| # Copyright 2019 Google LLC. All Rights Reserved. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # Description: sandbox2 is a C++ sandbox technology for Linux. |
| |
| package(default_visibility = [ |
| "//sandboxed_api:__subpackages__", |
| ]) |
| |
| licenses(["notice"]) # Apache 2.0 |
| |
| load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") |
| load("//sandboxed_api/bazel:embed_data.bzl", "sapi_cc_embed_data") |
| load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library") |
| |
| cc_library( |
| name = "bpfdisassembler", |
| srcs = ["bpfdisassembler.cc"], |
| hdrs = ["bpfdisassembler.h"], |
| copts = sapi_platform_copts(), |
| deps = ["@com_google_absl//absl/strings"], |
| ) |
| |
| cc_library( |
| name = "regs", |
| srcs = ["regs.cc"], |
| hdrs = ["regs.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":syscall", |
| ":violation_proto_cc", |
| "//sandboxed_api/sandbox2/util:strerror", |
| "//sandboxed_api/util:status", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| cc_library( |
| name = "syscall", |
| srcs = [ |
| "syscall.cc", |
| "syscall_defs.cc", |
| "syscall_defs.h", |
| ], |
| hdrs = ["syscall.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":util", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/strings:str_format", |
| "@com_google_absl//absl/types:span", |
| "@com_google_glog//:glog", |
| ], |
| ) |
| |
| cc_test( |
| name = "syscall_test", |
| srcs = ["syscall_test.cc"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":syscall", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_library( |
| name = "result", |
| srcs = ["result.cc"], |
| hdrs = ["result.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":regs", |
| ":syscall", |
| ":util", |
| "//sandboxed_api/util:status", |
| "@com_google_absl//absl/base", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| sapi_proto_library( |
| name = "logserver_proto", |
| srcs = ["logserver.proto"], |
| ) |
| |
| cc_library( |
| name = "logserver", |
| srcs = ["logserver.cc"], |
| hdrs = ["logserver.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":comms", |
| ":logserver_proto_cc", |
| "@com_google_glog//:glog", |
| ], |
| ) |
| |
| cc_library( |
| name = "logsink", |
| srcs = ["logsink.cc"], |
| hdrs = ["logsink.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":comms", |
| ":logserver_proto_cc", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/synchronization", |
| "@com_google_glog//:glog", |
| ], |
| ) |
| |
| cc_library( |
| name = "network_proxy_server", |
| srcs = ["network_proxy_server.cc"], |
| hdrs = ["network_proxy_server.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":comms", |
| "//sandboxed_api/sandbox2/util:fileops", |
| "@com_google_absl//absl/memory", |
| "@com_google_glog//:glog", |
| ], |
| ) |
| |
| cc_library( |
| name = "network_proxy_client", |
| srcs = ["network_proxy_client.cc"], |
| hdrs = ["network_proxy_client.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":comms", |
| "//sandboxed_api/sandbox2/util:strerror", |
| "//sandboxed_api/util:status", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/synchronization", |
| "@com_google_glog//:glog", |
| ], |
| ) |
| |
| cc_library( |
| name = "ipc", |
| srcs = ["ipc.cc"], |
| hdrs = ["ipc.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":comms", |
| ":logserver", |
| ":logsink", |
| ":network_proxy_client", |
| ":network_proxy_server", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| cc_library( |
| name = "policy", |
| srcs = ["policy.cc"], |
| hdrs = ["policy.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":bpfdisassembler", |
| ":comms", |
| ":namespace", |
| ":regs", |
| ":syscall", |
| ":violation_proto_cc", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:flags", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/types:optional", |
| "@org_kernel_libcap//:libcap", |
| ], |
| ) |
| |
| cc_library( |
| name = "notify", |
| srcs = [], |
| hdrs = ["notify.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":comms", |
| ":result", |
| ":syscall", |
| ], |
| ) |
| |
| cc_library( |
| name = "limits", |
| hdrs = ["limits.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/time", |
| ], |
| ) |
| |
| cc_binary( |
| name = "forkserver_bin", |
| srcs = ["forkserver_bin.cc"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":client", |
| ":comms", |
