1*ec63e07aSXin Li# Copyright 2019 Google LLC 2*ec63e07aSXin Li# 3*ec63e07aSXin Li# Licensed under the Apache License, Version 2.0 (the "License"); 4*ec63e07aSXin Li# you may not use this file except in compliance with the License. 5*ec63e07aSXin Li# You may obtain a copy of the License at 6*ec63e07aSXin Li# 7*ec63e07aSXin Li# https://www.apache.org/licenses/LICENSE-2.0 8*ec63e07aSXin Li# 9*ec63e07aSXin Li# Unless required by applicable law or agreed to in writing, software 10*ec63e07aSXin Li# distributed under the License is distributed on an "AS IS" BASIS, 11*ec63e07aSXin Li# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*ec63e07aSXin Li# See the License for the specific language governing permissions and 13*ec63e07aSXin Li# limitations under the License. 14*ec63e07aSXin Li 15*ec63e07aSXin Li# Description: sandbox2 is a C++ sandbox technology for Linux. 16*ec63e07aSXin Li 17*ec63e07aSXin Liload("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") 18*ec63e07aSXin Liload("//sandboxed_api/bazel:embed_data.bzl", "sapi_cc_embed_data") 19*ec63e07aSXin Liload("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library") 20*ec63e07aSXin Li 21*ec63e07aSXin Lipackage(default_visibility = ["//sandboxed_api:__subpackages__"]) 22*ec63e07aSXin Li 23*ec63e07aSXin Lilicenses(["notice"]) 24*ec63e07aSXin Li 25*ec63e07aSXin Licc_library( 26*ec63e07aSXin Li name = "allow_all_syscalls", 27*ec63e07aSXin Li hdrs = ["allow_all_syscalls.h"], 28*ec63e07aSXin Li copts = sapi_platform_copts(), 29*ec63e07aSXin Li visibility = [ 30*ec63e07aSXin Li "//sandboxed_api/sandbox2:__pkg__", 31*ec63e07aSXin Li "//sandboxed_api/sandbox2/examples/tool:__pkg__", 32*ec63e07aSXin Li ], 33*ec63e07aSXin Li) 34*ec63e07aSXin Li 35*ec63e07aSXin Licc_library( 36*ec63e07aSXin Li name = "testonly_allow_all_syscalls", 37*ec63e07aSXin Li testonly = True, 38*ec63e07aSXin Li hdrs = ["allow_all_syscalls.h"], 39*ec63e07aSXin Li copts = sapi_platform_copts(), 40*ec63e07aSXin Li visibility = ["//visibility:public"], 41*ec63e07aSXin Li) 42*ec63e07aSXin Li 43*ec63e07aSXin Licc_library( 44*ec63e07aSXin Li name = "trace_all_syscalls", 45*ec63e07aSXin Li hdrs = ["trace_all_syscalls.h"], 46*ec63e07aSXin Li copts = sapi_platform_copts(), 47*ec63e07aSXin Li visibility = [ 48*ec63e07aSXin Li "//sandboxed_api/sandbox2:__pkg__", 49*ec63e07aSXin Li ], 50*ec63e07aSXin Li) 51*ec63e07aSXin Li 52*ec63e07aSXin Licc_library( 53*ec63e07aSXin Li name = "testonly_trace_all_syscalls", 54*ec63e07aSXin Li testonly = True, 55*ec63e07aSXin Li hdrs = ["trace_all_syscalls.h"], 56*ec63e07aSXin Li copts = sapi_platform_copts(), 57*ec63e07aSXin Li visibility = ["//visibility:public"], 58*ec63e07aSXin Li) 59*ec63e07aSXin Li 60*ec63e07aSXin Licc_library( 61*ec63e07aSXin Li name = "allow_unrestricted_networking", 62*ec63e07aSXin Li hdrs = ["allow_unrestricted_networking.h"], 63*ec63e07aSXin Li copts = sapi_platform_copts(), 64*ec63e07aSXin Li visibility = [ 65*ec63e07aSXin Li "//sandboxed_api/sandbox2:__pkg__", 66*ec63e07aSXin Li "//sandboxed_api/sandbox2/examples/tool:__pkg__", 67*ec63e07aSXin Li "//sandboxed_api/sandbox2/performance:__pkg__", 68*ec63e07aSXin Li ], 69*ec63e07aSXin Li) 70*ec63e07aSXin Li 71*ec63e07aSXin Licc_library( 72*ec63e07aSXin Li name = "testonly_allow_unrestricted_networking", 73*ec63e07aSXin Li testonly = True, 74*ec63e07aSXin Li hdrs = ["allow_unrestricted_networking.h"], 75*ec63e07aSXin Li copts = sapi_platform_copts(), 76*ec63e07aSXin Li visibility = ["//visibility:public"], 77*ec63e07aSXin Li) 78*ec63e07aSXin Li 79*ec63e07aSXin Licc_library( 80*ec63e07aSXin Li name = "bpfdisassembler", 81*ec63e07aSXin Li srcs = ["bpfdisassembler.cc"], 82*ec63e07aSXin Li hdrs = ["bpfdisassembler.h"], 83*ec63e07aSXin Li copts = sapi_platform_copts(), 84*ec63e07aSXin Li visibility = ["//visibility:public"], 85*ec63e07aSXin Li deps = [ 86*ec63e07aSXin Li "@com_google_absl//absl/strings", 87*ec63e07aSXin Li "@com_google_absl//absl/types:span", 88*ec63e07aSXin Li ], 89*ec63e07aSXin Li) 90*ec63e07aSXin Li 91*ec63e07aSXin Licc_library( 92*ec63e07aSXin Li name = "regs", 93*ec63e07aSXin Li srcs = ["regs.cc"], 94*ec63e07aSXin Li hdrs = ["regs.h"], 95*ec63e07aSXin Li copts = sapi_platform_copts(), 96*ec63e07aSXin Li deps = [ 97*ec63e07aSXin Li ":syscall", 98*ec63e07aSXin Li ":violation_cc_proto", 99*ec63e07aSXin Li "//sandboxed_api:config", 100*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 101*ec63e07aSXin Li "@com_google_absl//absl/status", 102*ec63e07aSXin Li "@com_google_absl//absl/strings", 103*ec63e07aSXin Li ], 104*ec63e07aSXin Li) 105*ec63e07aSXin Li 106*ec63e07aSXin Licc_test( 107*ec63e07aSXin Li name = "regs_test", 108*ec63e07aSXin Li srcs = ["regs_test.cc"], 109*ec63e07aSXin Li copts = sapi_platform_copts(), 110*ec63e07aSXin Li tags = ["no_qemu_user_mode"], 111*ec63e07aSXin Li deps = [ 112*ec63e07aSXin Li ":regs", 113*ec63e07aSXin Li ":sanitizer", 114*ec63e07aSXin Li ":syscall", 115*ec63e07aSXin Li ":util", 116*ec63e07aSXin Li "//sandboxed_api:config", 117*ec63e07aSXin Li "//sandboxed_api/sandbox2/util:bpf_helper", 118*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 119*ec63e07aSXin Li "@com_google_absl//absl/log:check", 120*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 121*ec63e07aSXin Li ], 122*ec63e07aSXin Li) 123*ec63e07aSXin Li 124*ec63e07aSXin Licc_library( 125*ec63e07aSXin Li name = "syscall", 126*ec63e07aSXin Li srcs = [ 127*ec63e07aSXin Li "syscall.cc", 128*ec63e07aSXin Li "syscall_defs.cc", 129*ec63e07aSXin Li ], 130*ec63e07aSXin Li hdrs = [ 131*ec63e07aSXin Li "syscall.h", 132*ec63e07aSXin Li "syscall_defs.h", 133*ec63e07aSXin Li ], 134*ec63e07aSXin Li copts = sapi_platform_copts(), 135*ec63e07aSXin Li visibility = ["//visibility:public"], 136*ec63e07aSXin Li deps = [ 137*ec63e07aSXin Li ":util", 138*ec63e07aSXin Li "//sandboxed_api:config", 139*ec63e07aSXin Li "@com_google_absl//absl/algorithm:container", 140*ec63e07aSXin Li "@com_google_absl//absl/status", 141*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 142*ec63e07aSXin Li "@com_google_absl//absl/strings", 143*ec63e07aSXin Li "@com_google_absl//absl/strings:str_format", 