1# Copyright 2019 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# https://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15# Description: sandbox2 is a C++ sandbox technology for Linux. 16 17load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") 18load("//sandboxed_api/bazel:embed_data.bzl", "sapi_cc_embed_data") 19load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library") 20 21package(default_visibility = ["//sandboxed_api:__subpackages__"]) 22 23licenses(["notice"]) 24 25cc_library( 26 name = "allow_all_syscalls", 27 hdrs = ["allow_all_syscalls.h"], 28 copts = sapi_platform_copts(), 29 visibility = [ 30 "//sandboxed_api/sandbox2:__pkg__", 31 "//sandboxed_api/sandbox2/examples/tool:__pkg__", 32 ], 33) 34 35cc_library( 36 name = "testonly_allow_all_syscalls", 37 testonly = True, 38 hdrs = ["allow_all_syscalls.h"], 39 copts = sapi_platform_copts(), 40 visibility = ["//visibility:public"], 41) 42 43cc_library( 44 name = "trace_all_syscalls", 45 hdrs = ["trace_all_syscalls.h"], 46 copts = sapi_platform_copts(), 47 visibility = [ 48 "//sandboxed_api/sandbox2:__pkg__", 49 ], 50) 51 52cc_library( 53 name = "testonly_trace_all_syscalls", 54 testonly = True, 55 hdrs = ["trace_all_syscalls.h"], 56 copts = sapi_platform_copts(), 57 visibility = ["//visibility:public"], 58) 59 60cc_library( 61 name = "allow_unrestricted_networking", 62 hdrs = ["allow_unrestricted_networking.h"], 63 copts = sapi_platform_copts(), 64 visibility = [ 65 "//sandboxed_api/sandbox2:__pkg__", 66 "//sandboxed_api/sandbox2/examples/tool:__pkg__", 67 "//sandboxed_api/sandbox2/performance:__pkg__", 68 ], 69) 70 71cc_library( 72 name = "testonly_allow_unrestricted_networking", 73 testonly = True, 74 hdrs = ["allow_unrestricted_networking.h"], 75 copts = sapi_platform_copts(), 76 visibility = ["//visibility:public"], 77) 78 79cc_library( 80 name = "bpfdisassembler", 81 srcs = ["bpfdisassembler.cc"], 82 hdrs = ["bpfdisassembler.h"], 83 copts = sapi_platform_copts(), 84 visibility = ["//visibility:public"], 85 deps = [ 86 "@com_google_absl//absl/strings", 87 "@com_google_absl//absl/types:span", 88 ], 89) 90 91cc_library( 92 name = "regs", 93 srcs = ["regs.cc"], 94 hdrs = ["regs.h"], 95 copts = sapi_platform_copts(), 96 deps = [ 97 ":syscall", 98 ":violation_cc_proto", 99 "//sandboxed_api:config", 100 "@com_google_absl//absl/base:core_headers", 101 "@com_google_absl//absl/status", 102 "@com_google_absl//absl/strings", 103 ], 104) 105 106cc_test( 107 name = "regs_test", 108 srcs = ["regs_test.cc"], 109 copts = sapi_platform_copts(), 110 tags = ["no_qemu_user_mode"], 111 deps = [ 112 ":regs", 113 ":sanitizer", 114 ":syscall", 115 ":util", 116 "//sandboxed_api:config", 117 "//sandboxed_api/sandbox2/util:bpf_helper", 118 "//sandboxed_api/util:status_matchers", 119 "@com_google_absl//absl/log:check", 120 "@com_google_googletest//:gtest_main", 121 ], 122) 123 124cc_library( 125 name = "syscall", 126 srcs = [ 127 "syscall.cc", 128 "syscall_defs.cc", 129 ], 130 hdrs = [ 131 "syscall.h", 132 "syscall_defs.h", 133 ], 134 copts = sapi_platform_copts(), 135 visibility = ["//visibility:public"], 136 deps = [ 137 ":util", 138 "//sandboxed_api:config", 139 "@com_google_absl//absl/algorithm:container", 140 "@com_google_absl//absl/status", 141 "@com_google_absl//absl/status:statusor", 142 "@com_google_absl//absl/strings", 143 "@com_google_absl//absl/strings:str_format", 144 "@com_google_absl//absl/types:span", 145 ], 146) 147 148cc_test( 149 name = "syscall_test", 150 srcs = ["syscall_test.cc"], 151 copts = sapi_platform_copts(), 152 tags = ["no_qemu_user_mode"], 153 deps = [ 154 ":syscall", 155 "//sandboxed_api:config", 156 "@com_google_absl//absl/strings", 157 "@com_google_googletest//:gtest_main", 158 ], 159) 160 161cc_library( 162 name = "result", 163 srcs = ["result.cc"], 164 hdrs = ["result.h"], 165 copts = sapi_platform_copts(), 166 deps = [ 167 ":regs", 168 ":syscall", 169 ":util", 170 "//sandboxed_api:config", 171 "@com_google_absl//absl/status", 172 "@com_google_absl//absl/strings", 173 ], 174) 175 176sapi_proto_library( 177 name = "logserver_proto", 178 srcs = ["logserver.proto"], 179) 180 181cc_library( 182 name = "logserver", 183 srcs = ["logserver.cc"], 184 hdrs = ["logserver.h"], 185 copts = sapi_platform_copts(), 186 deps = [ 187 ":comms", 188 ":logserver_cc_proto", 189 "@com_google_absl//absl/base:log_severity", 190 "@com_google_absl//absl/log", 191 ], 192) 193 194cc_library( 195 name = "logsink", 196 srcs = ["logsink.cc"], 197 hdrs = ["logsink.h"], 198 copts = sapi_platform_copts(), 199 visibility = ["//visibility:public"], 200 deps = [ 201 ":comms", 202 ":logserver_cc_proto", 203 "@com_google_absl//absl/base:log_severity", 204 "@com_google_absl//absl/log:log_entry", 205 "@com_google_absl//absl/log:log_sink", 206 "@com_google_absl//absl/log:log_sink_registry", 207 "@com_google_absl//absl/strings", 208 "@com_google_absl//absl/strings:str_format", 209 "@com_google_absl//absl/synchronization", 210 ], 211) 212 213cc_library( 214 name = "ipc", 215 srcs = ["ipc.cc"], 216 hdrs = ["ipc.h"], 217 copts = sapi_platform_copts(), 218 deps = [ 219 ":comms", 220 ":logserver", 221 ":logsink", 222 "//sandboxed_api/util:raw_logging", 223 "@com_google_absl//absl/base:core_headers", 224 "@com_google_absl//absl/log", 225 "@com_google_absl//absl/strings", 226 ], 227) 228 229cc_library( 230 name = "policy", 231 srcs = ["policy.cc"], 232 hdrs = ["policy.h"], 233 copts = sapi_platform_copts(), 234 deps = [ 235 ":bpfdisassembler", 236 ":comms", 237 ":namespace", 238 ":syscall", 239 ":violation_cc_proto", 240 "//sandboxed_api:config", 241 "//sandboxed_api/sandbox2/network_proxy:filtering", 242 "//sandboxed_api/sandbox2/util:bpf_helper", 243 "//sandboxed_api/util:raw_logging", 244 "@com_google_absl//absl/flags:flag", 245 "@com_google_absl//absl/log", 246 "@com_google_absl//absl/strings:string_view", 247 ], 248) 249 250cc_library( 251 name = "notify", 252 srcs = [], 253 hdrs = ["notify.h"], 254 copts = sapi_platform_copts(), 255 deps = [ 256 ":comms", 257 ":result", 258 ":syscall", 259 ":util", 260 "@com_google_absl//absl/base:core_headers", 261 "@com_google_absl//absl/log", 262 ], 263) 264 265cc_library( 266 name = "limits", 267 hdrs = ["limits.h"], 268 copts = sapi_platform_copts(), 269 deps = [ 270 "@com_google_absl//absl/base:core_headers", 271 "@com_google_absl//absl/time", 272 ], 273) 274 275cc_binary( 276 name = "forkserver_bin", 277 srcs = ["forkserver_bin.cc"], 278 copts = sapi_platform_copts(), 279 stamp = 0, 280 deps = [ 281 ":client", 282 ":comms", 283 ":forkserver", 284 ":sanitizer", 285 "//sandboxed_api/sandbox2/unwind", 286 "//sandboxed_api/util:raw_logging", 287 "@com_google_absl//absl/base:log_severity", 288 "@com_google_absl//absl/log:globals", 289 "@com_google_absl//absl/status", 290 ], 291) 292 293sapi_cc_embed_data( 294 name = "forkserver_bin_embed", 295 srcs = [":forkserver_bin.stripped"], 296) 297 298cc_library( 299 name = "global_forkserver", 300 srcs = ["global_forkclient.cc"], 301 hdrs = ["global_forkclient.h"], 302 copts = sapi_platform_copts(), 303 visibility = ["//visibility:public"], 304 deps = [ 305 ":comms", 306 ":fork_client", 307 ":forkserver_bin_embed", 308 ":forkserver_cc_proto", 309 ":util", 310 "//sandboxed_api:config", 311 "//sandboxed_api:embed_file", 312 "//sandboxed_api/util:fileops", 313 "//sandboxed_api/util:raw_logging", 314 "//sandboxed_api/util:status", 315 "@com_google_absl//absl/base:core_headers", 316 "@com_google_absl//absl/cleanup", 317 "@com_google_absl//absl/flags:flag", 318 "@com_google_absl//absl/log", 319 "@com_google_absl//absl/status", 320 "@com_google_absl//absl/status:statusor", 321 "@com_google_absl//absl/strings", 322 "@com_google_absl//absl/synchronization", 323 ], 324) 325 326# Use only if Sandbox2 global forkserver has to be started very early on. 327# By default the forkserver is started on demand. 