Merge from Chromium at DEPS revision 260458
This commit was generated by merge_to_master.py.
Change-Id: I140fa91b7f09c8efba4424e99ccb87b94a11d022
diff --git a/sandbox/linux/seccomp-bpf/bpf_tests.h b/sandbox/linux/seccomp-bpf/bpf_tests.h
index 7095c23..dd30b15 100644
--- a/sandbox/linux/seccomp-bpf/bpf_tests.h
+++ b/sandbox/linux/seccomp-bpf/bpf_tests.h
@@ -89,10 +89,9 @@
arg->test()(arg->aux_);
} else {
printf("This BPF test is not fully running in this configuration!\n");
- // Android, ARM and Valgrind are the three only configurations where we
- // accept not having kernel BPF support.
- // TODO(jln): remote ARM from this list when possible (crbug.com/243478).
- if (!IsAndroid() && !IsRunningOnValgrind() && !IsArchitectureArm()) {
+ // Android and Valgrind are the only configurations where we accept not
+ // having kernel BPF support.
+ if (!IsAndroid() && !IsRunningOnValgrind()) {
const bool seccomp_bpf_is_supported = false;
BPF_ASSERT(seccomp_bpf_is_supported);
}
diff --git a/sandbox/linux/seccomp-bpf/codegen.cc b/sandbox/linux/seccomp-bpf/codegen.cc
index 8fb1701..c05eb5e 100644
--- a/sandbox/linux/seccomp-bpf/codegen.cc
+++ b/sandbox/linux/seccomp-bpf/codegen.cc
@@ -4,6 +4,7 @@
#include <stdio.h>
+#include "base/logging.h"
#include "sandbox/linux/seccomp-bpf/codegen.h"
namespace {
@@ -432,6 +433,10 @@
// We compare the sequence of instructions in both basic blocks.
const Instructions& insns1 = block1->instructions;
const Instructions& insns2 = block2->instructions;
+ // Basic blocks should never be empty.
+ CHECK(!insns1.empty());
+ CHECK(!insns2.empty());
+
Instructions::const_iterator iter1 = insns1.begin();
Instructions::const_iterator iter2 = insns2.begin();
for (;; ++iter1, ++iter2) {
@@ -439,7 +444,26 @@
// both basic blocks, we know the relative ordering between the two blocks
// and can return.
if (iter1 == insns1.end()) {
- return iter2 == insns2.end() ? 0 : -1;
+ if (iter2 == insns2.end()) {
+ // If the two blocks are the same length (and have elementwise-equal
+ // code and k fields, which is the only way we can reach this point),
+ // and the last instruction isn't a JMP or a RET, then we must compare
+ // their successors.
+ Instruction* const insns1_last = insns1.back();
+ Instruction* const insns2_last = insns2.back();
+ if (BPF_CLASS(insns1_last->code) != BPF_JMP &&
+ BPF_CLASS(insns1_last->code) != BPF_RET) {
+ // Non jumping instructions will always have a valid next instruction.
+ CHECK(insns1_last->next);
+ CHECK(insns2_last->next);
+ return PointerCompare(blocks.find(insns1_last->next)->second,
+ blocks.find(insns2_last->next)->second,
+ blocks);
+ } else {
+ return 0;
+ }
+ }
+ return -1;
} else if (iter2 == insns2.end()) {
return 1;
}
diff --git a/sandbox/linux/seccomp-bpf/codegen_unittest.cc b/sandbox/linux/seccomp-bpf/codegen_unittest.cc
index 0539a0d..e4cf6bb 100644
--- a/sandbox/linux/seccomp-bpf/codegen_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/codegen_unittest.cc
@@ -143,12 +143,108 @@
return insn6;
}
+Instruction* SampleProgramConfusingTails(CodeGen* codegen, int* flags) {
+ // This simple program demonstrates https://crbug.com/351103/
+ // The two "LOAD 0" instructions are blocks of their own. MergeTails() could
+ // be tempted to merge them since they are the same. However, they are
+ // not mergeable because they fall-through to non semantically equivalent
+ // blocks.
+ // Without the fix for this bug, this program should trigger the check in
+ // CompileAndCompare: the serialized graphs from the program and its compiled
+ // version will differ.
+ //
+ // 0) LOAD 1 // ???
