summaryrefslogtreecommitdiffstats
path: root/sandbox/sandbox.gyp
Commit message (Collapse)AuthorAgeFilesLines
* Create a dummy sandbox_mac_unittests target.rsesek@chromium.org2014-04-291-0/+5
| | | | | | | | | | | This will allow the test suite to be added to buildbot before any real code lands, so it can be properly tested. BUG=367863 Review URL: https://codereview.chromium.org/252073002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@266740 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: compile partially under Android.jln@chromium.org2012-12-191-4/+3
| | | | | | | | | | | Get a subset of sandbox/linux to compile under Android. BUG=166704 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/11612014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@173954 0039d316-1c4b-4281-b951-d872f2087c98
* Move sandbox/sandbox_linux.gypi to sandbox/linuxjln@chromium.org2012-07-181-1/+1
| | | | | | | | | | | | Make it symmetrical with the Windows version. BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10808003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147291 0039d316-1c4b-4281-b951-d872f2087c98
* Move the Windows sandbox to sandbox/winjln@chromium.org2012-07-181-1/+1
| | | | | | | | | | | | | This is a rather large refactor to move the Windows sandbox to the right place. BUG= TEST= NOTRY=true TBR=sky@chromium.org Review URL: https://chromiumcodereview.appspot.com/10689170 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147151 0039d316-1c4b-4281-b951-d872f2087c98
* Emergency revert; rietveld broke; tree brokeerg@google.com2012-07-131-1/+1
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146646 0039d316-1c4b-4281-b951-d872f2087c98
* Move Windows sandboxjln@chromium.org2012-07-131-1/+1
| | | | | | | - Move Windows sandbox to sandbox/win - Update sandbox_win.gypi git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146625 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox Gyp: split Windows into its own .gypi filejln@chromium.org2012-06-231-338/+5
| | | | | | | | | | BUG=None TEST=None Review URL: https://chromiumcodereview.appspot.com/10649004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143786 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox Gyp: move Linux to its own .gypi filejln@chromium.org2012-06-211-53/+10
| | | | | | | | | | | BUG=None TEST=None NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10628012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143484 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 143426 - Sandbox GYP: separate Windows and Linuxsky@chromium.org2012-06-211-12/+386
| | | | | | | | | | | | | | | | | | - Have Windows and Linux sandbox GYP in their own .gypi files - Cleanup things: * Get rid of the sandbox_windows_target variable * Merge all Linux targets into one Linux section BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10536228 TBR=jln@chromium.org Review URL: https://chromiumcodereview.appspot.com/10633012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143433 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox GYP: separate Windows and Linuxjln@chromium.org2012-06-211-386/+12
| | | | | | | | | | | | | | | - Have Windows and Linux sandbox GYP in their own .gypi files - Cleanup things: * Get rid of the sandbox_windows_target variable * Merge all Linux targets into one Linux section BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10536228 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143426 0039d316-1c4b-4281-b951-d872f2087c98
* Added a new Verifier class to the BPF compiler.markus@chromium.org2012-06-141-0/+2
| | | | | | | | | | | | | | | This class ensures that the generated BPF program does in fact represent the filters that we were asked to compile. Having a verifier will allow us to make more aggressive optimizations in the future without having to worry that we generate invalid code. BUG=130662 TEST=make && demo32 && demo64 Review URL: https://chromiumcodereview.appspot.com/10546041 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142258 0039d316-1c4b-4281-b951-d872f2087c98
* Build seccomp 1 for supported architecture onlyjln@chromium.org2012-06-081-1/+2
| | | | | | | | | | | | Instead of blacklisting ARM, we whitelist IA32 and X86_64 BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10533055 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141129 0039d316-1c4b-4281-b951-d872f2087c98
