summaryrefslogtreecommitdiffstats
path: root/security/sandbox/moz.build
blob: 902c73a7830522a276e905acaa0e03581903de35 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

BROWSER_CHROME_MANIFESTS += [
    "test/browser.ini",
    "test/browser_bug1717599_XDG-CONFIG-DIRS.ini",
    "test/browser_bug1717599_XDG-CONFIG-HOME.ini",
    "test/browser_snap.ini",
    "test/browser_xdg.ini",
]

with Files("**"):
    BUG_COMPONENT = ("Core", "Security: Process Sandboxing")

DIRS += ["common"]

if CONFIG["OS_ARCH"] == "Linux":
    DIRS += ["linux"]
elif CONFIG["OS_ARCH"] == "Darwin":
    DIRS += ["mac"]
elif CONFIG["OS_ARCH"] == "WINNT":
    Library("sandbox_s")
    FORCE_STATIC_LIB = True

    DIRS += [
        "win/src/remotesandboxbroker",
        "win/src/sandboxbroker",
        "win/src/sandboxtarget",
    ]

    EXPORTS.mozilla.sandboxing += [
        "chromium-shim/sandbox/win/loggingCallbacks.h",
        "chromium-shim/sandbox/win/loggingTypes.h",
        "chromium-shim/sandbox/win/sandboxLogging.h",
        "win/SandboxInitialization.h",
    ]

    SOURCES += [
        "chromium-shim/base/debug/crash_logging.cpp",
        "chromium-shim/base/file_version_info_win.cpp",
        "chromium-shim/base/files/file_path.cpp",
        "chromium-shim/base/logging.cpp",
        "chromium-shim/base/process/memory_win.cpp",
        "chromium-shim/base/win/win_util.cpp",
        "chromium-shim/sandbox/win/sandboxLogging.cpp",
        "chromium-shim/sandbox/win/src/line_break_dispatcher.cc",
        "chromium-shim/sandbox/win/src/line_break_interception.cc",
        "chromium-shim/sandbox/win/src/line_break_policy.cc",
        "chromium/base/at_exit.cc",
        "chromium/base/base_switches.cc",
        "chromium/base/callback_internal.cc",
        "chromium/base/cpu.cc",
        "chromium/base/debug/alias.cc",
        "chromium/base/debug/profiler.cc",
        "chromium/base/environment.cc",
        "chromium/base/files/file_path_constants.cc",
        "chromium/base/hash/hash.cc",
        "chromium/base/lazy_instance_helpers.cc",
        "chromium/base/location.cc",
        "chromium/base/memory/platform_shared_memory_region.cc",
        "chromium/base/memory/platform_shared_memory_region_win.cc",
        "chromium/base/memory/ref_counted.cc",
        "chromium/base/memory/shared_memory_mapping.cc",
        "chromium/base/memory/unsafe_shared_memory_region.cc",
        "chromium/base/process/environment_internal.cc",
        "chromium/base/process/process_handle_win.cc",
        "chromium/base/rand_util_win.cc",
        "chromium/base/scoped_clear_last_error_win.cc",
        "chromium/base/strings/nullable_string16.cc",
        "chromium/base/strings/string_number_conversions.cc",
        "chromium/base/strings/string_piece.cc",
        "chromium/base/strings/string_split.cc",
        "chromium/base/strings/string_util.cc",
        "chromium/base/strings/string_util_constants.cc",
        "chromium/base/strings/stringprintf.cc",
        "chromium/base/strings/utf_string_conversion_utils.cc",
        "chromium/base/strings/utf_string_conversions.cc",
        "chromium/base/synchronization/lock.cc",
        "chromium/base/synchronization/lock_impl_win.cc",
        "chromium/base/third_party/cityhash/city.cc",
        "chromium/base/third_party/double_conversion/double-conversion/bignum.cc",
        "chromium/base/third_party/double_conversion/double-conversion/cached-powers.cc",
        "chromium/base/third_party/double_conversion/double-conversion/string-to-double.cc",
        "chromium/base/third_party/double_conversion/double-conversion/strtod.cc",
        "chromium/base/third_party/icu/icu_utf.cc",
        "chromium/base/third_party/superfasthash/superfasthash.c",
        "chromium/base/threading/platform_thread.cc",
        "chromium/base/threading/platform_thread_win.cc",
        "chromium/base/threading/thread_collision_warner.cc",
        "chromium/base/threading/thread_id_name_manager.cc",
        "chromium/base/threading/thread_local_storage.cc",
        "chromium/base/threading/thread_local_storage_win.cc",
        "chromium/base/threading/thread_restrictions.cc",
        "chromium/base/time/time.cc",
        "chromium/base/time/time_win.cc",
        "chromium/base/time/time_win_features.cc",
        "chromium/base/token.cc",
        "chromium/base/unguessable_token.cc",
        "chromium/base/version.cc",
        "chromium/base/win/pe_image.cc",
        "chromium/base/win/scoped_handle.cc",
        "chromium/base/win/scoped_handle_verifier.cc",
        "chromium/base/win/scoped_process_information.cc",
        "chromium/base/win/startup_information.cc",
        "chromium/base/win/static_constants.cc",
        "chromium/base/win/windows_version.cc",
        "chromium/sandbox/win/src/acl.cc",
        "chromium/sandbox/win/src/app_container_profile_base.cc",
        "chromium/sandbox/win/src/broker_services.cc",
        "chromium/sandbox/win/src/crosscall_server.cc",
        "chromium/sandbox/win/src/eat_resolver.cc",
        "chromium/sandbox/win/src/filesystem_dispatcher.cc",
        "chromium/sandbox/win/src/filesystem_interception.cc",
        "chromium/sandbox/win/src/filesystem_policy.cc",
        "chromium/sandbox/win/src/handle_closer.cc",
        "chromium/sandbox/win/src/handle_closer_agent.cc",
        "chromium/sandbox/win/src/handle_dispatcher.cc",
        "chromium/sandbox/win/src/handle_interception.cc",
        "chromium/sandbox/win/src/handle_policy.cc",
        "chromium/sandbox/win/src/heap_helper.cc",
        "chromium/sandbox/win/src/interception.cc",
        "chromium/sandbox/win/src/interception_agent.cc",
        "chromium/sandbox/win/src/ipc_args.cc",
        "chromium/sandbox/win/src/job.cc",
        "chromium/sandbox/win/src/named_pipe_dispatcher.cc",
        "chromium/sandbox/win/src/named_pipe_interception.cc",
        "chromium/sandbox/win/src/named_pipe_policy.cc",
        "chromium/sandbox/win/src/policy_broker.cc",
        "chromium/sandbox/win/src/policy_engine_opcodes.cc",
        "chromium/sandbox/win/src/policy_engine_processor.cc",
        "chromium/sandbox/win/src/policy_low_level.cc",
        "chromium/sandbox/win/src/policy_target.cc",
        "chromium/sandbox/win/src/process_mitigations.cc",
        "chromium/sandbox/win/src/process_mitigations_win32k_dispatcher.cc",
        "chromium/sandbox/win/src/process_mitigations_win32k_interception.cc",
        "chromium/sandbox/win/src/process_mitigations_win32k_policy.cc",
        "chromium/sandbox/win/src/process_thread_dispatcher.cc",
        "chromium/sandbox/win/src/process_thread_interception.cc",
        "chromium/sandbox/win/src/process_thread_policy.cc",
        "chromium/sandbox/win/src/registry_dispatcher.cc",
        "chromium/sandbox/win/src/registry_interception.cc",
        "chromium/sandbox/win/src/registry_policy.cc",
        "chromium/sandbox/win/src/resolver.cc",
        "chromium/sandbox/win/src/restricted_token.cc",
        "chromium/sandbox/win/src/restricted_token_utils.cc",
        "chromium/sandbox/win/src/sandbox.cc",
        "chromium/sandbox/win/src/sandbox_globals.cc",
        "chromium/sandbox/win/src/sandbox_nt_util.cc",
        "chromium/sandbox/win/src/sandbox_policy_base.cc",
        "chromium/sandbox/win/src/sandbox_rand.cc",
        "chromium/sandbox/win/src/sandbox_utils.cc",
        "chromium/sandbox/win/src/security_capabilities.cc",
        "chromium/sandbox/win/src/service_resolver.cc",
        "chromium/sandbox/win/src/sharedmem_ipc_client.cc",
        "chromium/sandbox/win/src/sharedmem_ipc_server.cc",
        "chromium/sandbox/win/src/sid.cc",
        "chromium/sandbox/win/src/signed_dispatcher.cc",
        "chromium/sandbox/win/src/signed_interception.cc",
        "chromium/sandbox/win/src/signed_policy.cc",
        "chromium/sandbox/win/src/sync_dispatcher.cc",
        "chromium/sandbox/win/src/sync_interception.cc",
        "chromium/sandbox/win/src/sync_policy.cc",
        "chromium/sandbox/win/src/target_interceptions.cc",
        "chromium/sandbox/win/src/target_process.cc",
        "chromium/sandbox/win/src/target_services.cc",
        "chromium/sandbox/win/src/top_level_dispatcher.cc",
        "chromium/sandbox/win/src/win2k_threadpool.cc",
        "chromium/sandbox/win/src/win_utils.cc",
        "chromium/sandbox/win/src/window.cc",
        "win/SandboxInitialization.cpp",
    ]
    # Sandbox interceptors can be called before the process's import table
    # is populated.  Don't let the compiler insert any instrumentation that
    # might call an import.
    SOURCES["chromium/sandbox/win/src/process_thread_interception.cc"].no_pgo = True

