• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2025 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#     https://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# Description: Collection of allowlist tokens that are used to visibility
16# restrict features in Sandbox2.
17#
18# In order to restrict these functionalities, you will need to remove the
19# default visibility in a target (currently //visibility:public) with the
20# appropriate visibility list for your targets.
21
22load("@com_google_sandboxed_api//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
23
24licenses(["notice"])
25
26cc_library(
27    name = "all_syscalls",
28    hdrs = ["all_syscalls.h"],
29    copts = sapi_platform_copts(),
30    visibility = ["//visibility:public"],
31)
32
33cc_library(
34    name = "testonly_all_syscalls",
35    testonly = True,
36    hdrs = ["all_syscalls.h"],
37    copts = sapi_platform_copts(),
38    visibility = ["//visibility:public"],
39)
40
41cc_library(
42    name = "map_exec",
43    hdrs = ["map_exec.h"],
44    copts = sapi_platform_copts(),
45    visibility = ["//visibility:public"],
46)
47
48cc_library(
49    name = "testonly_map_exec",
50    testonly = True,
51    hdrs = ["map_exec.h"],
52    copts = sapi_platform_copts(),
53    visibility = ["//visibility:public"],
54)
55
56cc_library(
57    name = "seccomp_speculation",
58    hdrs = ["seccomp_speculation.h"],
59    copts = sapi_platform_copts(),
60    visibility = ["//visibility:public"],
61)
62
63cc_library(
64    name = "testonly_seccomp_speculation",
65    testonly = True,
66    hdrs = ["seccomp_speculation.h"],
67    copts = sapi_platform_copts(),
68    visibility = ["//visibility:public"],
69)
70
71cc_library(
72    name = "unrestricted_networking",
73    hdrs = ["unrestricted_networking.h"],
74    copts = sapi_platform_copts(),
75    visibility = ["//visibility:public"],
76)
77
78cc_library(
79    name = "testonly_unrestricted_networking",
80    testonly = True,
81    hdrs = ["unrestricted_networking.h"],
82    copts = sapi_platform_copts(),
83    visibility = ["//visibility:public"],
84)
85
86cc_library(
87    name = "namespaces",
88    hdrs = ["namespaces.h"],
89    copts = sapi_platform_copts(),
90    visibility = ["//visibility:public"],
91)
92
93cc_library(
94    name = "testonly_namespaces",
95    testonly = True,
96    hdrs = ["namespaces.h"],
97    copts = sapi_platform_copts(),
98    visibility = ["//visibility:public"],
99)
100
101cc_library(
102    name = "trace_all_syscalls",
103    hdrs = ["trace_all_syscalls.h"],
104    copts = sapi_platform_copts(),
105    visibility = ["//visibility:public"],
106)
107
108cc_library(
109    name = "testonly_trace_all_syscalls",
110    testonly = True,
111    hdrs = ["trace_all_syscalls.h"],
112    copts = sapi_platform_copts(),
113    visibility = ["//visibility:public"],
114)
115