| ":forkserver", |
| "//sandboxed_api/sandbox2/util:strerror", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| sapi_cc_embed_data( |
| name = "forkserver_bin_embed", |
| srcs = [":forkserver_bin.stripped"], |
| ) |
| |
| cc_library( |
| name = "global_forkserver", |
| srcs = ["global_forkclient.cc"], |
| hdrs = ["global_forkclient.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":client", |
| ":comms", |
| ":forkserver", |
| ":forkserver_bin_embed", |
| "//sandboxed_api:embed_file", |
| "//sandboxed_api/sandbox2/util:strerror", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| cc_library( |
| name = "executor", |
| srcs = ["executor.cc"], |
| hdrs = ["executor.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":forkserver", |
| ":forkserver_proto", |
| ":global_forkserver", |
| ":ipc", |
| ":limits", |
| ":namespace", |
| ":util", |
| "//sandboxed_api/sandbox2/util:fileops", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| "@org_kernel_libcap//:libcap", |
| ], |
| ) |
| |
| # Should not be used in sandboxee code if it only uses sandbox2::Comms and |
| # sandbox2::Client objects |
| cc_library( |
| name = "sandbox2", |
| srcs = [ |
| "monitor.cc", |
| "monitor.h", |
| "policybuilder.cc", |
| "sandbox2.cc", |
| "stack_trace.cc", |
| ], |
| hdrs = [ |
| "client.h", |
| "executor.h", |
| "ipc.h", |
| "limits.h", |
| "notify.h", |
| "policy.h", |
| "policybuilder.h", |
| "regs.h", |
| "result.h", |
| "sandbox2.h", |
| "stack_trace.h", |
| "syscall.h", |
| ], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":client", |
| ":executor", |
| ":comms", |
| ":violation_proto_cc", |
| ":forkserver", |
| ":forkserver_proto_cc", |
| ":global_forkserver", |
| ":ipc", |
| ":limits", |
| ":logsink", |
| ":mounts", |
| ":namespace", |
| ":notify", |
| ":policy", |
| ":regs", |
| ":result", |
| ":syscall", |
| ":util", |
| ":network_proxy_client", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/container:flat_hash_map", |
| "@com_google_absl//absl/container:flat_hash_set", |
| "//sandboxed_api/util:flags", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/strings:str_format", |
| "@com_google_absl//absl/synchronization", |
| "@com_google_absl//absl/time", |
| "@com_google_absl//absl/types:optional", |
| "@org_kernel_libcap//:libcap", |
| "//sandboxed_api/sandbox2/unwind", |
| "//sandboxed_api/sandbox2/unwind:unwind_proto_cc", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/sandbox2/util:file_base", |
| "//sandboxed_api/sandbox2/util:fileops", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "//sandboxed_api/util:statusor", |
| |
| # Do not remove this dependency as it defines ptrace_wrapped. |
| "//sandboxed_api/sandbox2/unwind:ptrace_hook", # buildcleaner: keep |
| ], |
| ) |
| |
| # Should be used in sandboxee code instead of :sandbox2 if it uses just |
| # sandbox2::Client::SandboxMeHere() and sandbox2::Comms |
| cc_library( |
| name = "client", |
| srcs = [ |
| "client.cc", |
| "sanitizer.cc", |
| ], |
| hdrs = [ |
| "client.h", |
| "sanitizer.h", |
| ], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":comms", |
| ":logsink", |
| ":network_proxy_client", |
| "//sandboxed_api/sandbox2/util:file_helpers", |
| "//sandboxed_api/sandbox2/util:fileops", |
| "//sandboxed_api/sandbox2/util:strerror", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| cc_library( |
| name = "forkserver", |
| srcs = ["forkserver.cc"], |
| hdrs = ["forkserver.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":client", |
| ":comms", |
| ":forkserver_proto_cc", |
| ":namespace", |
| ":policy", |
| ":syscall", |
| ":util", |
| "//sandboxed_api/sandbox2/unwind", |
| "//sandboxed_api/sandbox2/unwind:ptrace_hook", |
| "//sandboxed_api/sandbox2/unwind:unwind_proto_cc", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/sandbox2/util:fileops", |
| "//sandboxed_api/sandbox2/util:strerror", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "//sandboxed_api/util:statusor", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/strings:str_format", |
| "@com_google_absl//absl/synchronization", |
| "@org_kernel_libcap//:libcap", |
| ], |
| ) |
| |
| cc_library( |
| name = "mounts", |
| srcs = ["mounts.cc"], |
| hdrs = ["mounts.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":mounttree_proto_cc", |
| "//sandboxed_api/sandbox2/util:file_base", |
