summaryrefslogtreecommitdiffstats
path: root/security/sandbox/linux/moz.build
blob: 573f667812113b6a62e8c0c0bc04982c28c0e92d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

SharedLibrary("mozsandbox")

# Depend on mozglue if and only if it's a shared library;
# this needs to match mozglue/build/moz.build:
if CONFIG["OS_TARGET"] == "Android":
    USE_LIBS += [
        "mozglue",
    ]

USE_LIBS += [
    # For PR_GetEnv
    "nspr",
]

EXPORTS.mozilla += [
    "Sandbox.h",
    "SandboxInfo.h",
]

UNIFIED_SOURCES += [
    "../chromium-shim/base/logging.cpp",
    "../chromium-shim/base/threading/platform_thread_linux.cpp",
    "../chromium/base/at_exit.cc",
    "../chromium/base/callback_internal.cc",
    "../chromium/base/lazy_instance_helpers.cc",
    "../chromium/base/location.cc",
    "../chromium/base/memory/ref_counted.cc",
    "../chromium/base/posix/can_lower_nice_to.cc",
    "../chromium/base/posix/safe_strerror.cc",
    "../chromium/base/strings/string16.cc",
    "../chromium/base/strings/string_number_conversions.cc",
    "../chromium/base/strings/string_piece.cc",
    "../chromium/base/strings/string_util.cc",
    "../chromium/base/strings/string_util_constants.cc",
    "../chromium/base/strings/stringprintf.cc",
    "../chromium/base/strings/utf_string_conversion_utils.cc",
    "../chromium/base/strings/utf_string_conversions.cc",
    "../chromium/base/synchronization/condition_variable_posix.cc",
    "../chromium/base/synchronization/lock.cc",
    "../chromium/base/synchronization/lock_impl_posix.cc",
    "../chromium/base/synchronization/waitable_event_posix.cc",
    "../chromium/base/third_party/double_conversion/double-conversion/bignum-dtoa.cc",
    "../chromium/base/third_party/double_conversion/double-conversion/bignum.cc",
    "../chromium/base/third_party/double_conversion/double-conversion/cached-powers.cc",
    "../chromium/base/third_party/double_conversion/double-conversion/double-to-string.cc",
    "../chromium/base/third_party/double_conversion/double-conversion/fast-dtoa.cc",
    "../chromium/base/third_party/double_conversion/double-conversion/fixed-dtoa.cc",
    "../chromium/base/third_party/double_conversion/double-conversion/string-to-double.cc",
    "../chromium/base/third_party/double_conversion/double-conversion/strtod.cc",
    "../chromium/base/threading/platform_thread.cc",
    "../chromium/base/threading/platform_thread_internal_posix.cc",
    "../chromium/base/threading/platform_thread_posix.cc",
    "../chromium/base/threading/thread_collision_warner.cc",
    "../chromium/base/threading/thread_id_name_manager.cc",
    "../chromium/base/threading/thread_local_storage.cc",
    "../chromium/base/threading/thread_local_storage_posix.cc",
    "../chromium/base/threading/thread_restrictions.cc",
    "../chromium/base/time/time.cc",
    "../chromium/base/time/time_exploded_posix.cc",
    "../chromium/base/time/time_now_posix.cc",
    "../chromium/sandbox/linux/bpf_dsl/bpf_dsl.cc",
    "../chromium/sandbox/linux/bpf_dsl/codegen.cc",
    "../chromium/sandbox/linux/bpf_dsl/dump_bpf.cc",
    "../chromium/sandbox/linux/bpf_dsl/policy.cc",
    "../chromium/sandbox/linux/bpf_dsl/policy_compiler.cc",
    "../chromium/sandbox/linux/bpf_dsl/syscall_set.cc",
    "../chromium/sandbox/linux/seccomp-bpf/die.cc",
    "../chromium/sandbox/linux/seccomp-bpf/syscall.cc",
    "broker/SandboxBrokerCommon.cpp",
    "Sandbox.cpp",
    "SandboxBrokerClient.cpp",
    "SandboxFilter.cpp",
    "SandboxFilterUtil.cpp",
    "SandboxHooks.cpp",
    "SandboxInfo.cpp",
    "SandboxLogging.cpp",
    "SandboxOpenedFiles.cpp",
    "SandboxReporterClient.cpp",
]

SOURCES += [
    "../chromium/base/strings/safe_sprintf.cc",
    "../chromium/base/third_party/icu/icu_utf.cc",
    "../chromium/sandbox/linux/seccomp-bpf/trap.cc",
    "../chromium/sandbox/linux/services/syscall_wrappers.cc",
]

# This copy of SafeSPrintf doesn't need to avoid the Chromium logging
# dependency like the one in libxul does, but this way the behavior is
# consistent.  See also the comment in SandboxLogging.h.
SOURCES["../chromium/base/strings/safe_sprintf.cc"].flags += ["-DNDEBUG"]

if CONFIG["CC_TYPE"] in ("clang", "gcc"):
    # Keep clang from warning about intentional 'switch' fallthrough in icu_utf.cc:
    SOURCES["../chromium/base/third_party/icu/icu_utf.cc"].flags += [
        "-Wno-implicit-fallthrough"
    ]
    SOURCES["../chromium/sandbox/linux/seccomp-bpf/trap.cc"].flags += [
        "-Wno-unreachable-code-return"
    ]

if CONFIG["CC_TYPE"] in ("clang", "gcc"):
    CXXFLAGS += ["-Wno-error=stack-protector"]
    SOURCES["../chromium/sandbox/linux/services/syscall_wrappers.cc"].flags += [
        "-Wno-empty-body",
    ]

# gcc lto likes to put the top level asm in syscall.cc in a different partition
# from the function using it which breaks the build.  Work around that by
# forcing there to be only one partition.
for f in CONFIG["OS_CXXFLAGS"]:
    if f.startswith("-flto") and CONFIG["CC_TYPE"] != "clang":
        LDFLAGS += ["--param lto-partitions=1"]

DEFINES["NS_NO_XPCOM"] = True
DisableStlWrapping()

LOCAL_INCLUDES += ["/security/sandbox/linux"]
LOCAL_INCLUDES += ["/security/sandbox/chromium-shim"]
LOCAL_INCLUDES += ["/security/sandbox/chromium"]
LOCAL_INCLUDES += ["/nsprpub"]


if CONFIG["OS_TARGET"] != "Android":
    # Needed for clock_gettime with glibc < 2.17:
    OS_LIBS += [
        "rt",
    ]

DIRS += [
    "broker",
    "glue",
    "interfaces",
    "launch",
    "reporter",
]

TEST_DIRS += [
    "gtest",
]

REQUIRES_UNIFIED_BUILD = True