328cc_library( 329 name = "start_global_forkserver_lib_constructor", 330 srcs = ["global_forkclient_lib_ctor.cc"], 331 copts = sapi_platform_copts(), 332 visibility = ["//visibility:public"], 333 deps = [ 334 ":fork_client", 335 ":global_forkserver", 336 "@com_google_absl//absl/base:core_headers", 337 ], 338) 339 340cc_library( 341 name = "executor", 342 srcs = ["executor.cc"], 343 hdrs = ["executor.h"], 344 copts = sapi_platform_copts(), 345 deps = [ 346 ":fork_client", 347 ":forkserver_cc_proto", 348 ":global_forkserver", 349 ":ipc", 350 ":limits", 351 ":namespace", 352 ":util", 353 "//sandboxed_api:config", 354 "//sandboxed_api/util:fileops", 355 "//sandboxed_api/util:raw_logging", 356 "@com_google_absl//absl/base:core_headers", 357 "@com_google_absl//absl/log", 358 "@com_google_absl//absl/log:check", 359 "@com_google_absl//absl/status", 360 "@com_google_absl//absl/status:statusor", 361 "@com_google_absl//absl/strings", 362 "@com_google_absl//absl/types:span", 363 ], 364) 365 366# Should not be used in sandboxee code if it only uses sandbox2::Comms and 367# sandbox2::Client objects 368cc_library( 369 name = "sandbox2", 370 srcs = [ 371 "sandbox2.cc", 372 ], 373 hdrs = [ 374 "client.h", 375 "executor.h", 376 "ipc.h", 377 "limits.h", 378 "notify.h", 379 "policy.h", 380 "policybuilder.h", 381 "result.h", 382 "sandbox2.h", 383 "syscall.h", 384 ], 385 copts = sapi_platform_copts(), 386 visibility = ["//visibility:public"], 387 deps = [ 388 ":client", 389 ":comms", 390 ":executor", 391 ":fork_client", 392 ":forkserver_cc_proto", 393 ":ipc", 394 ":limits", 395 ":logsink", 396 ":monitor_base", 397 ":monitor_ptrace", 398 ":monitor_unotify", 399 ":mounts", 400 ":namespace", 401 ":notify", 402 ":policy", 403 ":policybuilder", 404 ":regs", 405 ":result", 406 ":stack_trace", 407 ":syscall", 408 ":util", 409 ":violation_cc_proto", 410 "//sandboxed_api:config", 411 "//sandboxed_api/sandbox2/network_proxy:client", 412 "//sandboxed_api/sandbox2/network_proxy:filtering", 413 "//sandboxed_api/util:fileops", 414 "@com_google_absl//absl/base", 415 "@com_google_absl//absl/base:core_headers", 416 "@com_google_absl//absl/container:flat_hash_map", 417 "@com_google_absl//absl/container:flat_hash_set", 418 "@com_google_absl//absl/log", 419 "@com_google_absl//absl/log:check", 420 "@com_google_absl//absl/status", 421 "@com_google_absl//absl/status:statusor", 422 "@com_google_absl//absl/strings", 423 "@com_google_absl//absl/time", 424 "@com_google_absl//absl/types:optional", 425 "@com_google_absl//absl/types:span", 426 ], 427) 428 429cc_library( 430 name = "stack_trace", 431 srcs = ["stack_trace.cc"], 432 hdrs = ["stack_trace.h"], 433 copts = sapi_platform_copts(), 434 deps = [ 435 ":comms", 436 ":executor", 437 ":limits", 438 ":mounts", 439 ":namespace", 440 ":policy", 441 ":policybuilder", 442 ":regs", 443 ":result", 444 "//sandboxed_api:config", 445 "//sandboxed_api/sandbox2/unwind", 446 "//sandboxed_api/sandbox2/unwind:unwind_cc_proto", 447 "//sandboxed_api/util:file_base", 448 "//sandboxed_api/util:fileops", 449 "//sandboxed_api/util:raw_logging", 450 "//sandboxed_api/util:status", 451 "@com_google_absl//absl/cleanup", 452 "@com_google_absl//absl/flags:flag", 453 "@com_google_absl//absl/log", 454 "@com_google_absl//absl/log:check", 455 "@com_google_absl//absl/memory", 456 "@com_google_absl//absl/status", 457 "@com_google_absl//absl/status:statusor", 458 "@com_google_absl//absl/strings", 459 "@com_google_absl//absl/time", 