OLD | NEW |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 | 4 |
5 { | 5 { |
6 'variables': { | 6 'variables': { |
7 'chromium_code': 1, | 7 'chromium_code': 1, |
8 }, | 8 }, |
9 'target_defaults': { | 9 'target_defaults': { |
10 'variables': { | |
11 'sandbox_windows_target': 0, | |
12 }, | |
13 'target_conditions': [ | |
14 ['sandbox_windows_target==1', { | |
15 # Files that are shared between the 32-bit and the 64-bit versions | |
16 # of the Windows sandbox library. | |
17 'sources': [ | |
18 'src/acl.cc', | |
19 'src/acl.h', | |
20 'src/broker_services.cc', | |
21 'src/broker_services.h', | |
22 'src/crosscall_client.h', | |
23 'src/crosscall_params.h', | |
24 'src/crosscall_server.cc', | |
25 'src/crosscall_server.h', | |
26 'src/dep.cc', | |
27 'src/dep.h', | |
28 'src/eat_resolver.cc', | |
29 'src/eat_resolver.h', | |
30 'src/filesystem_dispatcher.cc', | |
31 'src/filesystem_dispatcher.h', | |
32 'src/filesystem_interception.cc', | |
33 'src/filesystem_interception.h', | |
34 'src/filesystem_policy.cc', | |
35 'src/filesystem_policy.h', | |
36 'src/handle_closer.cc', | |
37 'src/handle_closer.h', | |
38 'src/handle_closer_agent.cc', | |
39 'src/handle_closer_agent.h', | |
40 'src/handle_dispatcher.cc', | |
41 'src/handle_dispatcher.h', | |
42 'src/handle_interception.cc', | |
43 'src/handle_interception.h', | |
44 'src/handle_policy.cc', | |
45 'src/handle_policy.h', | |
46 'src/handle_table.cc', | |
47 'src/handle_table.h', | |
48 'src/interception.cc', | |
49 'src/interception.h', | |
50 'src/interception_agent.cc', | |
51 'src/interception_agent.h', | |
52 'src/interception_internal.h', | |
53 'src/interceptors.h', | |
54 'src/internal_types.h', | |
55 'src/ipc_tags.h', | |
56 'src/job.cc', | |
57 'src/job.h', | |
58 'src/named_pipe_dispatcher.cc', | |
59 'src/named_pipe_dispatcher.h', | |
60 'src/named_pipe_interception.cc', | |
61 'src/named_pipe_interception.h', | |
62 'src/named_pipe_policy.cc', | |
63 'src/named_pipe_policy.h', | |
64 'src/nt_internals.h', | |
65 'src/policy_broker.cc', | |
66 'src/policy_broker.h', | |
67 'src/policy_engine_opcodes.cc', | |
68 'src/policy_engine_opcodes.h', | |
69 'src/policy_engine_params.h', | |
70 'src/policy_engine_processor.cc', | |
71 'src/policy_engine_processor.h', | |
72 'src/policy_low_level.cc', | |
73 'src/policy_low_level.h', | |
74 'src/policy_params.h', | |
75 'src/policy_target.cc', | |
76 'src/policy_target.h', | |
77 'src/process_thread_dispatcher.cc', | |
78 'src/process_thread_dispatcher.h', | |
79 'src/process_thread_interception.cc', | |
80 'src/process_thread_interception.h', | |
81 'src/process_thread_policy.cc', | |
82 'src/process_thread_policy.h', | |
83 'src/registry_dispatcher.cc', | |
84 'src/registry_dispatcher.h', | |
85 'src/registry_interception.cc', | |
86 'src/registry_interception.h', | |
87 'src/registry_policy.cc', | |
88 'src/registry_policy.h', | |
89 'src/resolver.cc', | |
90 'src/resolver.h', | |
91 'src/restricted_token_utils.cc', | |
92 'src/restricted_token_utils.h', | |
93 'src/restricted_token.cc', | |
94 'src/restricted_token.h', | |
95 'src/sandbox_factory.h', | |