144*ec63e07aSXin Li "@com_google_absl//absl/types:span", 145*ec63e07aSXin Li ], 146*ec63e07aSXin Li) 147*ec63e07aSXin Li 148*ec63e07aSXin Licc_test( 149*ec63e07aSXin Li name = "syscall_test", 150*ec63e07aSXin Li srcs = ["syscall_test.cc"], 151*ec63e07aSXin Li copts = sapi_platform_copts(), 152*ec63e07aSXin Li tags = ["no_qemu_user_mode"], 153*ec63e07aSXin Li deps = [ 154*ec63e07aSXin Li ":syscall", 155*ec63e07aSXin Li "//sandboxed_api:config", 156*ec63e07aSXin Li "@com_google_absl//absl/strings", 157*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 158*ec63e07aSXin Li ], 159*ec63e07aSXin Li) 160*ec63e07aSXin Li 161*ec63e07aSXin Licc_library( 162*ec63e07aSXin Li name = "result", 163*ec63e07aSXin Li srcs = ["result.cc"], 164*ec63e07aSXin Li hdrs = ["result.h"], 165*ec63e07aSXin Li copts = sapi_platform_copts(), 166*ec63e07aSXin Li deps = [ 167*ec63e07aSXin Li ":regs", 168*ec63e07aSXin Li ":syscall", 169*ec63e07aSXin Li ":util", 170*ec63e07aSXin Li "//sandboxed_api:config", 171*ec63e07aSXin Li "@com_google_absl//absl/status", 172*ec63e07aSXin Li "@com_google_absl//absl/strings", 173*ec63e07aSXin Li ], 174*ec63e07aSXin Li) 175*ec63e07aSXin Li 176*ec63e07aSXin Lisapi_proto_library( 177*ec63e07aSXin Li name = "logserver_proto", 178*ec63e07aSXin Li srcs = ["logserver.proto"], 179*ec63e07aSXin Li) 180*ec63e07aSXin Li 181*ec63e07aSXin Licc_library( 182*ec63e07aSXin Li name = "logserver", 183*ec63e07aSXin Li srcs = ["logserver.cc"], 184*ec63e07aSXin Li hdrs = ["logserver.h"], 185*ec63e07aSXin Li copts = sapi_platform_copts(), 186*ec63e07aSXin Li deps = [ 187*ec63e07aSXin Li ":comms", 188*ec63e07aSXin Li ":logserver_cc_proto", 189*ec63e07aSXin Li "@com_google_absl//absl/base:log_severity", 190*ec63e07aSXin Li "@com_google_absl//absl/log", 191*ec63e07aSXin Li ], 192*ec63e07aSXin Li) 193*ec63e07aSXin Li 194*ec63e07aSXin Licc_library( 195*ec63e07aSXin Li name = "logsink", 196*ec63e07aSXin Li srcs = ["logsink.cc"], 197*ec63e07aSXin Li hdrs = ["logsink.h"], 198*ec63e07aSXin Li copts = sapi_platform_copts(), 199*ec63e07aSXin Li visibility = ["//visibility:public"], 200*ec63e07aSXin Li deps = [ 201*ec63e07aSXin Li ":comms", 202*ec63e07aSXin Li ":logserver_cc_proto", 203*ec63e07aSXin Li "@com_google_absl//absl/base:log_severity", 204*ec63e07aSXin Li "@com_google_absl//absl/log:log_entry", 205*ec63e07aSXin Li "@com_google_absl//absl/log:log_sink", 206*ec63e07aSXin Li "@com_google_absl//absl/log:log_sink_registry", 207*ec63e07aSXin Li "@com_google_absl//absl/strings", 208*ec63e07aSXin Li "@com_google_absl//absl/strings:str_format", 209*ec63e07aSXin Li "@com_google_absl//absl/synchronization", 210*ec63e07aSXin Li ], 211*ec63e07aSXin Li) 212*ec63e07aSXin Li 213*ec63e07aSXin Licc_library( 214*ec63e07aSXin Li name = "ipc", 215*ec63e07aSXin Li srcs = ["ipc.cc"], 216*ec63e07aSXin Li hdrs = ["ipc.h"], 217*ec63e07aSXin Li copts = sapi_platform_copts(), 218*ec63e07aSXin Li deps = [ 219*ec63e07aSXin Li ":comms", 220*ec63e07aSXin Li ":logserver", 221*ec63e07aSXin Li ":logsink", 222*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 223*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 224*ec63e07aSXin Li "@com_google_absl//absl/log", 225*ec63e07aSXin Li "@com_google_absl//absl/strings", 226*ec63e07aSXin Li ], 227*ec63e07aSXin Li) 228*ec63e07aSXin Li 229*ec63e07aSXin Licc_library( 230*ec63e07aSXin Li name = "policy", 231*ec63e07aSXin Li srcs = ["policy.cc"], 232*ec63e07aSXin Li hdrs = ["policy.h"], 233*ec63e07aSXin Li copts = sapi_platform_copts(), 234*ec63e07aSXin Li deps = [ 235*ec63e07aSXin Li ":bpfdisassembler", 236*ec63e07aSXin Li ":comms", 237*ec63e07aSXin Li ":namespace", 238*ec63e07aSXin Li ":syscall", 239*ec63e07aSXin Li ":violation_cc_proto", 240*ec63e07aSXin Li "//sandboxed_api:config", 241*ec63e07aSXin Li "//sandboxed_api/sandbox2/network_proxy:filtering", 242*ec63e07aSXin Li "//sandboxed_api/sandbox2/util:bpf_helper", 243*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 244*ec63e07aSXin Li "@com_google_absl//absl/flags:flag", 245*ec63e07aSXin Li "@com_google_absl//absl/log", 246*ec63e07aSXin Li "@com_google_absl//absl/strings:string_view", 247*ec63e07aSXin Li ], 248*ec63e07aSXin Li) 249*ec63e07aSXin Li 250*ec63e07aSXin Licc_library( 251*ec63e07aSXin Li name = "notify", 252*ec63e07aSXin Li srcs = [], 253*ec63e07aSXin Li hdrs = ["notify.h"], 254*ec63e07aSXin Li copts = sapi_platform_copts(), 255*ec63e07aSXin Li deps = [ 256*ec63e07aSXin Li ":comms", 257*ec63e07aSXin Li ":result", 258*ec63e07aSXin Li ":syscall", 259*ec63e07aSXin Li ":util", 260*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 261*ec63e07aSXin Li "@com_google_absl//absl/log", 262*ec63e07aSXin Li ], 263*ec63e07aSXin Li) 264*ec63e07aSXin Li 265*ec63e07aSXin Licc_library( 266*ec63e07aSXin Li name = "limits", 267*ec63e07aSXin Li hdrs = ["limits.h"], 268*ec63e07aSXin Li copts = sapi_platform_copts(), 269*ec63e07aSXin Li deps = [ 270*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 271*ec63e07aSXin Li "@com_google_absl//absl/time", 272*ec63e07aSXin Li ], 273*ec63e07aSXin Li) 274*ec63e07aSXin Li 275*ec63e07aSXin Licc_binary( 276*ec63e07aSXin Li name = "forkserver_bin", 277*ec63e07aSXin Li srcs = ["forkserver_bin.cc"], 278*ec63e07aSXin Li copts = sapi_platform_copts(), 279*ec63e07aSXin Li stamp = 0, 280*ec63e07aSXin Li deps = [ 281*ec63e07aSXin Li ":client", 282*ec63e07aSXin Li ":comms", 283*ec63e07aSXin Li ":forkserver", 284*ec63e07aSXin Li ":sanitizer", 285*ec63e07aSXin Li "//sandboxed_api/sandbox2/unwind", 286*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 287*ec63e07aSXin Li "@com_google_absl//absl/base:log_severity", 288*ec63e07aSXin Li "@com_google_absl//absl/log:globals", 289*ec63e07aSXin Li "@com_google_absl//absl/status", 290*ec63e07aSXin Li ], 291*ec63e07aSXin Li) 292*ec63e07aSXin Li 293*ec63e07aSXin Lisapi_cc_embed_data( 294*ec63e07aSXin Li name = "forkserver_bin_embed", 295*ec63e07aSXin Li srcs = [":forkserver_bin.stripped"], 296*ec63e07aSXin Li) 297*ec63e07aSXin Li 298*ec63e07aSXin Licc_library( 299*ec63e07aSXin Li name = "global_forkserver", 300*ec63e07aSXin Li srcs = ["global_forkclient.cc"], 301*ec63e07aSXin Li