moz.build (5363B)
1 # -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- 2 # vim: set filetype=python: 3 # This Source Code Form is subject to the terms of the Mozilla Public 4 # License, v. 2.0. If a copy of the MPL was not distributed with this 5 # file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 7 SharedLibrary("mozsandbox") 8 9 # Depend on mozglue if and only if it's a shared library; 10 # this needs to match mozglue/build/moz.build: 11 if CONFIG["OS_TARGET"] == "Android": 12 USE_LIBS += [ 13 "mozglue", 14 ] 15 16 USE_LIBS += [ 17 # For PR_GetEnv 18 "nspr", 19 ] 20 21 OS_LIBS += CONFIG["DL_LIBS"] 22 23 EXPORTS.mozilla += [ 24 "Sandbox.h", 25 "SandboxInfo.h", 26 "SandboxProfiler.h", 27 "SandboxProfilerObserver.h", 28 ] 29 30 UNIFIED_SOURCES += [ 31 "../chromium-shim/base/debug/stack_trace.cpp", 32 "../chromium-shim/base/logging.cpp", 33 "../chromium-shim/base/threading/platform_thread_linux.cpp", 34 "../chromium/base/at_exit.cc", 35 "../chromium/base/check.cc", 36 "../chromium/base/check_op.cc", 37 "../chromium/base/debug/alias.cc", 38 "../chromium/base/debug/crash_logging.cc", 39 "../chromium/base/functional/callback_internal.cc", 40 "../chromium/base/lazy_instance_helpers.cc", 41 "../chromium/base/location.cc", 42 "../chromium/base/memory/ref_counted.cc", 43 "../chromium/base/posix/can_lower_nice_to.cc", 44 "../chromium/base/posix/safe_strerror.cc", 45 "../chromium/base/strings/string_number_conversions.cc", 46 "../chromium/base/strings/string_util.cc", 47 "../chromium/base/strings/string_util_constants.cc", 48 "../chromium/base/strings/stringprintf.cc", 49 "../chromium/base/strings/utf_ostream_operators.cc", 50 "../chromium/base/strings/utf_string_conversion_utils.cc", 51 "../chromium/base/strings/utf_string_conversions.cc", 52 "../chromium/base/synchronization/condition_variable_posix.cc", 53 "../chromium/base/synchronization/lock.cc", 54 "../chromium/base/synchronization/lock_impl_posix.cc", 55 "../chromium/base/synchronization/waitable_event_posix.cc", 56 "../chromium/base/threading/platform_thread.cc", 57 "../chromium/base/threading/platform_thread_internal_posix.cc", 58 "../chromium/base/threading/platform_thread_posix.cc", 59 "../chromium/base/threading/platform_thread_ref.cc", 60 "../chromium/base/threading/thread_collision_warner.cc", 61 "../chromium/base/threading/thread_id_name_manager.cc", 62 "../chromium/base/threading/thread_local_storage.cc", 63 "../chromium/base/threading/thread_local_storage_posix.cc", 64 "../chromium/base/threading/thread_restrictions.cc", 65 "../chromium/base/time/time.cc", 66 "../chromium/base/time/time_now_posix.cc", 67 "../chromium/base/trace_event/trace_event_stub.cc", 68 "../chromium/sandbox/linux/bpf_dsl/bpf_dsl.cc", 69 "../chromium/sandbox/linux/bpf_dsl/codegen.cc", 70 "../chromium/sandbox/linux/bpf_dsl/dump_bpf.cc", 71 "../chromium/sandbox/linux/bpf_dsl/policy.cc", 72 "../chromium/sandbox/linux/bpf_dsl/policy_compiler.cc", 73 "../chromium/sandbox/linux/bpf_dsl/syscall_set.cc", 74 "../chromium/sandbox/linux/seccomp-bpf/die.cc", 75 "../chromium/sandbox/linux/seccomp-bpf/syscall.cc", 76 "/ipc/glue/UtilityProcessSandboxing.cpp", 77 "broker/SandboxBrokerCommon.cpp", 78 "Sandbox.cpp", 79 "SandboxBrokerClient.cpp", 80 "SandboxFilter.cpp", 81 "SandboxFilterUtil.cpp", 82 "SandboxHooks.cpp", 83 "SandboxInfo.cpp", 84 "SandboxLogging.cpp", 85 "SandboxOpenedFiles.cpp", 86 "SandboxProfiler.cpp", 87 "SandboxReporterClient.cpp", 88 ] 89 90 SOURCES += [ 91 "../chromium/base/strings/safe_sprintf.cc", 92 "../chromium/sandbox/linux/seccomp-bpf/trap.cc", 93 "../chromium/sandbox/linux/services/syscall_wrappers.cc", 94 ] 95 96 # This copy of SafeSPrintf doesn't need to avoid the Chromium logging 97 # dependency like the one in libxul does, but this way the behavior is 98 # consistent. See also the comment in SandboxLogging.h. 99 SOURCES["../chromium/base/strings/safe_sprintf.cc"].flags += ["-DNDEBUG"] 100 101 if CONFIG["CC_TYPE"] in ("clang", "gcc"): 102 SOURCES["../chromium/sandbox/linux/seccomp-bpf/trap.cc"].flags += [ 103 "-Wno-unreachable-code-return" 104 ] 105 106 if CONFIG["CC_TYPE"] in ("clang", "gcc"): 107 CXXFLAGS += ["-Wno-error=stack-protector"] 108 SOURCES["../chromium/sandbox/linux/services/syscall_wrappers.cc"].flags += [ 109 "-Wno-empty-body", 110 ] 111 112 # gcc lto likes to put the top level asm in syscall.cc in a different partition 113 # from the function using it which breaks the build. Work around that by 114 # forcing there to be only one partition. 115 for f in CONFIG["OS_CXXFLAGS"]: 116 if f.startswith("-flto") and CONFIG["CC_TYPE"] != "clang": 117 LDFLAGS += ["--param lto-partitions=1"] 118 119 DEFINES["NS_NO_XPCOM"] = True 120 DisableStlWrapping() 121 122 LOCAL_INCLUDES += ["/security/sandbox/linux"] 123 LOCAL_INCLUDES += ["/security/sandbox/chromium-shim"] 124 LOCAL_INCLUDES += ["/security/sandbox/chromium"] 125 LOCAL_INCLUDES += [ 126 "/security/sandbox/chromium-shim/base/allocator/partition_allocator/src" 127 ] 128 LOCAL_INCLUDES += ["/security/sandbox/chromium/base/allocator/partition_allocator/src"] 129 LOCAL_INCLUDES += ["/third_party/abseil-cpp"] 130 LOCAL_INCLUDES += ["/nsprpub"] 131 LOCAL_INCLUDES += ["/mozglue/baseprofiler/core/"] 132 133 if CONFIG["OS_TARGET"] != "Android": 134 # Needed for clock_gettime with glibc < 2.17: 135 OS_LIBS += [ 136 "rt", 137 ] 138 139 DIRS += [ 140 "broker", 141 "glue", 142 "interfaces", 143 "launch", 144 "reporter", 145 ] 146 147 TEST_DIRS += [ 148 "gtest", 149 ]