• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2019 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#     https://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# Description: test cases for sandbox2 unit tests.
16#
17# Some of the following cc_binary options avoid dynamic linking which uses a
18# lot of syscalls (open, mmap, etc.):
19#   linkstatic = True                 Default for cc_binary
20#   features = ["fully_static_link"]  Adds -static
21#
22# Note that linking fully static with an unmodified glibc is not generally
23# considered safe, due to glibc relying heavily on loading shared objects at
24# runtime.
25# The rule of thumb when it is safe to do so is when the program either only
26# uses plain syscalls (bypassing any libc altogether) or if it does not use
27# any networking and none of the functionality from cstdio/stdio.h (due to
28# auto-loading of locale-specific shared objecs).
29
30load("@com_google_sandboxed_api//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
31
32package(default_visibility = [
33    "@com_google_sandboxed_api//sandboxed_api/sandbox2:__subpackages__",
34])
35
36licenses(["notice"])
37
38cc_binary(
39    name = "abort",
40    testonly = True,
41    srcs = ["abort.cc"],
42    copts = sapi_platform_copts(),
43    features = ["fully_static_link"],
44    deps = ["@com_google_sandboxed_api//sandboxed_api/util:raw_logging"],
45)
46
47cc_binary(
48    name = "add_policy_on_syscalls",
49    testonly = True,
50    srcs = ["add_policy_on_syscalls.cc"],
51    copts = sapi_platform_copts(),
52    features = ["fully_static_link"],
53)
54
55cc_binary(
56    name = "buffer",
57    testonly = True,
58    srcs = ["buffer.cc"],
59    copts = sapi_platform_copts(),
60    features = ["fully_static_link"],
61    deps = [
62        "@com_google_sandboxed_api//sandboxed_api/sandbox2:buffer",
63    ],
64)
65
66cc_binary(
67    name = "ipc",
68    testonly = True,
69    srcs = ["ipc.cc"],
70    copts = sapi_platform_copts(),
71    features = ["fully_static_link"],
72    deps = [
73        "@com_google_absl//absl/strings",
74        "@com_google_sandboxed_api//sandboxed_api/sandbox2:client",
75        "@com_google_sandboxed_api//sandboxed_api/sandbox2:comms",
76        "@com_google_sandboxed_api//sandboxed_api/util:raw_logging",
77    ],
78)
79
80cc_binary(
81    name = "malloc_system",
82    testonly = True,
83    srcs = ["malloc.cc"],
84    copts = sapi_platform_copts(),
85    features = ["fully_static_link"],
86)
87
88cc_binary(
89    name = "minimal_dynamic",
90    testonly = True,
91    srcs = ["minimal.cc"],
92    copts = sapi_platform_copts(),
93)
94
95cc_binary(
96    name = "minimal",
97    testonly = True,
98    srcs = ["minimal.cc"],
99    copts = sapi_platform_copts(),
100    features = ["fully_static_link"],
101)
102
103cc_binary(
104    name = "personality",
105    testonly = True,
106    srcs = ["personality.cc"],
107    copts = sapi_platform_copts(),
108    features = ["fully_static_link"],
109)
110
111cc_binary(
112    name = "pidcomms",
113    testonly = True,
114    srcs = ["pidcomms.cc"],
115    copts = sapi_platform_copts(),
116    features = ["fully_static_link"],
117    deps = [
118        "@com_google_sandboxed_api//sandboxed_api/sandbox2:client",
119        "@com_google_sandboxed_api//sandboxed_api/sandbox2:comms",
120        "@com_google_sandboxed_api//sandboxed_api/util:raw_logging",
121    ],
122)
123
124cc_binary(
125    name = "policy",
126    testonly = True,
127    srcs = ["policy.cc"],
128    copts = sapi_platform_copts(),
129    features = ["fully_static_link"],
130    deps = [
131        "@com_google_absl//absl/base:core_headers",
132        "@com_google_sandboxed_api//sandboxed_api:config",
133    ],
134)
135
136cc_binary(
137    name = "sandbox_detection",
138    testonly = True,
139    srcs = ["sandbox_detection.cc"],
140    copts = sapi_platform_copts(),
141    features = ["fully_static_link"],
142    deps = [
143        "@com_google_absl//absl/status:statusor",
144        "@com_google_sandboxed_api//sandboxed_api/sandbox2:client",
145        "@com_google_sandboxed_api//sandboxed_api/sandbox2:comms",
146        "@com_google_sandboxed_api//sandboxed_api/sandbox2:util",
147    ],
148)
149
150cc_binary(
151    name = "sanitizer",
152    testonly = True,
153    srcs = ["sanitizer.cc"],
154    copts = sapi_platform_copts(),
155    features = ["fully_static_link"],
156)
157
158cc_binary(
159    name = "close_fds",
160    testonly = True,
161    srcs = ["close_fds.cc"],
162    copts = sapi_platform_copts(),
163    deps = [
164        "@com_google_absl//absl/container:flat_hash_set",
165        "@com_google_absl//absl/log:check",
166        "@com_google_absl//absl/status",
167        "@com_google_absl//absl/strings",
