summaryrefslogtreecommitdiffstats
path: root/security/sandbox/linux/moz.build
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
commit26a029d407be480d791972afb5975cf62c9360a6 (patch)
treef435a8308119effd964b339f76abb83a57c29483 /security/sandbox/linux/moz.build
parentInitial commit. (diff)
downloadfirefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz
firefox-26a029d407be480d791972afb5975cf62c9360a6.zip
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/sandbox/linux/moz.build')
-rw-r--r--security/sandbox/linux/moz.build139
1 files changed, 139 insertions, 0 deletions
diff --git a/security/sandbox/linux/moz.build b/security/sandbox/linux/moz.build
new file mode 100644
index 0000000000..cbb99e514c
--- /dev/null
+++ b/security/sandbox/linux/moz.build
@@ -0,0 +1,139 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SharedLibrary("mozsandbox")
+
+# Depend on mozglue if and only if it's a shared library;
+# this needs to match mozglue/build/moz.build:
+if CONFIG["OS_TARGET"] == "Android":
+ USE_LIBS += [
+ "mozglue",
+ ]
+
+USE_LIBS += [
+ # For PR_GetEnv
+ "nspr",
+]
+
+EXPORTS.mozilla += [
+ "Sandbox.h",
+ "SandboxInfo.h",
+]
+
+UNIFIED_SOURCES += [
+ "../chromium-shim/base/logging.cpp",
+ "../chromium-shim/base/threading/platform_thread_linux.cpp",
+ "../chromium/base/at_exit.cc",
+ "../chromium/base/callback_internal.cc",
+ "../chromium/base/lazy_instance_helpers.cc",
+ "../chromium/base/location.cc",
+ "../chromium/base/memory/ref_counted.cc",
+ "../chromium/base/posix/can_lower_nice_to.cc",
+ "../chromium/base/posix/safe_strerror.cc",
+ "../chromium/base/strings/string16.cc",
+ "../chromium/base/strings/string_number_conversions.cc",
+ "../chromium/base/strings/string_piece.cc",
+ "../chromium/base/strings/string_util.cc",
+ "../chromium/base/strings/string_util_constants.cc",
+ "../chromium/base/strings/stringprintf.cc",
+ "../chromium/base/strings/utf_string_conversion_utils.cc",
+ "../chromium/base/strings/utf_string_conversions.cc",
+ "../chromium/base/synchronization/condition_variable_posix.cc",
+ "../chromium/base/synchronization/lock.cc",
+ "../chromium/base/synchronization/lock_impl_posix.cc",
+ "../chromium/base/synchronization/waitable_event_posix.cc",
+ "../chromium/base/threading/platform_thread.cc",
+ "../chromium/base/threading/platform_thread_internal_posix.cc",
+ "../chromium/base/threading/platform_thread_posix.cc",
+ "../chromium/base/threading/thread_collision_warner.cc",
+ "../chromium/base/threading/thread_id_name_manager.cc",
+ "../chromium/base/threading/thread_local_storage.cc",
+ "../chromium/base/threading/thread_local_storage_posix.cc",
+ "../chromium/base/threading/thread_restrictions.cc",
+ "../chromium/base/time/time.cc",
+ "../chromium/base/time/time_exploded_posix.cc",
+ "../chromium/base/time/time_now_posix.cc",
+ "../chromium/sandbox/linux/bpf_dsl/bpf_dsl.cc",
+ "../chromium/sandbox/linux/bpf_dsl/codegen.cc",
+ "../chromium/sandbox/linux/bpf_dsl/dump_bpf.cc",
+ "../chromium/sandbox/linux/bpf_dsl/policy.cc",
+ "../chromium/sandbox/linux/bpf_dsl/policy_compiler.cc",
+ "../chromium/sandbox/linux/bpf_dsl/syscall_set.cc",
+ "../chromium/sandbox/linux/seccomp-bpf/die.cc",
+ "../chromium/sandbox/linux/seccomp-bpf/syscall.cc",
+ "/ipc/glue/UtilityProcessSandboxing.cpp",
+ "broker/SandboxBrokerCommon.cpp",
+ "Sandbox.cpp",
+ "SandboxBrokerClient.cpp",
+ "SandboxFilter.cpp",
+ "SandboxFilterUtil.cpp",
+ "SandboxHooks.cpp",
+ "SandboxInfo.cpp",
+ "SandboxLogging.cpp",
+ "SandboxOpenedFiles.cpp",
+ "SandboxReporterClient.cpp",
+]
+
+SOURCES += [
+ "../chromium/base/strings/safe_sprintf.cc",
+ "../chromium/base/third_party/icu/icu_utf.cc",
+ "../chromium/sandbox/linux/seccomp-bpf/trap.cc",
+ "../chromium/sandbox/linux/services/syscall_wrappers.cc",
+]
+
+# This copy of SafeSPrintf doesn't need to avoid the Chromium logging
+# dependency like the one in libxul does, but this way the behavior is
+# consistent. See also the comment in SandboxLogging.h.
+SOURCES["../chromium/base/strings/safe_sprintf.cc"].flags += ["-DNDEBUG"]
+
+if CONFIG["CC_TYPE"] in ("clang", "gcc"):
+ # Keep clang from warning about intentional 'switch' fallthrough in icu_utf.cc:
+ SOURCES["../chromium/base/third_party/icu/icu_utf.cc"].flags += [
+ "-Wno-implicit-fallthrough"
+ ]
+ SOURCES["../chromium/sandbox/linux/seccomp-bpf/trap.cc"].flags += [
+ "-Wno-unreachable-code-return"
+ ]
+
+if CONFIG["CC_TYPE"] in ("clang", "gcc"):
+ CXXFLAGS += ["-Wno-error=stack-protector"]
+ SOURCES["../chromium/sandbox/linux/services/syscall_wrappers.cc"].flags += [
+ "-Wno-empty-body",
+ ]
+
+# gcc lto likes to put the top level asm in syscall.cc in a different partition
+# from the function using it which breaks the build. Work around that by
+# forcing there to be only one partition.
+for f in CONFIG["OS_CXXFLAGS"]:
+ if f.startswith("-flto") and CONFIG["CC_TYPE"] != "clang":
+ LDFLAGS += ["--param lto-partitions=1"]
+
+DEFINES["NS_NO_XPCOM"] = True
+DisableStlWrapping()
+
+LOCAL_INCLUDES += ["/security/sandbox/linux"]
+LOCAL_INCLUDES += ["/security/sandbox/chromium-shim"]
+LOCAL_INCLUDES += ["/security/sandbox/chromium"]
+LOCAL_INCLUDES += ["/nsprpub"]
+
+
+if CONFIG["OS_TARGET"] != "Android":
+ # Needed for clock_gettime with glibc < 2.17:
+ OS_LIBS += [
+ "rt",
+ ]
+
+DIRS += [
+ "broker",
+ "glue",
+ "interfaces",
+ "launch",
+ "reporter",
+]
+
+TEST_DIRS += [
+ "gtest",
+]