+ // 1) if A == 0x1; then JMP 2 else JMP 3
+ // 2) LOAD 0 // System call number
+ // 3) if A == 0x2; then JMP 4 else JMP 5
+ // 4) LOAD 0 // System call number
+ // 5) if A == 0x1; then JMP 6 else JMP 7
+ // 6) RET 0x50000 // errno = 0
+ // 7) RET 0x50001 // errno = 1
+ *flags = NO_FLAGS;
+
+ Instruction* i7 = codegen->MakeInstruction(BPF_RET, ErrorCode(1));
+ Instruction* i6 = codegen->MakeInstruction(BPF_RET, ErrorCode(0));
+ Instruction* i5 =
+ codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 1, i6, i7);
+ Instruction* i4 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 0, i5);
+ Instruction* i3 =
+ codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 2, i4, i5);
+ Instruction* i2 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 0, i3);
+ Instruction* i1 =
+ codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 1, i2, i3);
+ Instruction* i0 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 1, i1);
+
+ return i0;
+}
+
+Instruction* SampleProgramConfusingTailsBasic(CodeGen* codegen, int* flags) {
+ // Without the fix for https://crbug.com/351103/, (see
+ // SampleProgramConfusingTails()), this would generate a cyclic graph and
+ // crash as the two "LOAD 0" instructions would get merged.
+ //
+ // 0) LOAD 1 // ???
+ // 1) if A == 0x1; then JMP 2 else JMP 3
+ // 2) LOAD 0 // System call number
+ // 3) if A == 0x2; then JMP 4 else JMP 5
+ // 4) LOAD 0 // System call number
+ // 5) RET 0x50001 // errno = 1
+ *flags = NO_FLAGS;
+
+ Instruction* i5 = codegen->MakeInstruction(BPF_RET, ErrorCode(1));
+ Instruction* i4 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 0, i5);
+ Instruction* i3 =
+ codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 2, i4, i5);
+ Instruction* i2 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 0, i3);
+ Instruction* i1 =
+ codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 1, i2, i3);
+ Instruction* i0 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 1, i1);
+
+ return i0;
+}
+
+Instruction* SampleProgramConfusingTailsMergeable(CodeGen* codegen,
+ int* flags) {
+ // This is similar to SampleProgramConfusingTails(), except that
+ // instructions 2 and 4 are now RET instructions.
+ // In PointerCompare(), this exercises the path where two blocks are of the
+ // same length and identical and the last instruction is a JMP or RET, so the
+ // following blocks don't need to be looked at and the blocks are mergeable.
+ //
+ // 0) LOAD 1 // ???
+ // 1) if A == 0x1; then JMP 2 else JMP 3
+ // 2) RET 0x5002a // errno = 42
+ // 3) if A == 0x2; then JMP 4 else JMP 5
+ // 4) RET 0x5002a // errno = 42
+ // 5) if A == 0x1; then JMP 6 else JMP 7
+ // 6) RET 0x50000 // errno = 0
+ // 7) RET 0x50001 // errno = 1
+ *flags = HAS_MERGEABLE_TAILS;
+
+ Instruction* i7 = codegen->MakeInstruction(BPF_RET, ErrorCode(1));
+ Instruction* i6 = codegen->MakeInstruction(BPF_RET, ErrorCode(0));
+ Instruction* i5 =
+ codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 1, i6, i7);
+ Instruction* i4 = codegen->MakeInstruction(BPF_RET, ErrorCode(42));
+ Instruction* i3 =
+ codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 2, i4, i5);
+ Instruction* i2 = codegen->MakeInstruction(BPF_RET, ErrorCode(42));
+ Instruction* i1 =
+ codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 1, i2, i3);
+ Instruction* i0 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 1, i1);
+
+ return i0;
+}
+
void ForAllPrograms(void (*test)(CodeGenUnittestHelper *, Instruction *, int)){
Instruction *(*function_table[])(CodeGen *codegen, int *flags) = {
SampleProgramOneInstruction,
SampleProgramSimpleBranch,
SampleProgramAtypicalBranch,
SampleProgramComplex,
+ SampleProgramConfusingTails,
+ SampleProgramConfusingTailsBasic,
+ SampleProgramConfusingTailsMergeable,
};
for (size_t i = 0; i < arraysize(function_table); ++i) {
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
index d05878c..17df1d5 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
@@ -50,7 +50,7 @@
// This test should execute no matter whether we have kernel support. So,
// we make it a TEST() instead of a BPF_TEST().
