1# Copyright 2019 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# https://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15add_subdirectory(allowlists) 16add_subdirectory(examples) 17add_subdirectory(unwind) 18add_subdirectory(util) 19add_subdirectory(network_proxy) 20 21# sandboxed_api/sandbox2:allow_all_syscalls 22add_library(sandbox2_allow_all_syscalls ${SAPI_LIB_TYPE} 23 allow_all_syscalls.h 24) 25add_library(sandbox2::allow_all_syscalls ALIAS sandbox2_allow_all_syscalls) 26target_link_libraries(sandbox2_allow_all_syscalls PRIVATE 27 sapi::base 28) 29 30# sandboxed_api/sandbox2:allow_map_exec 31add_library(sandbox2_allow_map_exec ${SAPI_LIB_TYPE} 32 allow_map_exec.h 33) 34add_library(sandbox2::allow_allow_map_exec ALIAS sandbox2_allow_map_exec) 35target_link_libraries(sandbox2_allow_map_exec PRIVATE 36 sapi::base 37) 38 39# sandboxed_api/sandbox2:allow_seccomp_speculation 40add_library(sandbox2_allow_seccomp_speculation ${SAPI_LIB_TYPE} 41 allow_seccomp_speculation.h 42) 43add_library(sandbox2::allow_seccomp_speculation ALIAS sandbox2_allow_seccomp_speculation) 44target_link_libraries(sandbox2_allow_seccomp_speculation PRIVATE 45 sapi::base 46) 47 48# sandboxed_api/sandbox2:allow_unrestricted_networking 49add_library(sandbox2_allow_unrestricted_networking ${SAPI_LIB_TYPE} 50 allow_unrestricted_networking.h 51) 52add_library(sandbox2::allow_unrestricted_networking ALIAS sandbox2_allow_unrestricted_networking) 53target_link_libraries(sandbox2_allow_unrestricted_networking PRIVATE 54 sapi::base 55) 56 57# sandboxed_api/sandbox2:bpfdisassembler 58add_library(sandbox2_bpfdisassembler ${SAPI_LIB_TYPE} 59 bpfdisassembler.cc 60 bpfdisassembler.h 61) 62add_library(sandbox2::bpfdisassembler ALIAS sandbox2_bpfdisassembler) 63target_link_libraries(sandbox2_bpfdisassembler 64 PUBLIC absl::span 65 PRIVATE absl::strings 66 sapi::base 67) 68 69# sandboxed_api/sandbox2:bpf_evaluator 70add_library(sandbox2_bpf_evaluator ${SAPI_LIB_TYPE} 71 bpf_evaluator.cc 72 bpf_evaluator.h 73) 74add_library(sandbox2::bpf_evaluator ALIAS sandbox2_bpf_evaluator) 75target_link_libraries(sandbox2_bpf_evaluator 76 PUBLIC absl::span 77 absl::statusor 78 PRIVATE absl::status 79 absl::strings 80 sapi::base 81 sapi::status 82) 83 84# sandboxed_api/sandbox2:regs 85add_library(sandbox2_regs ${SAPI_LIB_TYPE} 86 regs.cc 87 regs.h 88) 89add_library(sandbox2::regs ALIAS sandbox2_regs) 90target_link_libraries(sandbox2_regs 91 PUBLIC absl::status 92 sapi::config 93 sandbox2::syscall 94 PRIVATE absl::core_headers 95 absl::strings 96 sapi::strerror 97 sapi::base 98 sapi::status 99) 100 101# sandboxed_api/sandbox2:syscall 102add_library(sandbox2_syscall ${SAPI_LIB_TYPE} 103 syscall.cc 104 syscall.h 105 syscall_defs.cc 106 syscall_defs.h 107) 108add_library(sandbox2::syscall ALIAS sandbox2_syscall) 109target_link_libraries(sandbox2_syscall 110 PRIVATE absl::algorithm_container 111 absl::span 112 absl::statusor 113 absl::str_format 114 absl::strings 115 sandbox2::util 116 sapi::base 117 sapi::status 118 PUBLIC absl::log 119) 120 121# sandboxed_api/sandbox2:result 122add_library(sandbox2_result ${SAPI_LIB_TYPE} 123 result.cc 124 result.h 125) 126add_library(sandbox2::result ALIAS sandbox2_result) 127target_link_libraries(sandbox2_result PRIVATE 128 absl::base 129 absl::strings 130 sapi::config 131 sandbox2::regs 132 sandbox2::syscall 133 sandbox2::util 134 sapi::base 135 sapi::status 136) 137 138# sandboxed_api/sandbox2:logserver_proto 139sapi_protobuf_generate_cpp(_sandbox2_logserver_pb_h _sandbox2_logserver_pb_cc 140 logserver.proto 141) 142add_library(sandbox2_logserver_proto ${SAPI_LIB_TYPE} 143 ${_sandbox2_logserver_pb_cc} 144 ${_sandbox2_logserver_pb_h} 145) 146add_library(sandbox2::logserver_proto ALIAS sandbox2_logserver_proto) 147target_link_libraries(sandbox2_logserver_proto 148 PRIVATE sapi::base 149 PUBLIC protobuf::libprotobuf 150) 151 152# sandboxed_api/sandbox2:logserver 153add_library(sandbox2_logserver ${SAPI_LIB_TYPE} 154 logserver.cc 155 logserver.h 156) 157add_library(sandbox2::logserver ALIAS sandbox2_logserver) 158target_link_libraries(sandbox2_logserver 159 PRIVATE sandbox2::comms 160 sandbox2::logserver_proto 161 sapi::base 162 PUBLIC absl::log 163) 164 165# sandboxed_api/sandbox2:logsink 166add_library(sandbox2_logsink ${SAPI_LIB_TYPE} 