Non-SFI mode: Build nacl_helper_nonsfi_unittests

This CL starts to build nacl_helper_nonsfi_unittests. The binary is not yet enabled to run on bots. It will be done in a following CL. TEST=Ran locally. Ran build bots. Ran build bots with editing configuration to include nacl_helper_nonsfi_unittests. BUG=358465 Review URL: https://codereview.chromium.org/1137553003 Cr-Commit-Position: refs/heads/master@{#330069}

Non-SFI mode: Build nacl_helper_nonsfi_unittests
This CL starts to build nacl_helper_nonsfi_unittests. The binary is not yet enabled to run on bots. It will be done in a following CL. TEST=Ran locally. Ran build bots. Ran build bots with editing configuration to include nacl_helper_nonsfi_unittests. BUG=358465 Review URL: https://codereview.chromium.org/1137553003 Cr-Commit-Position: refs/heads/master@{#330069}
72c418b0 · hidehiko · Commit bot · 7bd179d6 · 72c418b0 · 72c418b0
Commit 72c418b0 authored May 15, 2015 by hidehiko Committed by Commit bot May 15, 2015
8 changed files
--- a/build/all.gyp
+++ b/build/all.gyp
@@ -489,6 +489,11 @@
            '../components/nacl.gyp:nacl_loader_unittests',
          ],
        }],
+        ['disable_nacl==0 and disable_nacl_untrusted==0 and OS=="linux"', {
+          'dependencies': [
+            '../components/nacl_nonsfi.gyp:nacl_helper_nonsfi_unittests',
+          ],
+        }],
        ['disable_nacl==0 and disable_nacl_untrusted==0', {
          'dependencies': [
            '../mojo/mojo_nacl_untrusted.gyp:libmojo',

--- a/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
+++ b/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
@@ -25,6 +25,7 @@
 #include <time.h>
 #include <unistd.h>

+#include "base/at_exit.h"
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/compiler_specific.h"
@@ -42,6 +43,67 @@
 #include "sandbox/linux/system_headers/linux_signal.h"
 #include "sandbox/linux/system_headers/linux_syscalls.h"

+// These defines are for PNaCl toolchain build.
+#if !defined(F_DUPFD_CLOEXEC)
+#define F_DUPFD_CLOEXEC 1030
+#endif
+
+#if !defined(MAP_POPULATE)
+#define MAP_POPULATE 0x8000
+#endif
+
+#if !defined(PROT_GROWSDOWN)
+#define PROT_GROWSDOWN 0x01000000
+#endif
+
+#if !defined(CLOCK_MONOTONIC_RAW)
+#define CLOCK_MONOTONIC_RAW 4
+#endif
+
+#if !defined(AF_INET)
+#define AF_INET 2
+#endif
+
+#if defined(__i386__)
+
+#if !defined(SYS_SOCKET)
+#define SYS_SOCKET 1
+#endif
+
+#if !defined(SYS_BIND)
+#define SYS_BIND 2
+#endif
+
+#if !defined(SYS_CONNECT)
+#define SYS_CONNECT 3
+#endif
+
+#if !defined(SYS_LISTEN)
+#define SYS_LISTEN 4
+#endif
+
+#if !defined(SYS_ACCEPT)
+#define SYS_ACCEPT 5
+#endif
+
+#if !defined(SYS_GETSOCKNAME)
+#define SYS_GETSOCKNAME 6
+#endif
+
+#if !defined(SYS_GETPEERNAME)
+#define SYS_GETPEERNAME 7
+#endif
+
+#if !defined(SYS_SETSOCKOPT)
+#define SYS_SETSOCKOPT 14
+#endif
+
+#if !defined(SYS_GETSOCKOPT)
+#define SYS_GETSOCKOPT 15
+#endif
+
+#endif // defined(__i386__)
+
 namespace {

 void DoPipe(base::ScopedFD* fds) {
@@ -368,18 +430,28 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
  fcntl(fds[0].get(), F_SETFL, O_APPEND);
 }

