1*ec63e07aSXin Li# Copyright 2019 Google LLC 2*ec63e07aSXin Li# 3*ec63e07aSXin Li# Licensed under the Apache License, Version 2.0 (the "License"); 4*ec63e07aSXin Li# you may not use this file except in compliance with the License. 5*ec63e07aSXin Li# You may obtain a copy of the License at 6*ec63e07aSXin Li# 7*ec63e07aSXin Li# https://www.apache.org/licenses/LICENSE-2.0 8*ec63e07aSXin Li# 9*ec63e07aSXin Li# Unless required by applicable law or agreed to in writing, software 10*ec63e07aSXin Li# distributed under the License is distributed on an "AS IS" BASIS, 11*ec63e07aSXin Li# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*ec63e07aSXin Li# See the License for the specific language governing permissions and 13*ec63e07aSXin Li# limitations under the License. 14*ec63e07aSXin Li 15*ec63e07aSXin Licmake_minimum_required(VERSION 3.13..3.26) 16*ec63e07aSXin Li 17*ec63e07aSXin Liif(POLICY CMP0083) 18*ec63e07aSXin Li cmake_policy(SET CMP0083 NEW) # Add PIE flags when requested 19*ec63e07aSXin Liendif() 20*ec63e07aSXin Li 21*ec63e07aSXin Liif(POLICY CMP0135) 22*ec63e07aSXin Li cmake_policy(SET CMP0135 NEW) # Set download timestamp to current time 23*ec63e07aSXin Liendif() 24*ec63e07aSXin Li 25*ec63e07aSXin Liproject(SandboxedAPI C CXX ASM) 26*ec63e07aSXin Liinclude(CTest) 27*ec63e07aSXin Li 28*ec63e07aSXin Li# TODO(cblichmann): Enable for Android once support lands 29*ec63e07aSXin Liif(NOT CMAKE_SYSTEM_NAME MATCHES "Linux") 30*ec63e07aSXin Li message(FATAL_ERROR "Sandboxed API is only supported on Linux") 31*ec63e07aSXin Liendif() 32*ec63e07aSXin Li 33*ec63e07aSXin Li# SAPI-wide setting for the language level 34*ec63e07aSXin Liset(SAPI_CXX_STANDARD 17) 35*ec63e07aSXin Li 36*ec63e07aSXin Liif(NOT CMAKE_CXX_STANDARD) 37*ec63e07aSXin Li set(CMAKE_CXX_STANDARD ${SAPI_CXX_STANDARD}) 38*ec63e07aSXin Lielseif(CMAKE_CXX_STANDARD LESS ${SAPI_CXX_STANDARD}) 39*ec63e07aSXin Li message(FATAL_ERROR 40*ec63e07aSXin Li "Sandboxed API requires C++17. To ensure ABI compatibility" 41*ec63e07aSXin Li " build and link all targets of the project with the same" 42*ec63e07aSXin Li " version of C++." 43*ec63e07aSXin Li ) 44*ec63e07aSXin Liendif() 45*ec63e07aSXin Li 46*ec63e07aSXin Liset(SAPI_BINARY_DIR "${PROJECT_BINARY_DIR}" CACHE INTERNAL "" FORCE) 47*ec63e07aSXin Liset(SAPI_SOURCE_DIR "${PROJECT_SOURCE_DIR}" CACHE INTERNAL "" FORCE) 48*ec63e07aSXin Li 49*ec63e07aSXin Liget_directory_property(_sapi_has_parent PARENT_DIRECTORY) 50*ec63e07aSXin Liif(PROJECT_IS_TOP_LEVEL OR NOT _sapi_has_parent) 51*ec63e07aSXin Li set(SAPI_PROJECT_IS_TOP_LEVEL ON) 52*ec63e07aSXin Liendif() 53*ec63e07aSXin Li 54*ec63e07aSXin Liinclude(CheckCXXCompilerFlag) 55*ec63e07aSXin Li 56*ec63e07aSXin Li# Allow the header generator to auto-configure include paths. Need to set a 57*ec63e07aSXin Li# cache variable, so that sub- and super-projects also have this enabled. 