167 logsink.cc 168 logsink.h 169) 170add_library(sandbox2::logsink ALIAS sandbox2_logsink) 171target_link_libraries(sandbox2_logsink 172 PRIVATE absl::strings 173 sandbox2::comms 174 sandbox2::logserver_proto 175 sapi::base 176 PUBLIC absl::synchronization 177 absl::log 178) 179 180# sandboxed_api/sandbox2:ipc 181add_library(sandbox2_ipc ${SAPI_LIB_TYPE} 182 ipc.cc 183 ipc.h 184) 185add_library(sandbox2::ipc ALIAS sandbox2_ipc) 186target_link_libraries(sandbox2_ipc PRIVATE 187 absl::core_headers 188 absl::strings 189 sandbox2::comms 190 sandbox2::logserver 191 sandbox2::logsink 192 sandbox2::network_proxy_client 193 sandbox2::network_proxy_server 194 sapi::base 195 sapi::thread 196) 197 198# sandboxed_api/sandbox2:policy 199add_library(sandbox2_policy ${SAPI_LIB_TYPE} 200 policy.cc 201 policy.h 202) 203add_library(sandbox2::policy ALIAS sandbox2_policy) 204target_link_libraries(sandbox2_policy 205 PRIVATE absl::strings 206 sandbox2::bpf_helper 207 sandbox2::bpfdisassembler 208 sandbox2::regs 209 sandbox2::syscall 210 sapi::base 211 sapi::config 212 PUBLIC sandbox2::network_proxy_filtering 213 sandbox2::namespace 214) 215 216# sandboxed_api/sandbox2:notify 217add_library(sandbox2_notify ${SAPI_LIB_TYPE} 218 notify.h 219) 220add_library(sandbox2::notify ALIAS sandbox2_notify) 221target_link_libraries(sandbox2_notify 222 PUBLIC absl::core_headers 223 absl::log 224 absl::str_format 225 sandbox2::comms 226 sandbox2::result 227 sandbox2::syscall 228 sandbox2::util 229 PRIVATE sapi::base 230) 231 232# sandboxed_api/sandbox2:limits 233add_library(sandbox2_limits ${SAPI_LIB_TYPE} 234 limits.h 235) 236add_library(sandbox2::limits ALIAS sandbox2_limits) 237target_link_libraries(sandbox2_limits PRIVATE 238 absl::core_headers 239 absl::time 240 sapi::base 241) 242 243# sandboxed_api/sandbox2:forkserver_bin 244add_executable(sandbox2_forkserver_bin 245 forkserver_bin.cc 246) 247set_target_properties(sandbox2_forkserver_bin PROPERTIES 248 OUTPUT_NAME forkserver_bin) 249add_executable(sandbox2::forkserver_bin ALIAS sandbox2_forkserver_bin) 250target_link_libraries(sandbox2_forkserver_bin PRIVATE 251 absl::log_globals 252 absl::log_severity 253 absl::status 254 sandbox2::client 255 sandbox2::comms 256 sandbox2::forkserver 257 sandbox2::sanitizer 258 sandbox2::unwind 259 sandbox2::util 260 sapi::base 261 sapi::raw_logging 262) 263 264# sandboxed_api/sandbox2:forkserver_bin_embed 265sapi_cc_embed_data(NAME sandbox2_forkserver_bin_embed 266 OUTPUT_NAME forkserver_bin_embed 267 NAMESPACE "" 268 SOURCES sandbox2::forkserver_bin 269) 270add_library(sandbox2::forkserver_bin_embed ALIAS sandbox2_forkserver_bin_embed) 271 272# sandboxed_api/sandbox2:global_forkserver 273add_library(sandbox2_global_forkserver ${SAPI_LIB_TYPE} 274 global_forkclient.cc 275 global_forkclient.h 276) 277add_library(sandbox2::global_forkserver ALIAS sandbox2_global_forkserver) 278target_link_libraries(sandbox2_global_forkserver 279 PRIVATE absl::cleanup 280 absl::strings 281 absl::status 282 absl::statusor 283 absl::log 284 sandbox2::client 285 sandbox2::forkserver_bin_embed 286 sandbox2::util 287 sapi::strerror 288 sapi::base 289 sapi::config 290 sapi::embed_file 291 sapi::fileops 292 sapi::raw_logging 293 sapi::status 294 PUBLIC absl::core_headers 295 absl::flags 296 absl::synchronization 297 sandbox2::comms 298 sandbox2::fork_client 299 sandbox2::forkserver_proto 300) 301 302# sandboxed_api/sandbox2:start_global_forkserver_lib_constructor 303# Use only if Sandbox2 global forkserver has to be started very early on. 304# By default the forkserver is started on demand. 305add_library(sandbox2_start_global_forkserver_lib_constructor STATIC 306 global_forkclient_lib_ctor.cc 307) 308add_library(sandbox2::start_global_forkserver_lib_constructor ALIAS 309 sandbox2_start_global_forkserver_lib_constructor) 310target_link_libraries(sandbox2_start_global_forkserver_lib_constructor PRIVATE 311 absl::core_headers 312 sapi::base 313 sandbox2::fork_client 314 sandbox2::global_forkserver 315) 316 317# sandboxed_api/sandbox2:executor 318add_library(sandbox2_executor ${SAPI_LIB_TYPE} 319 executor.cc 320 executor.h 321) 322add_library(sandbox2::executor ALIAS sandbox2_executor) 323target_link_libraries(sandbox2_executor 324 PRIVATE absl::core_headers 325 absl::status 326 