xref: /aosp_15_r20/external/sandboxed-api/sandboxed_api/sandbox2/examples/tool/BUILD.bazel (revision ec63e07ab9515d95e79c211197c445ef84cefa6a) 
1# Copyright 2019 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#     https://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# The 'tool' example demonstrates:
16# - a sandbox executor, sandboxee would be another program
17# - sandboxee sandboxed before execve
18# - very lax, separate sandbox policy written with BPFDSL
19# - expose file descriptors to executor with ReceiveFd
20# - set limits, wall time, filesystem checks, asynchronous run
21# - test to ensure sandbox executor runs sandboxee without issue
22
23load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
24
25package(default_visibility = [
26    "//sandboxed_api/sandbox2:__subpackages__",
27])
28
29licenses(["notice"])
30
31# Executor
32cc_binary(
33    name = "sandbox2tool",
34    srcs = ["sandbox2tool.cc"],
35    copts = sapi_platform_copts(),
36    deps = [
37        "//sandboxed_api/sandbox2",
38        "//sandboxed_api/sandbox2:allow_all_syscalls",
39        "//sandboxed_api/sandbox2:util",
40        "//sandboxed_api/sandbox2/util:bpf_helper",
41        "//sandboxed_api/util:fileops",
42        "@com_google_absl//absl/base:log_severity",
43        "@com_google_absl//absl/flags:flag",
44        "@com_google_absl//absl/flags:parse",
45        "@com_google_absl//absl/flags:usage",
46        "@com_google_absl//absl/log",
47        "@com_google_absl//absl/log:check",
48        "@com_google_absl//absl/log:globals",
49        "@com_google_absl//absl/log:initialize",
50        "@com_google_absl//absl/strings",
51        "@com_google_absl//absl/strings:str_format",
52        "@com_google_absl//absl/time",
53    ],
54)
55
56# Test
57sh_test(
58    name = "sandbox2tool_test",
59    srcs = ["sandbox2tool_test.sh"],
60    data = [":sandbox2tool"],
61    tags = ["no_qemu_user_mode"],
62)
63