| # Copyright 2019 Google LLC |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # https://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # Description: sandbox2 is a C++ sandbox technology for Linux. |
| |
| load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") |
| load("//sandboxed_api/bazel:embed_data.bzl", "sapi_cc_embed_data") |
| load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library") |
| |
| package(default_visibility = ["//sandboxed_api:__subpackages__"]) |
| |
| licenses(["notice"]) |
| |
| cc_library( |
| name = "allow_all_syscalls", |
| hdrs = ["allow_all_syscalls.h"], |
| copts = sapi_platform_copts(), |
| visibility = [ |
| "//sandboxed_api/sandbox2:__pkg__", |
| "//sandboxed_api/sandbox2/examples/tool:__pkg__", |
| ], |
| ) |
| |
| cc_library( |
| name = "testonly_allow_all_syscalls", |
| testonly = True, |
| hdrs = ["allow_all_syscalls.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| ) |
| |
| cc_library( |
| name = "trace_all_syscalls", |
| hdrs = ["trace_all_syscalls.h"], |
| copts = sapi_platform_copts(), |
| visibility = [ |
| "//sandboxed_api/sandbox2:__pkg__", |
| ], |
| ) |
| |
| cc_library( |
| name = "testonly_trace_all_syscalls", |
| testonly = True, |
| hdrs = ["trace_all_syscalls.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| ) |
| |
| cc_library( |
| name = "allow_unrestricted_networking", |
| hdrs = ["allow_unrestricted_networking.h"], |
| copts = sapi_platform_copts(), |
| visibility = [ |
| "//sandboxed_api/sandbox2:__pkg__", |
| "//sandboxed_api/sandbox2/examples/tool:__pkg__", |
| "//sandboxed_api/sandbox2/performance:__pkg__", |
| ], |
| ) |
| |
| cc_library( |
| name = "testonly_allow_unrestricted_networking", |
| testonly = True, |
| hdrs = ["allow_unrestricted_networking.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| ) |
| |
| cc_library( |
| name = "bpfdisassembler", |
| srcs = ["bpfdisassembler.cc"], |
| hdrs = ["bpfdisassembler.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/types:span", |
| ], |
| ) |
| |
| cc_library( |
| name = "regs", |
| srcs = ["regs.cc"], |
| hdrs = ["regs.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":syscall", |
| ":violation_cc_proto", |
| "//sandboxed_api:config", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| cc_test( |
| name = "regs_test", |
| srcs = ["regs_test.cc"], |
| copts = sapi_platform_copts(), |
| tags = ["no_qemu_user_mode"], |
| deps = [ |
| ":regs", |
| ":sanitizer", |
| ":syscall", |
| ":util", |
| "//sandboxed_api:config", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/log:check", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_library( |
| name = "syscall", |
| srcs = [ |
| "syscall.cc", |
| "syscall_defs.cc", |
| ], |
| hdrs = [ |
| "syscall.h", |
| "syscall_defs.h", |
| ], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":util", |
| "//sandboxed_api:config", |
| "@com_google_absl//absl/algorithm:container", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/strings:str_format", |
| "@com_google_absl//absl/types:span", |
| ], |
| ) |
| |
| cc_test( |
| name = "syscall_test", |
| srcs = ["syscall_test.cc"], |
| copts = sapi_platform_copts(), |
| tags = ["no_qemu_user_mode"], |
| deps = [ |
| ":syscall", |
| "//sandboxed_api:config", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_library( |
| name = "result", |
| srcs = ["result.cc"], |
| hdrs = ["result.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":regs", |
| ":syscall", |
| ":util", |
| "//sandboxed_api:config", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| sapi_proto_library( |
| name = "logserver_proto", |
| srcs = ["logserver.proto"], |
| ) |
| |
| cc_library( |
| name = "logserver", |
| srcs = ["logserver.cc"], |
| hdrs = ["logserver.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":comms", |
| ":logserver_cc_proto", |
| "@com_google_absl//absl/base:log_severity", |
| "@com_google_absl//absl/log", |
| ], |
| ) |
| |
| cc_library( |
| name = "logsink", |
| srcs = ["logsink.cc"], |
| hdrs = ["logsink.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":comms", |
| ":logserver_cc_proto", |
| "@com_google_absl//absl/base:log_severity", |
| "@com_google_absl//absl/log:log_entry", |
| "@com_google_absl//absl/log:log_sink", |
| "@com_google_absl//absl/log:log_sink_registry", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/strings:str_format", |
| "@com_google_absl//absl/synchronization", |
| ], |
| ) |
| |
| cc_library( |
| name = "ipc", |
| srcs = ["ipc.cc"], |
| hdrs = ["ipc.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":comms", |
| ":logserver", |
| ":logsink", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| cc_library( |