sandbox2::forkserver_proto 327 sandbox2::ipc 328 sandbox2::limits 329 sandbox2::namespace 330 sandbox2::util 331 sapi::base 332 sapi::status_proto 333 PUBLIC absl::log 334 absl::span 335 absl::statusor 336 absl::strings 337 sapi::config 338 sapi::fileops 339 sapi::status 340 sandbox2::fork_client 341 sandbox2::global_forkserver 342) 343 344# sandboxed_api/sandbox2:sandbox2 345add_library(sandbox2_sandbox2 ${SAPI_LIB_TYPE} 346 sandbox2.cc 347 sandbox2.h 348) 349add_library(sandbox2::sandbox2 ALIAS sandbox2_sandbox2) 350target_link_libraries(sandbox2_sandbox2 351 PRIVATE absl::core_headers 352 absl::flat_hash_set 353 absl::memory 354 absl::optional 355 absl::str_format 356 absl::strings 357 sandbox2::forkserver_proto 358 sandbox2::monitor_ptrace 359 sandbox2::monitor_unotify 360 sapi::base 361 PUBLIC absl::flat_hash_map 362 absl::status 363 absl::statusor 364 absl::time 365 sapi::config 366 sapi::fileops 367 sapi::temp_file 368 sandbox2::client 369 sandbox2::comms 370 sandbox2::executor 371 sandbox2::fork_client 372 sandbox2::global_forkserver 373 sandbox2::ipc 374 sandbox2::limits 375 sandbox2::logsink 376 sandbox2::monitor_base 377 sandbox2::mounts 378 sandbox2::mount_tree_proto 379 sandbox2::namespace 380 sandbox2::network_proxy_client 381 sandbox2::network_proxy_server 382 sandbox2::notify 383 sandbox2::policy 384 sandbox2::policybuilder 385 sandbox2::regs 386 sandbox2::result 387 sandbox2::syscall 388 sandbox2::util 389) 390 391 392# sandboxed_api/sandbox2:stack_trace 393add_library(sandbox2_stack_trace ${SAPI_LIB_TYPE} 394 stack_trace.cc 395 stack_trace.h 396) 397add_library(sandbox2::stack_trace ALIAS sandbox2_stack_trace) 398target_link_libraries(sandbox2_stack_trace 399 PRIVATE absl::cleanup 400 absl::flags 401 absl::log 402 absl::memory 403 absl::status 404 absl::strings 405 absl::time 406 sandbox2::client 407 sandbox2::limits 408 sandbox2::mounts 409 sandbox2::policybuilder 410 sandbox2::util 411 sandbox2::unwind_proto 412 sapi::base 413 sapi::file_base 414 sapi::fileops 415 sapi::status 416 PUBLIC absl::check 417 absl::statusor 418 sandbox2::comms 419 sandbox2::executor 420 sandbox2::namespace 421 sandbox2::policy 422 sandbox2::result 423 sandbox2::regs 424) 425 426 427# sandboxed_api/sandbox2:monitor_base 428add_library(sandbox2_monitor_base ${SAPI_LIB_TYPE} 429 monitor_base.cc 430 monitor_base.h 431) 432add_library(sandbox2::monitor_base ALIAS sandbox2_monitor_base) 433target_link_libraries(sandbox2_monitor_base 434 PRIVATE absl::bind_front 435 absl::check 436 absl::cleanup 437 absl::flags 438 absl::log 439 absl::strings 440 absl::time 441 absl::vlog_is_on 442 sandbox2::client 443 sandbox2::limits 444 sandbox2::mounts 445 sandbox2::namespace 446 sandbox2::stack_trace 447 sandbox2::util 448 sapi::file_helpers 449 sapi::temp_file 450 sapi::base 451 PUBLIC absl::status 452 absl::statusor 453 absl::synchronization 454 sandbox2::comms 455 sandbox2::executor 456 sandbox2::fork_client 457 sandbox2::ipc 458 sandbox2::network_proxy_client 459 sandbox2::network_proxy_server 460 sandbox2::notify 461 sandbox2::policy 462 sandbox2::result 463 sandbox2::syscall 464 sapi::thread 465) 466 467# sandboxed_api/sandbox2:monitor_ptrace 468add_library(sandbox2_monitor_ptrace ${SAPI_LIB_TYPE} 469 monitor_ptrace.cc 470 monitor_ptrace.h 471) 472add_library(sandbox2::monitor_ptrace ALIAS sandbox2_monitor_ptrace) 473target_link_libraries(sandbox2_monitor_ptrace 474 PRIVATE absl::cleanup 475 absl::flat_hash_set 476 absl::flags 477 absl::log 478 absl::status 479 absl::statusor 480 absl::str_format 481 absl::strings 482 absl::time 483 absl::vlog_is_on 484 sapi::base 485 sapi::config 486 sapi::status 487 sandbox2::client 488 sandbox2::comms 489 sandbox2::result 490 sandbox2::sanitizer 491 sandbox2::util 492 PUBLIC absl::check 493 absl::core_headers 494 sandbox2::executor 495 sandbox2::monitor_base 496 sandbox2::notify 497 sandbox2::pid_waiter 498 sandbox2::policy 499 sandbox2::regs 500 sandbox2::syscall 501 sapi::thread 502 absl::synchronization 503 absl::flat_hash_map 504) 505 506# sandboxed_api/sandbox2:monitor_unotify 507add_library(sandbox2_monitor_unotify ${SAPI_LIB_TYPE} 508 monitor_unotify.cc 509 monitor_unotify.h 510) 511add_library(sandbox2::monitor_unotify ALIAS sandbox2_monitor_unotify) 512target_link_libraries(sandbox2_monitor_unotify 513 