460 ], 461) 462 463cc_library( 464 name = "monitor_ptrace", 465 srcs = ["monitor_ptrace.cc"], 466 hdrs = ["monitor_ptrace.h"], 467 copts = sapi_platform_copts(), 468 deps = [ 469 ":client", 470 ":comms", 471 ":executor", 472 ":monitor_base", 473 ":notify", 474 ":policy", 475 ":regs", 476 ":result", 477 ":sanitizer", 478 ":syscall", 479 ":util", 480 "//sandboxed_api:config", 481 "//sandboxed_api/util:raw_logging", 482 "//sandboxed_api/util:status", 483 "@com_google_absl//absl/base:core_headers", 484 "@com_google_absl//absl/cleanup", 485 "@com_google_absl//absl/container:flat_hash_map", 486 "@com_google_absl//absl/container:flat_hash_set", 487 "@com_google_absl//absl/flags:flag", 488 "@com_google_absl//absl/log", 489 "@com_google_absl//absl/log:check", 490 "@com_google_absl//absl/status", 491 "@com_google_absl//absl/status:statusor", 492 "@com_google_absl//absl/strings", 493 "@com_google_absl//absl/strings:str_format", 494 "@com_google_absl//absl/synchronization", 495 "@com_google_absl//absl/time", 496 ], 497) 498 499cc_library( 500 name = "monitor_unotify", 501 srcs = ["monitor_unotify.cc"], 502 hdrs = ["monitor_unotify.h"], 503 copts = sapi_platform_copts(), 504 deps = [ 505 ":client", 506 ":executor", 507 ":forkserver_cc_proto", 508 ":monitor_base", 509 ":notify", 510 ":policy", 511 ":result", 512 "//sandboxed_api:config", 513 "//sandboxed_api/util:fileops", 514 "//sandboxed_api/util:raw_logging", 515 "//sandboxed_api/util:status", 516 "@com_google_absl//absl/base:core_headers", 517 "@com_google_absl//absl/cleanup", 518 "@com_google_absl//absl/log", 519 "@com_google_absl//absl/log:check", 520 "@com_google_absl//absl/status", 521 "@com_google_absl//absl/status:statusor", 522 "@com_google_absl//absl/strings", 523 "@com_google_absl//absl/synchronization", 524 "@com_google_absl//absl/time", 525 "@com_google_absl//absl/types:span", 526 ], 527) 528 529cc_library( 530 name = "monitor_base", 531 srcs = ["monitor_base.cc"], 532 hdrs = ["monitor_base.h"], 533 copts = sapi_platform_copts(), 534 deps = [ 535 ":client", 536 ":comms", 537 ":executor", 538 ":fork_client", 539 ":forkserver_cc_proto", 540 ":ipc", 541 ":limits", 542 ":mounts", 543 ":namespace", 544 ":notify", 545 ":policy", 546 ":regs", 547 ":result", 548 ":stack_trace", 549 ":syscall", 550 ":util", 551 "//sandboxed_api/sandbox2/network_proxy:client", 552 "//sandboxed_api/sandbox2/network_proxy:server", 553 "//sandboxed_api/util:file_helpers", 554 "//sandboxed_api/util:raw_logging", 555 "//sandboxed_api/util:strerror", 556 "//sandboxed_api/util:temp_file", 557 "@com_google_absl//absl/base", 558 "@com_google_absl//absl/cleanup", 559 "@com_google_absl//absl/flags:flag", 560 "@com_google_absl//absl/log", 561 "@com_google_absl//absl/log:check", 562 "@com_google_absl//absl/memory", 563 "@com_google_absl//absl/status", 564 "@com_google_absl//absl/status:statusor", 565 "@com_google_absl//absl/strings", 566 "@com_google_absl//absl/synchronization", 567 "@com_google_absl//absl/time", 568 ], 569) 570 571cc_library( 572 name = "policybuilder", 573 srcs = ["policybuilder.cc"], 574 hdrs = ["policybuilder.h"], 575 copts = sapi_platform_copts(), 576 deps = [ 577 ":allow_all_syscalls", 578 ":allow_unrestricted_networking", 579 ":mounts", 580 ":namespace", 581 ":policy", 582 ":syscall", 583 ":trace_all_syscalls", 584 ":violation_cc_proto", 585 "//sandboxed_api:config", 586 "//sandboxed_api/sandbox2/network_proxy:filtering", 587 "//sandboxed_api/sandbox2/util:bpf_helper", 588 "//sandboxed_api/util:file_base", 589 "//sandboxed_api/util:status", 590 "@com_google_absl//absl/base:core_headers", 591 "@com_google_absl//absl/container:flat_hash_set", 592 "@com_google_absl//absl/log", 593 "@com_google_absl//absl/log:check", 594 "@com_google_absl//absl/memory", 595 "@com_google_absl//absl/status", 