+void DoFcntl(int fd, int cmd) {
+  // fcntl in PNaCl toolchain returns an error without calling actual system
+  // call for unknown |cmd|. So, instead, here we use syscall().
+#if defined(OS_NACL_NONSFI)
+  syscall(__NR_fcntl64, fd, cmd);
+#else
+  fcntl(fd, cmd);
+#endif
+}
+
 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
                 fcntl_DUPFD,
                 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
                 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
-  fcntl(0, F_DUPFD);
+  DoFcntl(0, F_DUPFD);
 }

 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
                 fcntl_DUPFD_CLOEXEC,
                 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
                 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
-  fcntl(0, F_DUPFD_CLOEXEC);
+  DoFcntl(0, F_DUPFD_CLOEXEC);
 }

 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
@@ -403,6 +475,14 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
 BPF_TEST_C(NaClNonSfiSandboxTest,
           StartingAndJoiningThreadWorks,
           nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
+#if defined(OS_NACL_NONSFI)
+  // base::Thread internally uses LazyInstance, which registers a callback to
+  // AtExitManager. However, in PNaCl toolchain build, it is not instantiated
+  // by the test runner, unlike host toolchain build (nacl_loader_unittests).
+  // Hence, declare it here so that the LazyInstance will work properly.
+  base::AtExitManager at_exit;
+#endif
+
  base::Thread thread("sandbox_tests");
  BPF_ASSERT(thread.Start());
  // |thread|'s destructor will join the thread.
@@ -417,9 +497,20 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
  _exit(1);
 }

+void* DoMmap(int prot, int flags) {
+#if defined(OS_NACL_NONSFI)
+  // When PROT_EXEC is set, PNaCl toolchain's mmap() system call wrapper uses
+  // two system calls mmap2(2) and mprotect(2), so that we cannot test
+  // sandbox with the wrapper. Instead, here we use syscall().
+  return reinterpret_cast<void*>(
+      syscall(__NR_mmap2, NULL, getpagesize(), prot, flags, -1, 0));
+#else
+  return mmap(NULL, getpagesize(), prot, flags, -1, 0);
+#endif
+}
+
 void* DoAllowedAnonymousMmap() {
-  return mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE,
-              MAP_ANONYMOUS | MAP_SHARED, -1, 0);
+  return DoMmap(PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_SHARED);
 }

 BPF_TEST_C(NaClNonSfiSandboxTest,
@@ -434,45 +525,42 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
                 mmap_unallowed_flag,
                 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
                 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
-  mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE,
-       MAP_ANONYMOUS | MAP_POPULATE, -1, 0);
+  DoMmap(PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_POPULATE);
 }

 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
                 mmap_unallowed_prot,
                 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
                 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
-  mmap(NULL, getpagesize(), PROT_READ | PROT_GROWSDOWN,
-       MAP_ANONYMOUS, -1, 0);
+  DoMmap(PROT_READ | PROT_GROWSDOWN, MAP_ANONYMOUS);
 }

 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
                 mmap_exec,
                 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
                 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
-  mmap(NULL, getpagesize(), PROT_EXEC, MAP_ANONYMOUS, -1, 0);
+  DoMmap(PROT_EXEC, MAP_ANONYMOUS);
 }

 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
                 mmap_read_exec,
                 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
                 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
-  mmap(NULL, getpagesize(), PROT_READ | PROT_EXEC, MAP_ANONYMOUS, -1, 0);
+  DoMmap(PROT_READ | PROT_EXEC, MAP_ANONYMOUS);
 }

 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
                 mmap_write_exec,
                 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
                 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
-  mmap(NULL, getpagesize(), PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS, -1, 0);
+  DoMmap(PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS);
 }