PRIVATE absl::check 514 absl::cleanup 515 absl::core_headers 516 absl::log 517 absl::optional 518 absl::span 519 absl::status 520 absl::strings 521 absl::time 522 sapi::base 523 sandbox2::bpf_evaluator 524 sandbox2::client 525 sandbox2::forkserver_proto 526 sapi::config 527 sapi::status 528 PUBLIC sandbox2::executor 529 sandbox2::monitor_base 530 sandbox2::notify 531 sandbox2::policy 532 sandbox2::result 533 sapi::thread 534 absl::statusor 535 absl::synchronization 536 sapi::fileops 537) 538 539# sandboxed_api/sandbox2:policybuilder 540add_library(sandbox2_policybuilder ${SAPI_LIB_TYPE} 541 policybuilder.cc 542 policybuilder.h 543) 544add_library(sandbox2::policybuilder ALIAS sandbox2_policybuilder) 545target_link_libraries(sandbox2_policybuilder 546 PRIVATE absl::log 547 absl::memory 548 absl::status 549 sapi::base 550 sapi::config 551 sandbox2::bpf_helper 552 sandbox2::namespace 553 sandbox2::syscall 554 sandbox2::allowlists_all_syscalls 555 sandbox2::allowlists_map_exec 556 sandbox2::allowlists_namespaces 557 sandbox2::allowlists_seccomp_speculation 558 sandbox2::allowlists_trace_all_syscalls 559 sandbox2::allowlists_unrestricted_networking 560 sapi::file_base 561 sapi::fileops 562 sapi::status 563 PUBLIC absl::check 564 absl::core_headers 565 absl::flat_hash_set 566 absl::span 567 absl::strings 568 absl::statusor 569 sandbox2::forkserver_proto 570 sandbox2::mounts 571 sandbox2::network_proxy_filtering 572 sandbox2::policy 573) 574 575# sandboxed_api/sandbox2:client 576add_library(sandbox2_client ${SAPI_LIB_TYPE} 577 client.cc 578 client.h 579) 580add_library(sandbox2::client ALIAS sandbox2_client) 581target_link_libraries(sandbox2_client 582 PRIVATE absl::core_headers 583 absl::strings 584 sandbox2::bpf_helper 585 sandbox2::policy 586 sandbox2::sanitizer 587 sandbox2::syscall 588 sapi::base 589 sapi::raw_logging 590 PUBLIC absl::flat_hash_map 591 absl::status 592 sandbox2::comms 593 sandbox2::logsink 594 sandbox2::network_proxy_client 595) 596 597# sandboxed_api/sandbox2:sanitizer 598add_library(sandbox2_sanitizer ${SAPI_LIB_TYPE} 599 sanitizer.cc 600 sanitizer.h 601) 602add_library(sandbox2::sanitizer ALIAS sandbox2_sanitizer) 603target_link_libraries(sandbox2_sanitizer 604 PRIVATE absl::strings 605 sandbox2::util 606 sapi::fileops 607 sapi::strerror 608 sapi::raw_logging 609 sapi::base 610 PUBLIC absl::flat_hash_set 611 absl::status 612 absl::statusor 613) 614 615# sandboxed_api/sandbox2:forkserver 616add_library(sandbox2_forkserver ${SAPI_LIB_TYPE} 617 forkserver.cc 618 forkserver.h 619) 620add_library(sandbox2::forkserver ALIAS sandbox2_forkserver) 621target_link_libraries(sandbox2_forkserver 622 PRIVATE absl::flat_hash_map 623 absl::flat_hash_set 624 absl::status 625 absl::statusor 626 absl::strings 627 libcap::libcap 628 sandbox2::bpf_helper 629 sandbox2::client 630 sandbox2::comms 631 sandbox2::fork_client 632 sandbox2::forkserver_proto 633 sandbox2::namespace 634 sandbox2::policy 635 sapi::strerror 636 sandbox2::sanitizer 637 sandbox2::syscall 638 sandbox2::util 639 sapi::base 640 sapi::raw_logging 641 PUBLIC absl::core_headers 642 absl::log 643 sapi::fileops 644) 645 646# sandboxed_api/sandbox2:fork_client 647add_library(sandbox2_fork_client ${SAPI_LIB_TYPE} 648 fork_client.cc 649 fork_client.h 650) 651add_library(sandbox2::fork_client ALIAS sandbox2_fork_client) 652target_link_libraries(sandbox2_fork_client 653 PRIVATE sandbox2::comms 654 sandbox2::forkserver_proto 655 PUBLIC absl::core_headers 656 absl::synchronization 657 sapi::base 658 sapi::fileops 659) 660 661# sandboxed_api/sandbox2:mounts 662add_library(sandbox2_mounts ${SAPI_LIB_TYPE} 663 mounts.cc 664 mounts.h 665) 666add_library(sandbox2::mounts ALIAS sandbox2_mounts) 667target_link_libraries(sandbox2_mounts 668 PRIVATE absl::flat_hash_set 669 absl::str_format 670 protobuf::libprotobuf 671 sapi::config 672 sapi::file_base 673 sapi::fileops 674 sandbox2::minielf 675 sapi::strerror 676 sapi::base 677 sapi::raw_logging 678 sapi::status 679 PUBLIC absl::status 680 absl::statusor 681 absl::strings 682 sandbox2::mount_tree_proto 683) 684 685# sandboxed_api/sandbox2:namespace 686add_library(sandbox2_namespace ${SAPI_LIB_TYPE} 687 namespace.cc 688 namespace.h 689) 690add_library(sandbox2::namespace ALIAS sandbox2_namespace) 691target_link_libraries(sandbox2_namespace 