* Compile the new sandbox-bpf API code, don't use it yet.jln@chromium.org2012-06-071-1/+16
| | | | | | | | | | BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10537048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140985 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 140971 - Broke compile on CrOS Daisy botrsleevi@chromium.org2012-06-071-16/+1
| | | | | | | | | | | | | | | | Compile the new sandbox-bpf API code BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10541040 TBR=jln@chromium.org Review URL: https://chromiumcodereview.appspot.com/10541048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140973 0039d316-1c4b-4281-b951-d872f2087c98
* Compile the new sandbox-bpf API codejln@chromium.org2012-06-071-1/+16
| | | | | | | | | | BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10541040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140971 0039d316-1c4b-4281-b951-d872f2087c98
* Revert setuid sandbox as a "init process" changesjln@chromium.org2012-05-231-2/+0
| | | | | | | | | | | | | | | | | | - 4d93b1f629fda9bd2782d4f7bf8aa12f479cc8f3 (126188) - 28af78c4ea3cdeaa959ded5c3bf29d707012774a (119746) This introduced dreaded complexity in something that should be kept simple. We can fix the zombie issue in Zygote or at the very least in unprivileged code. It was not fully fixed by those patches anyway (109944). BUG=125821,109944 TEST="Run chrome with the setuid sandbox enabled" NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10389214 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@138482 0039d316-1c4b-4281-b951-d872f2087c98
* This creates a field trial to determine the best level for low memorygspencer@chromium.org2012-05-031-0/+1
| | | | | | | | | | | | | | | | | | | | | notification. It creates a field trial with 7 groups: default (kernel default value), turning notification off (relying on OOM killer only), 0MB, 25MB, 50MB margin, 100MB margin, and 200MB margin. Also, in order to set parameters for the trial, this CL creates an API for setting the low memory margin. BUG=chromium-os:20080 TEST=Ran on device several times, checked that the memory margin was set correctly when the session started, and that different trial groups were selected. Review URL: http://codereview.chromium.org/10206029 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@135205 0039d316-1c4b-4281-b951-d872f2087c98
* Add a sandbox API for broker handle duplication jschuh@chromium.org2012-03-311-1/+8
| | | | | | | | BUG=119250 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=129627 Review URL: https://chromiumcodereview.appspot.com/9838083 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@130029 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 129627 - Add a sandbox API for broker handle duplicationjschuh@chromium.org2012-03-291-8/+1
| | | | | | | | | | BUG=119250 Review URL: https://chromiumcodereview.appspot.com/9838083 TBR=jschuh@chromium.org Review URL: https://chromiumcodereview.appspot.com/9924010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@129629 0039d316-1c4b-4281-b951-d872f2087c98
* Add a sandbox API for broker handle duplicationjschuh@chromium.org2012-03-291-1/+8
| | | | | | | BUG=119250 Review URL: https://chromiumcodereview.appspot.com/9838083 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@129627 0039d316-1c4b-4281-b951-d872f2087c98
* Calling clone(CLONE_NEWPID) results in the new pid namespace getting a new ↵markus@chromium.org2012-01-301-0/+2
| | | | | | | | | | | | | | | | | | | | | "init" process. This process is now resposible for reaping all child processes that no longer have a direct parent process. Often, failure to do this goes unnoticed, because our sandbox'd processes don't often fork other processes that then continue to turn into daemon processes. But there is no reason, why they couldn't occasionally do so. And in fact, the seccomp sandbox does do so for its trusted process. In the past, this would result in us having lots of uncollected zombie processes that only disappeared when the browser terminated. BUG=109944 TEST=Run Chrome with both the suid sandbox and the seccomp sandbox, open and close a few tabs, verify that we don't produce any zombie processes Review URL: https://chromiumcodereview.appspot.com/9295005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119746 0039d316-1c4b-4281-b951-d872f2087c98
* Remove 'settings' type from gyp filesevan@chromium.org2011-09-221-1/+1
