summaryrefslogtreecommitdiff
path: root/security/sandbox/linux/moz.build
blob: 4273da9558ef3b775ac608591ae7728668f5e6f7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

SharedLibrary('mozsandbox')

# Depend on mozglue if and only if it's a shared library;
# this needs to match mozglue/build/moz.build:
if CONFIG['OS_TARGET'] == 'Android':
    USE_LIBS += [
        'mozglue',
    ]

EXPORTS.mozilla += [
    'Sandbox.h',
    'SandboxInfo.h',
]

SOURCES += [
    '../chromium-shim/base/logging.cpp',
    '../chromium/base/at_exit.cc',
    '../chromium/base/callback_internal.cc',
    '../chromium/base/lazy_instance.cc',
    '../chromium/base/memory/ref_counted.cc',
    '../chromium/base/memory/singleton.cc',
    '../chromium/base/strings/safe_sprintf.cc',
    '../chromium/base/strings/string16.cc',
    '../chromium/base/strings/string_piece.cc',
    '../chromium/base/strings/string_util.cc',
    '../chromium/base/strings/string_util_constants.cc',
    '../chromium/base/strings/stringprintf.cc',
    '../chromium/base/strings/utf_string_conversion_utils.cc',
    '../chromium/base/strings/utf_string_conversions.cc',
    '../chromium/base/synchronization/condition_variable_posix.cc',
    '../chromium/base/synchronization/lock.cc',
    '../chromium/base/synchronization/lock_impl_posix.cc',
    '../chromium/base/synchronization/waitable_event_posix.cc',
    '../chromium/base/third_party/icu/icu_utf.cc',
    '../chromium/base/threading/platform_thread_internal_posix.cc',
    '../chromium/base/threading/platform_thread_linux.cc',
    '../chromium/base/threading/platform_thread_posix.cc',
    '../chromium/base/threading/thread_collision_warner.cc',
    '../chromium/base/threading/thread_id_name_manager.cc',
    '../chromium/base/threading/thread_local_posix.cc',
    '../chromium/base/threading/thread_restrictions.cc',
    '../chromium/base/time/time.cc',
    '../chromium/base/time/time_posix.cc',
    '../chromium/sandbox/linux/bpf_dsl/bpf_dsl.cc',
    '../chromium/sandbox/linux/bpf_dsl/codegen.cc',
    '../chromium/sandbox/linux/bpf_dsl/dump_bpf.cc',
    '../chromium/sandbox/linux/bpf_dsl/policy.cc',
    '../chromium/sandbox/linux/bpf_dsl/policy_compiler.cc',
    '../chromium/sandbox/linux/bpf_dsl/syscall_set.cc',
    '../chromium/sandbox/linux/seccomp-bpf/die.cc',
    '../chromium/sandbox/linux/seccomp-bpf/syscall.cc',
    '../chromium/sandbox/linux/seccomp-bpf/trap.cc',
    '../chromium/sandbox/linux/services/syscall_wrappers.cc',
    'broker/SandboxBrokerCommon.cpp',
    'LinuxCapabilities.cpp',
    'Sandbox.cpp',
    'SandboxBrokerClient.cpp',
    'SandboxChroot.cpp',
    'SandboxFilter.cpp',
    'SandboxFilterUtil.cpp',
    'SandboxHooks.cpp',
    'SandboxInfo.cpp',
    'SandboxLogging.cpp',
    'SandboxUtil.cpp',
]

# This copy of SafeSPrintf doesn't need to avoid the Chromium logging
# dependency like the one in libxul does, but this way the behavior is
# consistent.  See also the comment in SandboxLogging.h.
SOURCES['../chromium/base/strings/safe_sprintf.cc'].flags += ['-DNDEBUG']

# Keep clang and GCC from warning about intentional 'switch' fallthrough in icu_utf.cc:
if CONFIG['CLANG_CXX'] or CONFIG['GNU_CXX']:
    SOURCES['../chromium/base/third_party/icu/icu_utf.cc'].flags += ['-Wno-implicit-fallthrough']

if CONFIG['GNU_CXX']:
    CXXFLAGS += ['-Wno-shadow']
    SOURCES['../chromium/sandbox/linux/services/syscall_wrappers.cc'].flags += [
        '-Wno-empty-body',
    ]

# gcc lto likes to put the top level asm in syscall.cc in a different partition
# from the function using it which breaks the build.  Work around that by
# forcing there to be only one partition.
if '-flto' in CONFIG['OS_CXXFLAGS'] and not CONFIG['CLANG_CXX']:
    LDFLAGS += ['--param lto-partitions=1']

DEFINES['NS_NO_XPCOM'] = True
DISABLE_STL_WRAPPING = True

LOCAL_INCLUDES += ['/security/sandbox/linux']
LOCAL_INCLUDES += ['/security/sandbox/chromium-shim']
LOCAL_INCLUDES += ['/security/sandbox/chromium']
LOCAL_INCLUDES += ['/nsprpub']


if CONFIG['OS_TARGET'] != 'Android':
    # Needed for clock_gettime with glibc < 2.17:
    OS_LIBS += [
        'rt',
    ]

DIRS += [
    'broker',
    'glue',
]

TEST_DIRS += [
    'gtest',
]