diff --git a/sandboxed_api/BUILD.bazel b/sandboxed_api/BUILD.bazel index d04adb7..d33c4a3 100644 --- a/sandboxed_api/BUILD.bazel +++ b/sandboxed_api/BUILD.bazel @@ -16,6 +16,7 @@ licenses(["notice"]) # Apache 2.0 exports_files(["LICENSE"]) +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library") sapi_proto_library( @@ -31,6 +32,7 @@ cc_library( "file_toc.h", ], hdrs = ["embed_file.h"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ "//sandboxed_api/sandbox2:util", @@ -59,6 +61,7 @@ cc_library( "sandbox.h", "transaction.h", ], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":embed_file", @@ -89,6 +92,7 @@ cc_library( cc_library( name = "call", hdrs = ["call.h"], + copts = sapi_platform_copts(), deps = [ ":var_type", "@com_google_absl//absl/base:core_headers", @@ -98,12 +102,14 @@ cc_library( cc_library( name = "lenval_core", hdrs = ["lenval_core.h"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], ) cc_library( name = "var_type", hdrs = ["var_type.h"], + copts = sapi_platform_copts(), ) # Variable hierarchy @@ -131,6 +137,7 @@ cc_library( "var_void.h", "vars.h", ], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":call", @@ -152,6 +159,7 @@ cc_library( cc_library( name = "client", srcs = ["client.cc"], + copts = sapi_platform_copts(), # TODO(124852776): investigate whether this is necessary linkopts = [ "-Wl,-ldl", @@ -176,6 +184,7 @@ cc_library( cc_test( name = "sapi_test", srcs = ["sapi_test.cc"], + copts = sapi_platform_copts(), tags = ["local"], deps = [ ":sapi", diff --git a/sandboxed_api/bazel/BUILD b/sandboxed_api/bazel/BUILD index 6a3351d..da8502c 100644 --- a/sandboxed_api/bazel/BUILD +++ b/sandboxed_api/bazel/BUILD @@ -20,16 +20,15 @@ exports_files([ "sapi.bzl", ]) -load( - "//sandboxed_api/bazel:embed_data.bzl", - "sapi_cc_embed_data", -) +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") +load("//sandboxed_api/bazel:embed_data.bzl", "sapi_cc_embed_data") # An implicit dependency of all "sapi_cc_embed_data" rules that builds # embedded data into .cc files. cc_binary( name = "filewrapper", srcs = ["filewrapper.cc"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ "@com_google_absl//absl/strings", @@ -48,6 +47,7 @@ sapi_cc_embed_data( cc_test( name = "filewrapper_test", srcs = ["filewrapper_test.cc"], + copts = sapi_platform_copts(), data = ["testdata/filewrapper_embedded.bin"], deps = [ ":filewrapper_embedded", diff --git a/sandboxed_api/bazel/build_defs.bzl b/sandboxed_api/bazel/build_defs.bzl new file mode 100644 index 0000000..0c2c004 --- /dev/null +++ b/sandboxed_api/bazel/build_defs.bzl @@ -0,0 +1,30 @@ +# Copyright 2019 Google LLC. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""General build definitions useful for the whole project.""" + +_SAPI_LINUX_COPTS = [ + "-Wno-narrowing", + "-Wno-sign-compare", +] + +def sapi_platform_copts(copts = []): + """Returns the default compiler options for the current platform. + + Args: + copts: additional compiler options to include. + """ + + # Linux only for now. + return select({"//conditions:default": _SAPI_LINUX_COPTS}) + copts diff --git a/sandboxed_api/examples/stringop/BUILD.bazel b/sandboxed_api/examples/stringop/BUILD.bazel index 7bc349f..11d909b 100644 --- a/sandboxed_api/examples/stringop/BUILD.bazel +++ b/sandboxed_api/examples/stringop/BUILD.bazel @@ -16,9 +16,12 @@ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") + cc_test( name = "main_stringop", srcs = ["main_stringop.cc"], + copts = sapi_platform_copts(), tags = ["local"], deps = [ "//sandboxed_api:sapi", diff --git a/sandboxed_api/examples/stringop/lib/BUILD.bazel b/sandboxed_api/examples/stringop/lib/BUILD.bazel index 5610864..31a95d5 100644 --- a/sandboxed_api/examples/stringop/lib/BUILD.bazel +++ b/sandboxed_api/examples/stringop/lib/BUILD.bazel @@ -14,6 +14,7 @@ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library") load("//sandboxed_api/bazel:sapi.bzl", "sapi_library") @@ -26,6 +27,7 @@ sapi_proto_library( cc_library( name = "stringop", srcs = ["stringop.cc"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":stringop_params_proto_cc", diff --git a/sandboxed_api/examples/sum/BUILD.bazel b/sandboxed_api/examples/sum/BUILD.bazel index d671633..20e65f2 100644 --- a/sandboxed_api/examples/sum/BUILD.bazel +++ b/sandboxed_api/examples/sum/BUILD.bazel @@ -14,10 +14,13 @@ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") + # A quick'n'dirty testing binary cc_binary( name = "main_sum", srcs = ["main_sum.cc"], + copts = sapi_platform_copts(), deps = [ "//sandboxed_api:sapi", "//sandboxed_api:vars", diff --git a/sandboxed_api/examples/sum/lib/BUILD.bazel b/sandboxed_api/examples/sum/lib/BUILD.bazel index 945f7dd..b805434 100644 --- a/sandboxed_api/examples/sum/lib/BUILD.bazel +++ b/sandboxed_api/examples/sum/lib/BUILD.bazel @@ -14,11 +14,9 @@ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") +load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library") load("//sandboxed_api/bazel:sapi.bzl", "sapi_library") -load( - "//sandboxed_api/bazel:proto.bzl", - "sapi_proto_library", -) sapi_proto_library( name = "sum_params_proto", @@ -33,6 +31,7 @@ cc_library( "sum.c", "sum_cpp.cc", ], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":sum_params_proto_cc", diff --git a/sandboxed_api/examples/zlib/BUILD.bazel b/sandboxed_api/examples/zlib/BUILD.bazel index 386bb49..fb3b3e4 100644 --- a/sandboxed_api/examples/zlib/BUILD.bazel +++ b/sandboxed_api/examples/zlib/BUILD.bazel @@ -16,6 +16,7 @@ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") load("//sandboxed_api/bazel:sapi.bzl", "sapi_library") sapi_library( @@ -36,7 +37,7 @@ sapi_library( cc_binary( name = "main_zlib", srcs = ["main_zlib.cc"], - copts = ["-Wframe-larger-than=65536"], + copts = sapi_platform_copts(["-Wframe-larger-than=65536"]), deps = [ ":zlib-sapi", ":zlib-sapi_embed", diff --git a/sandboxed_api/sandbox2/BUILD.bazel b/sandboxed_api/sandbox2/BUILD.bazel index d164e5a..c3e2212 100644 --- a/sandboxed_api/sandbox2/BUILD.bazel +++ b/sandboxed_api/sandbox2/BUILD.bazel @@ -20,13 +20,15 @@ package(default_visibility = [ licenses(["notice"]) # Apache 2.0 -load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library") +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") load("//sandboxed_api/bazel:embed_data.bzl", "sapi_cc_embed_data") +load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library") cc_library( name = "bpfdisassembler", srcs = ["bpfdisassembler.cc"], hdrs = ["bpfdisassembler.h"], + copts = sapi_platform_copts(), deps = ["@com_google_absl//absl/strings"], ) @@ -34,6 +36,7 @@ cc_library( name = "regs", srcs = ["regs.cc"], hdrs = ["regs.h"], + copts = sapi_platform_copts(), deps = [ ":syscall", ":violation_proto_cc", @@ -52,6 +55,7 @@ cc_library( "syscall_defs.h", ], hdrs = ["syscall.h"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":util", @@ -65,6 +69,7 @@ cc_library( cc_test( name = "syscall_test", srcs = ["syscall_test.cc"], + copts = sapi_platform_copts(), deps = [ ":syscall", "@com_google_absl//absl/strings", @@ -76,6 +81,7 @@ cc_library( name = "result", srcs = ["result.cc"], hdrs = ["result.h"], + copts = sapi_platform_copts(), deps = [ ":regs", ":syscall", @@ -96,6 +102,7 @@ cc_library( name = "logserver", srcs = ["logserver.cc"], hdrs = ["logserver.h"], + copts = sapi_platform_copts(), deps = [ ":comms", ":logserver_proto_cc", @@ -108,6 +115,7 @@ cc_library( name = "logsink", srcs = ["logsink.cc"], hdrs = ["logsink.h"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":comms", @@ -122,6 +130,7 @@ cc_library( name = "network_proxy_server", srcs = ["network_proxy_server.cc"], hdrs = ["network_proxy_server.h"], + copts = sapi_platform_copts(), deps = [ ":comms", "//sandboxed_api/sandbox2/util:fileops", @@ -134,6 +143,7 @@ cc_library( name = "network_proxy_client", srcs = ["network_proxy_client.cc"], hdrs = ["network_proxy_client.h"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":comms", @@ -149,6 +159,7 @@ cc_library( name = "ipc", srcs = ["ipc.cc"], hdrs = ["ipc.h"], + copts = sapi_platform_copts(), deps = [ ":comms", ":logserver", @@ -165,6 +176,7 @@ cc_library( name = "policy", srcs = ["policy.cc"], hdrs = ["policy.h"], + copts = sapi_platform_copts(), deps = [ ":bpfdisassembler", ":comms", @@ -184,6 +196,7 @@ cc_library( name = "notify", srcs = [], hdrs = ["notify.h"], + copts = sapi_platform_copts(), deps = [ ":comms", ":result", @@ -194,6 +207,7 @@ cc_library( cc_library( name = "limits", hdrs = ["limits.h"], + copts = sapi_platform_copts(), deps = [ "@com_google_absl//absl/base:core_headers", "@com_google_absl//absl/time", @@ -203,6 +217,7 @@ cc_library( cc_binary( name = "forkserver_bin", srcs = ["forkserver_bin.cc"], + copts = sapi_platform_copts(), deps = [ ":client", ":comms", @@ -223,6 +238,7 @@ cc_library( name = "global_forkserver", srcs = ["global_forkclient.cc"], hdrs = ["global_forkclient.h"], + copts = sapi_platform_copts(), deps = [ ":client", ":comms", @@ -263,6 +279,7 @@ cc_library( "syscall.h", "client.h", ], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":client", @@ -320,6 +337,7 @@ cc_library( "client.h", "sanitizer.h", ], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":comms", @@ -339,6 +357,7 @@ cc_library( name = "forkserver", srcs = ["forkserver.cc"], hdrs = ["forkserver.h"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":client", @@ -366,6 +385,7 @@ cc_library( name = "mounts", srcs = ["mounts.cc"], hdrs = ["mounts.h"], + copts = sapi_platform_copts(), deps = [ ":mounttree_proto_cc", "//sandboxed_api/sandbox2/util:file_base", @@ -385,6 +405,7 @@ cc_library( cc_test( name = "mounts_test", srcs = ["mounts_test.cc"], + copts = sapi_platform_copts(), data = ["//sandboxed_api/sandbox2/testcases:minimal_dynamic"], deps = [ ":mounts", @@ -402,6 +423,7 @@ cc_library( name = "namespace", srcs = ["namespace.cc"], hdrs = ["namespace.h"], + copts = sapi_platform_copts(), deps = [ ":mounts", ":mounttree_proto_cc", @@ -420,6 +442,7 @@ cc_library( cc_test( name = "namespace_test", srcs = ["namespace_test.cc"], + copts = sapi_platform_copts(), data = [ "//sandboxed_api/sandbox2/testcases:hostname", "//sandboxed_api/sandbox2/testcases:namespace", @@ -441,6 +464,7 @@ cc_library( name = "forkingclient", srcs = ["forkingclient.cc"], hdrs = ["forkingclient.h"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":client", @@ -457,7 +481,7 @@ cc_library( # The default is 16384, however we need to do a clone with a # stack-allocated buffer -- and PTHREAD_STACK_MIN also happens to be 16384. # Thus the slight increase. - copts = ["-Wframe-larger-than=17000"], + copts = sapi_platform_copts(["-Wframe-larger-than=17000"]), visibility = ["//visibility:public"], deps = [ "//sandboxed_api/sandbox2/util:file_base", @@ -476,6 +500,7 @@ cc_library( name = "buffer", srcs = ["buffer.cc"], hdrs = ["buffer.h"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":util", @@ -491,6 +516,7 @@ cc_library( cc_test( name = "buffer_test", srcs = ["buffer_test.cc"], + copts = sapi_platform_copts(), data = ["//sandboxed_api/sandbox2/testcases:buffer"], deps = [ ":buffer", @@ -506,6 +532,7 @@ cc_test( sapi_proto_library( name = "forkserver_proto", srcs = ["forkserver.proto"], + copts = sapi_platform_copts(), deps = [":mounttree_proto"], ) @@ -518,6 +545,7 @@ cc_library( name = "comms", srcs = ["comms.cc"], hdrs = ["comms.h"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ ":util", @@ -543,6 +571,7 @@ sapi_proto_library( cc_test( name = "comms_test", srcs = ["comms_test.cc"], + copts = sapi_platform_copts(), deps = [ ":comms", ":comms_test_proto_cc", @@ -561,6 +590,7 @@ cc_test( "forkserver_test.cc", "global_forkclient.h", ], + copts = sapi_platform_copts(), data = ["//sandboxed_api/sandbox2/testcases:minimal"], deps = [ ":comms", @@ -577,6 +607,7 @@ cc_test( cc_test( name = "limits_test", srcs = ["limits_test.cc"], + copts = sapi_platform_copts(), data = ["//sandboxed_api/sandbox2/testcases:limits"], deps = [ ":limits", @@ -592,6 +623,7 @@ cc_test( cc_test( name = "notify_test", srcs = ["notify_test.cc"], + copts = sapi_platform_copts(), data = [ "//sandboxed_api/sandbox2/testcases:personality", "//sandboxed_api/sandbox2/testcases:pidcomms", @@ -611,6 +643,7 @@ cc_test( cc_test( name = "policy_test", srcs = ["policy_test.cc"], + copts = sapi_platform_copts(), data = [ "//sandboxed_api/sandbox2/testcases:add_policy_on_syscalls", "//sandboxed_api/sandbox2/testcases:malloc_system", @@ -633,6 +666,7 @@ cc_test( cc_test( name = "sandbox2_test", srcs = ["sandbox2_test.cc"], + copts = sapi_platform_copts(), data = [ "//sandboxed_api/sandbox2/testcases:abort", "//sandboxed_api/sandbox2/testcases:minimal", @@ -654,6 +688,7 @@ cc_test( cc_test( name = "sanitizer_test", srcs = ["sanitizer_test.cc"], + copts = sapi_platform_copts(), data = ["//sandboxed_api/sandbox2/testcases:sanitizer"], deps = [ ":client", @@ -672,6 +707,7 @@ cc_test( cc_test( name = "util_test", srcs = ["util_test.cc"], + copts = sapi_platform_copts(), deps = [ ":testing", ":util", @@ -683,6 +719,7 @@ cc_test( cc_test( name = "stack-trace_test", srcs = ["stack-trace_test.cc"], + copts = sapi_platform_copts(), data = ["//sandboxed_api/sandbox2/testcases:symbolize"], deps = [ ":global_forkserver", @@ -702,6 +739,7 @@ cc_test( cc_test( name = "ipc_test", srcs = ["ipc_test.cc"], + copts = sapi_platform_copts(), data = ["//sandboxed_api/sandbox2/testcases:ipc"], deps = [ ":comms", @@ -720,6 +758,7 @@ cc_library( testonly = 1, srcs = ["testing.cc"], hdrs = ["testing.h"], + copts = sapi_platform_copts(), visibility = ["//visibility:public"], deps = [ "//sandboxed_api/sandbox2/util:file_base", @@ -736,6 +775,7 @@ sapi_proto_library( cc_test( name = "policybuilder_test", srcs = ["policybuilder_test.cc"], + copts = sapi_platform_copts(), data = ["//sandboxed_api/sandbox2/testcases:print_fds"], deps = [ ":comms", diff --git a/sandboxed_api/sandbox2/examples/crc4/BUILD.bazel b/sandboxed_api/sandbox2/examples/crc4/BUILD.bazel index 9f55fda..d8b0e69 100644 --- a/sandboxed_api/sandbox2/examples/crc4/BUILD.bazel +++ b/sandboxed_api/sandbox2/examples/crc4/BUILD.bazel @@ -21,10 +21,13 @@ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") + # Executor cc_binary( name = "crc4sandbox", srcs = ["crc4sandbox.cc"], + copts = sapi_platform_copts(), data = [":crc4bin"], deps = [ "//sandboxed_api/sandbox2", @@ -40,6 +43,7 @@ cc_binary( cc_binary( name = "crc4bin", srcs = ["crc4bin.cc"], + copts = sapi_platform_copts(), deps = [ "//sandboxed_api/sandbox2:client", "//sandboxed_api/sandbox2:comms", @@ -49,10 +53,10 @@ cc_binary( ], ) -# Test cc_test( name = "crc4sandbox_test", srcs = ["crc4sandbox_test.cc"], + copts = sapi_platform_copts(), data = [":crc4sandbox"], tags = ["local"], deps = [ diff --git a/sandboxed_api/sandbox2/examples/custom_fork/BUILD.bazel b/sandboxed_api/sandbox2/examples/custom_fork/BUILD.bazel index c31b6e7..801415f 100644 --- a/sandboxed_api/sandbox2/examples/custom_fork/BUILD.bazel +++ b/sandboxed_api/sandbox2/examples/custom_fork/BUILD.bazel @@ -18,10 +18,13 @@ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") + # Executor cc_binary( name = "custom_fork_sandbox", srcs = ["custom_fork_sandbox.cc"], + copts = sapi_platform_copts(), data = [":custom_fork_bin"], deps = [ "//sandboxed_api/sandbox2", @@ -39,6 +42,7 @@ cc_binary( cc_binary( name = "custom_fork_bin", srcs = ["custom_fork_bin.cc"], + copts = sapi_platform_copts(), deps = [ "//sandboxed_api/sandbox2:comms", "//sandboxed_api/sandbox2:forkingclient", diff --git a/sandboxed_api/sandbox2/examples/static/BUILD.bazel b/sandboxed_api/sandbox2/examples/static/BUILD.bazel index cf28b57..2e4a4e8 100644 --- a/sandboxed_api/sandbox2/examples/static/BUILD.bazel +++ b/sandboxed_api/sandbox2/examples/static/BUILD.bazel @@ -21,10 +21,13 @@ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") + # Executor cc_binary( name = "static_sandbox", srcs = ["static_sandbox.cc"], + copts = sapi_platform_copts(), data = [":static_bin"], deps = [ "//sandboxed_api/sandbox2", @@ -40,6 +43,7 @@ cc_binary( cc_binary( name = "static_bin", srcs = ["static_bin.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically diff --git a/sandboxed_api/sandbox2/examples/tool/BUILD.bazel b/sandboxed_api/sandbox2/examples/tool/BUILD.bazel index 4cc1ab4..f080c63 100644 --- a/sandboxed_api/sandbox2/examples/tool/BUILD.bazel +++ b/sandboxed_api/sandbox2/examples/tool/BUILD.bazel @@ -22,10 +22,13 @@ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") + # Executor cc_binary( name = "sandbox2tool", srcs = ["sandbox2tool.cc"], + copts = sapi_platform_copts(), deps = [ "//sandboxed_api/sandbox2", "//sandboxed_api/sandbox2:util", diff --git a/sandboxed_api/sandbox2/examples/zlib/BUILD.bazel b/sandboxed_api/sandbox2/examples/zlib/BUILD.bazel index 17294f3..4a6f99c 100644 --- a/sandboxed_api/sandbox2/examples/zlib/BUILD.bazel +++ b/sandboxed_api/sandbox2/examples/zlib/BUILD.bazel @@ -14,10 +14,13 @@ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") + # Executor