| "//sandboxed_api/sandbox2/util:fileops", |
| "//sandboxed_api/sandbox2/util:minielf", |
| "//sandboxed_api/sandbox2/util:strerror", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "//sandboxed_api/util:statusor", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/container:flat_hash_set", |
| "@com_google_absl//absl/strings", |
| "@com_google_protobuf//:protobuf", |
| ], |
| ) |
| |
| cc_test( |
| name = "mounts_test", |
| srcs = ["mounts_test.cc"], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:minimal_dynamic"], |
| deps = [ |
| ":mounts", |
| ":testing", |
| "//sandboxed_api/sandbox2/util:file_base", |
| "//sandboxed_api/sandbox2/util:file_helpers", |
| "//sandboxed_api/sandbox2/util:temp_file", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_library( |
| name = "namespace", |
| srcs = ["namespace.cc"], |
| hdrs = ["namespace.h"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":mounts", |
| ":mounttree_proto_cc", |
| ":util", |
| ":violation_proto_cc", |
| "//sandboxed_api/sandbox2/util:file_base", |
| "//sandboxed_api/sandbox2/util:fileops", |
| "//sandboxed_api/sandbox2/util:strerror", |
| "//sandboxed_api/util:raw_logging", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/strings:str_format", |
| ], |
| ) |
| |
| cc_test( |
| name = "namespace_test", |
| srcs = ["namespace_test.cc"], |
| copts = sapi_platform_copts(), |
| data = [ |
| "//sandboxed_api/sandbox2/testcases:hostname", |
| "//sandboxed_api/sandbox2/testcases:namespace", |
| ], |
| deps = [ |
| ":comms", |
| ":namespace", |
| ":sandbox2", |
| ":testing", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_library( |
| name = "forkingclient", |
| srcs = ["forkingclient.cc"], |
| hdrs = ["forkingclient.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":client", |
| ":comms", |
| ":forkserver", |
| "@com_google_absl//absl/memory", |
| ], |
| ) |
| |
| cc_library( |
| name = "util", |
| srcs = ["util.cc"], |
| hdrs = ["util.h"], |
| # The default is 16384, however we need to do a clone with a |
| # stack-allocated buffer -- and PTHREAD_STACK_MIN also happens to be 16384. |
| # Thus the slight increase. |
| copts = sapi_platform_copts(["-Wframe-larger-than=17000"]), |
| visibility = ["//visibility:public"], |
| deps = [ |
| "//sandboxed_api/sandbox2/util:file_base", |
| "//sandboxed_api/sandbox2/util:fileops", |
| "//sandboxed_api/sandbox2/util:strerror", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "//sandboxed_api/util:statusor", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/strings:str_format", |
| ], |
| ) |
| |
| cc_library( |
| name = "buffer", |
| srcs = ["buffer.cc"], |
| hdrs = ["buffer.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":util", |
| "//sandboxed_api/sandbox2/util:strerror", |
| "//sandboxed_api/util:status", |
| "//sandboxed_api/util:statusor", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| cc_test( |
| name = "buffer_test", |
| srcs = ["buffer_test.cc"], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:buffer"], |
| deps = [ |
| ":buffer", |
| ":comms", |
| ":sandbox2", |
| ":testing", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/memory", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| sapi_proto_library( |
| name = "forkserver_proto", |
| srcs = ["forkserver.proto"], |
| copts = sapi_platform_copts(), |
| deps = [":mounttree_proto"], |
| ) |
| |
| sapi_proto_library( |
| name = "mounttree_proto", |
| srcs = ["mounttree.proto"], |
| ) |
| |
| cc_library( |
| name = "comms", |
| srcs = ["comms.cc"], |
| hdrs = ["comms.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| ":util", |
| "//sandboxed_api/sandbox2/util:strerror", |
| "//sandboxed_api/util:raw_logging", |
| "//sandboxed_api/util:status", |
| "//sandboxed_api/util:status_proto", |
| "//sandboxed_api/util:statusor", |
| "@com_google_absl//absl/base:core_headers", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| "@com_google_absl//absl/strings:str_format", |
| "@com_google_absl//absl/synchronization", |
| "@com_google_protobuf//:protobuf", |
| ], |
| ) |
| |
| sapi_proto_library( |
| name = "comms_test_proto", |
| srcs = ["comms_test.proto"], |
| ) |
| |
| cc_test( |
| name = "comms_test", |
| srcs = ["comms_test.cc"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":comms", |
| ":comms_test_proto_cc", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/container:fixed_array", |
