gecko-dev/security/sandbox/moz.build

# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

BROWSER_CHROME_MANIFESTS += ['test/browser.ini']

with Files('**'):
    BUG_COMPONENT = ('Core', 'Security: Process Sandboxing')

DIRS += ['common']

if CONFIG['OS_ARCH'] == 'Linux':
    DIRS += ['linux']
elif CONFIG['OS_ARCH'] == 'Darwin':
    DIRS += ['mac']
elif CONFIG['OS_ARCH'] == 'WINNT':
    Library('sandbox_s')
    FORCE_STATIC_LIB = True

    DIRS += [
        'win/src/remotesandboxbroker',
        'win/src/sandboxbroker',
        'win/src/sandboxpermissions',
        'win/src/sandboxtarget',
    ]

    EXPORTS.mozilla.sandboxing += [
        'chromium-shim/sandbox/win/loggingCallbacks.h',
        'chromium-shim/sandbox/win/loggingTypes.h',
        'chromium-shim/sandbox/win/permissionsService.h',
        'chromium-shim/sandbox/win/sandboxLogging.h',
        'win/SandboxInitialization.h',
    ]

    SOURCES += [
        'chromium-shim/base/file_version_info_win.cpp',
        'chromium-shim/base/files/file_path.cpp',
        'chromium-shim/base/logging.cpp',
        'chromium-shim/sandbox/win/permissionsService.cpp',
        'chromium-shim/sandbox/win/sandboxLogging.cpp',
        'chromium/base/at_exit.cc',
        'chromium/base/base_switches.cc',
        'chromium/base/callback_internal.cc',
        'chromium/base/cpu.cc',
        'chromium/base/debug/alias.cc',
        'chromium/base/debug/profiler.cc',
        'chromium/base/environment.cc',
        'chromium/base/hash.cc',
        'chromium/base/lazy_instance_helpers.cc',
        'chromium/base/location.cc',
        'chromium/base/memory/ref_counted.cc',
        'chromium/base/memory/shared_memory_handle.cc',
        'chromium/base/memory/shared_memory_handle_win.cc',
        'chromium/base/memory/shared_memory_win.cc',
        'chromium/base/process/process_handle_win.cc',
        'chromium/base/rand_util_win.cc',
        'chromium/base/scoped_clear_last_error_win.cc',
        'chromium/base/strings/nullable_string16.cc',
        'chromium/base/strings/string_number_conversions.cc',
        'chromium/base/strings/string_piece.cc',
        'chromium/base/strings/string_split.cc',
        'chromium/base/strings/string_util.cc',
        'chromium/base/strings/string_util_constants.cc',
        'chromium/base/strings/stringprintf.cc',
        'chromium/base/strings/utf_string_conversion_utils.cc',
        'chromium/base/strings/utf_string_conversions.cc',
        'chromium/base/synchronization/lock.cc',
        'chromium/base/synchronization/lock_impl_win.cc',
        'chromium/base/third_party/dmg_fp/dtoa_wrapper.cc',
        'chromium/base/third_party/dmg_fp/g_fmt.cc',
        'chromium/base/third_party/icu/icu_utf.cc',
        'chromium/base/third_party/superfasthash/superfasthash.c',
        'chromium/base/threading/platform_thread.cc',
        'chromium/base/threading/platform_thread_win.cc',
        'chromium/base/threading/thread_collision_warner.cc',
        'chromium/base/threading/thread_id_name_manager.cc',
        'chromium/base/threading/thread_local_storage.cc',
        'chromium/base/threading/thread_local_storage_win.cc',
        'chromium/base/threading/thread_restrictions.cc',
        'chromium/base/time/time.cc',
        'chromium/base/time/time_win.cc',
        'chromium/base/token.cc',
        'chromium/base/unguessable_token.cc',
        'chromium/base/version.cc',
        'chromium/base/win/pe_image.cc',
        'chromium/base/win/scoped_handle.cc',
        'chromium/base/win/scoped_handle_verifier.cc',
        'chromium/base/win/scoped_process_information.cc',
        'chromium/base/win/startup_information.cc',
        'chromium/base/win/windows_version.cc',
        'chromium/sandbox/win/src/acl.cc',
        'chromium/sandbox/win/src/app_container_profile_base.cc',
        'chromium/sandbox/win/src/broker_services.cc',
        'chromium/sandbox/win/src/crosscall_server.cc',
        'chromium/sandbox/win/src/eat_resolver.cc',
        'chromium/sandbox/win/src/filesystem_dispatcher.cc',
        'chromium/sandbox/win/src/filesystem_interception.cc',
        'chromium/sandbox/win/src/filesystem_policy.cc',
        'chromium/sandbox/win/src/handle_closer.cc',
        'chromium/sandbox/win/src/handle_closer_agent.cc',
        'chromium/sandbox/win/src/handle_dispatcher.cc',
        'chromium/sandbox/win/src/handle_interception.cc',
        'chromium/sandbox/win/src/handle_policy.cc',
        'chromium/sandbox/win/src/heap_helper.cc',
        'chromium/sandbox/win/src/interception.cc',
        'chromium/sandbox/win/src/interception_agent.cc',
        'chromium/sandbox/win/src/ipc_args.cc',
        'chromium/sandbox/win/src/job.cc',
        'chromium/sandbox/win/src/named_pipe_dispatcher.cc',
        'chromium/sandbox/win/src/named_pipe_interception.cc',
        'chromium/sandbox/win/src/named_pipe_policy.cc',
        'chromium/sandbox/win/src/policy_broker.cc',
        'chromium/sandbox/win/src/policy_engine_opcodes.cc',
        'chromium/sandbox/win/src/policy_engine_processor.cc',
        'chromium/sandbox/win/src/policy_low_level.cc',
        'chromium/sandbox/win/src/policy_target.cc',
        'chromium/sandbox/win/src/process_mitigations.cc',
        'chromium/sandbox/win/src/process_mitigations_win32k_dispatcher.cc',
        'chromium/sandbox/win/src/process_mitigations_win32k_interception.cc',
        'chromium/sandbox/win/src/process_mitigations_win32k_policy.cc',
        'chromium/sandbox/win/src/process_thread_dispatcher.cc',
        'chromium/sandbox/win/src/process_thread_interception.cc',
        'chromium/sandbox/win/src/process_thread_policy.cc',
        'chromium/sandbox/win/src/registry_dispatcher.cc',
        'chromium/sandbox/win/src/registry_interception.cc',
        'chromium/sandbox/win/src/registry_policy.cc',
        'chromium/sandbox/win/src/resolver.cc',
        'chromium/sandbox/win/src/restricted_token.cc',
        'chromium/sandbox/win/src/restricted_token_utils.cc',
        'chromium/sandbox/win/src/sandbox.cc',
        'chromium/sandbox/win/src/sandbox_globals.cc',
        'chromium/sandbox/win/src/sandbox_nt_util.cc',
        'chromium/sandbox/win/src/sandbox_policy_base.cc',
        'chromium/sandbox/win/src/sandbox_rand.cc',
        'chromium/sandbox/win/src/sandbox_utils.cc',
        'chromium/sandbox/win/src/security_capabilities.cc',
        'chromium/sandbox/win/src/service_resolver.cc',
        'chromium/sandbox/win/src/sharedmem_ipc_client.cc',
        'chromium/sandbox/win/src/sharedmem_ipc_server.cc',
        'chromium/sandbox/win/src/sid.cc',
        'chromium/sandbox/win/src/sync_dispatcher.cc',
        'chromium/sandbox/win/src/sync_interception.cc',
        'chromium/sandbox/win/src/sync_policy.cc',
        'chromium/sandbox/win/src/target_interceptions.cc',
        'chromium/sandbox/win/src/target_process.cc',
        'chromium/sandbox/win/src/target_services.cc',
        'chromium/sandbox/win/src/top_level_dispatcher.cc',
        'chromium/sandbox/win/src/win2k_threadpool.cc',
        'chromium/sandbox/win/src/win_utils.cc',
        'chromium/sandbox/win/src/window.cc',
        'win/SandboxInitialization.cpp',
    ]
    # Sandbox interceptors can be called before the process's import table
    # is populated.  Don't let the compiler insert any instrumentation that
    # might call an import.
    SOURCES['chromium/sandbox/win/src/process_thread_interception.cc'].no_pgo = True

