diff options
author | hidehiko <hidehiko@chromium.org> | 2015-03-10 00:00:14 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-03-10 07:00:41 +0000 |
commit | 7d7dcec900cc0c148237307a79b9471a6459f2e5 (patch) | |
tree | fcb996d45a5078628551e8c49d7b05c376173626 /sandbox | |
parent | 69cfa7bbd88391cef0ad02f4e95697c674404e77 (diff) | |
download | chromium_src-7d7dcec900cc0c148237307a79b9471a6459f2e5.zip chromium_src-7d7dcec900cc0c148237307a79b9471a6459f2e5.tar.gz chromium_src-7d7dcec900cc0c148237307a79b9471a6459f2e5.tar.bz2 |
Non-SFI mode: Suid sandbox.
This CL enables suid sandbox on nacl_helper_nonsfi.
BUG=358465
TEST=Ran trybots. Ran Non-SFI NaCl app with nacl_helper_nonsfi.
Review URL: https://codereview.chromium.org/888903004
Cr-Commit-Position: refs/heads/master@{#319845}
Diffstat (limited to 'sandbox')
-rw-r--r-- | sandbox/sandbox_nacl_nonsfi.gyp | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/sandbox/sandbox_nacl_nonsfi.gyp b/sandbox/sandbox_nacl_nonsfi.gyp new file mode 100644 index 0000000..c55b124 --- /dev/null +++ b/sandbox/sandbox_nacl_nonsfi.gyp @@ -0,0 +1,45 @@ +# Copyright 2015 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +{ + 'variables': { + 'chromium_code': 1, + }, + 'includes': [ + '../build/common_untrusted.gypi', + ], + 'conditions': [ + ['disable_nacl==0 and disable_nacl_untrusted==0', { + 'targets': [ + { + 'target_name': 'sandbox_nacl_nonsfi', + 'type': 'none', + 'variables': { + 'nacl_untrusted_build': 1, + 'nlib_target': 'libsandbox_nacl_nonsfi.a', + 'build_glibc': 0, + 'build_newlib': 0, + 'build_irt': 0, + 'build_pnacl_newlib': 0, + 'build_nonsfi_helper': 1, + + 'sources': [ + # This is the subset of linux build target, needed for + # nacl_helper_nonsfi's sandbox implementation. + 'linux/services/proc_util.cc', + 'linux/services/thread_helpers.cc', + 'linux/suid/client/setuid_sandbox_client.cc', + # TODO(hidehiko): Support namespace sandbox and seccomp-bpf + # sandbox. + ], + }, + 'dependencies': [ + '../base/base_nacl.gyp:base_nacl_nonsfi', + '../native_client/tools.gyp:prep_toolchain', + ], + }, + ], + }], + ], +} |