 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
                 mmap_read_write_exec,
                 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
                 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
-  mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE | PROT_EXEC,
-       MAP_ANONYMOUS, -1, 0);
+  DoMmap(PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS);
 }

 BPF_TEST_C(NaClNonSfiSandboxTest,
@@ -503,9 +591,13 @@ BPF_TEST_C(NaClNonSfiSandboxTest,
  // The kernel interface must return zero for brk.
  BPF_ASSERT_EQ(0, syscall(__NR_brk, next_brk));
  // The libc wrapper translates it to ENOMEM.
+
+  // Note: PNaCl toolchain does not provide brk() system call wrapper.
+#if !defined(OS_NACL_NONSFI)
  errno = 0;
  BPF_ASSERT_EQ(-1, brk(next_brk));
  BPF_ASSERT_EQ(ENOMEM, errno);
+#endif
 }

 // clockid restrictions are mostly tested in sandbox/ with the

--- a/components/nacl_helper_nonsfi_unittests.isolate
+++ b/components/nacl_helper_nonsfi_unittests.isolate
+# Copyright 2014 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+{
+  'conditions': [
+    ['OS=="linux"', {
+      'variables': {
+        'command': [
+          '<(PRODUCT_DIR)/nacl_helper_nonsfi_unittests',
+        ],
+        'files': [
+          '<(PRODUCT_DIR)/nacl_helper_nonsfi_unittests',
+        ],
+        'read_only': 1,
+      },
+    }],
+  ],
+}
--- a/components/nacl_nonsfi.gyp
+++ b/components/nacl_nonsfi.gyp
@@ -56,8 +56,6 @@
              'nacl/loader/nacl_trusted_listener.cc',
              'nacl/loader/nonsfi/nonsfi_listener.cc',
              'nacl/loader/nonsfi/nonsfi_main.cc',
-              'nacl/loader/nonsfi/nonsfi_sandbox.cc',
-              'nacl/loader/sandbox_linux/nacl_sandbox_linux.cc',
            ],