692 PRIVATE absl::strings 693 sapi::file_base 694 sapi::fileops 695 sapi::base 696 sapi::raw_logging 697 PUBLIC sandbox2::forkserver_proto 698 sandbox2::mounts 699) 700 701# sandboxed_api/sandbox2:forkingclient 702add_library(sandbox2_forkingclient ${SAPI_LIB_TYPE} 703 forkingclient.cc 704 forkingclient.h 705) 706add_library(sandbox2::forkingclient ALIAS sandbox2_forkingclient) 707target_link_libraries(sandbox2_forkingclient 708 PRIVATE absl::check 709 absl::memory 710 absl::log 711 sandbox2::sanitizer 712 sapi::base 713 PUBLIC sandbox2::client 714 sandbox2::comms 715 sandbox2::forkserver 716) 717 718# sandboxed_api/sandbox2:util 719add_library(sandbox2_util ${SAPI_LIB_TYPE} 720 util.cc 721 util.h 722) 723add_library(sandbox2::util ALIAS sandbox2_util) 724target_link_libraries(sandbox2_util 725 PRIVATE absl::algorithm_container 726 absl::core_headers 727 absl::str_format 728 absl::strings 729 sapi::config 730 sapi::file_base 731 sapi::file_helpers 732 sapi::fileops 733 sapi::base 734 sapi::raw_logging 735 sapi::status 736 PUBLIC absl::span 737 absl::status 738 absl::statusor 739) 740target_compile_options(sandbox2_util PRIVATE 741 # The default is 16384, however we need to do a clone with a 742 # stack-allocated buffer -- and PTHREAD_STACK_MIN also happens to be 16384. 743 # Thus the slight increase. 744 -Wframe-larger-than=17000 745) 746 747# sandboxed_api/sandbox2:buffer 748add_library(sandbox2_buffer ${SAPI_LIB_TYPE} 749 buffer.cc 750 buffer.h 751) 752add_library(sandbox2::buffer ALIAS sandbox2_buffer) 753target_link_libraries(sandbox2_buffer 754 PRIVATE absl::core_headers 755 absl::memory 756 absl::status 757 absl::strings 758 sapi::strerror 759 sandbox2::util 760 sapi::base 761 sapi::status 762 PUBLIC absl::statusor 763) 764 765# sandboxed_api/sandbox2:forkserver_proto 766sapi_protobuf_generate_cpp(_sandbox2_forkserver_pb_h _sandbox2_forkserver_pb_cc 767 forkserver.proto 768) 769add_library(sandbox2_forkserver_proto ${SAPI_LIB_TYPE} 770 ${_sandbox2_forkserver_pb_cc} 771 ${_sandbox2_forkserver_pb_h} 772) 773add_library(sandbox2::forkserver_proto ALIAS sandbox2_forkserver_proto) 774target_link_libraries(sandbox2_forkserver_proto PRIVATE 775 protobuf::libprotobuf 776 sandbox2::mount_tree_proto 777 sapi::base 778) 779 780# sandboxed_api/sandbox2:mount_tree_proto 781sapi_protobuf_generate_cpp(_sandbox2_mount_tree_pb_h _sandbox2_mount_tree_pb_cc 782 mount_tree.proto 783) 784add_library(sandbox2_mount_tree_proto ${SAPI_LIB_TYPE} 785 ${_sandbox2_mount_tree_pb_cc} 786 ${_sandbox2_mount_tree_pb_h} 787) 788add_library(sandbox2::mount_tree_proto ALIAS sandbox2_mount_tree_proto) 789target_link_libraries(sandbox2_mount_tree_proto PRIVATE 790 protobuf::libprotobuf 791 sapi::base 792) 793 794# sandboxed_api/sandbox2:comms 795add_library(sandbox2_comms ${SAPI_LIB_TYPE} 796 comms.cc 797 comms.h 798) 799add_library(sandbox2::comms ALIAS sandbox2_comms) 800target_link_libraries(sandbox2_comms 801 PRIVATE absl::status 802 absl::statusor 803 absl::str_format 804 absl::strings 805 sandbox2::util 806 sapi::base 807 sapi::raw_logging 808 sapi::status_proto 809 PUBLIC absl::core_headers 810 absl::status 811 protobuf::libprotobuf 812 sapi::fileops 813 sapi::status 814) 815 816if(BUILD_TESTING AND SAPI_BUILD_TESTING) 817 add_subdirectory(testcases) 818 819 # sandboxed_api/sandbox2:regs_test 820 add_executable(sandbox2_regs_test 821 regs_test.cc 822 ) 823 set_target_properties(sandbox2_regs_test PROPERTIES 824 OUTPUT_NAME regs_test 825 ) 826 target_link_libraries(sandbox2_regs_test PRIVATE 827 absl::check 828 sapi::config 829 sapi::status_matchers 830 sandbox2::bpf_helper 831 sandbox2::regs 832 sandbox2::sanitizer 833 sandbox2::syscall 834 sandbox2::util 835 sapi::test_main 836 ) 837 gtest_discover_tests_xcompile(sandbox2_regs_test) 838 839 # sandboxed_api/sandbox2:syscall_test 840 add_executable(sandbox2_syscall_test 841 syscall_test.cc 842 ) 843 set_target_properties(sandbox2_syscall_test PROPERTIES 844 OUTPUT_NAME syscall_test 845 ) 846 target_link_libraries(sandbox2_syscall_test PRIVATE 847 absl::strings 848 sapi::config 849 sandbox2::syscall 850 sapi::test_main 851 ) 852 gtest_discover_tests_xcompile(sandbox2_syscall_test) 853 854 # sandboxed_api/sandbox2:mounts_test 855 add_executable(sandbox2_mounts_test 856 mounts_test.cc 