-TEST(SandboxBPF, CallSupports) {
+TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupports)) {
// We check that we don't crash, but it's ok if the kernel doesn't
// support it.
bool seccomp_bpf_supported =
@@ -65,7 +65,7 @@
std::cout << "Pointer size: " << sizeof(void*) << "\n";
}
-SANDBOX_TEST(SandboxBPF, CallSupportsTwice) {
+SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupportsTwice)) {
SandboxBPF::SupportsSeccompSandbox(-1);
SandboxBPF::SupportsSeccompSandbox(-1);
}
diff --git a/sandbox/linux/seccomp-bpf/trap.cc b/sandbox/linux/seccomp-bpf/trap.cc
index 553a904..f8b64c9 100644
--- a/sandbox/linux/seccomp-bpf/trap.cc
+++ b/sandbox/linux/seccomp-bpf/trap.cc
@@ -82,8 +82,11 @@
}
if (!IsDefaultSignalAction(old_sa)) {
- // TODO(jln): make this FATAL, at least in DEBUG mode.
- LOG(ERROR) << "Existing signal handler when trying to install SIGSYS";
+ static const char kExistingSIGSYSMsg[] =
+ "Existing signal handler when trying to install SIGSYS. SIGSYS needs "
+ "to be reserved for seccomp-bpf.";
+ DLOG(FATAL) << kExistingSIGSYSMsg;
+ LOG(ERROR) << kExistingSIGSYSMsg;
}
// Unmask SIGSYS
diff --git a/sandbox/linux/services/android_ucontext.h b/sandbox/linux/services/android_ucontext.h
index 437bbab..caabaf5 100644
--- a/sandbox/linux/services/android_ucontext.h
+++ b/sandbox/linux/services/android_ucontext.h
@@ -11,6 +11,8 @@
#include "sandbox/linux/services/android_arm_ucontext.h"
#elif defined(__i386__)
#include "sandbox/linux/services/android_i386_ucontext.h"
+#elif defined(__x86_64__)
+#include "sandbox/linux/services/android_x86_64_ucontext.h"
#else
#error "No support for your architecture in Android header"
#endif
diff --git a/sandbox/linux/services/android_x86_64_ucontext.h b/sandbox/linux/services/android_x86_64_ucontext.h
new file mode 100644
index 0000000..ef328e5
--- /dev/null
+++ b/sandbox/linux/services/android_x86_64_ucontext.h
@@ -0,0 +1,88 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SERVICES_ANDROID_X86_64_UCONTEXT_H_
+#define SANDBOX_LINUX_SERVICES_ANDROID_X86_64_UCONTEXT_H_
+
+// We do something compatible with glibc. Hopefully, at some point Android will
+// provide that for us, and __BIONIC_HAVE_UCONTEXT_T should be defined.
+// Spec:
+// http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-AMD64/LSB-Core-AMD64/libc-ddefs.html#AEN5668
+
+#if !defined(__BIONIC_HAVE_UCONTEXT_T)
+#include <asm/sigcontext.h>
+
+struct _libc_fpxreg {
+ unsigned short significand[4];
+ unsigned short exponent;
+ unsigned short padding[3];
+};
+
+struct _libc_xmmreg {
+ uint32_t element[4];
+};
+
+struct _libc_fpstate {
+ uint16_t cwd;
+ uint16_t swd;
+ uint16_t twd;
+ uint16_t fop;
+ uint64_t rip;
+ uint64_t rdp;
+ uint32_t mxcsr;
+ uint32_t mxcsr_mask;
+ struct _libc_fpxreg _st[8];
+ struct _libc_xmmreg _xmm[16];
+ uint32_t padding[24];
+};
+
+typedef uint64_t greg_t;
+
+typedef struct {
+ greg_t gregs[23];
+ struct _libc_fpstate* fpregs;
+ unsigned long __reserved1[8];
+} mcontext_t;
+
+enum {
+ REG_R8 = 0,
+ REG_R9,
+ REG_R10,
+ REG_R11,
+ REG_R12,
+ REG_R13,
+ REG_R14,
+ REG_R15,
+ REG_RDI,
+ REG_RSI,
+ REG_RBP,
+ REG_RBX,
+ REG_RDX,
+ REG_RAX,
+ REG_RCX,
+ REG_RSP,
+ REG_RIP,
+ REG_EFL,
+ REG_CSGSFS,
+ REG_ERR,
+ REG_TRAPNO,
+ REG_OLDMASK,
+ REG_CR2,
+ NGREG,
+};
+
+typedef struct ucontext {
+ unsigned long uc_flags;
+ struct ucontext* uc_link;
+ stack_t uc_stack;
+ mcontext_t uc_mcontext;
+ sigset_t uc_sigmask;
+ struct _libc_fpstate __fpregs_mem;
+} ucontext_t;
+
+#else
+#include <sys/ucontext.h>
+#endif // __BIONIC_HAVE_UCONTEXT_T
+
+#endif // SANDBOX_LINUX_SERVICES_ANDROID_X86_64_UCONTEXT_H_
diff --git a/sandbox/linux/services/broker_process.cc b/sandbox/linux/services/broker_process.cc
index 2956cf9..47aec25 100644
--- a/sandbox/linux/services/broker_process.cc
+++ b/sandbox/linux/services/broker_process.cc
@@ -25,6 +25,7 @@
#include "base/posix/eintr_wrapper.h"
#include "base/posix/unix_domain_socket_linux.h"
#include "base/process/process_metrics.h"
+#include "base/third_party/valgrind/valgrind.h"
#include "build/build_config.h"
#include "sandbox/linux/services/linux_syscalls.h"
@@ -34,6 +35,22 @@
namespace {
+bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; }
+
+// A little open(2) wrapper to handle some oddities for us. In the general case
+// make a direct system call since we want to keep in control of the broker
+// process' system calls profile to be able to loosely sandbox it.