| name = "policy", |
| srcs = ["policy.cc"], |
| hdrs = ["policy.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":bpfdisassembler", |
| ":comms", |
| ":namespace", |
| ":syscall", |
| ":violation_cc_proto", |
| "//sandboxed_api:config", |
| "//sandboxed_api/sandbox2/network_proxy:filtering", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/flags:flag", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/strings:string_view", |
| ], |
| ) |
| |
| cc_library( |
| name = "notify", |
| srcs = [], |
| hdrs = ["notify.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":comms", |
| ":result", |
| ":syscall", |
| ":util", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/log", |
| ], |
| ) |
| |
| cc_library( |
| name = "limits", |
| hdrs = ["limits.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/time", |
| ], |
| ) |
| |
| cc_binary( |
| name = "forkserver_bin", |
| srcs = ["forkserver_bin.cc"], |
| copts = sapi_platform_copts(), |
| stamp = 0, |
| deps = [ |
| ":client", |
| ":comms", |
| ":forkserver", |
| ":sanitizer", |
| "//sandboxed_api/sandbox2/unwind", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/base:log_severity", |
| "@com_google_absl//absl/log:globals", |
| "@com_google_absl//absl/status", |
| ], |
| ) |
| |
| sapi_cc_embed_data( |
| name = "forkserver_bin_embed", |
| srcs = [":forkserver_bin.stripped"], |
| ) |
| |
| cc_library( |
| name = "global_forkserver", |
| srcs = ["global_forkclient.cc"], |
| hdrs = ["global_forkclient.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":comms", |
| ":fork_client", |
| ":forkserver_bin_embed", |
| ":forkserver_cc_proto", |
| ":util", |
| "//sandboxed_api:config", |
| "//sandboxed_api:embed_file", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/cleanup", |
| "@com_google_absl//absl/flags:flag", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/synchronization", |
| ], |
| ) |
| |
| # Use only if Sandbox2 global forkserver has to be started very early on. |
| # By default the forkserver is started on demand. |
| cc_library( |
| name = "start_global_forkserver_lib_constructor", |
| srcs = ["global_forkclient_lib_ctor.cc"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":fork_client", |
| ":global_forkserver", |
| "@com_google_absl//absl/base:core_headers", |
| ], |
| ) |
| |
| cc_library( |
| name = "executor", |
| srcs = ["executor.cc"], |
| hdrs = ["executor.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":fork_client", |
| ":forkserver_cc_proto", |
| ":global_forkserver", |
| ":ipc", |
| ":limits", |
| ":namespace", |
| ":util", |
| "//sandboxed_api:config", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/types:span", |
| ], |
| ) |
| |
| # Should not be used in sandboxee code if it only uses sandbox2::Comms and |
| # sandbox2::Client objects |
| cc_library( |
| name = "sandbox2", |
| srcs = [ |
| "sandbox2.cc", |
| ], |
| hdrs = [ |
| "client.h", |
| "executor.h", |
| "ipc.h", |
| "limits.h", |
| "notify.h", |
| "policy.h", |
| "policybuilder.h", |
| "result.h", |
| "sandbox2.h", |
| "syscall.h", |
| ], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":client", |
| ":comms", |
| ":executor", |
| ":fork_client", |
| ":forkserver_cc_proto", |
| ":ipc", |
| ":limits", |
| ":logsink", |
| ":monitor_base", |
| ":monitor_ptrace", |
| ":monitor_unotify", |
| ":mounts", |
| ":namespace", |
| ":notify", |
| ":policy", |
| ":policybuilder", |
| ":regs", |
| ":result", |
| ":stack_trace", |
| ":syscall", |
| ":util", |
| ":violation_cc_proto", |
| "//sandboxed_api:config", |
| "//sandboxed_api/sandbox2/network_proxy:client", |
| "//sandboxed_api/sandbox2/network_proxy:filtering", |
| "//sandboxed_api/util:fileops", |
| "@com_google_absl//absl/base", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/container:flat_hash_map", |
| "@com_google_absl//absl/container:flat_hash_set", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/time", |
| "@com_google_absl//absl/types:optional", |
| "@com_google_absl//absl/types:span", |
| ], |
| ) |
| |
| cc_library( |
| name = "stack_trace", |
| srcs = ["stack_trace.cc"], |
| hdrs = ["stack_trace.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":comms", |
| ":executor", |
| ":limits", |
| ":mounts", |
| ":namespace", |
| ":policy", |
| ":policybuilder", |
| ":regs", |
| ":result", |
| "//sandboxed_api:config", |
| "//sandboxed_api/sandbox2/unwind", |
| "//sandboxed_api/sandbox2/unwind:unwind_cc_proto", |
| "//sandboxed_api/util:file_base", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "@com_google_absl//absl/cleanup", |
| "@com_google_absl//absl/flags:flag", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/time", |
| ], |