    if CONFIG['CPU_ARCH'] in ('x86_64', 'aarch64'):
        SOURCES += [
            'chromium/sandbox/win/src/interceptors_64.cc',
            'chromium/sandbox/win/src/resolver_64.cc',
            'chromium/sandbox/win/src/service_resolver_64.cc',
        ]
    else:
        SOURCES += [
            'chromium/sandbox/win/src/resolver_32.cc',
            'chromium/sandbox/win/src/service_resolver_32.cc',
        ]

    for var in ('UNICODE', '_UNICODE', 'NS_NO_XPCOM',
                '_CRT_RAND_S', 'CHROMIUM_SANDBOX_BUILD'):
        DEFINES[var] = True
    if CONFIG['CC_TYPE'] not in ('gcc', 'clang'):
        DEFINES['SANDBOX_EXPORTS'] = True

    LOCAL_INCLUDES += ['/security/sandbox/chromium-shim']
    LOCAL_INCLUDES += ['/security/sandbox/chromium']
    LOCAL_INCLUDES += ['/nsprpub']

    DisableStlWrapping()

    # Suppress warnings in third-party code.
    if CONFIG['CC_TYPE'] == 'clang-cl':
        CXXFLAGS += [
            '-Wno-deprecated-declarations', # 'GetVersionExW': was declared deprecated
        ]