168        "@com_google_sandboxed_api//sandboxed_api/sandbox2:sanitizer",
169    ],
170)
171
172cc_binary(
173    name = "sleep",
174    testonly = True,
175    srcs = ["sleep.cc"],
176    copts = sapi_platform_copts(),
177    features = ["fully_static_link"],
178)
179
180cc_library(
181    name = "symbolize_lib",
182    testonly = True,
183    srcs = ["symbolize_lib.cc"],
184    hdrs = ["symbolize_lib.h"],
185    copts = sapi_platform_copts([
186        "-fno-omit-frame-pointer",
187        "-fno-unwind-tables",
188        "-fno-asynchronous-unwind-tables",
189    ]),
190    features = ["fully_static_link"],
191    deps = [
192        "@com_google_absl//absl/base:core_headers",
193    ],
194)
195
196cc_binary(
197    name = "symbolize",
198    testonly = True,
199    srcs = ["symbolize.cc"],
200    copts = sapi_platform_copts(),
201    features = ["fully_static_link"],
202    deps = [
203        ":symbolize_lib",
204        "@com_google_absl//absl/base:core_headers",
205        "@com_google_absl//absl/strings",
206        "@com_google_sandboxed_api//sandboxed_api/util:raw_logging",
207    ],
208)
209
210cc_binary(
211    name = "tsync",
212    testonly = True,
213    srcs = ["tsync.cc"],
214    copts = sapi_platform_copts(),
215    features = ["fully_static_link"],
216    deps = [
217        "@com_google_sandboxed_api//sandboxed_api/sandbox2:client",
218        "@com_google_sandboxed_api//sandboxed_api/sandbox2:comms",
219    ],
220)
221
222cc_binary(
223    name = "starve",
224    testonly = True,
225    srcs = ["starve.cc"],
226    copts = sapi_platform_copts(),
227    features = ["fully_static_link"],
228)
229
230cc_binary(
231    name = "limits",
232    testonly = True,
233    srcs = ["limits.cc"],
234    copts = sapi_platform_copts(),
235    features = ["fully_static_link"],
236)
237
238cc_binary(
239    name = "namespace",
240    testonly = True,
241    srcs = ["namespace.cc"],
242    copts = sapi_platform_copts(),
243    features = ["fully_static_link"],
244    deps = [
245        "@com_google_absl//absl/container:flat_hash_set",
246        "@com_google_absl//absl/log:check",
247        "@com_google_absl//absl/strings",
248        "@com_google_sandboxed_api//sandboxed_api/sandbox2:comms",
249        "@com_google_sandboxed_api//sandboxed_api/util:file_base",
250        "@com_google_sandboxed_api//sandboxed_api/util:fileops",
251    ],
252)
253
254cc_binary(
255    name = "network_proxy",
256    testonly = True,
257    srcs = ["network_proxy.cc"],
258    copts = sapi_platform_copts(),
259    deps = [
260        "@com_google_absl//absl/base:log_severity",
261        "@com_google_absl//absl/flags:flag",
262        "@com_google_absl//absl/flags:parse",
263        "@com_google_absl//absl/log",
264        "@com_google_absl//absl/log:check",
265        "@com_google_absl//absl/log:globals",
266        "@com_google_absl//absl/log:initialize",
267        "@com_google_absl//absl/status",
268        "@com_google_absl//absl/status:statusor",
269        "@com_google_absl//absl/strings:str_format",
270        "@com_google_absl//absl/strings:string_view",
271        "@com_google_sandboxed_api//sandboxed_api/sandbox2:client",
272        "@com_google_sandboxed_api//sandboxed_api/sandbox2:comms",
273        "@com_google_sandboxed_api//sandboxed_api/sandbox2/network_proxy:client",
274        "@com_google_sandboxed_api//sandboxed_api/util:fileops",
275        "@com_google_sandboxed_api//sandboxed_api/util:status",
276    ],
277)
278
279cc_binary(
280    name = "custom_fork",
281    testonly = True,
282    srcs = ["custom_fork.cc"],
283    copts = sapi_platform_copts(),
284    features = ["fully_static_link"],
285    deps = [
286        "@com_google_sandboxed_api//sandboxed_api/sandbox2:comms",
287        "@com_google_sandboxed_api//sandboxed_api/sandbox2:forkingclient",
288        "@com_google_sandboxed_api//sandboxed_api/util:raw_logging",
289    ],
290)
291
292cc_binary(
293    name = "util_communicate",
294    testonly = True,
295    srcs = ["util_communicate.cc"],
296    copts = sapi_platform_copts(),
297)
298
299cc_binary(
300    name = "posix_timers",
301    testonly = True,
302    srcs = ["posix_timers.cc"],
303    copts = sapi_platform_copts(),
304    features = ["fully_static_link"],
305    linkopts = ["-lrt"],
306    deps = [
307        "@com_google_absl//absl/base:log_severity",
308        "@com_google_absl//absl/flags:flag",
309        "@com_google_absl//absl/flags:parse",
310        "@com_google_absl//absl/log",
311        "@com_google_absl//absl/log:check",
312        "@com_google_absl//absl/log:globals",
313        "@com_google_absl//absl/log:initialize",
314        "@com_google_absl//absl/strings:string_view",
315        "@com_google_absl//absl/time",
316    ],
317)
318