96 'src/sandbox_nt_types.h', | |
97 'src/sandbox_nt_util.cc', | |
98 'src/sandbox_nt_util.h', | |
99 'src/sandbox_policy_base.cc', | |
100 'src/sandbox_policy_base.h', | |
101 'src/sandbox_policy.h', | |
102 'src/sandbox_types.h', | |
103 'src/sandbox_utils.cc', | |
104 'src/sandbox_utils.h', | |
105 'src/sandbox.cc', | |
106 'src/sandbox.h', | |
107 'src/security_level.h', | |
108 'src/service_resolver.cc', | |
109 'src/service_resolver.h', | |
110 'src/shared_handles.cc', | |
111 'src/shared_handles.h', | |
112 'src/sharedmem_ipc_client.cc', | |
113 'src/sharedmem_ipc_client.h', | |
114 'src/sharedmem_ipc_server.cc', | |
115 'src/sharedmem_ipc_server.h', | |
116 'src/sid.cc', | |
117 'src/sid.h', | |
118 'src/sync_dispatcher.cc', | |
119 'src/sync_dispatcher.h', | |
120 'src/sync_interception.cc', | |
121 'src/sync_interception.h', | |
122 'src/sync_policy.cc', | |
123 'src/sync_policy.h', | |
124 'src/target_interceptions.cc', | |
125 'src/target_interceptions.h', | |
126 'src/target_process.cc', | |
127 'src/target_process.h', | |
128 'src/target_services.cc', | |
129 'src/target_services.h', | |
130 'src/win_utils.cc', | |
131 'src/win_utils.h', | |
132 'src/win2k_threadpool.cc', | |
133 'src/win2k_threadpool.h', | |
134 'src/window.cc', | |
135 'src/window.h', | |
136 ], | |
137 }], | |
138 ], | |
139 }, | 10 }, |
140 'conditions': [ | 11 'conditions': [ |
141 [ 'OS!="win" and OS!="mac"', { | 12 [ 'OS=="linux"', { |
| 13 'includes': [ |
| 14 'sandbox_linux.gypi', |
| 15 ], |
| 16 }], |
| 17 [ 'OS=="win"', { |
| 18 'includes': [ |
| 19 'sandbox_windows.gypi', |
| 20 ], |
| 21 }], |
| 22 [ 'OS!="win" and OS!="mac" and OS!="linux"', { |
| 23 # We need a 'default' to accomodate the "sandbox" target, for instance |
| 24 # on Android. |
142 'targets': [ | 25 'targets': [ |
143 { | 26 { |
144 'target_name': 'sandbox', | 27 'target_name': 'sandbox', |
145 'type': 'none', | 28 'type': 'none', |
146 'conditions': [ | 29 } |
147 # Only compile in the seccomp mode 1 code for the flag combination | 30 ] |
148 # where we support it. | |
149 [ 'OS=="linux" and (target_arch=="ia32" or target_arch=="x64") ' | |
150 'and toolkit_views==0 and selinux==0', { | |
151 'dependencies': [ | |
152 '../seccompsandbox/seccomp.gyp:seccomp_sandbox', | |
153 ], | |
154 }], | |
155 # This does not include Android. | |
156 [ 'OS=="linux" and (target_arch=="ia32" or target_arch=="x64")', { | |
157 'type': 'static_library', | |
158 # Compile seccomp mode 2 code on Linux | |
159 'sources': [ | |
160 'linux/seccomp-bpf/sandbox_bpf.cc', | |
161 'linux/seccomp-bpf/sandbox_bpf.h', | |
162 'linux/seccomp-bpf/verifier.cc', | |
163 'linux/seccomp-bpf/verifier.h', | |
164 ], | |
165 'dependencies': [ | |
166 '../base/base.gyp:base', | |
167 ], | |
168 'include_dirs': [ | |
169 '..', | |
170 ], | |
171 }], | |
172 ], | |
173 }, | |
174 ], | |
175 }], | |
176 [ 'OS=="linux" and selinux==0', { | |
177 'targets': [ | |
178 { | |
179 'target_name': 'chrome_sandbox', | |
180 'type': 'executable', | |
181 'sources': [ | |
182 'linux/suid/linux_util.c', | |
183 'linux/suid/linux_util.h', | |