857 ) 858 set_target_properties(sandbox2_mounts_test PROPERTIES 859 OUTPUT_NAME mounts_test 860 ) 861 add_dependencies(sandbox2_mounts_test 862 sandbox2::testcase_minimal_dynamic 863 ) 864 target_link_libraries(sandbox2_mounts_test PRIVATE 865 absl::status 866 absl::strings 867 sapi::file_base 868 sandbox2::mounts 869 sandbox2::mount_tree_proto 870 sapi::temp_file 871 sapi::testing 872 sapi::status_matchers 873 sapi::test_main 874 ) 875 gtest_discover_tests_xcompile(sandbox2_mounts_test PROPERTIES 876 ENVIRONMENT "TEST_TMPDIR=/tmp" 877 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 878 ) 879 880 # sandboxed_api/sandbox2:namespace_test 881 add_executable(sandbox2_namespace_test 882 namespace_test.cc 883 ) 884 set_target_properties(sandbox2_namespace_test PROPERTIES 885 OUTPUT_NAME namespace_test 886 ) 887 add_dependencies(sandbox2_namespace_test 888 sandbox2::testcase_namespace 889 ) 890 target_link_libraries(sandbox2_namespace_test PRIVATE 891 absl::check 892 absl::status 893 absl::statusor 894 absl::strings 895 sandbox2::allowlists_all_syscalls 896 sandbox2::allowlists_unrestricted_networking 897 sandbox2::allowlists_namespaces 898 sapi::fileops 899 sandbox2::namespace 900 sandbox2::sandbox2 901 sapi::testing 902 sapi::temp_file 903 sapi::status_matchers 904 sapi::test_main 905 ) 906 gtest_discover_tests_xcompile(sandbox2_namespace_test PROPERTIES 907 ENVIRONMENT "TEST_TMPDIR=/tmp" 908 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 909 ) 910 911 # sandboxed_api/sandbox2:buffer_test 912 add_executable(sandbox2_buffer_test 913 buffer_test.cc 914 ) 915 set_target_properties(sandbox2_buffer_test PROPERTIES 916 OUTPUT_NAME buffer_test 917 ) 918 add_dependencies(sandbox2_buffer_test 919 sandbox2::testcase_buffer 920 ) 921 target_link_libraries(sandbox2_buffer_test PRIVATE 922 sandbox2::buffer 923 sandbox2::sandbox2 924 sapi::testing 925 sapi::status_matchers 926 sapi::test_main 927 ) 928 gtest_discover_tests_xcompile(sandbox2_buffer_test PROPERTIES 929 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 930 ) 931 932 # sandboxed_api/sandbox2:comms_test_proto 933 sapi_protobuf_generate_cpp( 934 _sandbox2_comms_test_pb_h _sandbox2_comms_test_pb_cc 935 comms_test.proto 936 ) 937 add_library(sandbox2_comms_test_proto ${SAPI_LIB_TYPE} 938 ${_sandbox2_comms_test_pb_cc} 939 ${_sandbox2_comms_test_pb_h} 940 ) 941 add_library(sandbox2::comms_test_proto ALIAS sandbox2_comms_test_proto) 942 target_link_libraries(sandbox2_comms_test_proto 943 PRIVATE sapi::base 944 PUBLIC protobuf::libprotobuf 945 ) 946 947 # sandboxed_api/sandbox2:comms_test 948 add_executable(sandbox2_comms_test 949 comms_test.cc 950 ) 951 target_link_libraries(sandbox2_comms_test PRIVATE 952 absl::check 953 absl::fixed_array 954 absl::log 955 absl::strings 956 sandbox2::comms 957 sandbox2::comms_test_proto 958 sapi::status_matchers 959 sapi::test_main 960 sapi::thread 961 ) 962 gtest_discover_tests_xcompile(sandbox2_comms_test) 963 964 # sandboxed_api/sandbox2:forkserver_test 965 add_executable(sandbox2_forkserver_test 966 forkserver_test.cc 967 global_forkclient.h 968 ) 969 set_target_properties(sandbox2_forkserver_test PROPERTIES 970 OUTPUT_NAME forkserver_test 971 ) 972 add_dependencies(sandbox2_forkserver_test 973 sandbox2::testcase_minimal 974 ) 975 target_link_libraries(sandbox2_forkserver_test PRIVATE 976 absl::check 977 absl::strings 978 sandbox2::forkserver 979 sandbox2::forkserver_proto 980 sandbox2::sandbox2 981 sapi::testing 982 sapi::test_main 983 ) 984 gtest_discover_tests_xcompile(sandbox2_forkserver_test PROPERTIES 985 ENVIRONMENT "TEST_TMPDIR=/tmp" 986 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 987 ) 988 989 # sandboxed_api/sandbox2:limits_test 990 add_executable(sandbox2_limits_test 991 limits_test.cc 992 ) 993 set_target_properties(sandbox2_limits_test PROPERTIES 994 OUTPUT_NAME limits_test 995 ) 996 add_dependencies(sandbox2_limits_test 997 sandbox2::testcase_limits 998 sandbox2::testcase_minimal 999 ) 1000 target_link_libraries(sandbox2_limits_test PRIVATE 1001 sandbox2::bpf_helper 1002 sapi::config 1003 sandbox2::limits 1004 sandbox2::sandbox2 1005 sapi::testing 1006 sapi::status_matchers 1007 sapi::test_main 1008 ) 1009 gtest_discover_tests_xcompile(sandbox2_limits_test PROPERTIES 1010 ENVIRONMENT "TEST_TMPDIR=/tmp" 