cc_binary( name = "zpipe_sandbox", srcs = ["zpipe_sandbox.cc"], + copts = sapi_platform_copts(), data = [":zpipe"], deps = [ "//sandboxed_api/sandbox2", @@ -33,6 +36,7 @@ cc_binary( cc_binary( name = "zpipe", srcs = ["zpipe.c"], + copts = sapi_platform_copts(), features = [ "fully_static_link", # link libc statically ], diff --git a/sandboxed_api/sandbox2/testcases/BUILD.bazel b/sandboxed_api/sandbox2/testcases/BUILD.bazel index 8abc0cd..fa68f02 100644 --- a/sandboxed_api/sandbox2/testcases/BUILD.bazel +++ b/sandboxed_api/sandbox2/testcases/BUILD.bazel @@ -28,6 +28,8 @@ package(default_visibility = [ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") + STATIC_LINKOPTS = [ # Necessary for linking pthread statically into the binary. See the # answer to https://stackoverflow.com/questions/35116327/ for context. @@ -42,6 +44,7 @@ cc_binary( name = "abort", testonly = 1, srcs = ["abort.cc"], + copts = sapi_platform_copts(), deps = ["//sandboxed_api/util:raw_logging"], ) @@ -50,6 +53,7 @@ cc_binary( name = "add_policy_on_syscalls", testonly = 1, srcs = ["add_policy_on_syscalls.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -62,6 +66,7 @@ cc_binary( name = "buffer", testonly = 1, srcs = ["buffer.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -79,6 +84,7 @@ cc_binary( name = "ipc", testonly = 1, srcs = ["ipc.cc"], + copts = sapi_platform_copts(), deps = [ "//sandboxed_api/sandbox2:client", "//sandboxed_api/sandbox2:comms", @@ -92,6 +98,7 @@ cc_binary( name = "malloc_system", testonly = 1, srcs = ["malloc.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -103,6 +110,7 @@ cc_binary( name = "minimal_dynamic", testonly = 1, srcs = ["minimal.cc"], + copts = sapi_platform_copts(), ) # security: disable=cc-static-no-pie @@ -110,6 +118,7 @@ cc_binary( name = "minimal", testonly = 1, srcs = ["minimal.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -122,6 +131,7 @@ cc_binary( name = "personality", testonly = 1, srcs = ["personality.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -134,6 +144,7 @@ cc_binary( name = "pidcomms", testonly = 1, srcs = ["pidcomms.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -152,6 +163,7 @@ cc_binary( name = "policy", testonly = 1, srcs = ["policy.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -164,6 +176,7 @@ cc_binary( name = "print_fds", testonly = 1, srcs = ["print_fds.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -176,6 +189,7 @@ cc_binary( name = "sanitizer", testonly = 1, srcs = ["sanitizer.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -188,6 +202,7 @@ cc_binary( name = "sleep", testonly = 1, srcs = ["sleep.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -200,6 +215,7 @@ cc_binary( name = "symbolize", testonly = 1, srcs = ["symbolize.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -217,6 +233,7 @@ cc_binary( name = "tsync", testonly = 1, srcs = ["tsync.cc"], + copts = sapi_platform_copts(), deps = [ "//sandboxed_api/sandbox2:client", "//sandboxed_api/sandbox2:comms", @@ -227,6 +244,7 @@ cc_binary( name = "hostname", testonly = 1, srcs = ["hostname.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -238,6 +256,7 @@ cc_binary( name = "limits", testonly = 1, srcs = ["limits.