• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2019 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#     https://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# The 'crc4' example demonstrates:
16# - Separate executor and sandboxee
17# - Sandboxee enables sandboxing by calling SandboxMeHere()
18# - Strict syscall policy
19# - Using sandbox2::Comms for data exchange (IPC)
20# - Test to ensure sandbox executor runs sandboxee without issue
21
22load("@com_google_sandboxed_api//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
23
24package(default_visibility = [
25    "@com_google_sandboxed_api//sandboxed_api/sandbox2:__subpackages__",
26])
27
28licenses(["notice"])
29
30# Executor
31cc_binary(
32    name = "crc4sandbox",
33    srcs = ["crc4sandbox.cc"],
34    copts = sapi_platform_copts(),
35    data = [":crc4bin"],
36    deps = [
37        "@com_google_absl//absl/flags:flag",
38        "@com_google_absl//absl/flags:parse",
39        "@com_google_absl//absl/log",
40        "@com_google_absl//absl/log:globals",
41        "@com_google_absl//absl/log:initialize",
42        "@com_google_absl//absl/strings:string_view",
43        "@com_google_absl//absl/time",
44        "@com_google_sandboxed_api//sandboxed_api/sandbox2",
45        "@com_google_sandboxed_api//sandboxed_api/sandbox2:comms",
46        "@com_google_sandboxed_api//sandboxed_api/sandbox2/allowlists:namespaces",
47        "@com_google_sandboxed_api//sandboxed_api/sandbox2/util:bpf_helper",
48        "@com_google_sandboxed_api//sandboxed_api/util:runfiles",
49    ],
50)
51
52# Sandboxee
53cc_binary(
54    name = "crc4bin",
55    srcs = ["crc4bin.cc"],
56    copts = sapi_platform_copts(),
57    deps = [
58        "@com_google_absl//absl/flags:flag",
59        "@com_google_absl//absl/flags:parse",
60        "@com_google_absl//absl/strings:string_view",
61        "@com_google_sandboxed_api//sandboxed_api/sandbox2:client",
62        "@com_google_sandboxed_api//sandboxed_api/sandbox2:comms",
63        "@com_google_sandboxed_api//sandboxed_api/sandbox2:util",
64    ],
65)
66
67cc_test(
68    name = "crc4sandbox_test",
69    srcs = ["crc4sandbox_test.cc"],
70    copts = sapi_platform_copts(),
71    data = [":crc4sandbox"],
72    tags = [
73        "local",
74        "no_qemu_user_mode",
75    ],
76    deps = [
77        "@com_google_absl//absl/log",
78        "@com_google_googletest//:gtest_main",
79        "@com_google_sandboxed_api//sandboxed_api:testing",
80        "@com_google_sandboxed_api//sandboxed_api/sandbox2:util",
81        "@com_google_sandboxed_api//sandboxed_api/util:status_matchers",
82    ],
83)
84