1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13import("//build/config/clang/clang.gni") 14 15declare_args() { 16 # Enable the config that variables are automatically initialized by default. 17 enable_auto_var_init = false 18} 19 20using_security_flag = enable_auto_var_init 21 22if (!is_ohos) { 23 using_security_flag = false 24} 25 26# support_stack_protector_ret = true if clang support -fstack-protector-ret 27clang_bin = rebase_path("${default_clang_base_path}/bin/clang", root_build_dir) 28cmd = "${clang_bin} --help | grep fstack-protector-ret | wc -l" 29 30# exec_script returns 1 if grep fstack-protector-ret failed, indicating fstack-protector-ret not supported 31res = exec_script("//build/lite/run_shell_cmd.py", [ cmd ], "value") 32if (res == 1) { 33 support_stack_protector_ret = true 34} else { 35 support_stack_protector_ret = false 36} 37 38assert( 39 !using_security_flag || is_clang, 40 "automatic variable initialization requires setting is_clang = true in 'gn args'") 41 42template("ohos_auto_initialize_config") { 43 config(target_name) { 44 forward_variables_from(invoker, [ "auto_var_init" ]) 45 46 configs = [] 47 48 # Currently, only the clang compiler and standard system support automatic variable initialization. 49 if (is_clang && is_standard_system) { 50 if (defined(auto_var_init)) { 51 assert( 52 auto_var_init == "pattern" || auto_var_init == "zero" || 53 auto_var_init == "uninit", 54 "auto_var_init can only be set to pattern, zero or uninit, for example, auto_var_init = \"pattern\"") 55 56 if (auto_var_init == "pattern") { 57 configs += [ "//build/config/security:auto_var_pattern_init_config" ] 58 } else if (auto_var_init == "zero") { 59 configs += [ "//build/config/security:auto_var_zero_init_config" ] 60 } else if (auto_var_init == "uninit") { 61 configs += [ "//build/config/security:auto_var_uninit_config" ] 62 } 63 } else { 64 configs += [ "//build/config/security:auto_var_zero_init_config" ] 65 } 66 } 67 } 68} 69 70template("ohos_stack_protector_ret_config") { 71 config(target_name) { 72 forward_variables_from(invoker, [ "stack_protector_ret" ]) 73 cflags = [] 74 if (defined(stack_protector_ret) && stack_protector_ret && 75 support_stack_protector_ret) { 76 cflags += [ "-fstack-protector-ret" ] 77 } 78 } 79} 80 81template("ohos_security_config") { 82 config(target_name) { 83 configs = [] 84 _auto_initialize_config_target = "${target_name}__auto_initialize_config" 85 ohos_auto_initialize_config(_auto_initialize_config_target) { 86 forward_variables_from(invoker, [ "auto_var_init" ]) 87 } 88 89 _stack_protector_ret_config_target = 90 "${target_name}__stack_protector_config" 91 ohos_stack_protector_ret_config(_stack_protector_ret_config_target) { 92 forward_variables_from(invoker, [ "stack_protector_ret" ]) 93 } 94 95 configs += [ ":$_auto_initialize_config_target" ] 96 configs += [ ":$_stack_protector_ret_config_target" ] 97 } 98} 99