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically @@ -249,6 +268,7 @@ cc_binary( name = "namespace", testonly = 1, srcs = ["namespace.cc"], + copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically diff --git a/sandboxed_api/sandbox2/unwind/BUILD.bazel b/sandboxed_api/sandbox2/unwind/BUILD.bazel index 6e50979..27694b1 100644 --- a/sandboxed_api/sandbox2/unwind/BUILD.bazel +++ b/sandboxed_api/sandbox2/unwind/BUILD.bazel @@ -18,19 +18,21 @@ package(default_visibility = [ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library") cc_library( name = "ptrace_hook", srcs = ["ptrace_hook.cc"], hdrs = ["ptrace_hook.h"], + copts = sapi_platform_copts(), ) cc_library( name = "unwind", srcs = ["unwind.cc"], hdrs = ["unwind.h"], - copts = [ + copts = sapi_platform_copts([ # TODO(cblichmann): Remove this, fix bazel/external/libunwind.BUILD "-Iexternal/org_gnu_libunwind/include", ] + [ @@ -46,7 +48,7 @@ cc_library( "_Ux86_64_init_remote", "_Ux86_64_step", ] - ], + ]), deps = [ ":unwind_proto_cc", "//sandboxed_api/sandbox2:comms", diff --git a/sandboxed_api/sandbox2/util/BUILD.bazel b/sandboxed_api/sandbox2/util/BUILD.bazel index a786359..94be696 100644 --- a/sandboxed_api/sandbox2/util/BUILD.bazel +++ b/sandboxed_api/sandbox2/util/BUILD.bazel @@ -19,10 +19,14 @@ package(default_visibility = [ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") + cc_library( name = "bpf_helper", srcs = ["bpf_helper.c"], hdrs = ["bpf_helper.h"], + copts = sapi_platform_copts([ + ]), ) # String file routines @@ -30,6 +34,7 @@ cc_library( name = "file_helpers", srcs = ["file_helpers.cc"], hdrs = ["file_helpers.h"], + copts = sapi_platform_copts(), deps = [ "//sandboxed_api/util:status", "@com_google_absl//absl/strings", @@ -40,6 +45,7 @@ cc_test( name = "file_helpers_test", size = "small", srcs = ["file_helpers_test.cc"], + copts = sapi_platform_copts(), deps = [ ":file_helpers", "//sandboxed_api/util:status_matchers", @@ -53,9 +59,9 @@ cc_library( name = "fileops", srcs = ["fileops.cc"], hdrs = ["fileops.h"], - copts = [ + copts = sapi_platform_copts([ "-Wno-deprecated-declarations", # readdir64_r - ], + ]), deps = [ ":strerror", "@com_google_absl//absl/strings", @@ -66,6 +72,7 @@ cc_test( name = "fileops_test", size = "small", srcs = ["fileops_test.cc"], + copts = sapi_platform_copts(), deps = [ ":file_helpers", ":fileops", @@ -81,6 +88,7 @@ cc_library( name = "file_base", srcs = ["path.cc"], hdrs = ["path.h"], + copts = sapi_platform_copts(), deps = ["@com_google_absl//absl/strings"], ) @@ -88,6 +96,7 @@ cc_test( name = "file_base_test", size = "small", srcs = ["path_test.cc"], + copts = sapi_platform_copts(), deps = [ ":file_base", "@com_google_absl//absl/strings", @@ -101,6 +110,7 @@ cc_library( name = "strerror", srcs = ["strerror.cc"], hdrs = ["strerror.h"], + copts = sapi_platform_copts(), deps = [ "@com_google_absl//absl/base:core_headers", "@com_google_absl//absl/strings", @@ -110,6 +120,7 @@ cc_library( cc_test( name = "strerror_test", srcs = ["strerror_test.cc"], + copts = sapi_platform_copts(), deps = [ ":strerror", "@com_google_absl//absl/strings", @@ -121,6 +132,7 @@ cc_library( name = "minielf", srcs = ["minielf.cc"], hdrs = ["minielf.h"], + copts = sapi_platform_copts(), deps = [ ":strerror", "//sandboxed_api/sandbox2:util", @@ -135,6 +147,7 @@ cc_library( cc_test( name = "minielf_test", srcs = ["minielf_test.cc"], + copts = sapi_platform_copts(), data = [ ":testdata/chrome_grte_header", ":testdata/hello_world", @@ -154,6 +167,7 @@ cc_library( name = "temp_file", srcs = ["temp_file.cc"], hdrs = ["temp_file.h"], + copts = sapi_platform_copts(), deps = [ ":fileops", ":strerror", @@ -166,6 +180,7 @@ cc_library( cc_test( name = "temp_file_test", srcs = ["temp_file_test.cc"], + copts = sapi_platform_copts(), deps = [ ":file_base", ":fileops", @@ -180,6 +195,7 @@ cc_library( name = "maps_parser", srcs = ["maps_parser.cc"], hdrs = ["maps_parser.h"], + copts = sapi_platform_copts(), deps = [ "//sandboxed_api/util:status", "//sandboxed_api/util:statusor", @@ -190,6 +206,7 @@ cc_library( cc_test( name = "maps_parser_test", srcs = ["maps_parser_test.cc"], + copts = sapi_platform_copts(), deps = [ ":maps_parser", "//sandboxed_api/util:status_matchers", @@ -201,6 +218,7 @@ cc_library( name = "runfiles", srcs = ["runfiles.cc"], hdrs = ["runfiles.h"], + copts = sapi_platform_copts(), deps = [ ":file_base", "//sandboxed_api/util:flag", diff --git a/sandboxed_api/tools/generator2/BUILD b/sandboxed_api/tools/generator2/BUILD index 65d0c3e..26bdb05 100644 --- a/sandboxed_api/tools/generator2/BUILD +++ b/sandboxed_api/tools/generator2/BUILD @@ -14,6 +14,7 @@ licenses(["notice"]) # Apache 2.0 +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") load("//sandboxed_api/bazel:sapi.bzl", "sapi_library") py_library( @@ -54,6 +55,7 @@ cc_library( "testdata/tests.h", "testdata/tests2.cc", ], + copts = sapi_platform_copts(), alwayslink = 1, ) @@ -77,6 +79,7 @@ cc_binary( ":tests_sapi_generator.sapi.h", ":tests_sapi_generator_embed.h", ], + copts = sapi_platform_copts(), deps = [ "//sandboxed_api:sapi", "//sandboxed_api:vars", diff --git a/sandboxed_api/util/BUILD.bazel b/sandboxed_api/util/BUILD.bazel index 9fd8ea8..2165d45 100644 --- a/sandboxed_api/util/BUILD.bazel +++ b/sandboxed_api/util/BUILD.bazel @@ -17,6 +17,7 @@ package(default_visibility = ["//sandboxed_api:__subpackages__"]) licenses(["notice"]) # Apache 2.0 load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library") +load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") sapi_proto_library( name = "status_proto", @@ -37,6 +38,7 @@ cc_library( "status_internal.h", "status_macros.h", ], + copts = sapi_platform_copts(), deps = [ ":status_proto_cc", "@com_google_absl//absl/base:core_headers", @@ -48,6 +50,7 @@ cc_library( cc_library( name = "statusor", hdrs = ["statusor.h"], + copts = sapi_platform_copts(), deps = [ ":raw_logging", ":status", @@ -63,6 +66,7 @@ cc_library( name = "status_matchers", testonly = 1, hdrs = ["status_matchers.h"], + copts = sapi_platform_copts(), deps = [ ":status", ":statusor", @@ -75,6 +79,7 @@ cc_library( cc_test( name = "status_test", srcs = ["status_test.cc"], + copts = sapi_platform_copts(), deps = [ ":status", ":status_matchers", @@ -86,6 +91,7 @@ cc_test( cc_test( name = "statusor_test", srcs = ["statusor_test.cc"], + copts = sapi_platform_copts(), deps = [ ":status", ":status_matchers", @@ -98,6 +104,7 @@ cc_test( cc_test( name = "status_macros_test", srcs = ["status_macros_test.cc"], + copts = sapi_platform_copts(), deps = [ ":status", ":status_matchers", @@ -112,6 +119,7 @@ cc_test( cc_library( name = "flag", hdrs = ["flag.h"], + copts = sapi_platform_copts(), deps = ["@com_github_gflags_gflags//:gflags"], ) @@ -121,6 +129,7 @@ cc_library( name = "raw_logging", srcs = ["raw_logging.cc"], hdrs = ["raw_logging.h"], + copts = sapi_platform_copts(), deps = [ "//sandboxed_api/sandbox2/util:strerror", "@com_google_absl//absl/strings",