| ) |
| |
| cc_library( |
| name = "monitor_ptrace", |
| srcs = ["monitor_ptrace.cc"], |
| hdrs = ["monitor_ptrace.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":client", |
| ":comms", |
| ":executor", |
| ":monitor_base", |
| ":notify", |
| ":policy", |
| ":regs", |
| ":result", |
| ":sanitizer", |
| ":syscall", |
| ":util", |
| "//sandboxed_api:config", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/cleanup", |
| "@com_google_absl//absl/container:flat_hash_map", |
| "@com_google_absl//absl/container:flat_hash_set", |
| "@com_google_absl//absl/flags:flag", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/strings:str_format", |
| "@com_google_absl//absl/synchronization", |
| "@com_google_absl//absl/time", |
| ], |
| ) |
| |
| cc_library( |
| name = "monitor_unotify", |
| srcs = ["monitor_unotify.cc"], |
| hdrs = ["monitor_unotify.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":client", |
| ":executor", |
| ":forkserver_cc_proto", |
| ":monitor_base", |
| ":notify", |
| ":policy", |
| ":result", |
| "//sandboxed_api:config", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/cleanup", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/synchronization", |
| "@com_google_absl//absl/time", |
| "@com_google_absl//absl/types:span", |
| ], |
| ) |
| |
| cc_library( |
| name = "monitor_base", |
| srcs = ["monitor_base.cc"], |
| hdrs = ["monitor_base.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":client", |
| ":comms", |
| ":executor", |
| ":fork_client", |
| ":forkserver_cc_proto", |
| ":ipc", |
| ":limits", |
| ":mounts", |
| ":namespace", |
| ":notify", |
| ":policy", |
| ":regs", |
| ":result", |
| ":stack_trace", |
| ":syscall", |
| ":util", |
| "//sandboxed_api/sandbox2/network_proxy:client", |
| "//sandboxed_api/sandbox2/network_proxy:server", |
| "//sandboxed_api/util:file_helpers", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:strerror", |
| "//sandboxed_api/util:temp_file", |
| "@com_google_absl//absl/base", |
| "@com_google_absl//absl/cleanup", |
| "@com_google_absl//absl/flags:flag", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/synchronization", |
| "@com_google_absl//absl/time", |
| ], |
| ) |
| |
| cc_library( |
| name = "policybuilder", |
| srcs = ["policybuilder.cc"], |
| hdrs = ["policybuilder.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":allow_all_syscalls", |
| ":allow_unrestricted_networking", |
| ":mounts", |
| ":namespace", |
| ":policy", |
| ":syscall", |
| ":trace_all_syscalls", |
| ":violation_cc_proto", |
| "//sandboxed_api:config", |
| "//sandboxed_api/sandbox2/network_proxy:filtering", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:file_base", |
| "//sandboxed_api/util:status", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/container:flat_hash_set", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/types:optional", |
| "@com_google_absl//absl/types:span", |
| ], |
| ) |
| |
| # Should be used in sandboxee code instead of :sandbox2 if it uses just |
| # sandbox2::Client::SandboxMeHere() and sandbox2::Comms |
| cc_library( |
| name = "client", |
| srcs = ["client.cc"], |
| hdrs = ["client.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":comms", |
| ":logsink", |
| ":policy", |
| ":sanitizer", |
| ":syscall", |
| "//sandboxed_api/sandbox2/network_proxy:client", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/container:flat_hash_map", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| cc_library( |
| name = "sanitizer", |
| srcs = ["sanitizer.cc"], |
| hdrs = ["sanitizer.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":util", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "@com_google_absl//absl/container:flat_hash_set", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| cc_library( |
| name = "forkserver", |
| srcs = ["forkserver.cc"], |
| hdrs = ["forkserver.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":client", |
| ":comms", |
| ":fork_client", |
| ":forkserver_cc_proto", |
| ":namespace", |
| ":policy", |
| ":sanitizer", |
| ":syscall", |
| ":util", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:strerror", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/container:flat_hash_map", |
| "@com_google_absl//absl/container:flat_hash_set", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@org_kernel_libcap//:libcap", |
| ], |
| ) |
| |
| cc_library( |
| name = "fork_client", |
| srcs = ["fork_client.cc"], |
| hdrs = ["fork_client.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":comms", |
| ":forkserver_cc_proto", |
| "//sandboxed_api/util:fileops", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/synchronization", |
| ], |
| ) |
| |