184 'linux/suid/process_util.h', | |
185 'linux/suid/process_util_linux.c', | |
186 'linux/suid/sandbox.h', | |
187 'linux/suid/sandbox.c', | |
188 ], | |
189 'cflags': [ | |
190 # For ULLONG_MAX | |
191 '-std=gnu99', | |
192 ], | |
193 'include_dirs': [ | |
194 '..', | |
195 ], | |
196 }, | |
197 ], | |
198 }], | |
199 [ 'OS=="win"', { | |
200 'targets': [ | |
201 { | |
202 'target_name': 'sandbox', | |
203 'type': 'static_library', | |
204 'variables': { | |
205 'sandbox_windows_target': 1, | |
206 }, | |
207 'dependencies': [ | |
208 '../testing/gtest.gyp:gtest', | |
209 '../base/base.gyp:base', | |
210 '../base/base.gyp:base_static', | |
211 ], | |
212 'export_dependent_settings': [ | |
213 '../base/base.gyp:base', | |
214 ], | |
215 'sources': [ | |
216 # Files that are used by the 32-bit version of Windows sandbox only. | |
217 'src/resolver_32.cc', | |
218 'src/service_resolver_32.cc', | |
219 'src/sidestep_resolver.cc', | |
220 'src/sidestep_resolver.h', | |
221 'src/sidestep\ia32_modrm_map.cpp', | |
222 'src/sidestep\ia32_opcode_map.cpp', | |
223 'src/sidestep\mini_disassembler_types.h', | |
224 'src/sidestep\mini_disassembler.cpp', | |
225 'src/sidestep\mini_disassembler.h', | |
226 'src/sidestep\preamble_patcher_with_stub.cpp', | |
227 'src/sidestep\preamble_patcher.h', | |
228 'src/Wow64.cc', | |
229 'src/Wow64.h', | |
230 ], | |
231 'include_dirs': [ | |
232 '..', | |
233 ], | |
234 'copies': [ | |
235 { | |
236 'destination': '<(PRODUCT_DIR)', | |
237 'files': [ | |
238 'wow_helper/wow_helper.exe', | |
239 'wow_helper/wow_helper.pdb', | |
240 ], | |
241 }, | |
242 ], | |
243 'direct_dependent_settings': { | |
244 'include_dirs': [ | |
245 'src', | |
246 '..', | |
247 ], | |
248 }, | |
249 }, | |
250 { | |
251 'target_name': 'sandbox_win64', | |
252 'type': 'static_library', | |
253 'variables': { | |
254 'sandbox_windows_target': 1, | |
255 }, | |
256 'dependencies': [ | |
257 '../testing/gtest.gyp:gtest', | |
258 '../base/base.gyp:base_nacl_win64', | |
259 '../base/base.gyp:base_static_win64', | |
260 ], | |
261 'configurations': { | |
262 'Common_Base': { | |
263 'msvs_target_platform': 'x64', | |
264 }, | |
265 }, | |
266 'sources': [ | |
267 # Files that are used by the 64-bit version of Windows sandbox only. | |
268 'src/interceptors_64.cc', | |
269 'src/interceptors_64.h', | |
270 'src/resolver_64.cc', | |
271 'src/service_resolver_64.cc', | |
272 'src/Wow64_64.cc', | |
273 ], | |
274 'include_dirs': [ | |
275 '..', | |
276 ], | |
277 'direct_dependent_settings': { | |
278 'include_dirs': [ | |
279 'src', | |
280 '..', | |
281 ], | |
282 }, | |
283 'defines': [ | |
284 '<@(nacl_win64_defines)', | |
285 ] | |
286 }, | |
287 { | |
288 'target_name': 'sbox_integration_tests', | |
289 'type': 'executable', | |
290 'dependencies': [ | |
291 'sandbox', | |
292 '../testing/gtest.gyp:gtest', | |
293 ], | |
294 'sources': [ | |
295 'tests/common/controller.cc', | |
296 'tests/common/controller.h', | |
297 'tests/common/test_utils.cc', | |
298 'tests/common/test_utils.h', | |
299 'tests/integration_tests/integration_tests.cc', | |
300 'src/dep_test.cc', | |
