blob: fa0edf457b612c3f0ef89fc994d0ba67eeeb6252 [file] [log] [blame]
# Copyright 2017 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import("//build/buildflag_header.gni")
import("//build/config/cast.gni")
import("//build/config/chromeos/ui_mode.gni")
import("//build/config/sanitizers/sanitizers.gni")
import("//chromeos/ash/components/assistant/assistant.gni")
import("//components/services/screen_ai/buildflags/features.gni")
import("//printing/buildflags/buildflags.gni")
import("//testing/test.gni")
# Most consumers of sandbox::policy should depend on this target.
component("policy") {
sources = [
"export.h",
"features.cc",
"features.h",
"sandbox.cc",
"sandbox.h",
"sandbox_delegate.h",
"sandbox_type.cc",
"sandbox_type.h",
"switches.cc",
"switches.h",
]
defines = [ "SANDBOX_POLICY_IMPL" ]
deps = [
"//base",
"//build:chromeos_buildflags",
"//components/services/screen_ai/buildflags",
"//ppapi/buildflags",
"//printing/buildflags",
"//sandbox/policy/mojom",
]
public_deps = [ "//sandbox:common" ]
if (is_android) {
sources += [
"linux/bpf_base_policy_linux.cc",
"linux/bpf_base_policy_linux.h",
"linux/bpf_renderer_policy_linux.cc",
"linux/bpf_renderer_policy_linux.h",
]
deps += [
"//sandbox:sandbox_buildflags",
"//sandbox/linux:sandbox_services",
"//sandbox/linux:seccomp_bpf",
"//third_party/jni_zero",
]
}
if (is_linux || is_chromeos) {
sources += [
"linux/bpf_audio_policy_linux.cc",
"linux/bpf_audio_policy_linux.h",
"linux/bpf_base_policy_linux.cc",
"linux/bpf_base_policy_linux.h",
"linux/bpf_broker_policy_linux.cc",
"linux/bpf_broker_policy_linux.h",
"linux/bpf_cdm_policy_linux.cc",
"linux/bpf_cdm_policy_linux.h",
"linux/bpf_cros_amd_gpu_policy_linux.cc",
"linux/bpf_cros_amd_gpu_policy_linux.h",
"linux/bpf_cros_arm_gpu_policy_linux.cc",
"linux/bpf_cros_arm_gpu_policy_linux.h",
"linux/bpf_cros_intel_gpu_policy_linux.cc",
"linux/bpf_cros_intel_gpu_policy_linux.h",
"linux/bpf_gpu_policy_linux.cc",
"linux/bpf_gpu_policy_linux.h",
"linux/bpf_network_policy_linux.cc",
"linux/bpf_network_policy_linux.h",
"linux/bpf_ppapi_policy_linux.cc",
"linux/bpf_ppapi_policy_linux.h",
"linux/bpf_print_compositor_policy_linux.cc",
"linux/bpf_print_compositor_policy_linux.h",
"linux/bpf_renderer_policy_linux.cc",
"linux/bpf_renderer_policy_linux.h",
"linux/bpf_service_policy_linux.cc",
"linux/bpf_service_policy_linux.h",
"linux/bpf_speech_recognition_policy_linux.cc",
"linux/bpf_speech_recognition_policy_linux.h",
"linux/bpf_utility_policy_linux.cc",
"linux/bpf_utility_policy_linux.h",
"linux/sandbox_debug_handling_linux.cc",
"linux/sandbox_debug_handling_linux.h",
"linux/sandbox_linux.cc",
"linux/sandbox_linux.h",
"linux/sandbox_seccomp_bpf_linux.cc",
"linux/sandbox_seccomp_bpf_linux.h",
]
if (is_linux || is_chromeos_ash) {
sources += [
"linux/bpf_hardware_video_decoding_policy_linux.cc",
"linux/bpf_hardware_video_decoding_policy_linux.h",
]
deps += [ "//media/gpu:buildflags" ]
}
if (is_linux) {
deps += [ "//net" ] # TODO(crbug.com/1312226): remove this.