hdrs = ["global_forkclient.h"], 302*ec63e07aSXin Li copts = sapi_platform_copts(), 303*ec63e07aSXin Li visibility = ["//visibility:public"], 304*ec63e07aSXin Li deps = [ 305*ec63e07aSXin Li ":comms", 306*ec63e07aSXin Li ":fork_client", 307*ec63e07aSXin Li ":forkserver_bin_embed", 308*ec63e07aSXin Li ":forkserver_cc_proto", 309*ec63e07aSXin Li ":util", 310*ec63e07aSXin Li "//sandboxed_api:config", 311*ec63e07aSXin Li "//sandboxed_api:embed_file", 312*ec63e07aSXin Li "//sandboxed_api/util:fileops", 313*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 314*ec63e07aSXin Li "//sandboxed_api/util:status", 315*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 316*ec63e07aSXin Li "@com_google_absl//absl/cleanup", 317*ec63e07aSXin Li "@com_google_absl//absl/flags:flag", 318*ec63e07aSXin Li "@com_google_absl//absl/log", 319*ec63e07aSXin Li "@com_google_absl//absl/status", 320*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 321*ec63e07aSXin Li "@com_google_absl//absl/strings", 322*ec63e07aSXin Li "@com_google_absl//absl/synchronization", 323*ec63e07aSXin Li ], 324*ec63e07aSXin Li) 325*ec63e07aSXin Li 326*ec63e07aSXin Li# Use only if Sandbox2 global forkserver has to be started very early on. 327*ec63e07aSXin Li# By default the forkserver is started on demand. 328*ec63e07aSXin Licc_library( 329*ec63e07aSXin Li name = "start_global_forkserver_lib_constructor", 330*ec63e07aSXin Li srcs = ["global_forkclient_lib_ctor.cc"], 331*ec63e07aSXin Li copts = sapi_platform_copts(), 332*ec63e07aSXin Li visibility = ["//visibility:public"], 333*ec63e07aSXin Li deps = [ 334*ec63e07aSXin Li ":fork_client", 335*ec63e07aSXin Li ":global_forkserver", 336*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 337*ec63e07aSXin Li ], 338*ec63e07aSXin Li) 339*ec63e07aSXin Li 340*ec63e07aSXin Licc_library( 341*ec63e07aSXin Li name = "executor", 342*ec63e07aSXin Li srcs = ["executor.cc"], 343*ec63e07aSXin Li hdrs = ["executor.h"], 344*ec63e07aSXin Li copts = sapi_platform_copts(), 345*ec63e07aSXin Li deps = [ 346*ec63e07aSXin Li ":fork_client", 347*ec63e07aSXin Li ":forkserver_cc_proto", 348*ec63e07aSXin Li ":global_forkserver", 349*ec63e07aSXin Li ":ipc", 350*ec63e07aSXin Li ":limits", 351*ec63e07aSXin Li ":namespace", 352*ec63e07aSXin Li ":util", 353*ec63e07aSXin Li "//sandboxed_api:config", 354*ec63e07aSXin Li "//sandboxed_api/util:fileops", 355*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 356*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 357*ec63e07aSXin Li "@com_google_absl//absl/log", 358*ec63e07aSXin Li "@com_google_absl//absl/log:check", 359*ec63e07aSXin Li "@com_google_absl//absl/status", 360*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 361*ec63e07aSXin Li "@com_google_absl//absl/strings", 362*ec63e07aSXin Li "@com_google_absl//absl/types:span", 363*ec63e07aSXin Li ], 364*ec63e07aSXin Li) 365*ec63e07aSXin Li 366*ec63e07aSXin Li# Should not be used in sandboxee code if it only uses sandbox2::Comms and 367*ec63e07aSXin Li# sandbox2::Client objects 368*ec63e07aSXin Licc_library( 369*ec63e07aSXin Li name = "sandbox2", 370*ec63e07aSXin Li srcs = [ 371*ec63e07aSXin Li "sandbox2.cc", 372*ec63e07aSXin Li ], 373*ec63e07aSXin Li hdrs = [ 374*ec63e07aSXin Li "client.h", 375*ec63e07aSXin Li "executor.h", 376*ec63e07aSXin Li "ipc.h", 377*ec63e07aSXin Li "limits.h", 378*ec63e07aSXin Li "notify.h", 379*ec63e07aSXin Li "policy.h", 380*ec63e07aSXin Li "policybuilder.h", 381*ec63e07aSXin Li "result.h", 382*ec63e07aSXin Li "sandbox2.h", 383*ec63e07aSXin Li "syscall.h", 384*ec63e07aSXin Li ], 385*ec63e07aSXin Li copts = sapi_platform_copts(), 386*ec63e07aSXin Li visibility = ["//visibility:public"], 387*ec63e07aSXin Li deps = [ 388*ec63e07aSXin Li ":client", 389*ec63e07aSXin Li ":comms", 390*ec63e07aSXin Li ":executor", 391*ec63e07aSXin Li ":fork_client", 392*ec63e07aSXin Li ":forkserver_cc_proto", 393*ec63e07aSXin Li ":ipc", 394*ec63e07aSXin Li ":limits", 395*ec63e07aSXin Li ":logsink", 396*ec63e07aSXin Li ":monitor_base", 397*ec63e07aSXin Li ":monitor_ptrace", 398*ec63e07aSXin Li ":monitor_unotify", 399*ec63e07aSXin Li ":mounts", 400*ec63e07aSXin Li ":namespace", 401*ec63e07aSXin Li ":notify", 402*ec63e07aSXin Li ":policy", 403*ec63e07aSXin Li ":policybuilder", 404*ec63e07aSXin Li ":regs", 405*ec63e07aSXin Li ":result", 406*ec63e07aSXin Li ":stack_trace", 407*ec63e07aSXin Li ":syscall", 408*ec63e07aSXin Li ":util", 409*ec63e07aSXin Li ":violation_cc_proto", 410*ec63e07aSXin Li "//sandboxed_api:config", 411*ec63e07aSXin Li "//sandboxed_api/sandbox2/network_proxy:client", 412*ec63e07aSXin Li "//sandboxed_api/sandbox2/network_proxy:filtering", 413*ec63e07aSXin Li "//sandboxed_api/util:fileops", 414*ec63e07aSXin Li "@com_google_absl//absl/base", 415*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 416*ec63e07aSXin Li "@com_google_absl//absl/container:flat_hash_map", 417*ec63e07aSXin Li "@com_google_absl//absl/container:flat_hash_set", 418*ec63e07aSXin Li "@com_google_absl//absl/log", 419*ec63e07aSXin Li "@com_google_absl//absl/log:check", 420*ec63e07aSXin Li "@com_google_absl//absl/status", 421*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 422*ec63e07aSXin Li "@com_google_absl//absl/strings", 423*ec63e07aSXin Li "@com_google_absl//absl/time", 424*ec63e07aSXin Li "@com_google_absl//absl/types:optional", 425*ec63e07aSXin Li "@com_google_absl//absl/types:span", 426*ec63e07aSXin Li ], 427*ec63e07aSXin Li) 428*ec63e07aSXin Li 429*ec63e07aSXin Licc_library( 430*ec63e07aSXin Li name = "stack_trace", 431*ec63e07aSXin Li srcs = ["stack_trace.cc"], 432*ec63e07aSXin Li hdrs = ["stack_trace.h"], 433*ec63e07aSXin Li copts = sapi_platform_copts(), 434*ec63e07aSXin Li deps = [ 435*ec63e07aSXin Li ":comms", 436*ec63e07aSXin Li ":executor", 437*ec63e07aSXin Li ":limits", 438*ec63e07aSXin Li ":mounts", 439*ec63e07aSXin Li ":namespace", 440*ec63e07aSXin Li ":policy", 441*ec63e07aSXin Li ":policybuilder", 442*ec63e07aSXin Li ":regs", 443*ec63e07aSXin Li ":result", 444*ec63e07aSXin Li "//sandboxed_api:config", 445*ec63e07aSXin Li "//sandboxed_api/sandbox2/unwind", 446*ec63e07aSXin Li "//sandboxed_api/sandbox2/unwind:unwind_cc_proto", 