40    " build and link all targets of the project with the same"
41    " version of C++."
42  )
43endif()
44
45set(SAPI_BINARY_DIR "${PROJECT_BINARY_DIR}" CACHE INTERNAL "" FORCE)
46set(SAPI_SOURCE_DIR "${PROJECT_SOURCE_DIR}" CACHE INTERNAL "" FORCE)
47
48get_directory_property(_sapi_has_parent PARENT_DIRECTORY)
49if(PROJECT_IS_TOP_LEVEL OR NOT _sapi_has_parent)
50  set(SAPI_PROJECT_IS_TOP_LEVEL ON)
51endif()
52
53include(CheckCXXCompilerFlag)
54
55# Allow the header generator to auto-configure include paths. Need to set a
56# cache variable, so that sub- and super-projects also have this enabled.
57set(CMAKE_EXPORT_COMPILE_COMMANDS ON CACHE INTERNAL "")
58
59set(CMAKE_SKIP_BUILD_RPATH ON)
60
61if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.14)
62  include(CheckPIESupported)
63  check_pie_supported()
64  set(CMAKE_POSITION_INDEPENDENT_CODE ON)
65endif()
66
67# SAPI CMake modules, order matters
68list(APPEND CMAKE_MODULE_PATH "${SAPI_SOURCE_DIR}/cmake"
69                              "${SAPI_SOURCE_DIR}/cmake/modules")
70include(SapiOptions)
71include(SapiDeps)
72include(SapiUtil)
73include(SapiBuildDefs)
74include(GNUInstallDirs)
75
76if(SAPI_HARDENED_SOURCE)
77  add_compile_options(-fstack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2)
78  add_link_options(-Wl,-z,relro -Wl,-z,now)
79endif()
80
81if(SAPI_FORCE_COLOR_OUTPUT)
82  if(CMAKE_CXX_COMPILER_ID STREQUAL "GNU")  # GCC
83    add_compile_options(-fdiagnostics-color=always)
84  elseif(CMAKE_CXX_COMPILER_ID MATCHES "Clang")  # Clang or Apple Clang
85    add_compile_options(-fcolor-diagnostics)
86  endif()
87endif()
88
89# Make Bazel-style includes work
90configure_file(cmake/libcap_capability.h.in
91               libcap/include/sys/capability.h
92               @ONLY)
93
94# Library with basic project settings. The empty file is there to be able to
95# define header-only libraries without cumbersome target_sources() hacks.
96configure_file(cmake/sapi_force_cxx_linkage.cc.in
97               "${SAPI_BINARY_DIR}/sapi_force_cxx_linkage.cc" COPYONLY)
98add_library(sapi_base STATIC
99  "${SAPI_BINARY_DIR}/sapi_force_cxx_linkage.cc"
100)
101add_library(sapi::base ALIAS sapi_base)
102target_compile_features(sapi_base PUBLIC
103  cxx_std_${SAPI_CXX_STANDARD}
104)
105set_target_properties(sapi_base PROPERTIES
106  INTERFACE_POSITION_INDEPENDENT_CODE ON
107)
108target_include_directories(sapi_base PUBLIC
109  "${SAPI_BINARY_DIR}"
110  "${SAPI_SOURCE_DIR}"
111  "${Protobuf_INCLUDE_DIR}"
112)
113target_compile_options(sapi_base PUBLIC
114  -fno-exceptions
115)
116if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
117  target_compile_options(sapi_base PUBLIC
118    # The syscall tables in sandbox2/syscall_defs.cc are `std::array`s using
119    # CTAD and have more entries than the default limit of 256.
120    -fbracket-depth=768
121  )
122endif()
123set(_sapi_check_no_deprecated
124  -Wno-deprecated SAPI_HAS_W_NO_DEPRECATED
125)
126set(_sapi_check_frame_larger_than
127  # For sandbox2/util.cc's CloneAndJump()
128  -Wframe-larger-than=40960 SAPI_HAS_W_FRAME_LARGER_THAN
129)
130set(_sapi_check_no_deprecated_declarations
131  -Wno-deprecated-declarations SAPI_HAS_W_NO_DEPRECATED_DECLARATIONS
132)
133set(_sapi_check_no_psabi
134  -Wno-psabi SAPI_HAS_W_NO_PSABI
135)
136foreach(check IN ITEMS _sapi_check_no_deprecated
137                       _sapi_check_frame_larger_than
138                       _sapi_check_no_deprecated_declarations
139                       _sapi_check_no_psabi)
140  list(GET ${check} 0 opt_value)
141  list(GET ${check} 1 var_name)
142  check_cxx_compiler_flag(${opt_value} ${var_name})
143  if(${var_name})
144    target_compile_options(sapi_base PUBLIC ${opt_value})
145  endif()
146endforeach()
147
148add_library(sapi_test_main INTERFACE)
149add_library(sapi::test_main ALIAS sapi_test_main)
150target_link_libraries(sapi_test_main INTERFACE
151  gtest_main
152  gmock
153  sapi::base
154)
155
156if(BUILD_TESTING AND SAPI_BUILD_TESTING)
157  include(GoogleTest)
158  # Setup tests to work like with Bazel
159  create_directory_symlink("${SAPI_BINARY_DIR}" com_google_sandboxed_api)
160  enable_testing()
161endif()
162
163add_subdirectory(sandboxed_api)
164
165if(BUILD_TESTING AND SAPI_BUILD_TESTING AND SAPI_CONTRIB_BUILD_TESTING)
166  add_subdirectory(contrib)
167endif()
168