}
if (enable_oop_printing) {
sources += [
"linux/bpf_print_backend_policy_linux.cc",
"linux/bpf_print_backend_policy_linux.h",
]
}
if (enable_screen_ai_service) {
sources += [
"linux/bpf_screen_ai_policy_linux.cc",
"linux/bpf_screen_ai_policy_linux.h",
]
}
configs += [
"//media:media_config",
"//media/audio:platform_config",
]
deps += [
":chromecast_sandbox_allowlist_buildflags",
"//sandbox:sandbox_buildflags",
"//sandbox/linux:sandbox_services",
"//sandbox/linux:seccomp_bpf",
"//sandbox/linux:suid_sandbox_client",
]
}
if (is_chromeos_ash) {
sources += [
"linux/bpf_ime_policy_linux.cc",
"linux/bpf_ime_policy_linux.h",
"linux/bpf_tts_policy_linux.cc",
"linux/bpf_tts_policy_linux.h",
]
deps += [ "//chromeos/ash/components/assistant:buildflags" ]
if (enable_cros_libassistant) {
sources += [
"linux/bpf_libassistant_policy_linux.cc",
"linux/bpf_libassistant_policy_linux.h",
]
}
}
if (is_mac) {
sources += [
"mac/sandbox_mac.h",
"mac/sandbox_mac.mm",
]
deps += [ "//sandbox/mac:seatbelt" ]
public_deps += [ "mac:packaged_sb_files" ]
frameworks = [
"AppKit.framework",
"CoreFoundation.framework",
"CoreGraphics.framework",
"Foundation.framework",
"IOSurface.framework",
]
}
if (is_win) {
sources += [
"win/lpac_capability.h",
"win/sandbox_diagnostics.cc",
"win/sandbox_diagnostics.h",
"win/sandbox_warmup.cc",
"win/sandbox_warmup.h",
"win/sandbox_win.cc",
"win/sandbox_win.h",
]
deps += [ "//sandbox/win:sandbox" ]
}
if (is_fuchsia) {
sources += [
"fuchsia/sandbox_policy_fuchsia.cc",
"fuchsia/sandbox_policy_fuchsia.h",
]
public_deps += [
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.io:fuchsia.io_hlcpp",
"//third_party/fuchsia-sdk/sdk/pkg/fidl",
"//third_party/fuchsia-sdk/sdk/pkg/zx",
]
deps += [
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.buildinfo:fuchsia.buildinfo_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.camera3:fuchsia.camera3_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.fonts:fuchsia.fonts_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.hwinfo:fuchsia.hwinfo_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.intl:fuchsia.intl_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.kernel:fuchsia.kernel_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.logger:fuchsia.logger_hlcpp",
# TODO(crbug.com/1224707): Remove after switching to fuchsia.scheduler API.
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.media:fuchsia.media_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.mediacodec:fuchsia.mediacodec_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.memorypressure:fuchsia.memorypressure_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.net.interfaces:fuchsia.net.interfaces_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.sysmem:fuchsia.sysmem_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.tracing.perfetto:fuchsia.tracing.perfetto_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.tracing.provider:fuchsia.tracing.provider_hlcpp",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.ui.composition:fuchsia.ui.composition_hlcpp",
]
}
}
buildflag_header("chromecast_sandbox_allowlist_buildflags") {
header = "chromecast_sandbox_allowlist_buildflags.h"
flags = [ "ENABLE_CHROMECAST_GPU_SANDBOX_ALLOWLIST=$is_castos" ]
}
# TODO(crbug.com/1097376): Figure out a better organization for //sandbox
# tests.
source_set("tests") {
testonly = true
sources = [ "sandbox_type_unittest.cc" ]
deps = [
":policy",
"//base",
"//base/test:test_support",
"//ppapi/buildflags:buildflags",
"//printing/buildflags",
"//sandbox/policy/mojom",
"//testing/gtest",
]
if (is_win) {
sources += [
"win/mf_cdm_sandbox_type_unittest.cc",
"win/sandbox_win_unittest.cc",
]
deps += [
":sandbox_test_utils",
"//sandbox/win:sandbox",
]
data = [
"//base/test/data/pe_image/pe_image_test_32.dll",
"//base/test/data/pe_image/pe_image_test_64.dll",
"//base/test/data/pe_image/pe_image_test_arm64.dll",
]
}
}
source_set("sandbox_test_utils") {
testonly = true
if (is_win) {
sources = [
"win/sandbox_policy_feature_test.cc",
"win/sandbox_policy_feature_test.h",
]
deps = [
":policy",
"//base/test:test_support",
"//sandbox/win:sandbox",
"//testing/gtest",
]
}
}