447*ec63e07aSXin Li "//sandboxed_api/util:file_base", 448*ec63e07aSXin Li "//sandboxed_api/util:fileops", 449*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 450*ec63e07aSXin Li "//sandboxed_api/util:status", 451*ec63e07aSXin Li "@com_google_absl//absl/cleanup", 452*ec63e07aSXin Li "@com_google_absl//absl/flags:flag", 453*ec63e07aSXin Li "@com_google_absl//absl/log", 454*ec63e07aSXin Li "@com_google_absl//absl/log:check", 455*ec63e07aSXin Li "@com_google_absl//absl/memory", 456*ec63e07aSXin Li "@com_google_absl//absl/status", 457*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 458*ec63e07aSXin Li "@com_google_absl//absl/strings", 459*ec63e07aSXin Li "@com_google_absl//absl/time", 460*ec63e07aSXin Li ], 461*ec63e07aSXin Li) 462*ec63e07aSXin Li 463*ec63e07aSXin Licc_library( 464*ec63e07aSXin Li name = "monitor_ptrace", 465*ec63e07aSXin Li srcs = ["monitor_ptrace.cc"], 466*ec63e07aSXin Li hdrs = ["monitor_ptrace.h"], 467*ec63e07aSXin Li copts = sapi_platform_copts(), 468*ec63e07aSXin Li deps = [ 469*ec63e07aSXin Li ":client", 470*ec63e07aSXin Li ":comms", 471*ec63e07aSXin Li ":executor", 472*ec63e07aSXin Li ":monitor_base", 473*ec63e07aSXin Li ":notify", 474*ec63e07aSXin Li ":policy", 475*ec63e07aSXin Li ":regs", 476*ec63e07aSXin Li ":result", 477*ec63e07aSXin Li ":sanitizer", 478*ec63e07aSXin Li ":syscall", 479*ec63e07aSXin Li ":util", 480*ec63e07aSXin Li "//sandboxed_api:config", 481*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 482*ec63e07aSXin Li "//sandboxed_api/util:status", 483*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 484*ec63e07aSXin Li "@com_google_absl//absl/cleanup", 485*ec63e07aSXin Li "@com_google_absl//absl/container:flat_hash_map", 486*ec63e07aSXin Li "@com_google_absl//absl/container:flat_hash_set", 487*ec63e07aSXin Li "@com_google_absl//absl/flags:flag", 488*ec63e07aSXin Li "@com_google_absl//absl/log", 489*ec63e07aSXin Li "@com_google_absl//absl/log:check", 490*ec63e07aSXin Li "@com_google_absl//absl/status", 491*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 492*ec63e07aSXin Li "@com_google_absl//absl/strings", 493*ec63e07aSXin Li "@com_google_absl//absl/strings:str_format", 494*ec63e07aSXin Li "@com_google_absl//absl/synchronization", 495*ec63e07aSXin Li "@com_google_absl//absl/time", 496*ec63e07aSXin Li ], 497*ec63e07aSXin Li) 498*ec63e07aSXin Li 499*ec63e07aSXin Licc_library( 500*ec63e07aSXin Li name = "monitor_unotify", 501*ec63e07aSXin Li srcs = ["monitor_unotify.cc"], 502*ec63e07aSXin Li hdrs = ["monitor_unotify.h"], 503*ec63e07aSXin Li copts = sapi_platform_copts(), 504*ec63e07aSXin Li deps = [ 505*ec63e07aSXin Li ":client", 506*ec63e07aSXin Li ":executor", 507*ec63e07aSXin Li ":forkserver_cc_proto", 508*ec63e07aSXin Li ":monitor_base", 509*ec63e07aSXin Li ":notify", 510*ec63e07aSXin Li ":policy", 511*ec63e07aSXin Li ":result", 512*ec63e07aSXin Li "//sandboxed_api:config", 513*ec63e07aSXin Li "//sandboxed_api/util:fileops", 514*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 515*ec63e07aSXin Li "//sandboxed_api/util:status", 516*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 517*ec63e07aSXin Li "@com_google_absl//absl/cleanup", 518*ec63e07aSXin Li "@com_google_absl//absl/log", 519*ec63e07aSXin Li "@com_google_absl//absl/log:check", 520*ec63e07aSXin Li "@com_google_absl//absl/status", 521*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 522*ec63e07aSXin Li "@com_google_absl//absl/strings", 523*ec63e07aSXin Li "@com_google_absl//absl/synchronization", 524*ec63e07aSXin Li "@com_google_absl//absl/time", 525*ec63e07aSXin Li "@com_google_absl//absl/types:span", 526*ec63e07aSXin Li ], 527*ec63e07aSXin Li) 528*ec63e07aSXin Li 529*ec63e07aSXin Licc_library( 530*ec63e07aSXin Li name = "monitor_base", 531*ec63e07aSXin Li srcs = ["monitor_base.cc"], 532*ec63e07aSXin Li hdrs = ["monitor_base.h"], 533*ec63e07aSXin Li copts = sapi_platform_copts(), 534*ec63e07aSXin Li deps = [ 535*ec63e07aSXin Li ":client", 536*ec63e07aSXin Li ":comms", 537*ec63e07aSXin Li ":executor", 538*ec63e07aSXin Li ":fork_client", 539*ec63e07aSXin Li ":forkserver_cc_proto", 540*ec63e07aSXin Li ":ipc", 541*ec63e07aSXin Li ":limits", 542*ec63e07aSXin Li ":mounts", 543*ec63e07aSXin Li ":namespace", 544*ec63e07aSXin Li ":notify", 545*ec63e07aSXin Li ":policy", 546*ec63e07aSXin Li ":regs", 547*ec63e07aSXin Li ":result", 548*ec63e07aSXin Li ":stack_trace", 549*ec63e07aSXin Li ":syscall", 550*ec63e07aSXin Li ":util", 551*ec63e07aSXin Li "//sandboxed_api/sandbox2/network_proxy:client", 552*ec63e07aSXin Li "//sandboxed_api/sandbox2/network_proxy:server", 553*ec63e07aSXin Li "//sandboxed_api/util:file_helpers", 554*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 555*ec63e07aSXin Li "//sandboxed_api/util:strerror", 556*ec63e07aSXin Li "//sandboxed_api/util:temp_file", 557*ec63e07aSXin Li "@com_google_absl//absl/base", 558*ec63e07aSXin Li "@com_google_absl//absl/cleanup", 559*ec63e07aSXin Li "@com_google_absl//absl/flags:flag", 560*ec63e07aSXin Li "@com_google_absl//absl/log", 561*ec63e07aSXin Li "@com_google_absl//absl/log:check", 562*ec63e07aSXin Li "@com_google_absl//absl/memory", 563*ec63e07aSXin Li "@com_google_absl//absl/status", 564*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 565*ec63e07aSXin Li "@com_google_absl//absl/strings", 566*ec63e07aSXin Li "@com_google_absl//absl/synchronization", 567*ec63e07aSXin Li "@com_google_absl//absl/time", 568*ec63e07aSXin Li ], 569*ec63e07aSXin Li) 570*ec63e07aSXin Li 571*ec63e07aSXin Licc_library( 572*ec63e07aSXin Li name = "policybuilder", 573*ec63e07aSXin Li srcs = ["policybuilder.cc"], 574*ec63e07aSXin Li hdrs = ["policybuilder.h"], 575*ec63e07aSXin Li copts = sapi_platform_copts(), 576*ec63e07aSXin Li deps = [ 577*ec63e07aSXin Li ":allow_all_syscalls", 578*ec63e07aSXin Li ":allow_unrestricted_networking", 579*ec63e07aSXin Li ":mounts", 580*ec63e07aSXin Li ":namespace", 581*ec63e07aSXin Li ":policy", 582*ec63e07aSXin Li ":syscall", 583*ec63e07aSXin Li ":trace_all_syscalls", 584*ec63e07aSXin Li ":violation_cc_proto", 585*ec63e07aSXin Li "//sandboxed_api:config", 586*ec63e07aSXin Li "//sandboxed_api/sandbox2/network_proxy:filtering", 587*ec63e07aSXin Li "//sandboxed_api/sandbox2/util:bpf_helper", 588*ec63e07aSXin Li "//sandboxed_api/util:file_base", 589*ec63e07aSXin Li "//sandboxed_api/util:status", 590*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 591*ec63e07aSXin Li "@com_google_absl//absl/container:flat_hash_set", 592*ec63e07aSXin Li "@com_google_absl//absl/log", 593*ec63e07aSXin Li "@com_google_absl//absl/log:check", 594*ec63e07aSXin Li "@com_google_absl//absl/memory", 595*ec63e07aSXin Li "@com_google_absl//absl/status", 596*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 597*ec63e07aSXin Li "@com_google_absl//absl/strings", 598*ec63e07aSXin Li "@com_google_absl//absl/types:optional", 599*ec63e07aSXin Li "@com_google_absl//absl/types:span", 600*ec63e07aSXin Li ], 601*ec63e07aSXin Li) 602*ec63e07aSXin Li 603*ec63e07aSXin Li# Should be used in sandboxee code instead of :sandbox2 if it uses just 604*ec63e07aSXin Li# sandbox2::Client::SandboxMeHere() and sandbox2::Comms 605*ec63e07aSXin Licc_library( 606*ec63e07aSXin Li name = "client", 607*ec63e07aSXin Li srcs = ["client.cc"], 608*ec63e07aSXin Li hdrs = ["client.h"], 609*ec63e07aSXin Li copts = sapi_platform_copts(), 610*ec63e07aSXin Li visibility = ["//visibility:public"], 611*ec63e07aSXin Li deps = [ 612*ec63e07aSXin Li ":comms", 613*ec63e07aSXin Li ":logsink", 614*ec63e07aSXin Li ":policy", 615*ec63e07aSXin Li ":sanitizer", 616*ec63e07aSXin Li ":syscall", 617*ec63e07aSXin Li "//sandboxed_api/sandbox2/network_proxy:client", 618*ec63e07aSXin Li "//sandboxed_api/sandbox2/util:bpf_helper", 619*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 620*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 621*ec63e07aSXin Li "@com_google_absl//absl/container:flat_hash_map", 622*ec63e07aSXin Li "@com_google_absl//absl/status", 623*ec63e07aSXin Li "@com_google_absl//absl/strings", 624*ec63e07aSXin Li ], 625*ec63e07aSXin Li) 626*ec63e07aSXin Li 627*ec63e07aSXin Licc_library( 628*ec63e07aSXin Li name = "sanitizer", 629*ec63e07aSXin Li srcs = ["sanitizer.cc"], 630*ec63e07aSXin Li hdrs = ["sanitizer.h"], 631*ec63e07aSXin Li copts = sapi_platform_copts(), 632*ec63e07aSXin Li visibility = ["//visibility:public"], 633*ec63e07aSXin Li deps = [ 634*ec63e07aSXin Li ":util", 635*ec63e07aSXin Li "//sandboxed_api/util:fileops", 636*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 637*ec63e07aSXin Li "//sandboxed_api/util:status", 638*ec63e07aSXin Li "@com_google_absl//absl/container:flat_hash_set", 639*ec63e07aSXin Li "@com_google_absl//absl/status", 640*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 641*ec63e07aSXin Li "@com_google_absl//absl/strings", 642*ec63e07aSXin Li ], 643*ec63e07aSXin Li) 644*ec63e07aSXin Li 645*ec63e07aSXin Licc_library( 646*ec63e07aSXin Li name = "forkserver", 647*ec63e07aSXin Li srcs = ["forkserver.cc"], 648*ec63e07aSXin Li hdrs = ["forkserver.h"], 649*ec63e07aSXin Li copts = sapi_platform_copts(), 650*ec63e07aSXin Li deps = [ 651*ec63e07aSXin Li ":client", 652*ec63e07aSXin Li ":comms", 653*ec63e07aSXin Li ":fork_client", 654*ec63e07aSXin Li ":forkserver_cc_proto", 655*ec63e07aSXin Li ":namespace", 656*ec63e07aSXin Li ":policy", 657*ec63e07aSXin Li ":sanitizer", 658*ec63e07aSXin Li ":syscall", 659*ec63e07aSXin Li ":util", 660*ec63e07aSXin Li "//sandboxed_api/sandbox2/util:bpf_helper", 661*ec63e07aSXin Li "//sandboxed_api/util:fileops", 662*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 663*ec63e07aSXin Li "//sandboxed_api/util:strerror", 664*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 665*ec63e07aSXin Li "@com_google_absl//absl/container:flat_hash_map", 666*ec63e07aSXin Li "@com_google_absl//absl/container:flat_hash_set", 667*ec63e07aSXin Li "@com_google_absl//absl/log", 668*ec63e07aSXin Li "@com_google_absl//absl/status", 669*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 670*ec63e07aSXin Li "@com_google_absl//absl/strings", 671*ec63e07aSXin Li "@org_kernel_libcap//:libcap", 672*ec63e07aSXin Li ], 673*ec63e07aSXin Li) 674*ec63e07aSXin Li 675*ec63e07aSXin Licc_library( 676*ec63e07aSXin Li name = "fork_client", 677*ec63e07aSXin Li srcs = ["fork_client.cc"], 678*ec63e07aSXin Li hdrs = ["fork_client.h"], 679*ec63e07aSXin Li copts = sapi_platform_copts(), 680*ec63e07aSXin Li visibility = ["//visibility:public"], 681*ec63e07aSXin Li deps = [ 682*ec63e07aSXin Li ":comms", 683*ec63e07aSXin Li ":forkserver_cc_proto", 684*ec63e07aSXin Li "//sandboxed_api/util:fileops", 685*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 686*ec63e07aSXin Li "@com_google_absl//absl/log", 687*ec63e07aSXin Li "@com_google_absl//absl/log:check", 688*ec63e07aSXin Li "@com_google_absl//absl/synchronization", 689*ec63e07aSXin Li ], 690*ec63e07aSXin Li) 691*ec63e07aSXin Li 692*ec63e07aSXin Licc_library( 693*ec63e07aSXin Li name = "mounts", 694*ec63e07aSXin Li srcs = ["mounts.cc"], 695*ec63e07aSXin Li hdrs = ["mounts.h"], 696*ec63e07aSXin Li copts = sapi_platform_copts(), 697*ec63e07aSXin Li deps = [ 698*ec63e07aSXin Li ":mount_tree_cc_proto", 699*ec63e07aSXin Li "//sandboxed_api:config", 700*ec63e07aSXin Li "//sandboxed_api/sandbox2/util:minielf", 701*ec63e07aSXin Li "//sandboxed_api/util:file_base", 702*ec63e07aSXin Li "//sandboxed_api/util:fileops", 703*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 704*ec63e07aSXin Li "//sandboxed_api/util:status", 705*ec63e07aSXin Li "@com_google_absl//absl/container:flat_hash_set", 706*ec63e07aSXin Li "@com_google_absl//absl/status", 707*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 708*ec63e07aSXin Li "@com_google_absl//absl/strings", 709*ec63e07aSXin Li ], 710*ec63e07aSXin Li) 711*ec63e07aSXin Li 712*ec63e07aSXin Licc_test( 713*ec63e07aSXin Li name = "mounts_test", 714*ec63e07aSXin Li srcs = ["mounts_test.cc"], 715*ec63e07aSXin Li copts = sapi_platform_copts(), 716*ec63e07aSXin Li data = ["//sandboxed_api/sandbox2/testcases:minimal_dynamic"], 717*ec63e07aSXin Li deps = [ 718*ec63e07aSXin Li ":mounts", 719*ec63e07aSXin Li "//sandboxed_api:testing", 720*ec63e07aSXin Li "//sandboxed_api/util:file_base", 721*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 