| "@com_google_absl//absl/strings", |
| "@com_google_glog//:glog", |
| "@com_google_googletest//:gtest_main", |
| "@com_google_protobuf//:protobuf", |
| ], |
| ) |
| |
| cc_test( |
| name = "forkserver_test", |
| srcs = [ |
| "forkserver_test.cc", |
| "global_forkclient.h", |
| ], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:minimal"], |
| deps = [ |
| ":comms", |
| ":forkserver", |
| ":forkserver_proto_cc", |
| ":sandbox2", |
| ":testing", |
| "@com_google_absl//absl/strings", |
| "@com_google_glog//:glog", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "limits_test", |
| srcs = ["limits_test.cc"], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:limits"], |
| deps = [ |
| ":limits", |
| ":sandbox2", |
| ":testing", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/memory", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "notify_test", |
| srcs = ["notify_test.cc"], |
| copts = sapi_platform_copts(), |
| data = [ |
| "//sandboxed_api/sandbox2/testcases:personality", |
| "//sandboxed_api/sandbox2/testcases:pidcomms", |
| ], |
| deps = [ |
| ":comms", |
| ":regs", |
| ":sandbox2", |
| ":testing", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "policy_test", |
| srcs = ["policy_test.cc"], |
| copts = sapi_platform_copts(), |
| data = [ |
| "//sandboxed_api/sandbox2/testcases:add_policy_on_syscalls", |
| "//sandboxed_api/sandbox2/testcases:malloc_system", |
| "//sandboxed_api/sandbox2/testcases:minimal", |
| "//sandboxed_api/sandbox2/testcases:minimal_dynamic", |
| "//sandboxed_api/sandbox2/testcases:policy", |
| ], |
| deps = [ |
| ":limits", |
| ":regs", |
| ":sandbox2", |
| ":testing", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "sandbox2_test", |
| srcs = ["sandbox2_test.cc"], |
| copts = sapi_platform_copts(), |
| data = [ |
| "//sandboxed_api/sandbox2/testcases:abort", |
| "//sandboxed_api/sandbox2/testcases:minimal", |
| "//sandboxed_api/sandbox2/testcases:sleep", |
| "//sandboxed_api/sandbox2/testcases:starve", |
| "//sandboxed_api/sandbox2/testcases:tsync", |
| ], |
| tags = ["local"], |
| deps = [ |
| ":sandbox2", |
| ":testing", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "sanitizer_test", |
| srcs = ["sanitizer_test.cc"], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:sanitizer"], |
| deps = [ |
| ":client", |
| ":comms", |
| ":sandbox2", |
| ":testing", |
| ":util", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "util_test", |
| srcs = ["util_test.cc"], |
| copts = sapi_platform_copts(), |
| deps = [ |
| ":testing", |
| ":util", |
| "//sandboxed_api/sandbox2/util:file_base", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "stack_trace_test", |
| srcs = ["stack_trace_test.cc"], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:symbolize"], |
| deps = [ |
| ":global_forkserver", |
| ":sandbox2", |
| ":testing", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/sandbox2/util:fileops", |
| "//sandboxed_api/sandbox2/util:temp_file", |
| "//sandboxed_api/util:flags", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| cc_test( |
| name = "ipc_test", |
| srcs = ["ipc_test.cc"], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:ipc"], |
| deps = [ |
| ":comms", |
| ":sandbox2", |
| ":testing", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/memory", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |
| |
| # Utility library for writing tests |
| cc_library( |
| name = "testing", |
| testonly = 1, |
| srcs = ["testing.cc"], |
| hdrs = ["testing.h"], |
| copts = sapi_platform_copts(), |
| visibility = ["//visibility:public"], |
| deps = [ |
| "//sandboxed_api/sandbox2/util:file_base", |
| "@com_google_absl//absl/strings", |
| ], |
| ) |
| |
| sapi_proto_library( |
| name = "violation_proto", |
| srcs = ["violation.proto"], |
| deps = [":mounttree_proto"], |
| ) |
| |
| cc_test( |
| name = "policybuilder_test", |
| srcs = ["policybuilder_test.cc"], |
| copts = sapi_platform_copts(), |
| data = ["//sandboxed_api/sandbox2/testcases:print_fds"], |
| deps = [ |
| ":comms", |
| ":sandbox2", |
| ":testing", |
| "//sandboxed_api/sandbox2/util:bpf_helper", |
| "//sandboxed_api/util:status", |
| "//sandboxed_api/util:status_matchers", |
| "@com_google_absl//absl/memory", |
| "@com_google_absl//absl/strings", |
| "@com_google_glog//:glog", |
| "@com_google_googletest//:gtest_main", |
| ], |
| ) |