    if CONFIG["CPU_ARCH"] in ("x86_64", "aarch64"):
        SOURCES += [
            "chromium/sandbox/win/src/interceptors_64.cc",
            "chromium/sandbox/win/src/resolver_64.cc",
            "chromium/sandbox/win/src/service_resolver_64.cc",
        ]
    else:
        SOURCES += [
            "chromium/sandbox/win/src/resolver_32.cc",
            "chromium/sandbox/win/src/service_resolver_32.cc",
        ]

    for var in (
        "UNICODE",
        "_UNICODE",
        "NS_NO_XPCOM",
        "_CRT_RAND_S",
        "CHROMIUM_SANDBOX_BUILD",
    ):
        DEFINES[var] = True
    if CONFIG["CC_TYPE"] not in ("gcc", "clang"):
        DEFINES["SANDBOX_EXPORTS"] = True

    LOCAL_INCLUDES += ["/security/sandbox/chromium-shim"]
    LOCAL_INCLUDES += ["/security/sandbox/chromium"]
    LOCAL_INCLUDES += ["/nsprpub"]

    OS_LIBS += ["usp10"]

    DisableStlWrapping()

    # Suppress warnings in third-party code.
    if CONFIG["CC_TYPE"] == "clang-cl":
        CXXFLAGS += [
            "-Wno-deprecated-declarations",  # 'GetVersionExW': was declared deprecated
        ]