| cc_library( |
| name = "mounts", |
| srcs = ["mounts.cc"], |
| hdrs = ["mounts.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":mount_tree_cc_proto", |
| "//sandboxed_api:config", |
| "//sandboxed_api/sandbox2/util:minielf", |
| "//sandboxed_api/util:file_base", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "@com_google_absl//absl/container:flat_hash_set", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| cc_test( |
| name = "mounts_test", |
| srcs = ["mounts_test.cc"], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:minimal_dynamic"], |
| deps = [ |
| ":mounts", |
| "//sandboxed_api:testing", |
| "//sandboxed_api/util:file_base", |
| "//sandboxed_api/util:status_matchers", |
| "//sandboxed_api/util:temp_file", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_library( |
| name = "namespace", |
| srcs = ["namespace.cc"], |
| hdrs = ["namespace.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":mounts", |
| ":violation_cc_proto", |
| "//sandboxed_api/util:file_base", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| cc_test( |
| name = "namespace_test", |
| srcs = ["namespace_test.cc"], |
| copts = sapi_platform_copts(), |
| data = [ |
| "//sandboxed_api/sandbox2/testcases:namespace", |
| ], |
| tags = [ |
| "requires-net:external", |
| ], |
| deps = [ |
| ":namespace", |
| ":sandbox2", |
| ":testonly_allow_all_syscalls", |
| "//sandboxed_api:config", |
| "//sandboxed_api:testing", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:status_matchers", |
| "//sandboxed_api/util:temp_file", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_library( |
| name = "forkingclient", |
| srcs = ["forkingclient.cc"], |
| hdrs = ["forkingclient.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":client", |
| ":comms", |
| ":forkserver", |
| ":sanitizer", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/log:check", |
| ], |
| ) |
| |
| cc_library( |
| name = "util", |
| srcs = ["util.cc"], |
| hdrs = ["util.h"], |
| # The default is 16384, however we need to do a clone with a |
| # stack-allocated buffer -- and PTHREAD_STACK_MIN also happens to be 16384. |
| # Thus the slight increase. |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| "//sandboxed_api:config", |
| "//sandboxed_api/util:file_base", |
| "//sandboxed_api/util:file_helpers", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/strings:str_format", |
| ], |
| ) |
| |
| cc_library( |
| name = "buffer", |
| srcs = ["buffer.cc"], |
| hdrs = ["buffer.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":util", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| ], |
| ) |
| |
| cc_test( |
| name = "buffer_test", |
| srcs = ["buffer_test.cc"], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:buffer"], |
| tags = ["no_qemu_user_mode"], |
| deps = [ |
| ":buffer", |
| ":sandbox2", |
| "//sandboxed_api:testing", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| sapi_proto_library( |
| name = "forkserver_proto", |
| srcs = ["forkserver.proto"], |
| copts = sapi_platform_copts(), |
| deps = [":mount_tree_proto"], |
| ) |
| |
| sapi_proto_library( |
| name = "mount_tree_proto", |
| srcs = ["mount_tree.proto"], |
| ) |
| |
| cc_library( |
| name = "comms", |
| srcs = ["comms.cc"], |
| hdrs = ["comms.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":util", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "//sandboxed_api/util:status_cc_proto", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/base:dynamic_annotations", |
| "@com_google_absl//absl/log:die_if_null", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/strings:str_format", |
| "@com_google_protobuf//:protobuf", |
| ], |
| ) |
| |
| sapi_proto_library( |
| name = "comms_test_proto", |
| srcs = ["comms_test.proto"], |
| ) |
| |
| cc_test( |
| name = "comms_test", |
| srcs = ["comms_test.cc"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":comms", |
| ":comms_test_cc_proto", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/container:fixed_array", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "forkserver_test", |
| srcs = ["forkserver_test.cc"], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:minimal"], |
| tags = ["no_qemu_user_mode"], |
| deps = [ |
| ":forkserver", |
| ":forkserver_cc_proto", |
| ":global_forkserver", |
| ":sandbox2", |
| "//sandboxed_api:testing", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "limits_test", |
| srcs = ["limits_test.cc"], |
| copts = sapi_platform_copts(), |
| data = [ |
| "//sandboxed_api/sandbox2/testcases:limits", |
| ], |
| deps = [ |
| ":limits", |
| ":sandbox2", |
| "//sandboxed_api:config", |
| "//sandboxed_api:testing", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "notify_test", |