+int sys_open(const char* pathname, int flags) {
+ // Always pass a defined |mode| in case flags mistakenly contains O_CREAT.
+ const int mode = 0;
+ if (IsRunningOnValgrind()) {
+ // Valgrind does not support AT_FDCWD, just use libc's open() in this case.
+ return open(pathname, flags, mode);
+ } else {
+ return syscall(__NR_openat, AT_FDCWD, pathname, flags, mode);
+ }
+}
+
static const size_t kMaxMessageLength = 4096;
// Some flags are local to the current process and cannot be sent over a Unix
@@ -433,9 +450,7 @@
if (safe_to_open_file) {
CHECK(file_to_open);
- // We're doing a 2-parameter open, so we don't support O_CREAT. It doesn't
- // hurt to always pass a third argument though.
- int opened_fd = syscall(__NR_open, file_to_open, flags, 0);
+ int opened_fd = sys_open(file_to_open, flags);
if (opened_fd < 0) {
write_pickle->WriteInt(-errno);
} else {
diff --git a/sandbox/linux/services/yama.cc b/sandbox/linux/services/yama.cc
index 773f670..49e1b36 100644
--- a/sandbox/linux/services/yama.cc
+++ b/sandbox/linux/services/yama.cc
@@ -79,7 +79,7 @@
static const char kPtraceScopePath[] = "/proc/sys/kernel/yama/ptrace_scope";
- base::ScopedFD yama_scope(open(kPtraceScopePath, O_RDONLY));
+ base::ScopedFD yama_scope(HANDLE_EINTR(open(kPtraceScopePath, O_RDONLY)));
if (!yama_scope.is_valid()) {
const int open_errno = errno;
diff --git a/sandbox/sandbox.target.darwin-x86_64.mk b/sandbox/sandbox.target.darwin-x86_64.mk
new file mode 100644
index 0000000..6a0b9d5
--- /dev/null
+++ b/sandbox/sandbox.target.darwin-x86_64.mk
@@ -0,0 +1,41 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := GYP
+LOCAL_MODULE := sandbox_sandbox_gyp
+LOCAL_MODULE_STEM := sandbox
+LOCAL_MODULE_SUFFIX := .stamp
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES := \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_sandbox_services_gyp)/sandbox_sandbox_services_gyp.a \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_gyp)/sandbox_seccomp_bpf_gyp.a \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_helpers_gyp)/sandbox_seccomp_bpf_helpers_gyp.a
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+### Rules for final target.
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox
+sandbox: sandbox_sandbox_gyp
+
+LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp
+LOCAL_UNINSTALLABLE_MODULE := true
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES)
+ $(hide) echo "Gyp timestamp: $@"
+ $(hide) mkdir -p $(dir $@)
+ $(hide) touch $@
diff --git a/sandbox/sandbox.target.linux-x86_64.mk b/sandbox/sandbox.target.linux-x86_64.mk
new file mode 100644
index 0000000..6a0b9d5
--- /dev/null
+++ b/sandbox/sandbox.target.linux-x86_64.mk
@@ -0,0 +1,41 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := GYP
+LOCAL_MODULE := sandbox_sandbox_gyp
+LOCAL_MODULE_STEM := sandbox
+LOCAL_MODULE_SUFFIX := .stamp
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES := \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_sandbox_services_gyp)/sandbox_sandbox_services_gyp.a \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_gyp)/sandbox_seccomp_bpf_gyp.a \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_helpers_gyp)/sandbox_seccomp_bpf_helpers_gyp.a
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+### Rules for final target.
