Bug 1023941 - Part 2: Static-link the CRT into plugin-container.exe. r=glandium,f=tabraldes

--HG-- rename : security/sandbox/moz.build => security/sandbox/objs.mozbuild extra : rebase_source : e0b1515a4729ecfe82a67b6439d9a38453f7556a
2014-08-28 14:50:10 +12:00 · 2014-08-28 14:50:10 +12:00 · db45c0b01a
--- a/ipc/app/moz.build
+++ b/ipc/app/moz.build
@ -36,8 +36,14 @@ if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
        '/security/sandbox/chromium',
    ]
    USE_LIBS += [
-        'sandbox_s',
+        'sandbox_staticruntime_s',
    ]
+    DELAYLOAD_DLLS += [
+        'mozalloc.dll',
+        'nss3.dll',
+        'xul.dll'
+    ]
+    USE_STATIC_LIBS = True

 if CONFIG['_MSC_VER']:
    # Always enter a Windows program through wmain, whether or not we're
@ -57,7 +63,9 @@ LDFLAGS += [CONFIG['MOZ_ALLOW_HEAP_EXECUTE_FLAGS']]
 if CONFIG['OS_ARCH'] == 'WINNT' and not CONFIG['GNU_CC']:
    LDFLAGS += ['/HEAP:0x40000']

-FAIL_ON_WARNINGS = True
+# Windows builds have dll linkage warnings due to USE_STATIC_LIBS
+if CONFIG['OS_ARCH'] != 'WINNT':
+    FAIL_ON_WARNINGS = True

 if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gonk':
    OS_LIBS += [
--- a/security/sandbox/moz.build
+++ b/security/sandbox/moz.build
@ -13,122 +13,13 @@ elif CONFIG['OS_ARCH'] == 'WINNT':
    FORCE_STATIC_LIB = True

    DIRS += [
+        'staticruntime',
        'win/src/sandboxbroker',
        'win/src/sandboxtarget',
    ]

-    SOURCES += [
-        'chromium/base/at_exit.cc',
-        'chromium/base/base_switches.cc',
-        'chromium/base/callback_internal.cc',
-        'chromium/base/cpu.cc',
-        'chromium/base/debug/alias.cc',
-        'chromium/base/debug/profiler.cc',
-        'chromium/base/lazy_instance.cc',
-        'chromium/base/location.cc',
-        'chromium/base/memory/ref_counted.cc',
-        'chromium/base/memory/singleton.cc',
-        'chromium/base/shim/base/logging.cpp',
-        'chromium/base/strings/nullable_string16.cc',
-        'chromium/base/strings/string_number_conversions.cc',
-        'chromium/base/strings/string_piece.cc',
-        'chromium/base/strings/string_util_constants.cc',
-        'chromium/base/strings/string_util_stripped.cc',
-        'chromium/base/strings/stringprintf.cc',
-        'chromium/base/strings/utf_string_conversion_utils.cc',
-        'chromium/base/strings/utf_string_conversions.cc',
-        'chromium/base/synchronization/lock.cc',
-        'chromium/base/synchronization/lock_impl_win.cc',
-        'chromium/base/third_party/dmg_fp/dtoa.cc',
-        'chromium/base/third_party/dmg_fp/g_fmt.cc',
-        'chromium/base/third_party/icu/icu_utf.cc',
-        'chromium/base/threading/platform_thread_win.cc',
-        'chromium/base/threading/thread_collision_warner.cc',
-        'chromium/base/threading/thread_id_name_manager.cc',
-        'chromium/base/threading/thread_local_win.cc',
-        'chromium/base/threading/thread_restrictions.cc',
-        'chromium/base/time/time.cc',
-        'chromium/base/time/time_win.cc',
-        'chromium/base/win/event_trace_provider.cc',
-        'chromium/base/win/pe_image.cc',
-        'chromium/base/win/registry.cc',
-        'chromium/base/win/scoped_handle.cc',
-        'chromium/base/win/scoped_process_information.cc',
-        'chromium/base/win/startup_information.cc',
-        'chromium/base/win/windows_version.cc',
-        'win/src/acl.cc',
-        'win/src/app_container.cc',
-        'win/src/broker_services.cc',
-        'win/src/crosscall_server.cc',
-        'win/src/eat_resolver.cc',
-        'win/src/filesystem_dispatcher.cc',
-        'win/src/filesystem_interception.cc',
-        'win/src/filesystem_policy.cc',
-        'win/src/handle_closer.cc',
-        'win/src/handle_closer_agent.cc',
-        'win/src/handle_dispatcher.cc',
-        'win/src/handle_interception.cc',
-        'win/src/handle_policy.cc',
-        'win/src/handle_table.cc',
-        'win/src/interception.cc',
-        'win/src/interception_agent.cc',
-        'win/src/job.cc',
-        'win/src/named_pipe_dispatcher.cc',
-        'win/src/named_pipe_interception.cc',
-        'win/src/named_pipe_policy.cc',
-        'win/src/policy_broker.cc',
-        'win/src/policy_engine_opcodes.cc',
-        'win/src/policy_engine_processor.cc',
-        'win/src/policy_low_level.cc',
-        'win/src/policy_target.cc',
-        'win/src/process_mitigations.cc',
-        'win/src/process_thread_dispatcher.cc',
-        'win/src/process_thread_interception.cc',
-        'win/src/process_thread_policy.cc',
-        'win/src/registry_dispatcher.cc',
-        'win/src/registry_interception.cc',
-        'win/src/registry_policy.cc',
-        'win/src/resolver.cc',
-        'win/src/restricted_token.cc',
-        'win/src/restricted_token_utils.cc',
-        'win/src/sandbox.cc',
-        'win/src/sandbox_nt_util.cc',
-        'win/src/sandbox_policy_base.cc',
-        'win/src/sandbox_utils.cc',
-        'win/src/service_resolver.cc',
-        'win/src/shared_handles.cc',
-        'win/src/sharedmem_ipc_client.cc',
-        'win/src/sharedmem_ipc_server.cc',
-        'win/src/sid.cc',
-        'win/src/sync_dispatcher.cc',
-        'win/src/sync_interception.cc',
-        'win/src/sync_policy.cc',
-        'win/src/target_interceptions.cc',
-        'win/src/target_process.cc',
-        'win/src/target_services.cc',
-        'win/src/win2k_threadpool.cc',
-        'win/src/win_utils.cc',
-        'win/src/window.cc',
-    ]
-
-    if CONFIG['CPU_ARCH'] == 'x86_64':
-        SOURCES += [
-            'win/src/interceptors_64.cc',
-            'win/src/resolver_64.cc',
-            'win/src/service_resolver_64.cc',
-            'win/src/Wow64_64.cc',
-        ]
-    else:
-        SOURCES += [
-            'win/src/resolver_32.cc',
-            'win/src/service_resolver_32.cc',
-            'win/src/sidestep/ia32_modrm_map.cpp',
-            'win/src/sidestep/ia32_opcode_map.cpp',
-            'win/src/sidestep/mini_disassembler.cpp',
-            'win/src/sidestep/preamble_patcher_with_stub.cpp',
-            'win/src/sidestep_resolver.cc',
-            'win/src/Wow64.cc',
-        ]
+    include('objs.mozbuild')
+    SOURCES += security_sandbox_cppsrcs

