diff options
Diffstat (limited to '')
-rw-r--r-- | security/sandbox/moz.build | 215 |
1 files changed, 215 insertions, 0 deletions
diff --git a/security/sandbox/moz.build b/security/sandbox/moz.build new file mode 100644 index 0000000000..902c73a783 --- /dev/null +++ b/security/sandbox/moz.build @@ -0,0 +1,215 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +BROWSER_CHROME_MANIFESTS += [ + "test/browser.ini", + "test/browser_bug1717599_XDG-CONFIG-DIRS.ini", + "test/browser_bug1717599_XDG-CONFIG-HOME.ini", + "test/browser_snap.ini", + "test/browser_xdg.ini", +] + +with Files("**"): + BUG_COMPONENT = ("Core", "Security: Process Sandboxing") + +DIRS += ["common"] + +if CONFIG["OS_ARCH"] == "Linux": + DIRS += ["linux"] +elif CONFIG["OS_ARCH"] == "Darwin": + DIRS += ["mac"] +elif CONFIG["OS_ARCH"] == "WINNT": + Library("sandbox_s") + FORCE_STATIC_LIB = True + + DIRS += [ + "win/src/remotesandboxbroker", + "win/src/sandboxbroker", + "win/src/sandboxtarget", + ] + + EXPORTS.mozilla.sandboxing += [ + "chromium-shim/sandbox/win/loggingCallbacks.h", + "chromium-shim/sandbox/win/loggingTypes.h", + "chromium-shim/sandbox/win/sandboxLogging.h", + "win/SandboxInitialization.h", + ] + + SOURCES += [ + "chromium-shim/base/debug/crash_logging.cpp", + "chromium-shim/base/file_version_info_win.cpp", + "chromium-shim/base/files/file_path.cpp", + "chromium-shim/base/logging.cpp", + "chromium-shim/base/process/memory_win.cpp", + "chromium-shim/base/win/win_util.cpp", + "chromium-shim/sandbox/win/sandboxLogging.cpp", + "chromium-shim/sandbox/win/src/line_break_dispatcher.cc", + "chromium-shim/sandbox/win/src/line_break_interception.cc", + "chromium-shim/sandbox/win/src/line_break_policy.cc", + "chromium/base/at_exit.cc", + "chromium/base/base_switches.cc", + "chromium/base/callback_internal.cc", + "chromium/base/cpu.cc", + "chromium/base/debug/alias.cc", + "chromium/base/debug/profiler.cc", + "chromium/base/environment.cc", + "chromium/base/files/file_path_constants.cc", + "chromium/base/hash/hash.cc", + "chromium/base/lazy_instance_helpers.cc", + "chromium/base/location.cc", + "chromium/base/memory/platform_shared_memory_region.cc", + "chromium/base/memory/platform_shared_memory_region_win.cc", + "chromium/base/memory/ref_counted.cc", + "chromium/base/memory/shared_memory_mapping.cc", + "chromium/base/memory/unsafe_shared_memory_region.cc", + "chromium/base/process/environment_internal.cc", + "chromium/base/process/process_handle_win.cc", + "chromium/base/rand_util_win.cc", + "chromium/base/scoped_clear_last_error_win.cc", + "chromium/base/strings/nullable_string16.cc", + "chromium/base/strings/string_number_conversions.cc", + "chromium/base/strings/string_piece.cc", + "chromium/base/strings/string_split.cc", + "chromium/base/strings/string_util.cc", + "chromium/base/strings/string_util_constants.cc", + "chromium/base/strings/stringprintf.cc", + "chromium/base/strings/utf_string_conversion_utils.cc", + "chromium/base/strings/utf_string_conversions.cc", + "chromium/base/synchronization/lock.cc", + "chromium/base/synchronization/lock_impl_win.cc", + "chromium/base/third_party/cityhash/city.cc", + "chromium/base/third_party/double_conversion/double-conversion/bignum.cc", + "chromium/base/third_party/double_conversion/double-conversion/cached-powers.cc", + "chromium/base/third_party/double_conversion/double-conversion/string-to-double.cc", + "chromium/base/third_party/double_conversion/double-conversion/strtod.cc", + "chromium/base/third_party/icu/icu_utf.cc", + "chromium/base/third_party/superfasthash/superfasthash.c", + "chromium/base/threading/platform_thread.cc", + "chromium/base/threading/platform_thread_win.cc", + "chromium/base/threading/thread_collision_warner.cc", + "chromium/base/threading/thread_id_name_manager.cc", + "chromium/base/threading/thread_local_storage.cc", + "chromium/base/threading/thread_local_storage_win.cc", + "chromium/base/threading/thread_restrictions.cc", + "chromium/base/time/time.cc", + "chromium/base/time/time_win.cc", + "chromium/base/time/time_win_features.cc", + "chromium/base/token.cc", + "chromium/base/unguessable_token.cc", + "chromium/base/version.cc", + "chromium/base/win/pe_image.cc", + "chromium/base/win/scoped_handle.cc", + "chromium/base/win/scoped_handle_verifier.cc", + "chromium/base/win/scoped_process_information.cc", + "chromium/base/win/startup_information.cc", + "chromium/base/win/static_constants.cc", + "chromium/base/win/windows_version