1011 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 1012 ) 1013 1014 # sandboxed_api/sandbox2:notify_test 1015 add_executable(sandbox2_notify_test 1016 notify_test.cc 1017 ) 1018 set_target_properties(sandbox2_notify_test PROPERTIES 1019 OUTPUT_NAME notify_test 1020 ) 1021 add_dependencies(sandbox2_notify_test 1022 sandbox2::testcase_minimal 1023 sandbox2::testcase_personality 1024 sandbox2::testcase_pidcomms 1025 ) 1026 target_link_libraries(sandbox2_notify_test PRIVATE 1027 absl::status 1028 absl::strings 1029 sandbox2::comms 1030 sandbox2::regs 1031 sandbox2::sandbox2 1032 sandbox2::allowlists_trace_all_syscalls 1033 sapi::status_matchers 1034 sapi::testing 1035 sapi::test_main 1036 ) 1037 gtest_discover_tests_xcompile(sandbox2_notify_test PROPERTIES 1038 ENVIRONMENT "TEST_TMPDIR=/tmp" 1039 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 1040 ) 1041 1042 # sandboxed_api/sandbox2:policy_test 1043 add_executable(sandbox2_policy_test 1044 policy_test.cc 1045 ) 1046 set_target_properties(sandbox2_policy_test PROPERTIES 1047 OUTPUT_NAME policy_test 1048 ) 1049 add_dependencies(sandbox2_policy_test 1050 sandbox2::testcase_add_policy_on_syscalls 1051 sandbox2::testcase_malloc_system 1052 sandbox2::testcase_minimal 1053 sandbox2::testcase_minimal_dynamic 1054 sandbox2::testcase_policy 1055 sandbox2::testcase_posix_timers 1056 ) 1057 target_link_libraries(sandbox2_policy_test PRIVATE 1058 absl::strings 1059 sandbox2::bpf_helper 1060 sapi::config 1061 sandbox2::sandbox2 1062 sapi::status_matchers 1063 sapi::testing 1064 sapi::test_main 1065 ) 1066 gtest_discover_tests_xcompile(sandbox2_policy_test PROPERTIES 1067 ENVIRONMENT "TEST_TMPDIR=/tmp" 1068 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 1069 ) 1070 1071 # sandboxed_api/sandbox2:sandbox2_test 1072 add_executable(sandbox2_sandbox2_test 1073 sandbox2_test.cc 1074 ) 1075 set_target_properties(sandbox2_sandbox2_test PROPERTIES 1076 OUTPUT_NAME sandbox2_test 1077 ) 1078 add_dependencies(sandbox2_sandbox2_test 1079 sandbox2::testcase_abort 1080 sandbox2::testcase_custom_fork 1081 sandbox2::testcase_minimal 1082 sandbox2::testcase_sleep 1083 sandbox2::testcase_tsync 1084 ) 1085 target_link_libraries(sandbox2_sandbox2_test PRIVATE 1086 absl::status 1087 absl::statusor 1088 absl::strings 1089 absl::synchronization 1090 absl::time 1091 sapi::config 1092 sandbox2::fork_client 1093 sandbox2::sandbox2 1094 sapi::testing 1095 sapi::status_matchers 1096 sapi::test_main 1097 sapi::thread 1098 ) 1099 gtest_discover_tests_xcompile(sandbox2_sandbox2_test PROPERTIES 1100 ENVIRONMENT "TEST_TMPDIR=/tmp" 1101 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 1102 ) 1103 1104 # sandboxed_api/sandbox2:sanitizer_test 1105 add_executable(sandbox2_sanitizer_test 1106 sanitizer_test.cc 1107 ) 1108 set_target_properties(sandbox2_sanitizer_test PROPERTIES 1109 OUTPUT_NAME sanitizer_test 1110 ) 1111 add_dependencies(sandbox2_sanitizer_test 1112 sandbox2::testcase_sanitizer 1113 sandbox2::testcase_close_fds 1114 ) 1115 target_link_libraries(sandbox2_sanitizer_test PRIVATE 1116 absl::strings 1117 sandbox2::bpf_helper 1118 sandbox2::client 1119 sandbox2::comms 1120 sandbox2::sandbox2 1121 sandbox2::sanitizer 1122 sapi::testing 1123 sandbox2::util 1124 sapi::status_matchers 1125 sapi::test_main 1126 ) 1127 gtest_discover_tests_xcompile(sandbox2_sanitizer_test PROPERTIES 1128 ENVIRONMENT "TEST_TMPDIR=/tmp" 1129 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 1130 ) 1131 1132 # sandboxed_api/sandbox2:util_test 1133 add_executable(sandbox2_util_test 1134 util_test.cc 1135 ) 1136 set_target_properties(sandbox2_util_test PROPERTIES 1137 OUTPUT_NAME util_test 1138 ) 1139 add_dependencies(sandbox2_sandbox2_test 1140 sandbox2::testcase_util_communicate 1141 ) 1142 target_link_libraries(sandbox2_util_test PRIVATE 1143 sandbox2::util 1144 absl::status 1145 absl::statusor 1146 absl::strings 1147 absl::check 1148 absl::cleanup 1149 absl::span 1150 sapi::status_matchers 1151 sapi::testing 1152 sapi::test_main 1153 ) 1154 gtest_discover_tests_xcompile(sandbox2_util_test) 1155 1156 # sandboxed_api/sandbox2:stack_trace_test 1157 add_executable(sandbox2_stack_trace_test 1158 stack_trace_test.cc 1159 ) 1160 set_target_properties(sandbox2_stack_trace_test PROPERTIES 1161 OUTPUT_NAME stack_trace_test 