# Copyright 2019 Google LLC. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Description: test cases for sandbox2 unit tests. # # The following cc_binary options avoid dynamic linking which uses a lot of # syscalls (open, mmap, etc.): # linkopts = ["-static"] # linkstatic = 1 # features = ["-pie"] # Bazel adds -pie by default but -static is incompatible with it, so we use # the features flag to force it off. package(default_visibility = [ "//sandboxed_api/sandbox2:__subpackages__", ]) licenses(["notice"]) # Apache 2.0 STATIC_LINKOPTS = [ # Necessary for linking pthread statically into the binary. See the # answer to https://stackoverflow.com/questions/35116327/ for context. # The odd '-Wl,' prefix before '-lpthread' is a workaround for Bazel's # behavior when constructing the final linker command line. "-Wl,--whole-archive", "-Wl,-lpthread", "-Wl,--no-whole-archive", ] cc_binary( name = "abort", testonly = 1, srcs = ["abort.cc"], deps = ["//sandboxed_api/util:raw_logging"], ) # security: disable=cc-static-no-pie cc_binary( name = "add_policy_on_syscalls", testonly = 1, srcs = ["add_policy_on_syscalls.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "buffer", testonly = 1, srcs = ["buffer.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries deps = [ "//sandboxed_api/sandbox2:buffer", "//sandboxed_api/sandbox2:comms", "@com_google_absl//absl/strings:str_format", ], ) cc_binary( name = "ipc", testonly = 1, srcs = ["ipc.cc"], deps = [ "//sandboxed_api/sandbox2:client", "//sandboxed_api/sandbox2:comms", "//sandboxed_api/util:raw_logging", "@com_google_absl//absl/strings", ], ) # security: disable=cc-static-no-pie cc_binary( name = "malloc_system", testonly = 1, srcs = ["malloc.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries ) cc_binary( name = "minimal_dynamic", testonly = 1, srcs = ["minimal.cc"], ) # security: disable=cc-static-no-pie cc_binary( name = "minimal", testonly = 1, srcs = ["minimal.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "personality", testonly = 1, srcs = ["personality.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "pidcomms", testonly = 1, srcs = ["pidcomms.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries deps = [ "//sandboxed_api/sandbox2:client", "//sandboxed_api/sandbox2:comms", "//sandboxed_api/util:raw_logging", ], ) # security: disable=cc-static-no-pie cc_binary( name = "policy", testonly = 1, srcs = ["policy.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "print_fds", testonly = 1, srcs = ["print_fds.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "sanitizer", testonly = 1, srcs = ["sanitizer.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "sleep", testonly = 1, srcs = ["sleep.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries ) # security: disable=cc-static-no-pie cc_binary( name = "symbolize", testonly = 1, srcs = ["symbolize.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries deps = [ "//sandboxed_api/sandbox2/util:temp_file", "//sandboxed_api/util:raw_logging", "@com_google_absl//absl/base:core_headers", "@com_google_absl//absl/strings", ], ) cc_binary( name = "tsync", testonly = 1, srcs = ["tsync.cc"], deps = [ "//sandboxed_api/sandbox2:client", "//sandboxed_api/sandbox2:comms", ], ) cc_binary( name = "hostname", testonly = 1, srcs = ["hostname.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries ) cc_binary( name = "limits", testonly = 1, srcs = ["limits.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries ) cc_binary( name = "namespace", testonly = 1, srcs = ["namespace.cc"], features = [ "-pie", "fully_static_link", # link libc statically ], linkopts = STATIC_LINKOPTS, linkstatic = 1, # prefer static libraries )