1# Copyright (c) 2012 The Chromium Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5{ 6 'variables': { 7 'conditions': [ 8 ['OS=="linux"', { 9 'compile_suid_client': 1, 10 'compile_credentials': 1, 11 }, { 12 'compile_suid_client': 0, 13 'compile_credentials': 0, 14 }], 15 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64")', { 16 'compile_seccomp_bpf_demo': 1, 17 }, { 18 'compile_seccomp_bpf_demo': 0, 19 }], 20 ], 21 }, 22 'target_defaults': { 23 'target_conditions': [ 24 # All linux/ files will automatically be excluded on Android 25 # so make sure we re-include them explicitly. 26 ['OS == "android"', { 27 'sources/': [ 28 ['include', '^linux/'], 29 ], 30 }], 31 ], 32 }, 33 'targets': [ 34 # We have two principal targets: sandbox and sandbox_linux_unittests 35 # All other targets are listed as dependencies. 36 # There is one notable exception: for historical reasons, chrome_sandbox is 37 # the setuid sandbox and is its own target. 38 { 39 'target_name': 'sandbox', 40 'type': 'none', 41 'dependencies': [ 42 'sandbox_services', 43 ], 44 'conditions': [ 45 [ 'compile_suid_client==1', { 46 'dependencies': [ 47 'suid_sandbox_client', 48 ], 49 }], 50 # Compile seccomp BPF when we support it. 51 [ 'use_seccomp_bpf==1', { 52 'dependencies': [ 53 'seccomp_bpf', 54 'seccomp_bpf_helpers', 55 ], 56 }], 57 ], 58 }, 59 { 60 'target_name': 'sandbox_linux_test_utils', 61 'type': 'static_library', 62 'dependencies': [ 63 '../testing/gtest.gyp:gtest', 64 ], 65 'include_dirs': [ 66 '../..', 67 ], 68 'sources': [ 69 'tests/sandbox_test_runner.cc', 70 'tests/sandbox_test_runner.h', 71 'tests/sandbox_test_runner_function_pointer.cc', 72 'tests/sandbox_test_runner_function_pointer.h', 73 'tests/test_utils.cc', 74 'tests/test_utils.h', 75 'tests/unit_tests.cc', 76 'tests/unit_tests.h', 77 ], 78 'conditions': [ 79 [ 'use_seccomp_bpf==1', { 80 'sources': [ 81 'seccomp-bpf/bpf_tester_compatibility_delegate.h', 82 'seccomp-bpf/bpf_tests.h', 83 'seccomp-bpf/sandbox_bpf_test_runner.cc', 84 'seccomp-bpf/sandbox_bpf_test_runner.h', 85 ], 86 'dependencies': [ 87 'seccomp_bpf', 88 ] 89 }], 90 ], 91 }, 92 { 93 # The main sandboxing test target. 94 'target_name': 'sandbox_linux_unittests', 95 'includes': [ 96 'sandbox_linux_test_sources.gypi', 97 ], 98 'type': 'executable', 99 }, 100 { 101 # This target is the shared library used by Android APK (i.e. 102 # JNI-friendly) tests. 103 'target_name': 'sandbox_linux_jni_unittests', 104 'includes': [ 105 'sandbox_linux_test_sources.gypi', 106 ], 107 'type': 'shared_library', 108 'conditions': [ 109 [ 'OS == "android"', { 110 'dependencies': [ 111 '../testing/android/native_test.gyp:native_test_native_code', 112 ], 113 }], 114 ], 115 }, 116 { 117 'target_name': 'seccomp_bpf', 118 'type': '<(component)', 119 'sources': [ 120 'seccomp-bpf/basicblock.cc', 121 'seccomp-bpf/basicblock.h', 122 'seccomp-bpf/codegen.cc', 123 'seccomp-bpf/codegen.h', 124 'seccomp-bpf/die.cc', 125 'seccomp-bpf/die.h', 126 'seccomp-bpf/errorcode.cc', 127 'seccomp-bpf/errorcode.h', 128 'seccomp-bpf/instruction.h', 129 'seccomp-bpf/linux_seccomp.h', 130 'seccomp-bpf/sandbox_bpf.cc', 131 'seccomp-bpf/sandbox_bpf.h', 132 'seccomp-bpf/sandbox_bpf_compatibility_policy.h', 133 'seccomp-bpf/sandbox_bpf_policy.cc', 134 'seccomp-bpf/sandbox_bpf_policy.h', 135 'seccomp-bpf/syscall.cc', 136 'seccomp-bpf/syscall.h', 137 'seccomp-bpf/syscall_iterator.cc', 138 'seccomp-bpf/syscall_iterator.h', 139 'seccomp-bpf/trap.cc', 140 'seccomp-bpf/trap.h', 141 'seccomp-bpf/verifier.cc', 142 'seccomp-bpf/verifier.h', 143 ], 144 'dependencies': [ 145 '../base/base.gyp:base', 146 'sandbox_services_headers', 147 ], 148 'defines': [ 149 'SANDBOX_IMPLEMENTATION', 150 ], 151 'include_dirs': [ 152 '../..', 153 ], 154 }, 155 { 156 'target_name': 'seccomp_bpf_helpers', 157 'type': '<(component)', 158 'sources': [ 159 'seccomp-bpf-helpers/baseline_policy.cc', 160 'seccomp-bpf-helpers/baseline_policy.h', 161 'seccomp-bpf-helpers/sigsys_handlers.cc', 162 'seccomp-bpf-helpers/sigsys_handlers.h', 163 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc', 164 'seccomp-bpf-helpers/syscall_parameters_restrictions.h', 165 'seccomp-bpf-helpers/syscall_sets.cc', 166 'seccomp-bpf-helpers/syscall_sets.h', 167 ], 168 'dependencies': [ 169 '../base/base.gyp:base', 170 'seccomp_bpf', 171 ], 172 'defines': [ 173 'SANDBOX_IMPLEMENTATION', 174 ], 175 'include_dirs': [ 176 '../..', 177 ], 178 }, 179 { 180 # A demonstration program for the seccomp-bpf sandbox. 