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox
+sandbox: sandbox_sandbox_gyp
+
+LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp
+LOCAL_UNINSTALLABLE_MODULE := true
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES)
+ $(hide) echo "Gyp timestamp: $@"
+ $(hide) mkdir -p $(dir $@)
+ $(hide) touch $@
diff --git a/sandbox/sandbox_services.target.darwin-arm.mk b/sandbox/sandbox_services.target.darwin-arm.mk
index 3a35021..b28f494 100644
--- a/sandbox/sandbox_services.target.darwin-arm.mk
+++ b/sandbox/sandbox_services.target.darwin-arm.mk
@@ -82,6 +82,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -167,6 +168,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/sandbox_services.target.darwin-mips.mk b/sandbox/sandbox_services.target.darwin-mips.mk
index 3c1ba8f..0b366bf 100644
--- a/sandbox/sandbox_services.target.darwin-mips.mk
+++ b/sandbox/sandbox_services.target.darwin-mips.mk
@@ -81,6 +81,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -165,6 +166,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/sandbox_services.target.darwin-x86.mk b/sandbox/sandbox_services.target.darwin-x86.mk
index 821a3b4..4606de6 100644
--- a/sandbox/sandbox_services.target.darwin-x86.mk
+++ b/sandbox/sandbox_services.target.darwin-x86.mk
@@ -83,6 +83,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -168,6 +169,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/sandbox_services.target.darwin-x86_64.mk b/sandbox/sandbox_services.target.darwin-x86_64.mk
new file mode 100644
index 0000000..9cddbca
--- /dev/null
+++ b/sandbox/sandbox_services.target.darwin-x86_64.mk
@@ -0,0 +1,265 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_sandbox_services_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/services/broker_process.cc \
+ sandbox/linux/services/init_process_reaper.cc \
+ sandbox/linux/services/scoped_process.cc \
+ sandbox/linux/services/thread_helpers.cc \
+ sandbox/linux/services/yama.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(LOCAL_PATH)/sandbox \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -fomit-frame-pointer \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(LOCAL_PATH)/sandbox \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+
+LOCAL_LDFLAGS_Debug := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel \
+ -Wl,-O1 \
+ -Wl,--as-needed
+
+
+LOCAL_LDFLAGS_Release := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,-O1 \
+ -Wl,--as-needed \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel
+
+
+LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
+
+LOCAL_STATIC_LIBRARIES :=
+
+# Enable grouping to fix circular references
+LOCAL_GROUP_STATIC_LIBRARIES := true
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_services_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox_services
+sandbox_services: sandbox_sandbox_services_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/sandbox_services.target.linux-arm.mk b/sandbox/sandbox_services.target.linux-arm.mk
index 3a35021..b28f494 100644
--- a/sandbox/sandbox_services.target.linux-arm.mk
+++ b/sandbox/sandbox_services.target.linux-arm.mk
@@ -82,6 +82,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -167,6 +168,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/sandbox_services.target.linux-mips.mk b/sandbox/sandbox_services.target.linux-mips.mk
index 3c1ba8f..0b366bf 100644
--- a/sandbox/sandbox_services.target.linux-mips.mk
+++ b/sandbox/sandbox_services.target.linux-mips.mk
@@ -81,6 +81,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -165,6 +166,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/sandbox_services.target.linux-x86.mk b/sandbox/sandbox_services.target.linux-x86.mk
index 821a3b4..4606de6 100644
--- a/sandbox/sandbox_services.target.linux-x86.mk
+++ b/sandbox/sandbox_services.target.linux-x86.mk
@@ -83,6 +83,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -168,6 +169,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/sandbox_services.target.linux-x86_64.mk b/sandbox/sandbox_services.target.linux-x86_64.mk
new file mode 100644
index 0000000..9cddbca
--- /dev/null
+++ b/sandbox/sandbox_services.target.linux-x86_64.mk
@@ -0,0 +1,265 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_sandbox_services_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/services/broker_process.cc \
+ sandbox/linux/services/init_process_reaper.cc \
+ sandbox/linux/services/scoped_process.cc \
+ sandbox/linux/services/thread_helpers.cc \
