From de45bd4422f1a8f31c077259dd8ab54e98fa5f8e Mon Sep 17 00:00:00 2001 From: "Brian R. Bondy" Date: Mon, 28 Oct 2013 14:54:36 -0700 Subject: [PATCH] Bug 922756 - Build config for Chromium sandbox. r=bsmedberg --HG-- rename : security/sandbox/LICENSE => security/sandbox/linux/LICENSE rename : security/sandbox/Makefile.in => security/sandbox/linux/Makefile.in rename : security/sandbox/Sandbox.cpp => security/sandbox/linux/Sandbox.cpp rename : security/sandbox/Sandbox.h => security/sandbox/linux/Sandbox.h rename : security/sandbox/android_arm_ucontext.h => security/sandbox/linux/android_arm_ucontext.h rename : security/sandbox/android_i386_ucontext.h => security/sandbox/linux/android_i386_ucontext.h rename : security/sandbox/android_ucontext.h => security/sandbox/linux/android_ucontext.h rename : security/sandbox/arm_linux_syscalls.h => security/sandbox/linux/arm_linux_syscalls.h rename : security/sandbox/linux_seccomp.h => security/sandbox/linux/linux_seccomp.h rename : security/sandbox/linux_syscalls.h => security/sandbox/linux/linux_syscalls.h rename : security/sandbox/moz.build => security/sandbox/linux/moz.build rename : security/sandbox/seccomp_filter.h => security/sandbox/linux/seccomp_filter.h rename : security/sandbox/x86_32_linux_syscalls.h => security/sandbox/linux/x86_32_linux_syscalls.h rename : security/sandbox/x86_64_linux_syscalls.h => security/sandbox/linux/x86_64_linux_syscalls.h --- dom/ipc/ContentChild.cpp | 4 +- security/sandbox/Makefile.in | 12 ++ security/sandbox/{ => linux}/LICENSE | 0 security/sandbox/linux/Makefile.in | 6 + security/sandbox/{ => linux}/Sandbox.cpp | 0 security/sandbox/{ => linux}/Sandbox.h | 0 .../{ => linux}/android_arm_ucontext.h | 0 .../{ => linux}/android_i386_ucontext.h | 0 .../sandbox/{ => linux}/android_ucontext.h | 0 .../sandbox/{ => linux}/arm_linux_syscalls.h | 0 security/sandbox/{ => linux}/linux_seccomp.h | 0 security/sandbox/{ => linux}/linux_syscalls.h | 0 security/sandbox/linux/moz.build | 26 ++++ security/sandbox/{ => linux}/seccomp_filter.h | 0 .../{ => linux}/x86_32_linux_syscalls.h | 0 .../{ => linux}/x86_64_linux_syscalls.h | 0 security/sandbox/moz.build | 122 +++++++++++++++--- toolkit/library/Makefile.in | 2 + 18 files changed, 155 insertions(+), 17 deletions(-) rename security/sandbox/{ => linux}/LICENSE (100%) create mode 100644 security/sandbox/linux/Makefile.in rename security/sandbox/{ => linux}/Sandbox.cpp (100%) rename security/sandbox/{ => linux}/Sandbox.h (100%) rename security/sandbox/{ => linux}/android_arm_ucontext.h (100%) rename security/sandbox/{ => linux}/android_i386_ucontext.h (100%) rename security/sandbox/{ => linux}/android_ucontext.h (100%) rename security/sandbox/{ => linux}/arm_linux_syscalls.h (100%) rename security/sandbox/{ => linux}/linux_seccomp.h (100%) rename security/sandbox/{ => linux}/linux_syscalls.h (100%) create mode 100644 security/sandbox/linux/moz.build rename security/sandbox/{ => linux}/seccomp_filter.h (100%) rename security/sandbox/{ => linux}/x86_32_linux_syscalls.h (100%) rename security/sandbox/{ => linux}/x86_64_linux_syscalls.h (100%) diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp index 8cde6e8ec3d9..340dd1025c13 100644 --- a/dom/ipc/ContentChild.cpp +++ b/dom/ipc/ContentChild.cpp @@ -28,7 +28,7 @@ #include "mozilla/layers/PCompositorChild.h" #include "mozilla/net/NeckoChild.h" #include "mozilla/Preferences.h" -#ifdef MOZ_CONTENT_SANDBOX +#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX) #include "mozilla/Sandbox.h" #endif #include "mozilla/unused.h" @@ -553,7 +553,7 @@ ContentChild::RecvSetProcessPrivileges(const ChildPrivileges& aPrivs) aPrivs; // If this fails, we die. SetCurrentProcessPrivileges(privs); -#ifdef MOZ_CONTENT_SANDBOX +#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX) // SetCurrentProcessSandbox should be moved close to process initialization // time if/when possible. SetCurrentProcessPrivileges should probably be // moved as well. Right now this is set ONLY if we receive the diff --git a/security/sandbox/Makefile.in b/security/sandbox/Makefile.in index 40dabda4efc2..f9e02de8a957 