722*ec63e07aSXin Li "//sandboxed_api/util:temp_file", 723*ec63e07aSXin Li "@com_google_absl//absl/status", 724*ec63e07aSXin Li "@com_google_absl//absl/strings", 725*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 726*ec63e07aSXin Li ], 727*ec63e07aSXin Li) 728*ec63e07aSXin Li 729*ec63e07aSXin Licc_library( 730*ec63e07aSXin Li name = "namespace", 731*ec63e07aSXin Li srcs = ["namespace.cc"], 732*ec63e07aSXin Li hdrs = ["namespace.h"], 733*ec63e07aSXin Li copts = sapi_platform_copts(), 734*ec63e07aSXin Li deps = [ 735*ec63e07aSXin Li ":mounts", 736*ec63e07aSXin Li ":violation_cc_proto", 737*ec63e07aSXin Li "//sandboxed_api/util:file_base", 738*ec63e07aSXin Li "//sandboxed_api/util:fileops", 739*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 740*ec63e07aSXin Li "@com_google_absl//absl/strings", 741*ec63e07aSXin Li ], 742*ec63e07aSXin Li) 743*ec63e07aSXin Li 744*ec63e07aSXin Licc_test( 745*ec63e07aSXin Li name = "namespace_test", 746*ec63e07aSXin Li srcs = ["namespace_test.cc"], 747*ec63e07aSXin Li copts = sapi_platform_copts(), 748*ec63e07aSXin Li data = [ 749*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:namespace", 750*ec63e07aSXin Li ], 751*ec63e07aSXin Li tags = [ 752*ec63e07aSXin Li "requires-net:external", 753*ec63e07aSXin Li ], 754*ec63e07aSXin Li deps = [ 755*ec63e07aSXin Li ":namespace", 756*ec63e07aSXin Li ":sandbox2", 757*ec63e07aSXin Li ":testonly_allow_all_syscalls", 758*ec63e07aSXin Li "//sandboxed_api:config", 759*ec63e07aSXin Li "//sandboxed_api:testing", 760*ec63e07aSXin Li "//sandboxed_api/util:fileops", 761*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 762*ec63e07aSXin Li "//sandboxed_api/util:temp_file", 763*ec63e07aSXin Li "@com_google_absl//absl/log:check", 764*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 765*ec63e07aSXin Li "@com_google_absl//absl/strings", 766*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 767*ec63e07aSXin Li ], 768*ec63e07aSXin Li) 769*ec63e07aSXin Li 770*ec63e07aSXin Licc_library( 771*ec63e07aSXin Li name = "forkingclient", 772*ec63e07aSXin Li srcs = ["forkingclient.cc"], 773*ec63e07aSXin Li hdrs = ["forkingclient.h"], 774*ec63e07aSXin Li copts = sapi_platform_copts(), 775*ec63e07aSXin Li visibility = ["//visibility:public"], 776*ec63e07aSXin Li deps = [ 777*ec63e07aSXin Li ":client", 778*ec63e07aSXin Li ":comms", 779*ec63e07aSXin Li ":forkserver", 780*ec63e07aSXin Li ":sanitizer", 781*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 782*ec63e07aSXin Li "@com_google_absl//absl/log", 783*ec63e07aSXin Li "@com_google_absl//absl/log:check", 784*ec63e07aSXin Li ], 785*ec63e07aSXin Li) 786*ec63e07aSXin Li 787*ec63e07aSXin Licc_library( 788*ec63e07aSXin Li name = "util", 789*ec63e07aSXin Li srcs = ["util.cc"], 790*ec63e07aSXin Li hdrs = ["util.h"], 791*ec63e07aSXin Li # The default is 16384, however we need to do a clone with a 792*ec63e07aSXin Li # stack-allocated buffer -- and PTHREAD_STACK_MIN also happens to be 16384. 793*ec63e07aSXin Li # Thus the slight increase. 794*ec63e07aSXin Li copts = sapi_platform_copts(), 795*ec63e07aSXin Li visibility = ["//visibility:public"], 796*ec63e07aSXin Li deps = [ 797*ec63e07aSXin Li "//sandboxed_api:config", 798*ec63e07aSXin Li "//sandboxed_api/util:file_base", 799*ec63e07aSXin Li "//sandboxed_api/util:file_helpers", 800*ec63e07aSXin Li "//sandboxed_api/util:fileops", 801*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 802*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 803*ec63e07aSXin Li "@com_google_absl//absl/status", 804*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 805*ec63e07aSXin Li "@com_google_absl//absl/strings", 806*ec63e07aSXin Li "@com_google_absl//absl/strings:str_format", 807*ec63e07aSXin Li ], 808*ec63e07aSXin Li) 809*ec63e07aSXin Li 810*ec63e07aSXin Licc_library( 811*ec63e07aSXin Li name = "buffer", 812*ec63e07aSXin Li srcs = ["buffer.cc"], 813*ec63e07aSXin Li hdrs = ["buffer.h"], 814*ec63e07aSXin Li copts = sapi_platform_copts(), 815*ec63e07aSXin Li visibility = ["//visibility:public"], 816*ec63e07aSXin Li deps = [ 817*ec63e07aSXin Li ":util", 818*ec63e07aSXin Li "@com_google_absl//absl/memory", 819*ec63e07aSXin Li "@com_google_absl//absl/status", 820*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 821*ec63e07aSXin Li ], 822*ec63e07aSXin Li) 823*ec63e07aSXin Li 824*ec63e07aSXin Licc_test( 825*ec63e07aSXin Li name = "buffer_test", 826*ec63e07aSXin Li srcs = ["buffer_test.cc"], 827*ec63e07aSXin Li copts = sapi_platform_copts(), 828*ec63e07aSXin Li data = ["//sandboxed_api/sandbox2/testcases:buffer"], 829*ec63e07aSXin Li tags = ["no_qemu_user_mode"], 830*ec63e07aSXin Li deps = [ 831*ec63e07aSXin Li ":buffer", 832*ec63e07aSXin Li ":sandbox2", 833*ec63e07aSXin Li "//sandboxed_api:testing", 834*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 835*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 836*ec63e07aSXin Li ], 837*ec63e07aSXin Li) 838*ec63e07aSXin Li 839*ec63e07aSXin Lisapi_proto_library( 840*ec63e07aSXin Li name = "forkserver_proto", 841*ec63e07aSXin Li srcs = ["forkserver.proto"], 842*ec63e07aSXin Li copts = sapi_platform_copts(), 843*ec63e07aSXin Li deps = [":mount_tree_proto"], 844*ec63e07aSXin Li) 845*ec63e07aSXin Li 846*ec63e07aSXin Lisapi_proto_library( 847*ec63e07aSXin Li name = "mount_tree_proto", 848*ec63e07aSXin Li srcs = ["mount_tree.proto"], 849*ec63e07aSXin Li) 850*ec63e07aSXin Li 851*ec63e07aSXin Licc_library( 852*ec63e07aSXin Li name = "comms", 853*ec63e07aSXin Li srcs = ["comms.cc"], 854*ec63e07aSXin Li hdrs = ["comms.h"], 855*ec63e07aSXin Li copts = sapi_platform_copts(), 856*ec63e07aSXin Li visibility = ["//visibility:public"], 857*ec63e07aSXin Li deps = [ 858*ec63e07aSXin Li ":util", 859*ec63e07aSXin Li "//sandboxed_api/util:fileops", 860*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 861*ec63e07aSXin Li "//sandboxed_api/util:status", 862*ec63e07aSXin Li "//sandboxed_api/util:status_cc_proto", 863*ec63e07aSXin Li "@com_google_absl//absl/base:core_headers", 864*ec63e07aSXin Li "@com_google_absl//absl/base:dynamic_annotations", 865*ec63e07aSXin Li "@com_google_absl//absl/log:die_if_null", 