58*ec63e07aSXin Liset(CMAKE_EXPORT_COMPILE_COMMANDS ON CACHE INTERNAL "") 59*ec63e07aSXin Li 60*ec63e07aSXin Liset(CMAKE_SKIP_BUILD_RPATH ON) 61*ec63e07aSXin Li 62*ec63e07aSXin Liif(CMAKE_VERSION VERSION_GREATER_EQUAL 3.14) 63*ec63e07aSXin Li include(CheckPIESupported) 64*ec63e07aSXin Li check_pie_supported() 65*ec63e07aSXin Li set(CMAKE_POSITION_INDEPENDENT_CODE ON) 66*ec63e07aSXin Liendif() 67*ec63e07aSXin Li 68*ec63e07aSXin Li# SAPI CMake modules, order matters 69*ec63e07aSXin Lilist(APPEND CMAKE_MODULE_PATH "${SAPI_SOURCE_DIR}/cmake" 70*ec63e07aSXin Li "${SAPI_SOURCE_DIR}/cmake/modules") 71*ec63e07aSXin Liinclude(SapiOptions) 72*ec63e07aSXin Liinclude(SapiDeps) 73*ec63e07aSXin Liinclude(SapiUtil) 74*ec63e07aSXin Liinclude(SapiBuildDefs) 75*ec63e07aSXin Liinclude(GNUInstallDirs) 76*ec63e07aSXin Li 77*ec63e07aSXin Liif(SAPI_HARDENED_SOURCE) 78*ec63e07aSXin Li add_compile_options(-fstack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2) 79*ec63e07aSXin Li add_link_options(-Wl,-z,relro -Wl,-z,now) 80*ec63e07aSXin Liendif() 81*ec63e07aSXin Li 82*ec63e07aSXin Liif(SAPI_FORCE_COLOR_OUTPUT) 83*ec63e07aSXin Li if(CMAKE_CXX_COMPILER_ID STREQUAL "GNU") # GCC 84*ec63e07aSXin Li add_compile_options(-fdiagnostics-color=always) 85*ec63e07aSXin Li elseif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") # Clang or Apple Clang 86*ec63e07aSXin Li add_compile_options(-fcolor-diagnostics) 87*ec63e07aSXin Li endif() 88*ec63e07aSXin Liendif() 89*ec63e07aSXin Li 90*ec63e07aSXin Li# Make Bazel-style includes work 91*ec63e07aSXin Liconfigure_file(cmake/libcap_capability.h.in 92*ec63e07aSXin Li libcap/include/sys/capability.h 93*ec63e07aSXin Li @ONLY) 94*ec63e07aSXin Li 95*ec63e07aSXin Li# Library with basic project settings. The empty file is there to be able to 96*ec63e07aSXin Li# define header-only libraries without cumbersome target_sources() hacks. 97*ec63e07aSXin Liconfigure_file(cmake/sapi_force_cxx_linkage.cc.in 98*ec63e07aSXin Li "${SAPI_BINARY_DIR}/sapi_force_cxx_linkage.cc" COPYONLY) 99*ec63e07aSXin Liadd_library(sapi_base STATIC 100*ec63e07aSXin Li "${SAPI_BINARY_DIR}/sapi_force_cxx_linkage.cc" 101*ec63e07aSXin Li) 102*ec63e07aSXin Liadd_library(sapi::base ALIAS sapi_base) 103*ec63e07aSXin Litarget_compile_features(sapi_base PUBLIC 104*ec63e07aSXin Li cxx_std_${SAPI_CXX_STANDARD} 105*ec63e07aSXin Li) 106*ec63e07aSXin Liset_target_properties(sapi_base PROPERTIES 107*ec63e07aSXin Li INTERFACE_POSITION_INDEPENDENT_CODE ON 108*ec63e07aSXin Li) 109*ec63e07aSXin Litarget_include_directories(sapi_base PUBLIC 110*ec63e07aSXin Li "${SAPI_BINARY_DIR}" 