diff --git a/sandboxed_api/sandbox2/BUILD.bazel b/sandboxed_api/sandbox2/BUILD.bazel index 12dc794..736bc52 100644 --- a/sandboxed_api/sandbox2/BUILD.bazel +++ b/sandboxed_api/sandbox2/BUILD.bazel @@ -311,7 +311,6 @@ cc_library( srcs = [ "monitor.cc", "monitor.h", - "policybuilder.cc", "sandbox2.cc", "stack_trace.cc", "stack_trace.h", @@ -344,6 +343,7 @@ cc_library( ":namespace", ":notify", ":policy", + ":policybuilder", ":regs", ":result", ":sanitizer", @@ -384,6 +384,32 @@ cc_library( ], ) +cc_library( + name = "policybuilder", + srcs = ["policybuilder.cc"], + hdrs = ["policybuilder.h"], + copts = sapi_platform_copts(), + deps = [ + ":mounts", + ":namespace", + ":policy", + "//sandboxed_api:config", + "//sandboxed_api/sandbox2/network_proxy:filtering", + "//sandboxed_api/sandbox2/util:bpf_helper", + "//sandboxed_api/util:file_base", + "//sandboxed_api/util:status", + "@com_google_absl//absl/base:core_headers", + "@com_google_absl//absl/container:flat_hash_set", + "@com_google_absl//absl/log", + "@com_google_absl//absl/log:check", + "@com_google_absl//absl/memory", + "@com_google_absl//absl/status", + "@com_google_absl//absl/status:statusor", + "@com_google_absl//absl/strings", + "@com_google_absl//absl/types:span", + ], +) + # Should be used in sandboxee code instead of :sandbox2 if it uses just # sandbox2::Client::SandboxMeHere() and sandbox2::Comms cc_library( @@ -902,6 +928,7 @@ cc_test( ], deps = [ ":comms", + ":policybuilder", ":sandbox2", "//sandboxed_api:config", "//sandboxed_api:testing", diff --git a/sandboxed_api/sandbox2/CMakeLists.txt b/sandboxed_api/sandbox2/CMakeLists.txt index 7cc2056..e1cf1a5 100644 --- a/sandboxed_api/sandbox2/CMakeLists.txt +++ b/sandboxed_api/sandbox2/CMakeLists.txt @@ -288,8 +288,6 @@ target_link_libraries(sandbox2_executor add_library(sandbox2_sandbox2 ${SAPI_LIB_TYPE} monitor.cc monitor.h - policybuilder.cc - policybuilder.h sandbox2.cc sandbox2.h stack_trace.cc @@ -301,7 +299,6 @@ target_link_libraries(sandbox2_sandbox2 absl::cleanup absl::flat_hash_set absl::optional - absl::span absl::str_format absl::strings sapi::strerror @@ -333,6 +330,7 @@ target_link_libraries(sandbox2_sandbox2 sandbox2::network_proxy_server sandbox2::notify sandbox2::policy + sandbox2::policybuilder sandbox2::regs sandbox2::result sandbox2::sanitizer @@ -343,6 +341,33 @@ target_link_libraries(sandbox2_sandbox2 sandbox2::violation_proto ) +# sandboxed_api/sandbox2:policybuilder +add_library(sandbox2_policybuilder ${SAPI_LIB_TYPE} + policybuilder.cc + policybuilder.h +) +add_library(sandbox2::policybuilder ALIAS sandbox2_policybuilder) +target_link_libraries(sandbox2_policybuilder + PRIVATE absl::log + absl::memory + absl::status + sapi::base + sapi::config + sandbox2::bpf_helper + sandbox2::namespace + sapi::file_base + sapi::status + PUBLIC absl::check + absl::core_headers + absl::flat_hash_set + absl::span + absl::strings + absl::statusor + sandbox2::mounts + sandbox2::network_proxy_filtering + sandbox2::policy +) + # sandboxed_api/sandbox2:client add_library(sandbox2_client ${SAPI_LIB_TYPE} client.cc @@ -994,10 +1019,11 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING) PRIVATE absl::strings sandbox2::bpf_helper sandbox2::comms + sandbox2::policybuilder + sandbox2::sandbox2 sapi::testing sapi::status_matchers sapi::test_main - PUBLIC sandbox2::sandbox2 ) gtest_discover_tests_xcompile(sandbox2_policybuilder_test PROPERTIES ENVIRONMENT "TEST_TMPDIR=/tmp"