181 'target_name': 'seccomp_bpf_demo', 182 'conditions': [ 183 ['compile_seccomp_bpf_demo==1', { 184 'type': 'executable', 185 'sources': [ 186 'seccomp-bpf/demo.cc', 187 ], 188 'dependencies': [ 189 'seccomp_bpf', 190 ], 191 }, { 192 'type': 'none', 193 }], 194 ], 195 'include_dirs': [ 196 '../../', 197 ], 198 }, 199 { 200 # The setuid sandbox, for Linux 201 'target_name': 'chrome_sandbox', 202 'type': 'executable', 203 'sources': [ 204 'suid/common/sandbox.h', 205 'suid/common/suid_unsafe_environment_variables.h', 206 'suid/linux_util.c', 207 'suid/linux_util.h', 208 'suid/process_util.h', 209 'suid/process_util_linux.c', 210 'suid/sandbox.c', 211 ], 212 'cflags': [ 213 # For ULLONG_MAX 214 '-std=gnu99', 215 ], 216 'include_dirs': [ 217 '../..', 218 ], 219 # Do not use any sanitizer tools with this binary. http://crbug.com/382766 220 'cflags/': [ 221 ['exclude', '-fsanitize'], 222 ], 223 'ldflags/': [ 224 ['exclude', '-fsanitize'], 225 ], 226 }, 227 { 'target_name': 'sandbox_services', 228 'type': '<(component)', 229 'sources': [ 230 'services/broker_process.cc', 231 'services/broker_process.h', 232 'services/init_process_reaper.cc', 233 'services/init_process_reaper.h', 234 'services/scoped_process.cc', 235 'services/scoped_process.h', 236 'services/thread_helpers.cc', 237 'services/thread_helpers.h', 238 'services/yama.h', 239 'services/yama.cc', 240 ], 241 'dependencies': [ 242 '../base/base.gyp:base', 243 ], 244 'defines': [ 245 'SANDBOX_IMPLEMENTATION', 246 ], 247 'conditions': [ 248 ['compile_credentials==1', { 249 'sources': [ 250 'services/credentials.cc', 251 'services/credentials.h', 252 ], 253 'dependencies': [ 254 # for capabilities.cc. 255 '../build/linux/system.gyp:libcap', 256 ], 257 }], 258 ], 259 'include_dirs': [ 260 '..', 261 ], 262 }, 263 { 'target_name': 'sandbox_services_headers', 264 'type': 'none', 265 'sources': [ 266 'services/android_arm_ucontext.h', 267 'services/android_futex.h', 268 'services/android_ucontext.h', 269 'services/android_i386_ucontext.h', 270 'services/arm_linux_syscalls.h', 271 'services/linux_syscalls.h', 272 'services/x86_32_linux_syscalls.h', 273 'services/x86_64_linux_syscalls.h', 274 ], 275 'include_dirs': [ 276 '..', 277 ], 278 }, 279 { 280 # We make this its own target so that it does not interfere 281 # with our tests. 282 'target_name': 'libc_urandom_override', 283 'type': 'static_library', 284 'sources': [ 285 'services/libc_urandom_override.cc', 286 'services/libc_urandom_override.h', 287 ], 288 'dependencies': [ 289 '../base/base.gyp:base', 290 ], 291 'include_dirs': [ 292 '..', 293 ], 294 }, 295 { 296 'target_name': 'suid_sandbox_client', 297 'type': '<(component)', 298 'sources': [ 299 'suid/common/sandbox.h', 300 'suid/common/suid_unsafe_environment_variables.h', 301 'suid/client/setuid_sandbox_client.cc', 302 'suid/client/setuid_sandbox_client.h', 303 ], 304 'defines': [ 305 'SANDBOX_IMPLEMENTATION', 306 ], 307 'dependencies': [ 308 '../base/base.gyp:base', 309 'sandbox_services', 310 ], 311 'include_dirs': [ 312 '..', 313 ], 314 }, 315 ], 316 'conditions': [ 317 [ 'OS=="android"', { 318 'targets': [ 319 { 320 'target_name': 'sandbox_linux_unittests_stripped', 321 'type': 'none', 322 'dependencies': [ 'sandbox_linux_unittests' ], 323 'actions': [{ 324 'action_name': 'strip sandbox_linux_unittests', 325 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ], 326 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ], 327 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ], 328 }], 329 } 330 ], 331 }], 332 [ 'OS=="android"', { 333 'targets': [ 334 { 335 'target_name': 'sandbox_linux_jni_unittests_apk', 336 'type': 'none', 337 'variables': { 338 'test_suite_name': 'sandbox_linux_jni_unittests', 339 }, 340 'dependencies': [ 341 'sandbox_linux_jni_unittests', 342 ], 343 'includes': [ '../../build/apk_test.gypi' ], 344 } 345 ], 346 }], 347 ['test_isolation_mode != "noop"', { 348 'targets': [ 349 { 350 'target_name': 'sandbox_linux_unittests_run', 351 'type': 'none', 352 'dependencies': [ 353 'sandbox_linux_unittests', 354 ], 355 'includes': [ 356 '../../build/isolate.gypi', 357 '../sandbox_linux_unittests.isolate', 358 ], 359 'sources': [ 360 '../sandbox_linux_unittests.isolate', 361 ], 362 }, 363 ], 364 }], 365 ], 366} 367