866*ec63e07aSXin Li "@com_google_absl//absl/status", 867*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 868*ec63e07aSXin Li "@com_google_absl//absl/strings", 869*ec63e07aSXin Li "@com_google_absl//absl/strings:str_format", 870*ec63e07aSXin Li "@com_google_protobuf//:protobuf", 871*ec63e07aSXin Li ], 872*ec63e07aSXin Li) 873*ec63e07aSXin Li 874*ec63e07aSXin Lisapi_proto_library( 875*ec63e07aSXin Li name = "comms_test_proto", 876*ec63e07aSXin Li srcs = ["comms_test.proto"], 877*ec63e07aSXin Li) 878*ec63e07aSXin Li 879*ec63e07aSXin Licc_test( 880*ec63e07aSXin Li name = "comms_test", 881*ec63e07aSXin Li srcs = ["comms_test.cc"], 882*ec63e07aSXin Li copts = sapi_platform_copts(), 883*ec63e07aSXin Li deps = [ 884*ec63e07aSXin Li ":comms", 885*ec63e07aSXin Li ":comms_test_cc_proto", 886*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 887*ec63e07aSXin Li "@com_google_absl//absl/container:fixed_array", 888*ec63e07aSXin Li "@com_google_absl//absl/log", 889*ec63e07aSXin Li "@com_google_absl//absl/log:check", 890*ec63e07aSXin Li "@com_google_absl//absl/status", 891*ec63e07aSXin Li "@com_google_absl//absl/strings", 892*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 893*ec63e07aSXin Li ], 894*ec63e07aSXin Li) 895*ec63e07aSXin Li 896*ec63e07aSXin Licc_test( 897*ec63e07aSXin Li name = "forkserver_test", 898*ec63e07aSXin Li srcs = ["forkserver_test.cc"], 899*ec63e07aSXin Li copts = sapi_platform_copts(), 900*ec63e07aSXin Li data = ["//sandboxed_api/sandbox2/testcases:minimal"], 901*ec63e07aSXin Li tags = ["no_qemu_user_mode"], 902*ec63e07aSXin Li deps = [ 903*ec63e07aSXin Li ":forkserver", 904*ec63e07aSXin Li ":forkserver_cc_proto", 905*ec63e07aSXin Li ":global_forkserver", 906*ec63e07aSXin Li ":sandbox2", 907*ec63e07aSXin Li "//sandboxed_api:testing", 908*ec63e07aSXin Li "//sandboxed_api/util:raw_logging", 909*ec63e07aSXin Li "@com_google_absl//absl/log", 910*ec63e07aSXin Li "@com_google_absl//absl/log:check", 911*ec63e07aSXin Li "@com_google_absl//absl/strings", 912*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 913*ec63e07aSXin Li ], 914*ec63e07aSXin Li) 915*ec63e07aSXin Li 916*ec63e07aSXin Licc_test( 917*ec63e07aSXin Li name = "limits_test", 918*ec63e07aSXin Li srcs = ["limits_test.cc"], 919*ec63e07aSXin Li copts = sapi_platform_copts(), 920*ec63e07aSXin Li data = [ 921*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:limits", 922*ec63e07aSXin Li ], 923*ec63e07aSXin Li deps = [ 924*ec63e07aSXin Li ":limits", 925*ec63e07aSXin Li ":sandbox2", 926*ec63e07aSXin Li "//sandboxed_api:config", 927*ec63e07aSXin Li "//sandboxed_api:testing", 928*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 929*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 930*ec63e07aSXin Li ], 931*ec63e07aSXin Li) 932*ec63e07aSXin Li 933*ec63e07aSXin Licc_test( 934*ec63e07aSXin Li name = "notify_test", 935*ec63e07aSXin Li srcs = ["notify_test.cc"], 936*ec63e07aSXin Li copts = sapi_platform_copts(), 937*ec63e07aSXin Li data = [ 938*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:personality", 939*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:pidcomms", 940*ec63e07aSXin Li ], 941*ec63e07aSXin Li tags = ["no_qemu_user_mode"], 942*ec63e07aSXin Li deps = [ 943*ec63e07aSXin Li ":comms", 944*ec63e07aSXin Li ":sandbox2", 945*ec63e07aSXin Li ":trace_all_syscalls", 946*ec63e07aSXin Li "//sandboxed_api:testing", 947*ec63e07aSXin Li "@com_google_absl//absl/log", 948*ec63e07aSXin Li "@com_google_absl//absl/strings", 949*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 950*ec63e07aSXin Li ], 951*ec63e07aSXin Li) 952*ec63e07aSXin Li 953*ec63e07aSXin Licc_test( 954*ec63e07aSXin Li name = "policy_test", 955*ec63e07aSXin Li srcs = ["policy_test.cc"], 956*ec63e07aSXin Li copts = sapi_platform_copts(), 957*ec63e07aSXin Li data = [ 958*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:add_policy_on_syscalls", 959*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:malloc_system", 960*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:minimal", 961*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:minimal_dynamic", 962*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:policy", 963*ec63e07aSXin Li ], 964*ec63e07aSXin Li tags = ["no_qemu_user_mode"], 965*ec63e07aSXin Li deps = [ 966*ec63e07aSXin Li ":sandbox2", 967*ec63e07aSXin Li "//sandboxed_api:config", 968*ec63e07aSXin Li "//sandboxed_api:testing", 969*ec63e07aSXin Li "//sandboxed_api/sandbox2/util:bpf_helper", 970*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 971*ec63e07aSXin Li "@com_google_absl//absl/strings", 972*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 973*ec63e07aSXin Li ], 974*ec63e07aSXin Li) 975*ec63e07aSXin Li 976*ec63e07aSXin Licc_test( 977*ec63e07aSXin Li name = "sandbox2_test", 978*ec63e07aSXin Li srcs = ["sandbox2_test.cc"], 979*ec63e07aSXin Li copts = sapi_platform_copts(), 980*ec63e07aSXin Li data = [ 981*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:abort", 982*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:custom_fork", 983*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:minimal", 984*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:sleep", 985*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:starve", 986*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:tsync", 987*ec63e07aSXin Li ], 988*ec63e07aSXin Li tags = [ 989*ec63e07aSXin Li "local", 990*ec63e07aSXin Li "no_qemu_user_mode", 991*ec63e07aSXin Li ], 992*ec63e07aSXin Li deps = [ 993*ec63e07aSXin Li ":fork_client", 994*ec63e07aSXin Li ":sandbox2", 995*ec63e07aSXin Li "//sandboxed_api:config", 996*ec63e07aSXin Li "//sandboxed_api:testing", 997*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 998*ec63e07aSXin Li "@com_google_absl//absl/status", 999*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 1000*ec63e07aSXin Li "@com_google_absl//absl/strings", 1001*ec63e07aSXin Li "@com_google_absl//absl/synchronization", 1002*ec63e07aSXin Li "@com_google_absl//absl/time", 1003*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 1004*ec63e07aSXin Li ], 1005*ec63e07aSXin Li) 1006*ec63e07aSXin Li 