111*ec63e07aSXin Li "${SAPI_SOURCE_DIR}" 112*ec63e07aSXin Li "${Protobuf_INCLUDE_DIR}" 113*ec63e07aSXin Li) 114*ec63e07aSXin Litarget_compile_options(sapi_base PUBLIC 115*ec63e07aSXin Li -fno-exceptions 116*ec63e07aSXin Li) 117*ec63e07aSXin Liif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") 118*ec63e07aSXin Li target_compile_options(sapi_base PUBLIC 119*ec63e07aSXin Li # The syscall tables in sandbox2/syscall_defs.cc are `std::array`s using 120*ec63e07aSXin Li # CTAD and have more entries than the default limit of 256. 121*ec63e07aSXin Li -fbracket-depth=768 122*ec63e07aSXin Li ) 123*ec63e07aSXin Liendif() 124*ec63e07aSXin Liset(_sapi_check_no_deprecated 125*ec63e07aSXin Li -Wno-deprecated SAPI_HAS_W_NO_DEPRECATED 126*ec63e07aSXin Li) 127*ec63e07aSXin Liset(_sapi_check_frame_larger_than 128*ec63e07aSXin Li # For sandbox2/util.cc's CloneAndJump() 129*ec63e07aSXin Li -Wframe-larger-than=40960 SAPI_HAS_W_FRAME_LARGER_THAN 130*ec63e07aSXin Li) 131*ec63e07aSXin Liset(_sapi_check_no_deprecated_declarations 132*ec63e07aSXin Li -Wno-deprecated-declarations SAPI_HAS_W_NO_DEPRECATED_DECLARATIONS 133*ec63e07aSXin Li) 134*ec63e07aSXin Liset(_sapi_check_no_psabi 135*ec63e07aSXin Li -Wno-psabi SAPI_HAS_W_NO_PSABI 136*ec63e07aSXin Li) 137*ec63e07aSXin Liforeach(check IN ITEMS _sapi_check_no_deprecated 138*ec63e07aSXin Li _sapi_check_frame_larger_than 139*ec63e07aSXin Li _sapi_check_no_deprecated_declarations 140*ec63e07aSXin Li _sapi_check_no_psabi) 141*ec63e07aSXin Li list(GET ${check} 0 opt_value) 142*ec63e07aSXin Li list(GET ${check} 1 var_name) 143*ec63e07aSXin Li check_cxx_compiler_flag(${opt_value} ${var_name}) 144*ec63e07aSXin Li if(${var_name}) 145*ec63e07aSXin Li target_compile_options(sapi_base PUBLIC ${opt_value}) 146*ec63e07aSXin Li endif() 147*ec63e07aSXin Liendforeach() 148*ec63e07aSXin Li 149*ec63e07aSXin Liadd_library(sapi_test_main INTERFACE) 150*ec63e07aSXin Liadd_library(sapi::test_main ALIAS sapi_test_main) 151*ec63e07aSXin Litarget_link_libraries(sapi_test_main INTERFACE 152*ec63e07aSXin Li gtest_main 153*ec63e07aSXin Li gmock 154*ec63e07aSXin Li sapi::base 155*ec63e07aSXin Li) 156*ec63e07aSXin Li 157*ec63e07aSXin Liif(BUILD_TESTING AND SAPI_BUILD_TESTING) 158*ec63e07aSXin Li include(GoogleTest) 159*ec63e07aSXin Li # Setup tests to work like with Bazel 160*ec63e07aSXin Li create_directory_symlink("${SAPI_BINARY_DIR}" com_google_sandboxed_api) 161*ec63e07aSXin Li enable_testing() 162*ec63e07aSXin Liendif() 163*ec63e07aSXin Li 164*ec63e07aSXin Liadd_subdirectory(sandboxed_api) 165*ec63e07aSXin Li 166*ec63e07aSXin Liif(BUILD_TESTING AND SAPI_BUILD_TESTING AND SAPI_CONTRIB_BUILD_TESTING) 167*ec63e07aSXin Li add_subdirectory(contrib) 168*ec63e07aSXin Liendif() 169