1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14import("//build/config/security/security_config.gni") 15 16config("auto_var_init_configs") { 17 if (using_security_flag && !is_mingw) { 18 assert( 19 is_clang, 20 "currently, automatic variable initialization only supported with clang") 21 configs = [ ":auto_var_zero_init_config" ] 22 } 23} 24 25all_security_configs = [ ":auto_var_init_configs" ] 26 27# This config is applied by default to all targets. It sets the compiler flags 28# for automatic variable initialization, or, if no config is set, does nothing. 29config("default_security_configs") { 30 configs = all_security_configs 31} 32 33# Set the uninitialized local variables to pattern. 34config("auto_var_pattern_init_config") { 35 cflags = [ "-ftrivial-auto-var-init=pattern" ] 36} 37 38# Set the uninitialized local variables to zero. But it will be removed from clang int the future. 39# Currently, enabling the config of pattern for all components is impractical and may cause system 40# instability. So on the premise that the system is stable, the config of zero need to be gradually replaced with 41# the config of pattern. 42config("auto_var_zero_init_config") { 43 cflags = [ 44 "-ftrivial-auto-var-init=zero", 45 "-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang", 46 ] 47} 48 49# Do not set the uninitialized local variables to any value. 50config("auto_var_uninit_config") { 51 cflags = [ "-ftrivial-auto-var-init=uninitialized" ] 52} 53 54# Stack protection. 55config("stack_protector_config") { 56 cflags = [] 57 if (is_mac) { 58 if (is_debug) { 59 cflags += [ "-fstack-protector-strong" ] 60 } else { 61 cflags += [ "-fstack-protector" ] 62 } 63 } else if (is_posix && !is_chromeos && !is_nacl) { 64 if (is_mingw) { 65 cflags += [ "-fno-stack-protector" ] 66 } else if (is_ohos && current_cpu == "x86") { 67 cflags += [ "-fno-stack-protector" ] 68 } else if (current_os != "aix") { 69 cflags += [ "-fstack-protector-strong" ] 70 } 71 } 72} 73 74config("stack_protector_ret_all_config") { 75 cflags = [] 76 if (is_mac) { 77 if (is_debug) { 78 cflags += [ "-fstack-protector-strong" ] 79 } else { 80 cflags += [ "-fstack-protector" ] 81 } 82 } else if (is_posix && !is_chromeos && !is_nacl) { 83 if (is_mingw) { 84 cflags += [ "-fno-stack-protector" ] 85 } else if (is_ohos && current_cpu == "x86") { 86 cflags += [ "-fno-stack-protector" ] 87 } else if (current_os != "aix") { 88 if (support_stack_protector_ret == true) { 89 cflags += [ 90 "-fstack-protector-ret-all", 91 "--param=ssp-ret-cookie-size=1000", 92 ] 93 } else { 94 cflags += [ "-fstack-protector-strong" ] 95 } 96 } 97 } 98} 99 100config("stack_protector_ret_strong_config") { 101 cflags = [] 102 if (is_mac) { 103 if (is_debug) { 104 cflags += [ "-fstack-protector-strong" ] 105 } else { 106 cflags += [ "-fstack-protector" ] 107 } 108 } else if (is_posix && !is_chromeos && !is_nacl) { 109 if (is_mingw) { 110 cflags += [ "-fno-stack-protector" ] 111 } else if (is_ohos && current_cpu == "x86") { 112 cflags += [ "-fno-stack-protector" ] 113 } else if (current_os != "aix") { 114 if (support_stack_protector_ret == true) { 115 cflags += [ "-fstack-protector-ret-strong" ] 116 } else { 117 cflags += [ "-fstack-protector-strong" ] 118 } 119 } 120 } 121} 122 123#-fPIC or fpic 124config("pic_config") { 125 cflags = [ "-fPIC" ] 126 ldflags = [ "-fPIC" ] 127} 128 129#-Wl,-z,noexecstack. 130#-Wl,-z,now. 131#-Wl,-z,relro. 132config("-Wl-z_config") { 133 ldflags = [ 134 "-Wl,-z,noexecstack", 135 "-Wl,-z,now", 136 "-Wl,-z,relro", 137 ] 138} 139 140#pie 141config("executable_config") { 142 cflags = [ "-fPIE" ] 143 asmflags = [ "-fPIE" ] 144 ldflags = [ "-pie" ] 145} 146