From 7d7dcec900cc0c148237307a79b9471a6459f2e5 Mon Sep 17 00:00:00 2001 From: hidehiko Date: Tue, 10 Mar 2015 00:00:14 -0700 Subject: Non-SFI mode: Suid sandbox. This CL enables suid sandbox on nacl_helper_nonsfi. BUG=358465 TEST=Ran trybots. Ran Non-SFI NaCl app with nacl_helper_nonsfi. Review URL: https://codereview.chromium.org/888903004 Cr-Commit-Position: refs/heads/master@{#319845} --- sandbox/sandbox_nacl_nonsfi.gyp | 45 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 sandbox/sandbox_nacl_nonsfi.gyp (limited to 'sandbox') diff --git a/sandbox/sandbox_nacl_nonsfi.gyp b/sandbox/sandbox_nacl_nonsfi.gyp new file mode 100644 index 0000000..c55b124 --- /dev/null +++ b/sandbox/sandbox_nacl_nonsfi.gyp @@ -0,0 +1,45 @@ +# Copyright 2015 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +{ + 'variables': { + 'chromium_code': 1, + }, + 'includes': [ + '../build/common_untrusted.gypi', + ], + 'conditions': [ + ['disable_nacl==0 and disable_nacl_untrusted==0', { + 'targets': [ + { + 'target_name': 'sandbox_nacl_nonsfi', + 'type': 'none', + 'variables': { + 'nacl_untrusted_build': 1, + 'nlib_target': 'libsandbox_nacl_nonsfi.a', + 'build_glibc': 0, + 'build_newlib': 0, + 'build_irt': 0, + 'build_pnacl_newlib': 0, + 'build_nonsfi_helper': 1, + + 'sources': [ + # This is the subset of linux build target, needed for + # nacl_helper_nonsfi's sandbox implementation. + 'linux/services/proc_util.cc', + 'linux/services/thread_helpers.cc', + 'linux/suid/client/setuid_sandbox_client.cc', + # TODO(hidehiko): Support namespace sandbox and seccomp-bpf + # sandbox. + ], + }, + 'dependencies': [ + '../base/base_nacl.gyp:base_nacl_nonsfi', + '../native_client/tools.gyp:prep_toolchain', + ], + }, + ], + }], + ], +} -- cgit v1.1