.cc", + "chromium/sandbox/win/src/acl.cc", + "chromium/sandbox/win/src/app_container_profile_base.cc", + "chromium/sandbox/win/src/broker_services.cc", + "chromium/sandbox/win/src/crosscall_server.cc", + "chromium/sandbox/win/src/eat_resolver.cc", + "chromium/sandbox/win/src/filesystem_dispatcher.cc", + "chromium/sandbox/win/src/filesystem_interception.cc", + "chromium/sandbox/win/src/filesystem_policy.cc", + "chromium/sandbox/win/src/handle_closer.cc", + "chromium/sandbox/win/src/handle_closer_agent.cc", + "chromium/sandbox/win/src/handle_dispatcher.cc", + "chromium/sandbox/win/src/handle_interception.cc", + "chromium/sandbox/win/src/handle_policy.cc", + "chromium/sandbox/win/src/heap_helper.cc", + "chromium/sandbox/win/src/interception.cc", + "chromium/sandbox/win/src/interception_agent.cc", + "chromium/sandbox/win/src/ipc_args.cc", + "chromium/sandbox/win/src/job.cc", + "chromium/sandbox/win/src/named_pipe_dispatcher.cc", + "chromium/sandbox/win/src/named_pipe_interception.cc", + "chromium/sandbox/win/src/named_pipe_policy.cc", + "chromium/sandbox/win/src/policy_broker.cc", + "chromium/sandbox/win/src/policy_engine_opcodes.cc", + "chromium/sandbox/win/src/policy_engine_processor.cc", + "chromium/sandbox/win/src/policy_low_level.cc", + "chromium/sandbox/win/src/policy_target.cc", + "chromium/sandbox/win/src/process_mitigations.cc", + "chromium/sandbox/win/src/process_mitigations_win32k_dispatcher.cc", + "chromium/sandbox/win/src/process_mitigations_win32k_interception.cc", + "chromium/sandbox/win/src/process_mitigations_win32k_policy.cc", + "chromium/sandbox/win/src/process_thread_dispatcher.cc", + "chromium/sandbox/win/src/process_thread_interception.cc", + "chromium/sandbox/win/src/process_thread_policy.cc", + "chromium/sandbox/win/src/registry_dispatcher.cc", + "chromium/sandbox/win/src/registry_interception.cc", + "chromium/sandbox/win/src/registry_policy.cc", + "chromium/sandbox/win/src/resolver.cc", + "chromium/sandbox/win/src/restricted_token.cc", + "chromium/sandbox/win/src/restricted_token_utils.cc", + "chromium/sandbox/win/src/sandbox.cc", + "chromium/sandbox/win/src/sandbox_globals.cc", + "chromium/sandbox/win/src/sandbox_nt_util.cc", + "chromium/sandbox/win/src/sandbox_policy_base.cc", + "chromium/sandbox/win/src/sandbox_rand.cc", + "chromium/sandbox/win/src/sandbox_utils.cc", + "chromium/sandbox/win/src/security_capabilities.cc", + "chromium/sandbox/win/src/service_resolver.cc", + "chromium/sandbox/win/src/sharedmem_ipc_client.cc", + "chromium/sandbox/win/src/sharedmem_ipc_server.cc", + "chromium/sandbox/win/src/sid.cc", + "chromium/sandbox/win/src/signed_dispatcher.cc", + "chromium/sandbox/win/src/signed_interception.cc", + "chromium/sandbox/win/src/signed_policy.cc", + "chromium/sandbox/win/src/sync_dispatcher.cc", + "chromium/sandbox/win/src/sync_interception.cc", + "chromium/sandbox/win/src/sync_policy.cc", + "chromium/sandbox/win/src/target_interceptions.cc", + "chromium/sandbox/win/src/target_process.cc", + "chromium/sandbox/win/src/target_services.cc", + "chromium/sandbox/win/src/top_level_dispatcher.cc", + "chromium/sandbox/win/src/win2k_threadpool.cc", + "chromium/sandbox/win/src/win_utils.cc", + "chromium/sandbox/win/src/window.cc", + "win/SandboxInitialization.cpp", + ] + # Sandbox interceptors can be called before the process's import table + # is populated. Don't let the compiler insert any instrumentation that + # might call an import. + SOURCES["chromium/sandbox/win/src/process_thread_interception.cc"].no_pgo = True + + if CONFIG["CPU_ARCH"] in ("x86_64", "aarch64"): + SOURCES += [ + "chromium/sandbox/win/src/interceptors_64.cc", + "chromium/sandbox/win/src/resolver_64.cc", + "chromium/sandbox/win/src/service_resolver_64.cc", + ] + else: + SOURCES += [ + "chromium/sandbox/win/src/resolver_32.cc", + "chromium/sandbox/win/src/service_resolver_32.cc", + ] + + for var in ( + "UNICODE", + "_UNICODE", + "NS_NO_XPCOM", + "_CRT_RAND_S", + "CHROMIUM_SANDBOX_BUILD", + ): + DEFINES[var] = True + if CONFIG["CC_TYPE"] not in ("gcc", "clang"): + DEFINES["SANDBOX_EXPORTS"] = True + + LOCAL_INCLUDES += ["/security/sandbox/chromium-shim"] + LOCAL_INCLUDES += ["/security/sandbox/chromium"] + LOCAL_INCLUDES += ["/nsprpub"] + + OS_LIBS += ["usp10"] + + DisableStlWrapping() + + # Suppress warnings in third-party code. + if CONFIG["CC_TYPE"] == "clang-cl": + CXXFLAGS += [ + "-Wno-deprecated-declarations", # 'GetVersionExW': was declared deprecated + ] |