100644 --- a/security/sandbox/Makefile.in +++ b/security/sandbox/Makefile.in @@ -2,5 +2,17 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. +ifeq ($(OS_ARCH),WINNT) +LOCAL_INCLUDES += \ + -I$(topsrcdir)/security/sandbox/base/shim \ + -I$(topsrcdir)/security \ + -I$(topsrcdir)/nsprpub \ + $(NULL) + +DEFINES += -DUNICODE -D_UNICODE -DNS_NO_XPCOM -DSANDBOX_EXPORTS -DNOMINMAX -D_CRT_RAND_S + +STL_FLAGS = +MOZ_GLUE_LDFLAGS = +endif include $(topsrcdir)/config/rules.mk diff --git a/security/sandbox/LICENSE b/security/sandbox/linux/LICENSE similarity index 100% rename from security/sandbox/LICENSE rename to security/sandbox/linux/LICENSE diff --git a/security/sandbox/linux/Makefile.in b/security/sandbox/linux/Makefile.in new file mode 100644 index 000000000000..40dabda4efc2 --- /dev/null +++ b/security/sandbox/linux/Makefile.in @@ -0,0 +1,6 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + + +include $(topsrcdir)/config/rules.mk diff --git a/security/sandbox/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp similarity index 100% rename from security/sandbox/Sandbox.cpp rename to security/sandbox/linux/Sandbox.cpp diff --git a/security/sandbox/Sandbox.h b/security/sandbox/linux/Sandbox.h similarity index 100% rename from security/sandbox/Sandbox.h rename to security/sandbox/linux/Sandbox.h diff --git a/security/sandbox/android_arm_ucontext.h b/security/sandbox/linux/android_arm_ucontext.h similarity index 100% rename from security/sandbox/android_arm_ucontext.h rename to security/sandbox/linux/android_arm_ucontext.h diff --git a/security/sandbox/android_i386_ucontext.h b/security/sandbox/linux/android_i386_ucontext.h similarity index 100% rename from security/sandbox/android_i386_ucontext.h rename to security/sandbox/linux/android_i386_ucontext.h diff --git a/security/sandbox/android_ucontext.h b/security/sandbox/linux/android_ucontext.h similarity index 100% rename from security/sandbox/android_ucontext.h rename to security/sandbox/linux/android_ucontext.h diff --git a/security/sandbox/arm_linux_syscalls.h b/security/sandbox/linux/arm_linux_syscalls.h similarity index 100% rename from security/sandbox/arm_linux_syscalls.h rename to security/sandbox/linux/arm_linux_syscalls.h diff --git a/security/sandbox/linux_seccomp.h b/security/sandbox/linux/linux_seccomp.h similarity index 100% rename from security/sandbox/linux_seccomp.h rename to security/sandbox/linux/linux_seccomp.h diff --git a/security/sandbox/linux_syscalls.h b/security/sandbox/linux/linux_syscalls.h similarity index 100% rename from security/sandbox/linux_syscalls.h rename to security/sandbox/linux/linux_syscalls.h diff --git a/security/sandbox/linux/moz.build b/security/sandbox/linux/moz.build new file mode 100644 index 000000000000..6a117a291204 --- /dev/null +++ b/security/sandbox/linux/moz.build @@ -0,0 +1,26 @@ +# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +FAIL_ON_WARNINGS = True + +MODULE = 'sandbox' + +EXPORTS.mozilla += [ + 'Sandbox.h', +] + +SOURCES += [ + 'Sandbox.cpp', +] + +LIBXUL_LIBRARY = True + +LIBRARY_NAME = 'sandbox_s' + +EXPORT_LIBRARY = True + +include('/ipc/chromium/chromium-config.mozbuild') + diff --git a/security/sandbox/seccomp_filter.h b/security/sandbox/linux/seccomp_filter.h similarity index 100% rename from security/sandbox/seccomp_filter.h rename to security/sandbox/linux/seccomp_filter.h diff --git a/security/sandbox/x86_32_linux_syscalls.h b/security/sandbox/linux/x86_32_linux_syscalls.h similarity index 100% rename from security/sandbox/x86_32_linux_syscalls.h rename to security/sandbox/linux/x86_32_linux_syscalls.h diff --git a/security/sandbox/x86_64_linux_syscalls.h b/security/sandbox/linux/x86_64_linux_syscalls.h similarity index 100% rename from security/sandbox/x86_64_linux_syscalls.h rename to security/sandbox/linux/x86_64_linux_syscalls.h diff --git a/security/sandbox/moz.build b/security/sandbox/moz.build index 6a117a291204..6b386953860f 100644 --- a/security/sandbox/moz.build +++ b/security/sandbox/moz.build @@ -4,23 +4,115 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -FAIL_ON_WARNINGS = True +if CONFIG['OS_ARCH'] == 'Linux': -MODULE = 'sandbox' + DIRS += ['linux'] -EXPORTS.mozilla += [ - 'Sandbox.h', -] +elif CONFIG['OS_ARCH'] == 'WINNT': -SOURCES += [ - 'Sandbox.cpp', -] + MODULE = 'sandbox' + LIBRARY_NAME = 'sandbox_s' + EXPORT_LIBRARY = True -LIBXUL_LIBRARY = True - -LIBRARY_NAME = 'sandbox_s' - -EXPORT_LIBRARY = True - -include('/ipc/chromium/chromium-config.mozbuild') + SOURCES += [ + 'base/at_exit.cc', + 'base/base_switches.cc', + 'base/callback_internal.cc', + 'base/cpu.cc', + 'base/debug/alias.cc', + 'base/debug/profiler.cc', + 'base/lazy_instance.cc', + 'base/location.cc', + 'base/memory/ref_counted.cc', + 'base/memory/singleton.cc', + 'base/shim/base/logging.cpp', + 'base/strings/nullable_string16.cc', + 'base/strings/string_number_conversions.cc', + 'base/strings/string_piece.cc', + 'base/strings/string_util_constants.cc', + 'base/strings/string_util_stripped.cc', + 'base/strings/stringprintf.cc', + 'base/strings/utf_string_conversion_utils.cc', + 'base/strings/utf_string_conversions.cc', + 'base/synchronization/lock.cc', + 'base/synchronization/lock_impl_win.cc', + 'base/third_party/dmg_fp/dtoa.cc', + 'base/third_party/dmg_fp/g_fmt.cc', + 'base/third_party/icu/icu_utf.cc', + 'base/threading/platform_thread_win.cc', + 'base/threading/thread_collision_warner.cc', + 'base/threading/thread_id_name_manager.cc', + 'base/threading/thread_local_win.cc', + 'base/threading/thread_restrictions.cc', + 'base/time/time.cc', + 'base/time/time_win.cc', + 'base/win/event_trace_provider.cc', + 'base/win/pe_image.cc', + 'base/win/registry.cc', + 'base/win/scoped_handle.cc', + 'base/win/scoped_process_information.cc', + 'base/win/startup_information.cc', + 'base/win/windows_version.cc', + 'win/src/acl.cc', + 'win/src/app_container.cc', + 'win/src/broker_services.cc', + 'win/src/crosscall_server.cc', + 'win/src/eat_resolver.cc', + 'win/src/filesystem_dispatcher.cc', + 'win/src/filesystem_interception.cc', + 'win/src/filesystem_policy.cc', + 'win/src/handle_closer.cc', + 'win/src/handle_closer_agent.cc', + 'win/src/handle_dispatcher.cc', + 'win/src/handle_interception.cc', + 'win/src/handle_policy.cc', + 'win/src/handle_table.cc', + 'win/src/interception.cc', + 'win/src/interception_agent.cc', + 'win/src/job.cc', + 'win/src/named_pipe_dispatcher.cc', + 'win/src/named_pipe_interception.cc', + 'win/src/named_pipe_policy.cc', + 'win/src/policy_broker.cc', + 'win/src/policy_engine_opcodes.cc', + 'win/src/policy_engine_processor.cc', + 'win/src/policy_low_level.cc', + 'win/src/policy_target.cc', + 'win/src/process_mitigations.cc', + 'win/src/process_thread_dispatcher.cc', + 'win/src/process_thread_interception.cc', + 'win/src/process_thread_policy.cc', + 'win/src/registry_dispatcher.cc', + 'win/src/registry_interception.cc', + 'win/src/registry_policy.cc', + 'win/src/resolver.cc', + 'win/src/resolver_32.cc', + 'win/src/restricted_token.cc', + 'win/src/restricted_token_utils.cc', + 'win/src/sandbox.cc', + 'win/src/sandbox_nt_util.cc', + 'win/src/sandbox_policy_base.cc', + 'win/src/sandbox_utils.cc', + 'win/src/service_resolver.cc', + 'win/src/service_resolver_32.cc', + 'win/src/shared_handles.cc', + 'win/src/sharedmem_ipc_client.cc', + 'win/src/sharedmem_ipc_server.cc', + 'win/src/sid.cc', + 'win/src/sidestep/ia32_modrm_map.cpp', + 'win/src/sidestep/ia32_opcode_map.cpp', + 'win/src/sidestep/mini_disassembler.cpp', + 'win/src/sidestep/preamble_patcher_with_stub.cpp', + 'win/src/sidestep_resolver.cc', + 'win/src/sync_dispatcher.cc', + 'win/src/sync_interception.cc', + 'win/src/sync_policy.cc', + 'win/src/target_interceptions.cc', + 'win/src/target_process.cc', + 'win/src/target_services.cc', + 'win/src/win2k_threadpool.cc', + 'win/src/win_utils.cc', + 'win/src/window.cc', + 'win/src/Wow64.cc', + ] diff --git a/toolkit/library/Makefile.in b/toolkit/library/Makefile.in index 7f923e15d782..292d46edf9df 100644 --- a/toolkit/library/Makefile.in +++ b/toolkit/library/Makefile.in @@ -82,7 +82,9 @@ STATIC_LIBS += \ $(NULL) ifdef MOZ_CONTENT_SANDBOX #{ +ifeq ($(OS_ARCH),Linux) STATIC_LIBS += sandbox_s +endif endif #} ifdef MOZ_B2G_RIL #{