596 "@com_google_absl//absl/status:statusor", 597 "@com_google_absl//absl/strings", 598 "@com_google_absl//absl/types:optional", 599 "@com_google_absl//absl/types:span", 600 ], 601) 602 603# Should be used in sandboxee code instead of :sandbox2 if it uses just 604# sandbox2::Client::SandboxMeHere() and sandbox2::Comms 605cc_library( 606 name = "client", 607 srcs = ["client.cc"], 608 hdrs = ["client.h"], 609 copts = sapi_platform_copts(), 610 visibility = ["//visibility:public"], 611 deps = [ 612 ":comms", 613 ":logsink", 614 ":policy", 615 ":sanitizer", 616 ":syscall", 617 "//sandboxed_api/sandbox2/network_proxy:client", 618 "//sandboxed_api/sandbox2/util:bpf_helper", 619 "//sandboxed_api/util:raw_logging", 620 "@com_google_absl//absl/base:core_headers", 621 "@com_google_absl//absl/container:flat_hash_map", 622 "@com_google_absl//absl/status", 623 "@com_google_absl//absl/strings", 624 ], 625) 626 627cc_library( 628 name = "sanitizer", 629 srcs = ["sanitizer.cc"], 630 hdrs = ["sanitizer.h"], 631 copts = sapi_platform_copts(), 632 visibility = ["//visibility:public"], 633 deps = [ 634 ":util", 635 "//sandboxed_api/util:fileops", 636 "//sandboxed_api/util:raw_logging", 637 "//sandboxed_api/util:status", 638 "@com_google_absl//absl/container:flat_hash_set", 639 "@com_google_absl//absl/status", 640 "@com_google_absl//absl/status:statusor", 641 "@com_google_absl//absl/strings", 642 ], 643) 644 645cc_library( 646 name = "forkserver", 647 srcs = ["forkserver.cc"], 648 hdrs = ["forkserver.h"], 649 copts = sapi_platform_copts(), 650 deps = [ 651 ":client", 652 ":comms", 653 ":fork_client", 654 ":forkserver_cc_proto", 655 ":namespace", 656 ":policy", 657 ":sanitizer", 658 ":syscall", 659 ":util", 660 "//sandboxed_api/sandbox2/util:bpf_helper", 661 "//sandboxed_api/util:fileops", 662 "//sandboxed_api/util:raw_logging", 663 "//sandboxed_api/util:strerror", 664 "@com_google_absl//absl/base:core_headers", 665 "@com_google_absl//absl/container:flat_hash_map", 666 "@com_google_absl//absl/container:flat_hash_set", 667 "@com_google_absl//absl/log", 668 "@com_google_absl//absl/status", 669 "@com_google_absl//absl/status:statusor", 670 "@com_google_absl//absl/strings", 671 "@org_kernel_libcap//:libcap", 672 ], 673) 674 675cc_library( 676 name = "fork_client", 677 srcs = ["fork_client.cc"], 678 hdrs = ["fork_client.h"], 679 copts = sapi_platform_copts(), 680 visibility = ["//visibility:public"], 681 deps = [ 682 ":comms", 683 ":forkserver_cc_proto", 684 "//sandboxed_api/util:fileops", 685 "@com_google_absl//absl/base:core_headers", 686 "@com_google_absl//absl/log", 687 "@com_google_absl//absl/log:check", 688 "@com_google_absl//absl/synchronization", 689 ], 690) 691 692cc_library( 693 name = "mounts", 694 srcs = ["mounts.cc"], 695 hdrs = ["mounts.h"], 696 copts = sapi_platform_copts(), 697 deps = [ 698 ":mount_tree_cc_proto", 699 "//sandboxed_api:config", 700 "//sandboxed_api/sandbox2/util:minielf", 701 "//sandboxed_api/util:file_base", 702 "//sandboxed_api/util:fileops", 703 "//sandboxed_api/util:raw_logging", 704 "//sandboxed_api/util:status", 705 "@com_google_absl//absl/container:flat_hash_set", 706 "@com_google_absl//absl/status", 707 "@com_google_absl//absl/status:statusor", 708 "@com_google_absl//absl/strings", 709 ], 710) 711 712cc_test( 713 name = "mounts_test", 714 srcs = ["mounts_test.cc"], 715 copts = sapi_platform_copts(), 716 data = ["//sandboxed_api/sandbox2/testcases:minimal_dynamic"], 717 deps = [ 718 ":mounts", 719 "//sandboxed_api:testing", 720 "//sandboxed_api/util:file_base", 721 "//sandboxed_api/util:status_matchers", 722 "//sandboxed_api/util:temp_file", 723 "@com_google_absl//absl/status", 724 "@com_google_absl//absl/strings", 725 "@com_google_googletest//:gtest_main", 726 ], 727) 728 729cc_library( 