| | | | | | | | | | | It is not actually supported by gyp; the fact that it works is a bug that I am working on fixing. BUG=96629 Review URL: http://codereview.chromium.org/7889051 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102306 0039d316-1c4b-4281-b951-d872f2087c98
* These unit tests are flaky and the code is exercised in the integration tests.jschuh@chromium.org2011-09-121-1/+0
| | | | | | | | BUG=89325 TEST=None Review URL: http://codereview.chromium.org/7870006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100712 0039d316-1c4b-4281-b951-d872f2087c98
* Make sandbox target a settings target type to fix a linker error.craig.schlenter@chromium.org2011-08-111-1/+1
| | | | | | | | | BUG=92164 TEST=Clobber build compiles, trybots Review URL: http://codereview.chromium.org/7602016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@96425 0039d316-1c4b-4281-b951-d872f2087c98
* seccomp: simplify enable/disable logicevan@chromium.org2011-07-291-23/+11
| | | | | | | | | | | | | | 1) Only compile in seccomp code at all if it's on a platform we intend to support (non-ChromeOS non-ARM non-Views Linux). 2) Move usage of seccomp code behind a define and usage of seccomp flags into a function call. The former helps catch bugs in the latter: it will be a link error if I accidentally break the enable/disable logic in code. Review URL: http://codereview.chromium.org/7519016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94784 0039d316-1c4b-4281-b951-d872f2087c98
* Re-enabling chrome-sandbox for Clang builds.glotov@google.com2011-07-271-2/+2
| | | | | | | | | | | As Clang now (since #13349 -- hans) supports asm .common directive, we may re-enable chrome-sandbox for Clang builds. BUG=chromium-os:16717, chromium:70871, chromium-os:88578 TEST=none Review URL: http://codereview.chromium.org/7233011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94271 0039d316-1c4b-4281-b951-d872f2087c98
* Add a sandbox API to allow closing open handles at lockdown. jschuh@chromium.org2011-07-211-0/+5
| | | | | | | | | | | BUG=58069 BUG=74242 TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.* Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=93274 Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=93308 Review URL: http://codereview.chromium.org/7253054 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93321 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 93308 - Add a sandbox API to allow closing open handles at lockdown. jschuh@chromium.org2011-07-211-5/+0
| | | | | | | | | | | | | BUG=58069 BUG=74242 TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.* Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=93274 Review URL: http://codereview.chromium.org/7253054 TBR=jschuh@chromium.org Review URL: http://codereview.chromium.org/7473022 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93315 0039d316-1c4b-4281-b951-d872f2087c98
* Add a sandbox API to allow closing open handles at lockdown. jschuh@chromium.org2011-07-211-0/+5
| | | | | | | | | | BUG=58069 BUG=74242 TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.* Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=93274 Review URL: http://codereview.chromium.org/7253054 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93308 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 93274 - Add a sandbox API to allow closing open handles at lockdown. jschuh@chromium.org2011-07-201-5/+0
| | | | | | | | | | | | BUG=58069 BUG=74242 TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.* Review URL: http://codereview.chromium.org/7253054 TBR=jschuh@chromium.org Review URL: http://codereview.chromium.org/7471021 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93284 0039d316-1c4b-4281-b951-d872f2087c98
* Add a sandbox API to allow closing open handles at lockdown. jschuh@chromium.org2011-07-201-0/+5
| | | | | | | | | BUG=58069 BUG=74242 TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.* Review URL: http://codereview.chromium.org/7253054 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93274 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 93113 - Add a sandbox API to allow closing open handles at lockdown.jschuh@chromium.org2011-07-191-5/+0
| | | | | | | | | | | | | | Reverting on suspicion that it's related to NaCl test breakage. BUG=58069 BUG=74242 TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.* Review URL: http://codereview.chromium.org/7253054 TBR=jschuh@chromium.org Review URL: http://codereview.chromium.org/7462003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93128 0039d316-1c4b-4281-b951-d872f2087c98
