# Copyright 2019 Google LLC. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Description: test cases for sandbox2 unit tests. # # The following cc_binary options avoid dynamic linking which uses a lot of # syscalls (open, mmap, etc.): # linkopts = ["-static"] # linkstatic = 1 # features = ["-pie"] # Bazel adds -pie by default but -static is incompatible with it, so we use # the features flag to force it off. package(default_visibility = [ "//sandboxed_api/sandbox2:__subpackages__", ]) licenses(["notice"]) # Apache 2.0 load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts") STATIC_LINKOPTS = [ # Necessary for linking pthread statically into the binary. See the # answer to https://stackoverflow.com/questions/35116327/ for context. # The odd '-Wl,' prefix before '-lpthread' is a workaround for Bazel's # behavior when constructing the final linker command line. "-Wl,--whole-archive", "-Wl,-lpthread", "-Wl,--no-whole-archive", ] # TODO(https://github.com/bazelbuild/bazel/issues/8672): Remove this workaround EXTRA_FULLY_STATIC_LINKOPTS = ["-l:libstdc++.a"] cc_binary( name = "abort", testonly = 1, srcs = ["abort.cc"], copts = sapi_platform_copts(), deps = ["//sandboxed_api/util:raw_logging"], ) # security: disable=cc-static-no-pie cc_binary( name = "add_policy_on_syscalls", testonly = 1, srcs = ["add_policy_on_syscalls.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "buffer", testonly = 1, srcs = ["buffer.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS + EXTRA_FULLY_STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries deps = [ "//sandboxed_api/sandbox2:buffer", "//sandboxed_api/sandbox2:comms", "@com_google_absl//absl/strings:str_format", ], ) cc_binary( name = "ipc", testonly = 1, srcs = ["ipc.cc"], copts = sapi_platform_copts(), deps = [ "//sandboxed_api/sandbox2:client", "//sandboxed_api/sandbox2:comms", "//sandboxed_api/util:raw_logging", "@com_google_absl//absl/strings", ], ) # security: disable=cc-static-no-pie cc_binary( name = "malloc_system", testonly = 1, srcs = ["malloc.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = EXTRA_FULLY_STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries ) cc_binary( name = "minimal_dynamic", testonly = 1, srcs = ["minimal.cc"], copts = sapi_platform_copts(), ) # security: disable=cc-static-no-pie cc_binary( name = "minimal", testonly = 1, srcs = ["minimal.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "personality", testonly = 1, srcs = ["personality.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "pidcomms", testonly = 1, srcs = ["pidcomms.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS + EXTRA_FULLY_STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries deps = [ "//sandboxed_api/sandbox2:client", "//sandboxed_api/sandbox2:comms", "//sandboxed_api/util:raw_logging", ], ) # security: disable=cc-static-no-pie cc_binary( name = "policy", testonly = 1, srcs = ["policy.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "print_fds", testonly = 1, srcs = ["print_fds.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "sanitizer", testonly = 1, srcs = ["sanitizer.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "sleep", testonly = 1, srcs = ["sleep.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "symbolize", testonly = 1, srcs = ["symbolize.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = EXTRA_FULLY_STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries deps = [ "//sandboxed_api/sandbox2/util:temp_file", "//sandboxed_api/util:raw_logging", "@com_google_absl//absl/base:core_headers", "@com_google_absl//absl/strings", ], ) cc_binary( name = "tsync", testonly = 1, srcs = ["tsync.cc"], copts = sapi_platform_copts(), deps = [ "//sandboxed_api/sandbox2:client", "//sandboxed_api/sandbox2:comms", ], ) cc_binary( name = "starve", testonly = 1, srcs = ["starve.cc"], copts = sapi_platform_copts(), ) cc_binary( name = "hostname", testonly = 1, srcs = ["hostname.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkstatic = 1, # prefer static libraries ) cc_binary( name = "limits", testonly = 1, srcs = ["limits.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkstatic = 1, # prefer static libraries ) cc_binary( name = "namespace", testonly = 1, srcs = ["namespace.cc"], copts = sapi_platform_copts(), features = [ "-pie", "fully_static_link", # link libc statically ], linkstatic = 1, # prefer static libraries )