730 name = "namespace", 731 srcs = ["namespace.cc"], 732 hdrs = ["namespace.h"], 733 copts = sapi_platform_copts(), 734 deps = [ 735 ":mounts", 736 ":violation_cc_proto", 737 "//sandboxed_api/util:file_base", 738 "//sandboxed_api/util:fileops", 739 "//sandboxed_api/util:raw_logging", 740 "@com_google_absl//absl/strings", 741 ], 742) 743 744cc_test( 745 name = "namespace_test", 746 srcs = ["namespace_test.cc"], 747 copts = sapi_platform_copts(), 748 data = [ 749 "//sandboxed_api/sandbox2/testcases:namespace", 750 ], 751 tags = [ 752 "requires-net:external", 753 ], 754 deps = [ 755 ":namespace", 756 ":sandbox2", 757 ":testonly_allow_all_syscalls", 758 "//sandboxed_api:config", 759 "//sandboxed_api:testing", 760 "//sandboxed_api/util:fileops", 761 "//sandboxed_api/util:status_matchers", 762 "//sandboxed_api/util:temp_file", 763 "@com_google_absl//absl/log:check", 764 "@com_google_absl//absl/status:statusor", 765 "@com_google_absl//absl/strings", 766 "@com_google_googletest//:gtest_main", 767 ], 768) 769 770cc_library( 771 name = "forkingclient", 772 srcs = ["forkingclient.cc"], 773 hdrs = ["forkingclient.h"], 774 copts = sapi_platform_copts(), 775 visibility = ["//visibility:public"], 776 deps = [ 777 ":client", 778 ":comms", 779 ":forkserver", 780 ":sanitizer", 781 "//sandboxed_api/util:raw_logging", 782 "@com_google_absl//absl/log", 783 "@com_google_absl//absl/log:check", 784 ], 785) 786 787cc_library( 788 name = "util", 789 srcs = ["util.cc"], 790 hdrs = ["util.h"], 791 # The default is 16384, however we need to do a clone with a 792 # stack-allocated buffer -- and PTHREAD_STACK_MIN also happens to be 16384. 793 # Thus the slight increase. 794 copts = sapi_platform_copts(), 795 visibility = ["//visibility:public"], 796 deps = [ 797 "//sandboxed_api:config", 798 "//sandboxed_api/util:file_base", 799 "//sandboxed_api/util:file_helpers", 800 "//sandboxed_api/util:fileops", 801 "//sandboxed_api/util:raw_logging", 802 "@com_google_absl//absl/base:core_headers", 803 "@com_google_absl//absl/status", 804 "@com_google_absl//absl/status:statusor", 805 "@com_google_absl//absl/strings", 806 "@com_google_absl//absl/strings:str_format", 807 ], 808) 809 810cc_library( 811 name = "buffer", 812 srcs = ["buffer.cc"], 813 hdrs = ["buffer.h"], 814 copts = sapi_platform_copts(), 815 visibility = ["//visibility:public"], 816 deps = [ 817 ":util", 818 "@com_google_absl//absl/memory", 819 "@com_google_absl//absl/status", 820 "@com_google_absl//absl/status:statusor", 821 ], 822) 823 824cc_test( 825 name = "buffer_test", 826 srcs = ["buffer_test.cc"], 827 copts = sapi_platform_copts(), 828 data = ["//sandboxed_api/sandbox2/testcases:buffer"], 829 tags = ["no_qemu_user_mode"], 830 deps = [ 831 ":buffer", 832 ":sandbox2", 833 "//sandboxed_api:testing", 834 "//sandboxed_api/util:status_matchers", 835 "@com_google_googletest//:gtest_main", 836 ], 837) 838 839sapi_proto_library( 840 name = "forkserver_proto", 841 srcs = ["forkserver.proto"], 842 copts = sapi_platform_copts(), 843 deps = [":mount_tree_proto"], 844) 845 846sapi_proto_library( 847 name = "mount_tree_proto", 848 srcs = ["mount_tree.proto"], 849) 850 851cc_library( 852 name = "comms", 853 srcs = ["comms.cc"], 854 hdrs = ["comms.h"], 855 copts = sapi_platform_copts(), 856 visibility = ["//visibility:public"], 857 deps = [ 858 ":util", 859 "//sandboxed_api/util:fileops", 860 "//sandboxed_api/util:raw_logging", 861 "//sandboxed_api/util:status", 862 "//sandboxed_api/util:status_cc_proto", 863 "@com_google_absl//absl/base:core_headers", 864 "@com_google_absl//absl/base:dynamic_annotations", 865 "@com_google_absl//absl/log:die_if_null", 866 "@com_google_absl//absl/status", 867 "@com_google_absl//absl/status:statusor", 868 "@com_google_absl//absl/strings", 869 "@com_google_absl//absl/strings:str_format", 870 "@com_google_protobuf//:protobuf", 871 ], 872) 873 874sapi_proto_library( 875 name = "comms_test_proto", 876 srcs = ["comms_test.proto"], 877) 878 879cc_test( 880 name = "comms_test", 881 srcs = ["comms_test.cc"], 882 copts = sapi_platform_copts(), 883 deps = [ 884 ":comms", 885 ":comms_test_cc_proto", 886 "//sandboxed_api/util:status_matchers", 887 "@com_google_absl//absl/container:fixed_array", 888 "@com_google_absl//absl/log", 889 "@com_google_absl//absl/log:check", 890 "@com_google_absl//absl/status", 891 "@com_google_absl//absl/strings", 892 "@com_google_googletest//:gtest_main", 893 ], 894) 895 896cc_test( 897 name = "forkserver_test", 898 srcs = ["forkserver_test.cc"], 899 copts = sapi_platform_copts(), 900 data = ["//sandboxed_api/sandbox2/testcases:minimal"], 901 tags = ["no_qemu_user_mode"], 902 deps = [ 903 ":forkserver", 904 ":forkserver_cc_proto", 905 ":global_forkserver", 906 ":sandbox2", 907 "//sandboxed_api:testing", 908 "//sandboxed_api/util:raw_logging", 909 "@com_google_absl//absl/log", 910 "@com_google_absl//absl/log:check", 911 "@com_google_absl//absl/strings", 912 "@com_google_googletest//:gtest_main", 913 ], 914) 915 916cc_test( 917 name = "limits_test", 918 srcs = ["limits_test.cc"], 919 copts = sapi_platform_copts(), 920 data = [ 921 "//sandboxed_api/sandbox2/testcases:limits", 922 ], 923 deps = [ 924 ":limits", 925 ":sandbox2", 926 "//sandboxed_api:config", 927 "//sandboxed_api:testing", 928 "//sandboxed_api/util:status_matchers", 929 "@com_google_googletest//:gtest_main", 930 ], 931) 932 933cc_test( 934 name = "notify_test", 935 srcs = ["notify_test.cc"], 936 copts = sapi_platform_copts(), 937 data = [ 938 "//sandboxed_api/sandbox2/testcases:personality", 939 "//sandboxed_api/sandbox2/testcases:pidcomms", 940 ], 941 tags = ["no_qemu_user_mode"], 942 deps = [ 943 ":comms", 944 ":sandbox2", 945 ":trace_all_syscalls", 946 "//sandboxed_api:testing", 947 "@com_google_absl//absl/log", 948 "@com_google_absl//absl/strings", 949 "@com_google_googletest//:gtest_main", 950 ], 951) 952 953cc_test( 954 name = "policy_test", 955 srcs = ["policy_test.cc"], 956 copts = sapi_platform_copts(), 957 data = [ 958 "//sandboxed_api/sandbox2/testcases:add_policy_on_syscalls", 959 "//sandboxed_api/sandbox2/testcases:malloc_system", 960 "//sandboxed_api/sandbox2/testcases:minimal", 961 "//sandboxed_api/sandbox2/testcases:minimal_dynamic", 962 "//sandboxed_api/sandbox2/testcases:policy", 963 ], 964 tags = ["no_qemu_user_mode"], 965 deps = [ 966 ":sandbox2", 967 "//sandboxed_api:config", 968 "//sandboxed_api:testing", 969 "//sandboxed_api/sandbox2/util:bpf_helper", 970 "//sandboxed_api/util:status_matchers", 971 "@com_google_absl//absl/strings", 972 "@com_google_googletest//:gtest_main", 973 ], 974) 975 976cc_test( 977 name = "sandbox2_test", 978 srcs = ["sandbox2_test.cc"], 979 copts = sapi_platform_copts(), 980 data = [ 981 "//sandboxed_api/sandbox2/testcases:abort", 982 "//sandboxed_api/sandbox2/testcases:custom_fork", 983 "//sandboxed_api/sandbox2/testcases:minimal", 984 "//sandboxed_api/sandbox2/testcases:sleep", 985 "//sandboxed_api/sandbox2/testcases:starve", 986 "//sandboxed_api/sandbox2/testcases:tsync", 987 ], 988 tags = [ 989 "local", 990 "no_qemu_user_mode", 991 ], 992 deps = [ 993 ":fork_client", 994 ":sandbox2", 995 "//sandboxed_api:config", 996 "//sandboxed_api:testing", 997 "//sandboxed_api/util:status_matchers", 998 "@com_google_absl//absl/status", 999 "@com_google_absl//absl/status:statusor", 1000 "@com_google_absl//absl/strings", 1001 "@com_google_absl//absl/synchronization", 1002 "@com_google_absl//absl/time", 1003 "@com_google_googletest//:gtest_main", 1004 ], 1005) 1006 1007cc_test( 1008 name = "sanitizer_test", 1009 srcs = ["sanitizer_test.cc"], 1010 