* Add a sandbox API to allow closing open handles at lockdown.jschuh@chromium.org2011-07-191-0/+5
| | | | | | | | | BUG=58069 BUG=74242 TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.* Review URL: http://codereview.chromium.org/7253054 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93113 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 92887 - Add a sandbox API to allow closing open handles at lockdown.jschuh@chromium.org2011-07-181-5/+0
| | | | | | | | | | | | BUG=58069 BUG=74242 TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.* Review URL: http://codereview.chromium.org/7253054 TBR=jschuh@chromium.org Review URL: http://codereview.chromium.org/7398035 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92906 0039d316-1c4b-4281-b951-d872f2087c98
* Add a sandbox API to allow closing open handles at lockdown.jschuh@chromium.org2011-07-181-0/+5
| | | | | | | | | BUG=58069 BUG=74242 TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.* Review URL: http://codereview.chromium.org/7253054 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92887 0039d316-1c4b-4281-b951-d872f2087c98
* Add COMPONENT_BUILD global define. darin@chromium.org2011-07-131-0/+1
| | | | | | | | | | | | | | | | | | | | | This avoids the need to define FOO_DLL macros for each project that we wish to optionally build as a DLL (when component=="shared_library"). This in turn means that we do not need direct_dependent_settings to define FOO_DLL, and that means that we don't need to update projects to convert transitive dependencies into explicit dependencies. This makes the component build more consistent with the static build. An alternative would be to use all_dependent_settings, but I feel that the global approach is simpler as it creates less repetition in each target definition for components. A side-effect of this change is that I needed to make base_nacl_win64 be a shared_library in the component build. R=rvargas,bradnelson,evan Review URL: http://codereview.chromium.org/7344022 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92409 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Add COMPONENT_BUILD global define. "yurys@chromium.org2011-07-131-1/+0
| | | | | | | | | | | | | The change broke compilation on Linux Builder (dbg)(shared): http://build.chromium.org/p/chromium/builders/Linux%20Builder%20%28dbg%29%28shared%29/builds/3365/steps/compile/logs/stdio TBR=darin BUG=None TEST=None Review URL: http://codereview.chromium.org/7352014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92329 0039d316-1c4b-4281-b951-d872f2087c98
* Add COMPONENT_BUILD global define. darin@chromium.org2011-07-131-0/+1
| | | | | | | | | | | | | | | | | | | | | | This avoids the need to define FOO_DLL macros for each project that we wish to optionally build as a DLL (when component=="shared_library"). This in turn means that we do not need direct_dependent_settings to define FOO_DLL, and that means that we don't need to update projects to convert transitive dependencies into explicit dependencies. This makes the component build more consistent with the static build. An alternative would be to use all_dependent_settings, but I feel that the global approach is simpler as it creates less repetition in each target definition for components. A side-effect of this change is that I needed to make base_nacl_win64 be a shared_library in the component build. R=rvargas,bradnelson Review URL: http://codereview.chromium.org/7344022 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92325 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the comments setting emands and vim tab width and expansion variables.tony@chromium.org2011-07-111-6/+0
| | | | | | | | | | | | | | | | | These were added in r28089 (http://codereview.chromium.org/256059) but are unnecessary bloat for everyone to carry around, even those that don't use emacs or vim. In an earlier change, I added editor config files in src/tools/emacs/ and src/tools/vim/ so users of the appropriate editor can source those instead. BUG=none TEST=none Review URL: http://codereview.chromium.org/7310019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92046 0039d316-1c4b-4281-b951-d872f2087c98
* Factor Windows handle enumeration code into its own classesI did some ↵jschuh@chromium.org2011-06-241-0/+3