1162 ) 1163 add_dependencies(sandbox2_stack_trace_test 1164 sandbox2::testcase_symbolize 1165 ) 1166 target_link_libraries(sandbox2_stack_trace_test PRIVATE 1167 absl::check 1168 absl::flags 1169 absl::log_severity 1170 absl::scoped_mock_log 1171 absl::status 1172 absl::strings 1173 absl::time 1174 sandbox2::allowlists_all_syscalls 1175 sandbox2::allowlists_namespaces 1176 sandbox2::global_forkserver 1177 sandbox2::sandbox2 1178 sandbox2::stack_trace 1179 sandbox2::util 1180 sapi::fileops 1181 sapi::testing 1182 sapi::status_matchers 1183 sapi::test_main 1184 ) 1185 gtest_discover_tests_xcompile(sandbox2_stack_trace_test PROPERTIES 1186 ENVIRONMENT "TEST_TMPDIR=/tmp" 1187 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 1188 ) 1189 1190 # sandboxed_api/sandbox2:ipc_test 1191 add_executable(sandbox2_ipc_test 1192 ipc_test.cc 1193 ) 1194 set_target_properties(sandbox2_ipc_test PROPERTIES 1195 OUTPUT_NAME ipc_test 1196 ) 1197 add_dependencies(sandbox2_ipc_test 1198 sandbox2::testcase_ipc 1199 ) 1200 target_link_libraries(sandbox2_ipc_test PRIVATE 1201 sandbox2::comms 1202 sandbox2::ipc 1203 sandbox2::sandbox2 1204 sapi::testing 1205 sapi::status_matchers 1206 sapi::test_main 1207 ) 1208 gtest_discover_tests_xcompile(sandbox2_ipc_test PROPERTIES 1209 ENVIRONMENT "TEST_TMPDIR=/tmp" 1210 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 1211 ) 1212 1213 # sandboxed_api/sandbox2:policybuilder_test 1214 add_executable(sandbox2_policybuilder_test 1215 policybuilder_test.cc 1216 ) 1217 set_target_properties(sandbox2_policybuilder_test PROPERTIES 1218 OUTPUT_NAME policybuilder_test 1219 ) 1220 target_link_libraries(sandbox2_policybuilder_test 1221 PRIVATE absl::strings 1222 absl::log 1223 absl::status 1224 absl::statusor 1225 sandbox2::allowlists_unrestricted_networking 1226 sandbox2::bpf_helper 1227 sandbox2::policy 1228 sandbox2::policybuilder 1229 sapi::file_base 1230 sapi::fileops 1231 sapi::testing 1232 sapi::status_matchers 1233 sapi::test_main 1234 ) 1235 gtest_discover_tests_xcompile(sandbox2_policybuilder_test PROPERTIES 1236 ENVIRONMENT "TEST_TMPDIR=/tmp" 1237 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 1238 ) 1239 1240 # sandboxed_api/sandbox2:bpfdisassembler_test 1241 add_executable(sandbox2_bpfdisassembler_test 1242 bpfdisassembler_test.cc 1243 ) 1244 set_target_properties(sandbox2_bpfdisassembler_test PROPERTIES 1245 OUTPUT_NAME bpfdisassembler_test 1246 ) 1247 target_link_libraries(sandbox2_bpfdisassembler_test 1248 PRIVATE sandbox2::bpfdisassembler 1249 sandbox2::bpf_helper 1250 sapi::test_main 1251 ) 1252 gtest_discover_tests_xcompile(sandbox2_bpfdisassembler_test PROPERTIES 1253 ENVIRONMENT "TEST_TMPDIR=/tmp" 1254 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 1255 ) 1256 1257# sandboxed_api/sandbox2:bpf_evaluator_test 1258 add_executable(sandbox2_bpf_evaluator_test 1259 bpf_evaluator_test.cc 1260 ) 1261 set_target_properties(sandbox2_bpf_evaluator_test PROPERTIES 1262 OUTPUT_NAME bpf_evaluator_test 1263 ) 1264 target_link_libraries(sandbox2_bpf_evaluator_test 1265 PRIVATE sandbox2::bpf_evaluator 1266 sandbox2::bpf_helper 1267 absl::status 1268 sapi::status_matchers 1269 sapi::test_main 1270 ) 1271 gtest_discover_tests_xcompile(sandbox2_bpf_evaluator_test PROPERTIES 1272 ENVIRONMENT "TEST_TMPDIR=/tmp" 1273 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 1274 ) 1275 1276 # sandboxed_api/sandbox2:network_proxy_test 1277 add_executable(sandbox2_network_proxy_test 1278 network_proxy_test.cc 1279 ) 1280 set_target_properties(sandbox2_network_proxy_test PROPERTIES 1281 OUTPUT_NAME network_proxy_test 1282 ) 1283 target_link_libraries(sandbox2_network_proxy_test 1284 PRIVATE absl::status 1285 absl::time 1286 sandbox2::sandbox2 1287 sandbox2::network_proxy_testing 1288 sapi::status_matchers 1289 sapi::testing 1290 sapi::test_main 1291 ) 1292 gtest_discover_tests_xcompile(sandbox2_bpfdisassembler_test PROPERTIES 1293 ENVIRONMENT "TEST_TMPDIR=/tmp" 1294 ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}" 1295 ) 1296 1297endif() 1298 1299configure_file( 1300 "${PROJECT_SOURCE_DIR}/cmake/sandbox2.pc.in" 1301 "${PROJECT_BINARY_DIR}/sandbox2.pc" 1302 @ONLY 1303) 1304 1305install(FILES "${PROJECT_BINARY_DIR}/sandbox2.pc" 1306 DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig") 1307