| # Copyright 2019 Google LLC |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # https://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| cmake_minimum_required(VERSION 3.13..3.26) |
| |
| if(POLICY CMP0083) |
| cmake_policy(SET CMP0083 NEW) # Add PIE flags when requested |
| endif() |
| |
| if(POLICY CMP0135) |
| cmake_policy(SET CMP0135 NEW) # Set download timestamp to current time |
| endif() |
| |
| project(SandboxedAPI C CXX ASM) |
| include(CTest) |
| |
| # TODO(cblichmann): Enable for Android once support lands |
| if(NOT CMAKE_SYSTEM_NAME MATCHES "Linux") |
| message(FATAL_ERROR "Sandboxed API is only supported on Linux") |
| endif() |
| |
| # SAPI-wide setting for the language level |
| set(SAPI_CXX_STANDARD 17) |
| |
| if(NOT CMAKE_CXX_STANDARD) |
| set(CMAKE_CXX_STANDARD ${SAPI_CXX_STANDARD}) |
| elseif(CMAKE_CXX_STANDARD LESS ${SAPI_CXX_STANDARD}) |
| message(FATAL_ERROR |
| "Sandboxed API requires C++17. To ensure ABI compatibility" |
| " build and link all targets of the project with the same" |
| " version of C++." |
| ) |
| endif() |
| |
| set(SAPI_BINARY_DIR "${PROJECT_BINARY_DIR}" CACHE INTERNAL "" FORCE) |
| set(SAPI_SOURCE_DIR "${PROJECT_SOURCE_DIR}" CACHE INTERNAL "" FORCE) |
| |
| get_directory_property(_sapi_has_parent PARENT_DIRECTORY) |
| if(PROJECT_IS_TOP_LEVEL OR NOT _sapi_has_parent) |
| set(SAPI_PROJECT_IS_TOP_LEVEL ON) |
| endif() |
| |
| include(CheckCXXCompilerFlag) |
| |
| # Allow the header generator to auto-configure include paths. Need to set a |
| # cache variable, so that sub- and super-projects also have this enabled. |
| set(CMAKE_EXPORT_COMPILE_COMMANDS ON CACHE INTERNAL "") |
| |
| set(CMAKE_SKIP_BUILD_RPATH ON) |
| |
| if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.14) |
| include(CheckPIESupported) |
| check_pie_supported() |
| set(CMAKE_POSITION_INDEPENDENT_CODE ON) |
| endif() |
| |
| # SAPI CMake modules, order matters |
| list(APPEND CMAKE_MODULE_PATH "${SAPI_SOURCE_DIR}/cmake" |
| "${SAPI_SOURCE_DIR}/cmake/modules") |
| include(SapiOptions) |
| include(SapiDeps) |
| include(SapiUtil) |
| include(SapiBuildDefs) |
| include(GNUInstallDirs) |
| |
| if(SAPI_HARDENED_SOURCE) |
| add_compile_options(-fstack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2) |
| add_link_options(-Wl,-z,relro -Wl,-z,now) |
| endif() |
| |
| if(SAPI_FORCE_COLOR_OUTPUT) |
| if(CMAKE_CXX_COMPILER_ID STREQUAL "GNU") # GCC |
| add_compile_options(-fdiagnostics-color=always) |
| elseif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") # Clang or Apple Clang |
| add_compile_options(-fcolor-diagnostics) |
| endif() |
| endif() |
| |
| # Make Bazel-style includes work |
| configure_file(cmake/libcap_capability.h.in |
| libcap/include/sys/capability.h |
| @ONLY) |
| |
| # Library with basic project settings. The empty file is there to be able to |
| # define header-only libraries without cumbersome target_sources() hacks. |
| configure_file(cmake/sapi_force_cxx_linkage.cc.in |
| "${SAPI_BINARY_DIR}/sapi_force_cxx_linkage.cc" COPYONLY) |
| add_library(sapi_base STATIC |
| "${SAPI_BINARY_DIR}/sapi_force_cxx_linkage.cc" |
| ) |
| add_library(sapi::base ALIAS sapi_base) |
| target_compile_features(sapi_base PUBLIC |
| cxx_std_${SAPI_CXX_STANDARD} |
| ) |
| set_target_properties(sapi_base PROPERTIES |
| INTERFACE_POSITION_INDEPENDENT_CODE ON |
| ) |
| target_include_directories(sapi_base PUBLIC |
| "${SAPI_BINARY_DIR}" |
| "${SAPI_SOURCE_DIR}" |
| "${Protobuf_INCLUDE_DIR}" |
| ) |
| target_compile_options(sapi_base PUBLIC |
| -fno-exceptions |
| ) |
| if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") |
| target_compile_options(sapi_base PUBLIC |
| # The syscall tables in sandbox2/syscall_defs.cc are `std::array`s using |
| # CTAD and have more entries than the default limit of 256. |
| -fbracket-depth=768 |
| ) |
| endif() |
| set(_sapi_check_no_deprecated |
| -Wno-deprecated SAPI_HAS_W_NO_DEPRECATED |
| ) |
| set(_sapi_check_frame_larger_than |
| # For sandbox2/util.cc's CloneAndJump() |
| -Wframe-larger-than=40960 SAPI_HAS_W_FRAME_LARGER_THAN |
| ) |
| set(_sapi_check_no_deprecated_declarations |
| -Wno-deprecated-declarations SAPI_HAS_W_NO_DEPRECATED_DECLARATIONS |
| ) |
| set(_sapi_check_no_psabi |
| -Wno-psabi SAPI_HAS_W_NO_PSABI |
| ) |
| foreach(check IN ITEMS _sapi_check_no_deprecated |
| _sapi_check_frame_larger_than |
| _sapi_check_no_deprecated_declarations |
| _sapi_check_no_psabi) |
| list(GET ${check} 0 opt_value) |
| list(GET ${check} 1 var_name) |
| check_cxx_compiler_flag(${opt_value} ${var_name}) |
| if(${var_name}) |
| target_compile_options(sapi_base PUBLIC ${opt_value}) |
| endif() |
| endforeach() |
| |
| add_library(sapi_test_main INTERFACE) |
| add_library(sapi::test_main ALIAS sapi_test_main) |
| target_link_libraries(sapi_test_main INTERFACE |
| gtest_main |
| gmock |
| sapi::base |
| ) |
| |
| if(BUILD_TESTING AND SAPI_BUILD_TESTING) |
| include(GoogleTest) |
| # Setup tests to work like with Bazel |
| create_directory_symlink("${SAPI_BINARY_DIR}" com_google_sandboxed_api) |
| enable_testing() |
| endif() |
| |
| add_subdirectory(sandboxed_api) |
| |
| if(BUILD_TESTING AND SAPI_BUILD_TESTING AND SAPI_CONTRIB_BUILD_TESTING) |
| add_subdirectory(contrib) |
| endif() |