            'link_flags': [
@@ -74,6 +72,7 @@
              '-lgpu_ipc_nacl',
              '-lipc_nacl_nonsfi',
              '-llatency_info_nacl',
+              '-lnacl_helper_nonsfi_sandbox',
              '-lplatform',
              '-lppapi_ipc_nacl',
              '-lppapi_proxy_nacl',
@@ -99,6 +98,7 @@
                  '>(tc_lib_dir_nonsfi_helper32)/libgpu_ipc_nacl.a',
                  '>(tc_lib_dir_nonsfi_helper32)/libipc_nacl_nonsfi.a',
                  '>(tc_lib_dir_nonsfi_helper32)/liblatency_info_nacl.a',
+                  '>(tc_lib_dir_nonsfi_helper32)/libnacl_helper_nonsfi_sandbox.a',
                  '>(tc_lib_dir_nonsfi_helper32)/libplatform.a',
                  '>(tc_lib_dir_nonsfi_helper32)/libppapi_ipc_nacl.a',
                  '>(tc_lib_dir_nonsfi_helper32)/libppapi_proxy_nacl.a',
@@ -123,6 +123,7 @@
                  '>(tc_lib_dir_nonsfi_helper_arm)/libgpu_ipc_nacl.a',
                  '>(tc_lib_dir_nonsfi_helper_arm)/libipc_nacl_nonsfi.a',
                  '>(tc_lib_dir_nonsfi_helper_arm)/liblatency_info_nacl.a',
+                  '>(tc_lib_dir_nonsfi_helper_arm)/libnacl_helper_nonsfi_sandbox.a',
                  '>(tc_lib_dir_nonsfi_helper_arm)/libplatform.a',
                  '>(tc_lib_dir_nonsfi_helper_arm)/libppapi_ipc_nacl.a',
                  '>(tc_lib_dir_nonsfi_helper_arm)/libppapi_proxy_nacl.a',
@@ -143,9 +144,132 @@
            '../native_client/src/untrusted/nacl/nacl.gyp:nacl_lib_newlib',
            '../ppapi/ppapi_proxy_nacl.gyp:ppapi_proxy_nacl',
            '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_nacl_nonsfi',
+            'nacl_helper_nonsfi_sandbox',
+          ],
+        },
+
+        {
+          'target_name': 'nacl_helper_nonsfi_sandbox',
+          'type': 'none',
+          'variables': {
+            'nacl_untrusted_build': 1,
+            'nlib_target': 'libnacl_helper_nonsfi_sandbox.a',
+
+            'build_glibc': 0,
+            'build_newlib': 0,
+            'build_irt': 0,
+            'build_pnacl_newlib': 0,
+            'build_nonsfi_helper': 1,
+
+            'sources': [
+              'nacl/loader/nonsfi/nonsfi_sandbox.cc',
+              'nacl/loader/sandbox_linux/nacl_sandbox_linux.cc',
+            ],
+          },
+          'dependencies': [
+            '../base/base_nacl.gyp:base_nacl_nonsfi',
+            '../content/content_nacl_nonsfi.gyp:content_common_nacl_nonsfi',
+            '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_nacl_nonsfi',
+          ],
+        },
+
+        {
+          'target_name': 'nacl_helper_nonsfi_unittests',
+          'type': 'none',
+          'variables': {
+            'nacl_untrusted_build': 1,
+            'nexe_target': 'nacl_helper_nonsfi_unittests',
+            # Rename the output binary file to nacl_helper_nonsfi_unittests
+            # and put it directly under out/{Debug,Release}/, so that this is
+            # in the standard location, for running on the buildbots.
+            'out_newlib32_nonsfi': '<(PRODUCT_DIR)/nacl_helper_nonsfi_unittests',
+            'out_newlib_arm_nonsfi': '<(PRODUCT_DIR)/nacl_helper_nonsfi_unitttests',
+
+            'build_glibc': 0,
+            'build_newlib': 0,
+            'build_irt': 0,
+            'build_pnacl_newlib': 0,
+            'build_nonsfi_helper': 1,
+
+            'sources': [
+              'nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc',
+              'nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc',
+            ],
+
+            'link_flags': [