+ sandbox/linux/services/yama.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(LOCAL_PATH)/sandbox \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -fomit-frame-pointer \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(LOCAL_PATH)/sandbox \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+
+LOCAL_LDFLAGS_Debug := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel \
+ -Wl,-O1 \
+ -Wl,--as-needed
+
+
+LOCAL_LDFLAGS_Release := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,-O1 \
+ -Wl,--as-needed \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel
+
+
+LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
+
+LOCAL_STATIC_LIBRARIES :=
+
+# Enable grouping to fix circular references
+LOCAL_GROUP_STATIC_LIBRARIES := true
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_services_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox_services
+sandbox_services: sandbox_sandbox_services_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/sandbox_services_headers.target.darwin-arm.mk b/sandbox/sandbox_services_headers.target.darwin-arm.mk
index cca5b2f..14b7924 100644
--- a/sandbox/sandbox_services_headers.target.darwin-arm.mk
+++ b/sandbox/sandbox_services_headers.target.darwin-arm.mk
@@ -77,6 +77,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -160,6 +161,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/sandbox_services_headers.target.darwin-x86.mk b/sandbox/sandbox_services_headers.target.darwin-x86.mk
index 872d1e5..2d33593 100644
--- a/sandbox/sandbox_services_headers.target.darwin-x86.mk
+++ b/sandbox/sandbox_services_headers.target.darwin-x86.mk
@@ -78,6 +78,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -161,6 +162,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/sandbox_services_headers.target.darwin-x86_64.mk b/sandbox/sandbox_services_headers.target.darwin-x86_64.mk
new file mode 100644
index 0000000..999df35
--- /dev/null
+++ b/sandbox/sandbox_services_headers.target.darwin-x86_64.mk
@@ -0,0 +1,218 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := GYP
+LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
+LOCAL_MODULE_STEM := sandbox_services_headers
+LOCAL_MODULE_SUFFIX := .stamp
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES :=
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(LOCAL_PATH)/sandbox \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -fomit-frame-pointer \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(LOCAL_PATH)/sandbox \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_services_headers_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox_services_headers
+sandbox_services_headers: sandbox_sandbox_services_headers_gyp
+
+LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp
+LOCAL_UNINSTALLABLE_MODULE := true
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES)
+ $(hide) echo "Gyp timestamp: $@"
+ $(hide) mkdir -p $(dir $@)
+ $(hide) touch $@
diff --git a/sandbox/sandbox_services_headers.target.linux-arm.mk b/sandbox/sandbox_services_headers.target.linux-arm.mk
index cca5b2f..14b7924 100644
--- a/sandbox/sandbox_services_headers.target.linux-arm.mk
+++ b/sandbox/sandbox_services_headers.target.linux-arm.mk
@@ -77,6 +77,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -160,6 +161,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/sandbox_services_headers.target.linux-x86.mk b/sandbox/sandbox_services_headers.target.linux-x86.mk
index 872d1e5..2d33593 100644
--- a/sandbox/sandbox_services_headers.target.linux-x86.mk
+++ b/sandbox/sandbox_services_headers.target.linux-x86.mk
@@ -78,6 +78,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -161,6 +162,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/sandbox_services_headers.target.linux-x86_64.mk b/sandbox/sandbox_services_headers.target.linux-x86_64.mk
new file mode 100644
index 0000000..999df35
--- /dev/null
+++ b/sandbox/sandbox_services_headers.target.linux-x86_64.mk
@@ -0,0 +1,218 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := GYP
+LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
+LOCAL_MODULE_STEM := sandbox_services_headers
+LOCAL_MODULE_SUFFIX := .stamp
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES :=
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(LOCAL_PATH)/sandbox \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -fomit-frame-pointer \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(LOCAL_PATH)/sandbox \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_services_headers_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox_services_headers
+sandbox_services_headers: sandbox_sandbox_services_headers_gyp
+
+LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp
+LOCAL_UNINSTALLABLE_MODULE := true
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES)