1007*ec63e07aSXin Licc_test( 1008*ec63e07aSXin Li name = "sanitizer_test", 1009*ec63e07aSXin Li srcs = ["sanitizer_test.cc"], 1010*ec63e07aSXin Li copts = sapi_platform_copts(), 1011*ec63e07aSXin Li data = [ 1012*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:close_fds", 1013*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:sanitizer", 1014*ec63e07aSXin Li ], 1015*ec63e07aSXin Li tags = ["no_qemu_user_mode"], 1016*ec63e07aSXin Li deps = [ 1017*ec63e07aSXin Li ":comms", 1018*ec63e07aSXin Li ":sandbox2", 1019*ec63e07aSXin Li ":sanitizer", 1020*ec63e07aSXin Li ":util", 1021*ec63e07aSXin Li "//sandboxed_api:testing", 1022*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 1023*ec63e07aSXin Li "@com_google_absl//absl/container:flat_hash_set", 1024*ec63e07aSXin Li "@com_google_absl//absl/log", 1025*ec63e07aSXin Li "@com_google_absl//absl/strings", 1026*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 1027*ec63e07aSXin Li ], 1028*ec63e07aSXin Li) 1029*ec63e07aSXin Li 1030*ec63e07aSXin Licc_test( 1031*ec63e07aSXin Li name = "util_test", 1032*ec63e07aSXin Li srcs = ["util_test.cc"], 1033*ec63e07aSXin Li copts = sapi_platform_copts(), 1034*ec63e07aSXin Li deps = [ 1035*ec63e07aSXin Li ":util", 1036*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 1037*ec63e07aSXin Li "@com_google_absl//absl/cleanup", 1038*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 1039*ec63e07aSXin Li "@com_google_absl//absl/strings", 1040*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 1041*ec63e07aSXin Li ], 1042*ec63e07aSXin Li) 1043*ec63e07aSXin Li 1044*ec63e07aSXin Licc_test( 1045*ec63e07aSXin Li name = "stack_trace_test", 1046*ec63e07aSXin Li srcs = [ 1047*ec63e07aSXin Li "stack_trace_test.cc", 1048*ec63e07aSXin Li ], 1049*ec63e07aSXin Li copts = sapi_platform_copts(), 1050*ec63e07aSXin Li data = ["//sandboxed_api/sandbox2/testcases:symbolize"], 1051*ec63e07aSXin Li tags = ["no_qemu_user_mode"], 1052*ec63e07aSXin Li deps = [ 1053*ec63e07aSXin Li ":global_forkserver", 1054*ec63e07aSXin Li ":sandbox2", 1055*ec63e07aSXin Li ":stack_trace", 1056*ec63e07aSXin Li "//sandboxed_api:testing", 1057*ec63e07aSXin Li "//sandboxed_api/util:fileops", 1058*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 1059*ec63e07aSXin Li "@com_google_absl//absl/base:log_severity", 1060*ec63e07aSXin Li "@com_google_absl//absl/flags:flag", 1061*ec63e07aSXin Li "@com_google_absl//absl/flags:reflection", 1062*ec63e07aSXin Li "@com_google_absl//absl/log:check", 1063*ec63e07aSXin Li "@com_google_absl//absl/log:scoped_mock_log", 1064*ec63e07aSXin Li "@com_google_absl//absl/strings", 1065*ec63e07aSXin Li "@com_google_absl//absl/time", 1066*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 1067*ec63e07aSXin Li ], 1068*ec63e07aSXin Li) 1069*ec63e07aSXin Li 1070*ec63e07aSXin Licc_test( 1071*ec63e07aSXin Li name = "ipc_test", 1072*ec63e07aSXin Li srcs = ["ipc_test.cc"], 1073*ec63e07aSXin Li copts = sapi_platform_copts(), 1074*ec63e07aSXin Li data = ["//sandboxed_api/sandbox2/testcases:ipc"], 1075*ec63e07aSXin Li tags = ["no_qemu_user_mode"], 1076*ec63e07aSXin Li deps = [ 1077*ec63e07aSXin Li ":comms", 1078*ec63e07aSXin Li ":sandbox2", 1079*ec63e07aSXin Li "//sandboxed_api:testing", 1080*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 1081*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 1082*ec63e07aSXin Li ], 1083*ec63e07aSXin Li) 1084*ec63e07aSXin Li 1085*ec63e07aSXin Licc_library( 1086*ec63e07aSXin Li name = "testing", 1087*ec63e07aSXin Li testonly = 1, 1088*ec63e07aSXin Li hdrs = ["testing.h"], 1089*ec63e07aSXin Li copts = sapi_platform_copts(), 1090*ec63e07aSXin Li visibility = ["//visibility:public"], 1091*ec63e07aSXin Li deps = ["//sandboxed_api:testing"], 1092*ec63e07aSXin Li) 1093*ec63e07aSXin Li 1094*ec63e07aSXin Lisapi_proto_library( 1095*ec63e07aSXin Li name = "violation_proto", 1096*ec63e07aSXin Li srcs = ["violation.proto"], 1097*ec63e07aSXin Li deps = [ 1098*ec63e07aSXin Li ":mount_tree_proto", 1099*ec63e07aSXin Li ], 1100*ec63e07aSXin Li) 1101*ec63e07aSXin Li 1102*ec63e07aSXin Licc_test( 1103*ec63e07aSXin Li name = "policybuilder_test", 1104*ec63e07aSXin Li srcs = ["policybuilder_test.cc"], 1105*ec63e07aSXin Li copts = sapi_platform_copts(), 1106*ec63e07aSXin Li deps = [ 1107*ec63e07aSXin Li ":policy", 1108*ec63e07aSXin Li ":policybuilder", 1109*ec63e07aSXin Li ":violation_cc_proto", 1110*ec63e07aSXin Li "//sandboxed_api/sandbox2/util:bpf_helper", 1111*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 1112*ec63e07aSXin Li "@com_google_absl//absl/status", 1113*ec63e07aSXin Li "@com_google_absl//absl/status:statusor", 1114*ec63e07aSXin Li "@com_google_absl//absl/strings", 1115*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 1116*ec63e07aSXin Li ], 1117*ec63e07aSXin Li) 1118*ec63e07aSXin Li 1119*ec63e07aSXin Licc_test( 1120*ec63e07aSXin Li name = "bpfdisassembler_test", 1121*ec63e07aSXin Li srcs = ["bpfdisassembler_test.cc"], 1122*ec63e07aSXin Li copts = sapi_platform_copts(), 1123*ec63e07aSXin Li deps = [ 1124*ec63e07aSXin Li ":bpfdisassembler", 1125*ec63e07aSXin Li "//sandboxed_api/sandbox2/util:bpf_helper", 1126*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 1127*ec63e07aSXin Li ], 1128*ec63e07aSXin Li) 1129*ec63e07aSXin Li 1130*ec63e07aSXin Licc_test( 1131*ec63e07aSXin Li name = "network_proxy_test", 1132*ec63e07aSXin Li srcs = ["network_proxy_test.cc"], 1133*ec63e07aSXin Li copts = sapi_platform_copts(), 1134*ec63e07aSXin Li data = [ 1135*ec63e07aSXin Li "//sandboxed_api/sandbox2/testcases:network_proxy", 1136*ec63e07aSXin Li ], 1137*ec63e07aSXin Li tags = ["no_qemu_user_mode"], 1138*ec63e07aSXin Li deps = [ 1139*ec63e07aSXin Li ":sandbox2", 1140*ec63e07aSXin Li "//sandboxed_api:testing", 1141*ec63e07aSXin Li "//sandboxed_api/sandbox2/network_proxy:testing", 1142*ec63e07aSXin Li "//sandboxed_api/util:status_matchers", 1143*ec63e07aSXin Li "@com_google_absl//absl/status", 1144*ec63e07aSXin Li "@com_google_absl//absl/strings", 1145*ec63e07aSXin Li "@com_google_absl//absl/time", 1146*ec63e07aSXin Li "@com_google_googletest//:gtest_main", 1147*ec63e07aSXin Li ], 1148*ec63e07aSXin Li) 1149