+              '-lbase_nacl_nonsfi',
+              '-lcontent_common_nacl_nonsfi',
+              '-levent_nacl_nonsfi',
+              '-lgio',
+              '-lgtest_main_nacl',
+              '-lgtest_nacl',
+              '-lnacl_helper_nonsfi_sandbox',
+              '-lplatform',
+              '-lsandbox_nacl_nonsfi',
+              '-lsandbox_linux_test_utils_nacl_nonsfi',
+            ],
+
+            'conditions': [
+              ['target_arch=="ia32" or target_arch=="x64"', {
+                'extra_deps_newlib32_nonsfi': [
+                  '>(tc_lib_dir_nonsfi_helper32)/libbase_nacl_nonsfi.a',
+                  '>(tc_lib_dir_nonsfi_helper32)/libcontent_common_nacl_nonsfi.a',
+                  '>(tc_lib_dir_nonsfi_helper32)/libevent_nacl_nonsfi.a',
+                  '>(tc_lib_dir_nonsfi_helper32)/libgio.a',
+                  '>(tc_lib_dir_nonsfi_helper32)/libgtest_main_nacl.a',
+                  '>(tc_lib_dir_nonsfi_helper32)/libgtest_nacl.a',
+                  '>(tc_lib_dir_nonsfi_helper32)/libnacl_helper_nonsfi_sandbox.a',
+                  '>(tc_lib_dir_nonsfi_helper32)/libplatform.a',
+                  '>(tc_lib_dir_nonsfi_helper32)/libsandbox_nacl_nonsfi.a',
+                  '>(tc_lib_dir_nonsfi_helper32)/libsandbox_linux_test_utils_nacl_nonsfi.a',
+                ],
+              }],
+              ['target_arch=="arm"', {
+                'extra_deps_newlib_arm_nonsfi': [
+                  '>(tc_lib_dir_nonsfi_helper_arm)/libbase_nacl_nonsfi.a',
+                  '>(tc_lib_dir_nonsfi_helper_arm)/libcontent_common_nacl_nonsfi.a',
+                  '>(tc_lib_dir_nonsfi_helper_arm)/libevent_nacl_nonsfi.a',
+                  '>(tc_lib_dir_nonsfi_helper_arm)/libgio.a',
+                  '>(tc_lib_dir_nonsfi_helper_arm)/libgtest_main_nacl.a',
+                  '>(tc_lib_dir_nonsfi_helper_arm)/libgtest_nacl.a',
+                  '>(tc_lib_dir_nonsfi_helper_arm)/libnacl_helper_nonsfi_sandbox.a',
+                  '>(tc_lib_dir_nonsfi_helper_arm)/libplatform.a',
+                  '>(tc_lib_dir_nonsfi_helper_arm)/libsandbox_nacl_nonsfi.a',
+                  '>(tc_lib_dir_nonsfi_helper_arm)/libsandbox_linux_test_utils_nacl_nonsfi.a',
+                ],
+              }],
+            ],
+          },
+
+          'dependencies': [
+            '../base/base_nacl.gyp:base_nacl_nonsfi',
+            '../content/content_nacl_nonsfi.gyp:content_common_nacl_nonsfi',
+            '../native_client/src/nonsfi/irt/irt.gyp:nacl_sys_private',
+            '../native_client/src/untrusted/nacl/nacl.gyp:nacl_lib_newlib',
+            '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_nacl_nonsfi',
+            '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_linux_test_utils_nacl_nonsfi',
+            '../testing/gtest_nacl.gyp:gtest_main_nacl',
+            '../testing/gtest_nacl.gyp:gtest_nacl',
+            'nacl_helper_nonsfi_sandbox',
+          ],
+        },
+      ],
+    }],
+    ['disable_nacl==0 and disable_nacl_untrusted==0 and test_isolation_mode!="noop"', {
+      'targets': [
+        {
+          'target_name': 'nacl_helper_nonsfi_unittests_run',
+          'type': 'none',
+          'dependencies': [
+            'nacl_helper_nonsfi_unittests',
+          ],
+          'includes': [
+            '../build/isolate.gypi',
+          ],
+          'sources': [
+            'nacl_helper_nonsfi_unittests.isolate',
          ],
        },
-        # TODO(hidehiko): Add Non-SFI version of nacl_loader_unittests.
      ],
    }],
  ],