    for var in ('UNICODE', '_UNICODE', 'NS_NO_XPCOM', 'SANDBOX_EXPORTS',
                'NOMINMAX', '_CRT_RAND_S', 'CHROMIUM_SANDBOX_BUILD'):
--- a/security/sandbox/objs.mozbuild
+++ b/security/sandbox/objs.mozbuild
@ -0,0 +1,124 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+if CONFIG['OS_ARCH'] == 'WINNT':
+    security_sandbox_lcppsrcs = [
+        'chromium/base/at_exit.cc',
+        'chromium/base/base_switches.cc',
+        'chromium/base/callback_internal.cc',
+        'chromium/base/cpu.cc',
+        'chromium/base/debug/alias.cc',
+        'chromium/base/debug/profiler.cc',
+        'chromium/base/lazy_instance.cc',
+        'chromium/base/location.cc',
+        'chromium/base/memory/ref_counted.cc',
+        'chromium/base/memory/singleton.cc',
+        'chromium/base/shim/base/logging.cpp',
+        'chromium/base/strings/nullable_string16.cc',
+        'chromium/base/strings/string_number_conversions.cc',
+        'chromium/base/strings/string_piece.cc',
+        'chromium/base/strings/string_util_constants.cc',
+        'chromium/base/strings/string_util_stripped.cc',
+        'chromium/base/strings/stringprintf.cc',
+        'chromium/base/strings/utf_string_conversion_utils.cc',
+        'chromium/base/strings/utf_string_conversions.cc',
+        'chromium/base/synchronization/lock.cc',
+        'chromium/base/synchronization/lock_impl_win.cc',
+        'chromium/base/third_party/dmg_fp/dtoa.cc',
+        'chromium/base/third_party/dmg_fp/g_fmt.cc',
+        'chromium/base/third_party/icu/icu_utf.cc',
+        'chromium/base/threading/platform_thread_win.cc',
+        'chromium/base/threading/thread_collision_warner.cc',
+        'chromium/base/threading/thread_id_name_manager.cc',
+        'chromium/base/threading/thread_local_win.cc',
+        'chromium/base/threading/thread_restrictions.cc',
+        'chromium/base/time/time.cc',
+        'chromium/base/time/time_win.cc',
+        'chromium/base/win/event_trace_provider.cc',
+        'chromium/base/win/pe_image.cc',
+        'chromium/base/win/registry.cc',
+        'chromium/base/win/scoped_handle.cc',
+        'chromium/base/win/scoped_process_information.cc',
+        'chromium/base/win/startup_information.cc',
+        'chromium/base/win/windows_version.cc',
+        'win/src/acl.cc',
+        'win/src/app_container.cc',
+        'win/src/broker_services.cc',
+        'win/src/crosscall_server.cc',
+        'win/src/eat_resolver.cc',
+        'win/src/filesystem_dispatcher.cc',
+        'win/src/filesystem_interception.cc',
+        'win/src/filesystem_policy.cc',
+        'win/src/handle_closer.cc',
+        'win/src/handle_closer_agent.cc',
+        'win/src/handle_dispatcher.cc',
+        'win/src/handle_interception.cc',
+        'win/src/handle_policy.cc',
+        'win/src/handle_table.cc',
+        'win/src/interception.cc',
+        'win/src/interception_agent.cc',
+        'win/src/job.cc',
+        'win/src/named_pipe_dispatcher.cc',
+        'win/src/named_pipe_interception.cc',
+        'win/src/named_pipe_policy.cc',
+        'win/src/policy_broker.cc',
+        'win/src/policy_engine_opcodes.cc',
+        'win/src/policy_engine_processor.cc',
+        'win/src/policy_low_level.cc',