| | | | | | | | | | general cleanup and isolated out the handle enumeration. TEST=sbox_unittests.exe --gtest_filter=HandleTable.* BUG=86521 Review URL: http://codereview.chromium.org/7206007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90449 0039d316-1c4b-4281-b951-d872f2087c98
* Remove msvs_guids from ipc, media, net, ppapi, printing, sandbox,tony@chromium.org2011-06-161-2/+0
| | | | | | | | | | sdch, skia, and testing. BUG=28727 Review URL: http://codereview.chromium.org/7165009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@89369 0039d316-1c4b-4281-b951-d872f2087c98
* Final gyp patch to make use of the new cross-platform POSIX defines ↵tony@chromium.org2011-05-231-1/+1
| | | | | | | | toolkit_uses_gtk, os_posix, and use_x11. For lists of source files that use a mix of POSIX and Gtk APIs, toolkit_uses_gtk was given precedence. Solaris was made to use ALSA also, as libasound has been ported to FreeBSD and Solaris as a wrapper around the native OSS. Review URL: http://codereview.chromium.org/7055003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86352 0039d316-1c4b-4281-b951-d872f2087c98
* Globally replace <(library) with static_libraryevan@chromium.org2011-05-191-3/+3
| | | | | | | | | | | We provided <(library) as a variable to support a peculiar build configuration on Linux. We no longer support that build configuration, so we can simplify this code to no longer use a variable. Review URL: http://codereview.chromium.org/7051014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86004 0039d316-1c4b-4281-b951-d872f2087c98
* Base: Adjust dependencies to build with base.dllrvargas@google.com2011-04-261-0/+3
| | | | | | | | BUG=76996 TEST=none Review URL: http://codereview.chromium.org/6894040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@83082 0039d316-1c4b-4281-b951-d872f2087c98
* Create a base_static library with files that should notrvargas@google.com2011-04-041-1/+2
| | | | | | | | | | | be used from a dll (base.dll), and fix some incorrect dependencies. BUG=76996 TEST=none Review URL: http://codereview.chromium.org/6759047 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80384 0039d316-1c4b-4281-b951-d872f2087c98
* Support for building Chrome using Clang.evan@chromium.org2010-09-181-2/+2
| | | | | | | | | | | | | | | | To build, set the clang=1 gyp_define. This patch is the culmination of many months of effort and many patches. It contains the minimal changes to Chrome that are Clang-specific. With this, I can build the "chrome" target. Once this patch is in, we can incrementally fix bits of Chrome and various tests and remove the Clang-specific workarounds. Review URL: http://codereview.chromium.org/522020 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59882 0039d316-1c4b-4281-b951-d872f2087c98
* Pull seccomp-sandbox in via DEPS rather than using an in-tree copy mseaborn@chromium.org2010-09-011-1/+1
| | | | | | | | | | | | | | | | This means changes to the sandbox won't have to be committed twice, to both trees. This is a retry of r57921, which was committed with git-svn and failed to remove the "seccomp" directory. This caused problems when trying to "svn checkout" to the same location, and the change was reverted. This time I will use SVN to commit the change. BUG=none TEST=smoke test of running chromium with --enable-seccomp-sandbox Review URL: http://codereview.chromium.org/3225010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@58184 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 49982 - patchthakis@chromium.org2010-06-161-2/+2
| | | | | | | TBR=thakis@chromium.org Review URL: http://codereview.chromium.org/2825006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50002 0039d316-1c4b-4281-b951-d872f2087c98
* patchthakis@chromium.org2010-06-161-2/+2
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49982 0039d316-1c4b-4281-b951-d872f2087c98
* seccomp sandbox: Split source file list into a separate .gyp filemseaborn@chromium.org2010-05-201-52/+4
| | | | | | | | | | | | | | | | | The intention behind this is to make it easier to sync the .gyp file into the non-Chromium copy of the seccomp sandbox so that it can be used to build a standalone version of the sandbox. Also, it arguably makes the .gyp files more manageable. Removes a dependency on "base", which the seccomp sandbox does not use. BUG=none TEST=none Review URL: http://codereview.chromium.org/1939002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47792 0039d316-1c4b-4281-b951-d872f2087c98