--- a/sandbox/linux/system_headers/arm_linux_syscalls.h
+++ b/sandbox/linux/system_headers/arm_linux_syscalls.h
@@ -1205,6 +1205,10 @@
 #define __NR_arm_sync_file_range (__NR_SYSCALL_BASE+341)
 #endif

+#if !defined(__NR_sync_file_range2)
+#define __NR_sync_file_range2 (__NR_SYSCALL_BASE+341)
+#endif
+
 #if !defined(__NR_tee)
 #define __NR_tee (__NR_SYSCALL_BASE+342)
 #endif

--- a/sandbox/linux/tests/unit_tests.cc
+++ b/sandbox/linux/tests/unit_tests.cc
@@ -7,6 +7,8 @@
 #include <signal.h>
 #include <stdio.h>
 #include <sys/resource.h>
+#include <sys/types.h>
+#include <sys/wait.h>
 #include <sys/time.h>
 #include <time.h>
 #include <unistd.h>
@@ -18,6 +20,11 @@
 #include "build/build_config.h"
 #include "sandbox/linux/tests/unit_tests.h"

+// Specifically, PNaCl toolchain does not have this flag.
+#if !defined(POLLRDHUP)
+#define POLLRDHUP 0x2000
+#endif
+
 namespace {
 std::string TestFailedMessage(const std::string& msg) {
  return msg.empty() ? std::string() : "Actual test failure: " + msg;
@@ -67,7 +74,9 @@ bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; }
 static const int kExpectedValue = 42;
 static const int kIgnoreThisTest = 43;
 static const int kExitWithAssertionFailure = 1;
+#if !defined(OS_NACL_NONSFI)
 static const int kExitForTimeout = 2;
+#endif

 #if defined(SANDBOX_USES_BASE_TEST_SUITE)
 // This is due to StackDumpSignalHandler() performing _exit(1).
@@ -75,6 +84,10 @@ static const int kExitForTimeout = 2;
 const int kExitAfterSIGSEGV = 1;
 #endif

+// PNaCl toolchain's signal ABIs are incompatible with Linux's.
+// So, for simplicity, just drop the "timeout" feature from unittest framework
+// with relying on the buildbot's timeout feature.
+#if !defined(OS_NACL_NONSFI)
 static void SigAlrmHandler(int) {
  const char failure_message[] = "Timeout reached!\n";
  // Make sure that we never block here.
@@ -106,6 +119,7 @@ static void SetProcessTimeout(int time_in_seconds) {
  SANDBOX_ASSERT(alarm(time_in_seconds) == 0);  // There should be no previous
                                                // alarm.
 }
+#endif  // !defined(OS_NACL_NONSFI)

 // Runs a test in a sub-process. This is necessary for most of the code
 // in the BPF sandbox, as it potentially makes global state changes and as
@@ -163,7 +177,9 @@ void UnitTests::RunTestInProcess(SandboxTestRunner* test_runner,
    // Don't set a timeout if running on Valgrind, since it's generally much
    // slower.
    if (!IsRunningOnValgrind()) {
+#if !defined(OS_NACL_NONSFI)
      SetProcessTimeout(GetSubProcessTimeoutTimeInSeconds());
+#endif
    }

    // Disable core files. They are not very useful for our individual test

--- a/sandbox/sandbox_nacl_nonsfi.gyp
+++ b/sandbox/sandbox_nacl_nonsfi.gyp
@@ -55,6 +55,29 @@
            '../base/base_nacl.gyp:base_nacl_nonsfi',
          ],
        },
+
+        {
+          'target_name': 'sandbox_linux_test_utils_nacl_nonsfi',
+          'type': 'none',
+          'variables': {
+            'nacl_untrusted_build': 1,
+            'nlib_target': 'libsandbox_linux_test_utils_nacl_nonsfi.a',
+            'build_glibc': 0,
+            'build_newlib': 0,
+            'build_irt': 0,
+            'build_pnacl_newlib': 0,
+            'build_nonsfi_helper': 1,
+
+            'sources': [
+              'linux/seccomp-bpf/sandbox_bpf_test_runner.cc',
+              'linux/tests/sandbox_test_runner.cc',
+              'linux/tests/unit_tests.cc',
+            ],
+          },
+          'dependencies': [
+            '../testing/gtest_nacl.gyp:gtest_nacl',
+          ],
+        },
      ],
    }],
  ],

--- a/testing/gtest_nacl.gyp
+++ b/testing/gtest_nacl.gyp
@@ -20,7 +20,9 @@
            'nlib_target': 'libgtest_nacl.a',
            'build_glibc': 0,
            'build_newlib': 0,
+            'build_irt': 0,
            'build_pnacl_newlib': 1,
+            'build_nonsfi_helper': 1,
          },
          'sources': [
            '<@(gtest_sources)',
@@ -70,7 +72,9 @@
            'nlib_target': 'libgtest_main_nacl.a',
            'build_glibc': 0,
            'build_newlib': 0,
+            'build_irt': 0,
            'build_pnacl_newlib': 1,
+            'build_nonsfi_helper': 1,
          },
          'dependencies': [
            'gtest_nacl',