+ $(hide) echo "Gyp timestamp: $@"
+ $(hide) mkdir -p $(dir $@)
+ $(hide) touch $@
diff --git a/sandbox/seccomp_bpf.target.darwin-arm.mk b/sandbox/seccomp_bpf.target.darwin-arm.mk
index 096ad95..1989cb8 100644
--- a/sandbox/seccomp_bpf.target.darwin-arm.mk
+++ b/sandbox/seccomp_bpf.target.darwin-arm.mk
@@ -87,6 +87,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -171,6 +172,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/seccomp_bpf.target.darwin-x86.mk b/sandbox/seccomp_bpf.target.darwin-x86.mk
index 36c5af9..b45e8f8 100644
--- a/sandbox/seccomp_bpf.target.darwin-x86.mk
+++ b/sandbox/seccomp_bpf.target.darwin-x86.mk
@@ -88,6 +88,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -172,6 +173,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/seccomp_bpf.target.darwin-x86_64.mk b/sandbox/seccomp_bpf.target.darwin-x86_64.mk
new file mode 100644
index 0000000..fe2546e
--- /dev/null
+++ b/sandbox/seccomp_bpf.target.darwin-x86_64.mk
@@ -0,0 +1,268 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_seccomp_bpf_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES := \
+ $(call intermediates-dir-for,GYP,sandbox_sandbox_services_headers_gyp)/sandbox_services_headers.stamp
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/seccomp-bpf/basicblock.cc \
+ sandbox/linux/seccomp-bpf/codegen.cc \
+ sandbox/linux/seccomp-bpf/die.cc \
+ sandbox/linux/seccomp-bpf/errorcode.cc \
+ sandbox/linux/seccomp-bpf/sandbox_bpf.cc \
+ sandbox/linux/seccomp-bpf/syscall.cc \
+ sandbox/linux/seccomp-bpf/syscall_iterator.cc \
+ sandbox/linux/seccomp-bpf/trap.cc \
+ sandbox/linux/seccomp-bpf/verifier.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -fomit-frame-pointer \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+
+LOCAL_LDFLAGS_Debug := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel \
+ -Wl,-O1 \
+ -Wl,--as-needed
+
+
+LOCAL_LDFLAGS_Release := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,-O1 \
+ -Wl,--as-needed \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel
+
+
+LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
+
+LOCAL_STATIC_LIBRARIES :=
+
+# Enable grouping to fix circular references
+LOCAL_GROUP_STATIC_LIBRARIES := true
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_seccomp_bpf_gyp
+
+# Alias gyp target name.
+.PHONY: seccomp_bpf
+seccomp_bpf: sandbox_seccomp_bpf_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/seccomp_bpf.target.linux-arm.mk b/sandbox/seccomp_bpf.target.linux-arm.mk
index 096ad95..1989cb8 100644
--- a/sandbox/seccomp_bpf.target.linux-arm.mk
+++ b/sandbox/seccomp_bpf.target.linux-arm.mk
@@ -87,6 +87,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -171,6 +172,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/seccomp_bpf.target.linux-x86.mk b/sandbox/seccomp_bpf.target.linux-x86.mk
index 36c5af9..b45e8f8 100644
--- a/sandbox/seccomp_bpf.target.linux-x86.mk
+++ b/sandbox/seccomp_bpf.target.linux-x86.mk
@@ -88,6 +88,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -172,6 +173,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/seccomp_bpf.target.linux-x86_64.mk b/sandbox/seccomp_bpf.target.linux-x86_64.mk
new file mode 100644
index 0000000..fe2546e
--- /dev/null
+++ b/sandbox/seccomp_bpf.target.linux-x86_64.mk
@@ -0,0 +1,268 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_seccomp_bpf_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES := \
+ $(call intermediates-dir-for,GYP,sandbox_sandbox_services_headers_gyp)/sandbox_services_headers.stamp
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/seccomp-bpf/basicblock.cc \
+ sandbox/linux/seccomp-bpf/codegen.cc \
+ sandbox/linux/seccomp-bpf/die.cc \
+ sandbox/linux/seccomp-bpf/errorcode.cc \
+ sandbox/linux/seccomp-bpf/sandbox_bpf.cc \
+ sandbox/linux/seccomp-bpf/syscall.cc \
+ sandbox/linux/seccomp-bpf/syscall_iterator.cc \
+ sandbox/linux/seccomp-bpf/trap.cc \
+ sandbox/linux/seccomp-bpf/verifier.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -fomit-frame-pointer \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+
+LOCAL_LDFLAGS_Debug := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel \
+ -Wl,-O1 \
+ -Wl,--as-needed
+
+
+LOCAL_LDFLAGS_Release := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,-O1 \
+ -Wl,--as-needed \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel
+
+
+LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
+
+LOCAL_STATIC_LIBRARIES :=
+
+# Enable grouping to fix circular references
+LOCAL_GROUP_STATIC_LIBRARIES := true
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_seccomp_bpf_gyp
+
+# Alias gyp target name.