| srcs = ["notify_test.cc"], |
| copts = sapi_platform_copts(), |
| data = [ |
| "//sandboxed_api/sandbox2/testcases:personality", |
| "//sandboxed_api/sandbox2/testcases:pidcomms", |
| ], |
| tags = ["no_qemu_user_mode"], |
| deps = [ |
| ":comms", |
| ":sandbox2", |
| ":trace_all_syscalls", |
| "//sandboxed_api:testing", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "policy_test", |
| srcs = ["policy_test.cc"], |
| copts = sapi_platform_copts(), |
| data = [ |
| "//sandboxed_api/sandbox2/testcases:add_policy_on_syscalls", |
| "//sandboxed_api/sandbox2/testcases:malloc_system", |
| "//sandboxed_api/sandbox2/testcases:minimal", |
| "//sandboxed_api/sandbox2/testcases:minimal_dynamic", |
| "//sandboxed_api/sandbox2/testcases:policy", |
| ], |
| tags = ["no_qemu_user_mode"], |
| deps = [ |
| ":sandbox2", |
| "//sandboxed_api:config", |
| "//sandboxed_api:testing", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "sandbox2_test", |
| srcs = ["sandbox2_test.cc"], |
| copts = sapi_platform_copts(), |
| data = [ |
| "//sandboxed_api/sandbox2/testcases:abort", |
| "//sandboxed_api/sandbox2/testcases:custom_fork", |
| "//sandboxed_api/sandbox2/testcases:minimal", |
| "//sandboxed_api/sandbox2/testcases:sleep", |
| "//sandboxed_api/sandbox2/testcases:starve", |
| "//sandboxed_api/sandbox2/testcases:tsync", |
| ], |
| tags = [ |
| "local", |
| "no_qemu_user_mode", |
| ], |
| deps = [ |
| ":fork_client", |
| ":sandbox2", |
| "//sandboxed_api:config", |
| "//sandboxed_api:testing", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/synchronization", |
| "@com_google_absl//absl/time", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "sanitizer_test", |
| srcs = ["sanitizer_test.cc"], |
| copts = sapi_platform_copts(), |
| data = [ |
| "//sandboxed_api/sandbox2/testcases:close_fds", |
| "//sandboxed_api/sandbox2/testcases:sanitizer", |
| ], |
| tags = ["no_qemu_user_mode"], |
| deps = [ |
| ":comms", |
| ":sandbox2", |
| ":sanitizer", |
| ":util", |
| "//sandboxed_api:testing", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/container:flat_hash_set", |
| "@com_google_absl//absl/log", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "util_test", |
| srcs = ["util_test.cc"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":util", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/cleanup", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "stack_trace_test", |
| srcs = [ |
| "stack_trace_test.cc", |
| ], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:symbolize"], |
| tags = ["no_qemu_user_mode"], |
| deps = [ |
| ":global_forkserver", |
| ":sandbox2", |
| ":stack_trace", |
| "//sandboxed_api:testing", |
| "//sandboxed_api/util:fileops", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/base:log_severity", |
| "@com_google_absl//absl/flags:flag", |
| "@com_google_absl//absl/flags:reflection", |
| "@com_google_absl//absl/log:check", |
| "@com_google_absl//absl/log:scoped_mock_log", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/time", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "ipc_test", |
| srcs = ["ipc_test.cc"], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:ipc"], |
| tags = ["no_qemu_user_mode"], |
| deps = [ |
| ":comms", |
| ":sandbox2", |
| "//sandboxed_api:testing", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_library( |
| name = "testing", |
| testonly = 1, |
| hdrs = ["testing.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = ["//sandboxed_api:testing"], |
| ) |
| |
| sapi_proto_library( |
| name = "violation_proto", |
| srcs = ["violation.proto"], |
| deps = [ |
| ":mount_tree_proto", |
| ], |
| ) |
| |
| cc_test( |
| name = "policybuilder_test", |
| srcs = ["policybuilder_test.cc"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":policy", |
| ":policybuilder", |
| ":violation_cc_proto", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/status:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "bpfdisassembler_test", |
| srcs = ["bpfdisassembler_test.cc"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":bpfdisassembler", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "network_proxy_test", |
| srcs = ["network_proxy_test.cc"], |
| copts = sapi_platform_copts(), |
| data = [ |
| "//sandboxed_api/sandbox2/testcases:network_proxy", |
| ], |
| tags = ["no_qemu_user_mode"], |
| deps = [ |
| ":sandbox2", |
| "//sandboxed_api:testing", |
| "//sandboxed_api/sandbox2/network_proxy:testing", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/status", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/time", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