+        'win/src/policy_target.cc',
+        'win/src/process_mitigations.cc',
+        'win/src/process_thread_dispatcher.cc',
+        'win/src/process_thread_interception.cc',
+        'win/src/process_thread_policy.cc',
+        'win/src/registry_dispatcher.cc',
+        'win/src/registry_interception.cc',
+        'win/src/registry_policy.cc',
+        'win/src/resolver.cc',
+        'win/src/restricted_token.cc',
+        'win/src/restricted_token_utils.cc',
+        'win/src/sandbox.cc',
+        'win/src/sandbox_nt_util.cc',
+        'win/src/sandbox_policy_base.cc',
+        'win/src/sandbox_utils.cc',
+        'win/src/service_resolver.cc',
+        'win/src/shared_handles.cc',
+        'win/src/sharedmem_ipc_client.cc',
+        'win/src/sharedmem_ipc_server.cc',
+        'win/src/sid.cc',
+        'win/src/sync_dispatcher.cc',
+        'win/src/sync_interception.cc',
+        'win/src/sync_policy.cc',
+        'win/src/target_interceptions.cc',
+        'win/src/target_process.cc',
+        'win/src/target_services.cc',
+        'win/src/win2k_threadpool.cc',
+        'win/src/win_utils.cc',
+        'win/src/window.cc',
+    ]
+
+    if CONFIG['CPU_ARCH'] == 'x86_64':
+        security_sandbox_lcppsrcs += [
+            'win/src/interceptors_64.cc',
+            'win/src/resolver_64.cc',
+            'win/src/service_resolver_64.cc',
+            'win/src/Wow64_64.cc',
+        ]
+    else:
+        security_sandbox_lcppsrcs += [
+            'win/src/resolver_32.cc',
+            'win/src/service_resolver_32.cc',
+            'win/src/sidestep/ia32_modrm_map.cpp',
+            'win/src/sidestep/ia32_opcode_map.cpp',
+            'win/src/sidestep/mini_disassembler.cpp',
+            'win/src/sidestep/preamble_patcher_with_stub.cpp',
+            'win/src/sidestep_resolver.cc',
+            'win/src/Wow64.cc',
+        ]
+
+    security_sandbox_cppsrcs = [
+        '%s/security/sandbox/%s' % (TOPSRCDIR, s)
+            for s in sorted(security_sandbox_lcppsrcs)
+    ]
--- a/security/sandbox/staticruntime/moz.build
+++ b/security/sandbox/staticruntime/moz.build
@ -0,0 +1,35 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+if CONFIG['OS_ARCH'] == 'WINNT':
+    LIBRARY_NAME = 'sandbox_staticruntime_s'
+    FORCE_STATIC_LIB = True
+    USE_STATIC_LIBS = True
+
+    include('../objs.mozbuild')
+    SOURCES += security_sandbox_cppsrcs
+
+    for var in ('UNICODE', '_UNICODE', 'NS_NO_XPCOM', 'SANDBOX_EXPORTS',
+                'NOMINMAX', '_CRT_RAND_S', 'CHROMIUM_SANDBOX_BUILD'):
+        DEFINES[var] = True
+
+    LOCAL_INCLUDES += ['/security/sandbox/chromium/base/shim']
+    LOCAL_INCLUDES += ['/security/sandbox/chromium']
+    LOCAL_INCLUDES += ['/security/sandbox']
+    LOCAL_INCLUDES += ['/security']
+    LOCAL_INCLUDES += ['/nsprpub']
+
+    DISABLE_STL_WRAPPING = True
+
+    # Suppress warnings in third-party code.
+    if CONFIG['_MSC_VER']:
+        CXXFLAGS += [
+            '-wd4275', # non dll-interface class exception used as base for dll-interface class
+            '-wd4717', # recursive on all control paths, function will cause runtime stack overflow
+            '-wd4996', # 'GetVersionExW': was declared deprecated
+        ]
+
+FAIL_ON_WARNINGS = True