+.PHONY: seccomp_bpf
+seccomp_bpf: sandbox_seccomp_bpf_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/seccomp_bpf_helpers.target.darwin-arm.mk b/sandbox/seccomp_bpf_helpers.target.darwin-arm.mk
index cc3b7a8..b44977c 100644
--- a/sandbox/seccomp_bpf_helpers.target.darwin-arm.mk
+++ b/sandbox/seccomp_bpf_helpers.target.darwin-arm.mk
@@ -81,6 +81,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -164,6 +165,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/seccomp_bpf_helpers.target.darwin-x86.mk b/sandbox/seccomp_bpf_helpers.target.darwin-x86.mk
index 3666889..3244003 100644
--- a/sandbox/seccomp_bpf_helpers.target.darwin-x86.mk
+++ b/sandbox/seccomp_bpf_helpers.target.darwin-x86.mk
@@ -82,6 +82,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -165,6 +166,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/seccomp_bpf_helpers.target.darwin-x86_64.mk b/sandbox/seccomp_bpf_helpers.target.darwin-x86_64.mk
new file mode 100644
index 0000000..08ea756
--- /dev/null
+++ b/sandbox/seccomp_bpf_helpers.target.darwin-x86_64.mk
@@ -0,0 +1,260 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc \
+ sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc \
+ sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc \
+ sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -fomit-frame-pointer \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+
+LOCAL_LDFLAGS_Debug := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel \
+ -Wl,-O1 \
+ -Wl,--as-needed
+
+
+LOCAL_LDFLAGS_Release := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,-O1 \
+ -Wl,--as-needed \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel
+
+
+LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
+
+LOCAL_STATIC_LIBRARIES :=
+
+# Enable grouping to fix circular references
+LOCAL_GROUP_STATIC_LIBRARIES := true
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_seccomp_bpf_helpers_gyp
+
+# Alias gyp target name.
+.PHONY: seccomp_bpf_helpers
+seccomp_bpf_helpers: sandbox_seccomp_bpf_helpers_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/seccomp_bpf_helpers.target.linux-arm.mk b/sandbox/seccomp_bpf_helpers.target.linux-arm.mk
index cc3b7a8..b44977c 100644
--- a/sandbox/seccomp_bpf_helpers.target.linux-arm.mk
+++ b/sandbox/seccomp_bpf_helpers.target.linux-arm.mk
@@ -81,6 +81,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -164,6 +165,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/seccomp_bpf_helpers.target.linux-x86.mk b/sandbox/seccomp_bpf_helpers.target.linux-x86.mk
index 3666889..3244003 100644
--- a/sandbox/seccomp_bpf_helpers.target.linux-x86.mk
+++ b/sandbox/seccomp_bpf_helpers.target.linux-x86.mk
@@ -82,6 +82,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
@@ -165,6 +166,7 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
'-D__STDC_FORMAT_MACROS' \
'-DANDROID' \
diff --git a/sandbox/seccomp_bpf_helpers.target.linux-x86_64.mk b/sandbox/seccomp_bpf_helpers.target.linux-x86_64.mk
new file mode 100644
index 0000000..08ea756
--- /dev/null
+++ b/sandbox/seccomp_bpf_helpers.target.linux-x86_64.mk
@@ -0,0 +1,260 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc \
+ sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc \
+ sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc \
+ sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -m64 \
+ -march=x86-64 \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -fomit-frame-pointer \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-DBLINK_SCALE_FILTERS_AT_RECORD_TIME' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+
+LOCAL_LDFLAGS_Debug := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel \
+ -Wl,-O1 \
+ -Wl,--as-needed
+
+
+LOCAL_LDFLAGS_Release := \
+ -Wl,--fatal-warnings \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m64 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,-O1 \
+ -Wl,--as-needed \
+ -Wl,--gc-sections \
+ -Wl,--warn-shared-textrel
+
+
+LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
+
+LOCAL_STATIC_LIBRARIES :=
+
+# Enable grouping to fix circular references
+LOCAL_GROUP_STATIC_LIBRARIES := true
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_seccomp_bpf_helpers_gyp
+
+# Alias gyp target name.
+.PHONY: seccomp_bpf_helpers
+seccomp_bpf_helpers: sandbox_seccomp_bpf_helpers_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/win/src/interception.cc b/sandbox/win/src/interception.cc
index dde5857..597b937 100644
--- a/sandbox/win/src/interception.cc
+++ b/sandbox/win/src/interception.cc
@@ -399,7 +399,7 @@
thunk_offset &= kPageSize - 1;
// Make an aligned, padded allocation, and move the pointer to our chunk.
- size_t thunk_bytes_padded = (thunk_bytes + kPageSize - 1) & kPageSize;
+ size_t thunk_bytes_padded = (thunk_bytes + kPageSize - 1) & ~(kPageSize - 1);
thunk_base = reinterpret_cast<BYTE*>(
::VirtualAllocEx(child, thunk_base, thunk_bytes_padded,
MEM_COMMIT, PAGE_EXECUTE_READWRITE));