• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2019 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#     https://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# The 'network' example demonstrates:
16# - separate executor and sandboxee
17# - sandboxee enables sandboxing by calling SandboxMeHere()
18# - strict syscall policy
19# - sandbox2::Comms for data exchange (IPC)
20
21load("@com_google_sandboxed_api//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
22
23package(default_visibility = [
24    "@com_google_sandboxed_api//sandboxed_api/sandbox2:__subpackages__",
25])
26
27licenses(["notice"])
28
29# Executor
30cc_binary(
31    name = "network_sandbox",
32    srcs = ["network_sandbox.cc"],
33    copts = sapi_platform_copts(),
34    data = [":network_bin"],
35    deps = [
36        "@com_google_absl//absl/base:core_headers",
37        "@com_google_absl//absl/flags:parse",
38        "@com_google_absl//absl/log",
39        "@com_google_absl//absl/log:globals",
40        "@com_google_absl//absl/log:initialize",
41        "@com_google_absl//absl/status:statusor",
42        "@com_google_absl//absl/strings:string_view",
43        "@com_google_absl//absl/time",
44        "@com_google_sandboxed_api//sandboxed_api:config",
45        "@com_google_sandboxed_api//sandboxed_api/sandbox2",
46        "@com_google_sandboxed_api//sandboxed_api/sandbox2:comms",
47        "@com_google_sandboxed_api//sandboxed_api/sandbox2/network_proxy:testing",
48        "@com_google_sandboxed_api//sandboxed_api/util:runfiles",
49    ],
50)
51
52# Sandboxee
53cc_binary(
54    name = "network_bin",
55    srcs = ["network_bin.cc"],
56    copts = sapi_platform_copts(),
57    deps = [
58        "@com_google_absl//absl/log",
59        "@com_google_absl//absl/strings:str_format",
60        "@com_google_sandboxed_api//sandboxed_api/sandbox2:client",
61        "@com_google_sandboxed_api//sandboxed_api/sandbox2:comms",
62    ],
63)
64
65# Test
66sh_test(
67    name = "network_sandbox_test",
68    srcs = ["network_sandbox_test.sh"],
69    data = [":network_sandbox"],
70    tags = ["no_qemu_user_mode"],
71)
72