301 'src/file_policy_test.cc', | |
302 'src/handle_policy_test.cc', | |
303 'tests/integration_tests/integration_tests_test.cc', | |
304 'src/handle_closer_test.cc', | |
305 'src/integrity_level_test.cc', | |
306 'src/ipc_ping_test.cc', | |
307 'src/named_pipe_policy_test.cc', | |
308 'src/policy_target_test.cc', | |
309 'src/process_policy_test.cc', | |
310 'src/registry_policy_test.cc', | |
311 'src/sync_policy_test.cc', | |
312 'src/unload_dll_test.cc', | |
313 ], | |
314 }, | |
315 { | |
316 'target_name': 'sbox_validation_tests', | |
317 'type': 'executable', | |
318 'dependencies': [ | |
319 'sandbox', | |
320 '../testing/gtest.gyp:gtest', | |
321 ], | |
322 'sources': [ | |
323 'tests/common/controller.cc', | |
324 'tests/common/controller.h', | |
325 'tests/validation_tests/unit_tests.cc', | |
326 'tests/validation_tests/commands.cc', | |
327 'tests/validation_tests/commands.h', | |
328 'tests/validation_tests/suite.cc', | |
329 ], | |
330 }, | |
331 { | |
332 'target_name': 'sbox_unittests', | |
333 'type': 'executable', | |
334 'dependencies': [ | |
335 'sandbox', | |
336 '../testing/gtest.gyp:gtest', | |
337 ], | |
338 'sources': [ | |
339 'tests/common/test_utils.cc', | |
340 'tests/common/test_utils.h', | |
341 'tests/unit_tests/unit_tests.cc', | |
342 'src/interception_unittest.cc', | |
343 'src/service_resolver_unittest.cc', | |
344 'src/restricted_token_unittest.cc', | |
345 'src/job_unittest.cc', | |
346 'src/sid_unittest.cc', | |
347 'src/policy_engine_unittest.cc', | |
348 'src/policy_low_level_unittest.cc', | |
349 'src/policy_opcodes_unittest.cc', | |
350 'src/ipc_unittest.cc', | |
351 'src/threadpool_unittest.cc', | |
352 'src/win_utils_unittest.cc', | |
353 ], | |
354 }, | |
355 { | |
356 'target_name': 'sandbox_poc', | |
357 'type': 'executable', | |
358 'dependencies': [ | |
359 'sandbox', | |
360 'pocdll', | |
361 ], | |
362 'sources': [ | |
363 'sandbox_poc/main_ui_window.cc', | |
364 'sandbox_poc/main_ui_window.h', | |
365 'sandbox_poc/resource.h', | |
366 'sandbox_poc/sandbox.cc', | |
367 'sandbox_poc/sandbox.h', | |
368 'sandbox_poc/sandbox.ico', | |
369 'sandbox_poc/sandbox.rc', | |
370 ], | |
371 'link_settings': { | |
372 'libraries': [ | |
373 '-lcomctl32.lib', | |
374 ], | |
375 }, | |
376 'msvs_settings': { | |
377 'VCLinkerTool': { | |
378 'SubSystem': '2', # Set /SUBSYSTEM:WINDOWS | |
379 }, | |
380 }, | |
381 }, | |
382 { | |
383 'target_name': 'pocdll', | |
384 'type': 'shared_library', | |
385 'sources': [ | |
386 'sandbox_poc/pocdll/exports.h', | |
387 'sandbox_poc/pocdll/fs.cc', | |
388 'sandbox_poc/pocdll/handles.cc', | |
389 'sandbox_poc/pocdll/invasive.cc', | |
390 'sandbox_poc/pocdll/network.cc', | |
391 'sandbox_poc/pocdll/pocdll.cc', | |
392 'sandbox_poc/pocdll/processes_and_threads.cc', | |
393 'sandbox_poc/pocdll/registry.cc', | |
394 'sandbox_poc/pocdll/spyware.cc', | |
395 'sandbox_poc/pocdll/utils.h', | |
396 ], | |
397 'defines': [ | |
398 'POCDLL_EXPORTS', | |
399 ], | |
400 'include_dirs': [ | |
401 '..', | |
402 ], | |
403 }, | |
404 ], | |
405 }], | 31 }], |
406 ], | 32 ], |
407 } | 33 } |
OLD | NEW |