• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14import("//build/config/security/security_config.gni")
15
16config("auto_var_init_configs") {
17  if (using_security_flag && !is_mingw) {
18    assert(
19        is_clang,
20        "currently, automatic variable initialization only supported with clang")
21    configs = [ ":auto_var_zero_init_config" ]
22  }
23}
24
25all_security_configs = [ ":auto_var_init_configs" ]
26
27# This config is applied by default to all targets. It sets the compiler flags
28# for automatic variable initialization, or, if no config is set, does nothing.
29config("default_security_configs") {
30  configs = all_security_configs
31}
32
33# Set the uninitialized local variables to pattern.
34config("auto_var_pattern_init_config") {
35  cflags = [ "-ftrivial-auto-var-init=pattern" ]
36}
37
38# Set the uninitialized local variables to zero. But it will be removed from clang int the future.
39# Currently, enabling the config of pattern for all components is impractical and may cause system
40# instability. So on the premise that the system is stable, the config of zero need to be gradually replaced with
41# the config of pattern.
42config("auto_var_zero_init_config") {
43  cflags = [
44    "-ftrivial-auto-var-init=zero",
45    "-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang",
46  ]
47}
48
49# Do not set the uninitialized local variables to any value.
50config("auto_var_uninit_config") {
51  cflags = [ "-ftrivial-auto-var-init=uninitialized" ]
52}
53
54# Stack protection.
55config("stack_protector_config") {
56  cflags = []
57  if (is_mac) {
58    if (is_debug) {
59      cflags += [ "-fstack-protector-strong" ]
60    } else {
61      cflags += [ "-fstack-protector" ]
62    }
63  } else if (is_posix && !is_chromeos && !is_nacl) {
64    cflags += [ "--param=ssp-buffer-size=4" ]
65
66    if (is_mingw) {
67      cflags += [ "-fno-stack-protector" ]
68    } else if (is_ohos && current_cpu == "x86") {
69      cflags += [ "-fno-stack-protector" ]
70    } else if (current_os != "aix") {
71      cflags += [ "-fstack-protector-strong" ]
72    }
73  }
74}
75
76config("stack_protector_ret_all_config") {
77  cflags = []
78  if (is_mac) {
79    if (is_debug) {
80      cflags += [ "-fstack-protector-strong" ]
81    } else {
82      cflags += [ "-fstack-protector" ]
83    }
84  } else if (is_posix && !is_chromeos && !is_nacl) {
85    cflags += [ "--param=ssp-buffer-size=4" ]
86
87    if (is_mingw) {
88      cflags += [ "-fno-stack-protector" ]
89    } else if (is_ohos && current_cpu == "x86") {
90      cflags += [ "-fno-stack-protector" ]
91    } else if (current_os != "aix") {
92      if (support_stack_protector_ret == true) {
93        cflags += [
94          "-fstack-protector-ret-all",
95          "--param=ssp-ret-cookie-size=1000",
96        ]
97      } else {
98        cflags += [ "-fstack-protector-strong" ]
99      }
100    }
101  }
102}
103
104config("stack_protector_ret_strong_config") {
105  cflags = []
106  if (is_mac) {
107    if (is_debug) {
108      cflags += [ "-fstack-protector-strong" ]
109    } else {
110      cflags += [ "-fstack-protector" ]
111    }
112  } else if (is_posix && !is_chromeos && !is_nacl) {
113    cflags += [ "--param=ssp-buffer-size=4" ]
114
115    if (is_mingw) {
116      cflags += [ "-fno-stack-protector" ]
117    } else if (is_ohos && current_cpu == "x86") {
118      cflags += [ "-fno-stack-protector" ]
119    } else if (current_os != "aix") {
120      if (support_stack_protector_ret == true) {
121        cflags += [ "-fstack-protector-ret-strong" ]
122      } else {
123        cflags += [ "-fstack-protector-strong" ]
124      }
125    }
126  }
127}
128
129#-fPIC or fpic
130config("pic_config") {
131  cflags = [ "-fPIC" ]
132  ldflags = [ "-fPIC" ]
133}
134
135#-Wl,-z,noexecstack.
136#-Wl,-z,now.
137#-Wl,-z,relro.
138config("-Wl-z_config") {
139  ldflags = [
140    "-Wl,-z,noexecstack",
141    "-Wl,-z,now",
142    "-Wl,-z,relro",
143  ]
144}
145
146#pie
147config("executable_config") {
148  cflags = [ "-fPIE" ]
149  asmflags = [ "-fPIE" ]
150  ldflags = [ "-pie" ]
151}
152