copts = sapi_platform_copts(), 1011 data = [ 1012 "//sandboxed_api/sandbox2/testcases:close_fds", 1013 "//sandboxed_api/sandbox2/testcases:sanitizer", 1014 ], 1015 tags = ["no_qemu_user_mode"], 1016 deps = [ 1017 ":comms", 1018 ":sandbox2", 1019 ":sanitizer", 1020 ":util", 1021 "//sandboxed_api:testing", 1022 "//sandboxed_api/util:status_matchers", 1023 "@com_google_absl//absl/container:flat_hash_set", 1024 "@com_google_absl//absl/log", 1025 "@com_google_absl//absl/strings", 1026 "@com_google_googletest//:gtest_main", 1027 ], 1028) 1029 1030cc_test( 1031 name = "util_test", 1032 srcs = ["util_test.cc"], 1033 copts = sapi_platform_copts(), 1034 deps = [ 1035 ":util", 1036 "//sandboxed_api/util:status_matchers", 1037 "@com_google_absl//absl/cleanup", 1038 "@com_google_absl//absl/status:statusor", 1039 "@com_google_absl//absl/strings", 1040 "@com_google_googletest//:gtest_main", 1041 ], 1042) 1043 1044cc_test( 1045 name = "stack_trace_test", 1046 srcs = [ 1047 "stack_trace_test.cc", 1048 ], 1049 copts = sapi_platform_copts(), 1050 data = ["//sandboxed_api/sandbox2/testcases:symbolize"], 1051 tags = ["no_qemu_user_mode"], 1052 deps = [ 1053 ":global_forkserver", 1054 ":sandbox2", 1055 ":stack_trace", 1056 "//sandboxed_api:testing", 1057 "//sandboxed_api/util:fileops", 1058 "//sandboxed_api/util:status_matchers", 1059 "@com_google_absl//absl/base:log_severity", 1060 "@com_google_absl//absl/flags:flag", 1061 "@com_google_absl//absl/flags:reflection", 1062 "@com_google_absl//absl/log:check", 1063 "@com_google_absl//absl/log:scoped_mock_log", 1064 "@com_google_absl//absl/strings", 1065 "@com_google_absl//absl/time", 1066 "@com_google_googletest//:gtest_main", 1067 ], 1068) 1069 1070cc_test( 1071 name = "ipc_test", 1072 srcs = ["ipc_test.cc"], 1073 copts = sapi_platform_copts(), 1074 data = ["//sandboxed_api/sandbox2/testcases:ipc"], 1075 tags = ["no_qemu_user_mode"], 1076 deps = [ 1077 ":comms", 1078 ":sandbox2", 1079 "//sandboxed_api:testing", 1080 "//sandboxed_api/util:status_matchers", 1081 "@com_google_googletest//:gtest_main", 1082 ], 1083) 1084 1085cc_library( 1086 name = "testing", 1087 testonly = 1, 1088 hdrs = ["testing.h"], 1089 copts = sapi_platform_copts(), 1090 visibility = ["//visibility:public"], 1091 deps = ["//sandboxed_api:testing"], 1092) 1093 1094sapi_proto_library( 1095 name = "violation_proto", 1096 srcs = ["violation.proto"], 1097 deps = [ 1098 ":mount_tree_proto", 1099 ], 1100) 1101 1102cc_test( 1103 name = "policybuilder_test", 1104 srcs = ["policybuilder_test.cc"], 1105 copts = sapi_platform_copts(), 1106 deps = [ 1107 ":policy", 1108 ":policybuilder", 1109 ":violation_cc_proto", 1110 "//sandboxed_api/sandbox2/util:bpf_helper", 1111 "//sandboxed_api/util:status_matchers", 1112 "@com_google_absl//absl/status", 1113 "@com_google_absl//absl/status:statusor", 1114 "@com_google_absl//absl/strings", 1115 "@com_google_googletest//:gtest_main", 1116 ], 1117) 1118 1119cc_test( 1120 name = "bpfdisassembler_test", 1121 srcs = ["bpfdisassembler_test.cc"], 1122 copts = sapi_platform_copts(), 1123 deps = [ 1124 ":bpfdisassembler", 1125 "//sandboxed_api/sandbox2/util:bpf_helper", 1126 "@com_google_googletest//:gtest_main", 1127 ], 1128) 1129 1130cc_test( 1131 name = "network_proxy_test", 1132 srcs = ["network_proxy_test.cc"], 1133 copts = sapi_platform_copts(), 1134 data = [ 1135 "//sandboxed_api/sandbox2/testcases:network_proxy", 1136 ], 1137 tags = ["no_qemu_user_mode"], 1138 deps = [ 1139 ":sandbox2", 1140 "//sandboxed_api:testing", 1141 "//sandboxed_api/sandbox2/network_proxy:testing", 1142 "//sandboxed_api/util:status_matchers", 1143 "@com_google_absl//absl/status", 1144 "@com_google_absl//absl/strings", 1145 "@com_google_absl//absl/time", 1146 "@com_google_googletest//:gtest_main", 1147 ], 1148) 1149