xref: /aosp_15_r20/external/sandboxed-api/sandboxed_api/sandbox2/examples/static/BUILD.bazel (revision ec63e07ab9515d95e79c211197c445ef84cefa6a) 
1# Copyright 2019 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#     https://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# The 'static' example demonstrates:
16# - separate executor and sandboxee
17# - sandboxee already sandboxed, not using google3 and compiled statically
18# - minimal syscall policy written with BPF macros
19# - communication with file descriptors and MapFd
20# - test to ensure sandbox executor runs sandboxee without issue
21
22load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
23
24package(default_visibility = [
25    "//sandboxed_api/sandbox2:__subpackages__",
26])
27
28licenses(["notice"])
29
30# Executor
31cc_binary(
32    name = "static_sandbox",
33    srcs = ["static_sandbox.cc"],
34    copts = sapi_platform_copts(),
35    data = [":static_bin"],
36    tags = ["no_qemu_user_mode"],
37    deps = [
38        "//sandboxed_api:config",
39        "//sandboxed_api/sandbox2",
40        "//sandboxed_api/sandbox2/util:bpf_helper",
41        "//sandboxed_api/util:runfiles",
42        "@com_google_absl//absl/flags:parse",
43        "@com_google_absl//absl/log",
44        "@com_google_absl//absl/log:check",
45        "@com_google_absl//absl/log:globals",
46        "@com_google_absl//absl/log:initialize",
47        "@com_google_absl//absl/time",
48    ],
49)
50
51# Sandboxee
52# security: disable=cc-static-no-pie
53cc_binary(
54    name = "static_bin",
55    srcs = ["static_bin.cc"],
56    copts = sapi_platform_copts(),
57    features = [
58        "-pie",
59        "fully_static_link",  # link libc statically
60    ],
61    linkstatic = 1,
62)
63
64sh_test(
65    name = "static_sandbox_test",
66    srcs = ["static_sandbox_test.sh"],
67    data = [":static_sandbox"],
68    tags = ["no_qemu_user_mode"],
69)
70