1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14import("//build/config/security/security_config.gni") 15 16config("auto_var_init_configs") { 17 if (using_security_flag && !is_mingw) { 18 assert( 19 is_clang, 20 "currently, automatic variable initialization only supported with clang") 21 configs = [ ":auto_var_zero_init_config" ] 22 } 23} 24 25all_security_configs = [ ":auto_var_init_configs" ] 26 27# This config is applied by default to all targets. It sets the compiler flags 28# for automatic variable initialization, or, if no config is set, does nothing. 29config("default_security_configs") { 30 configs = all_security_configs 31} 32 33# Set the uninitialized local variables to pattern. 34config("auto_var_pattern_init_config") { 35 cflags = [ "-ftrivial-auto-var-init=pattern" ] 36} 37 38# Set the uninitialized local variables to zero. But it will be removed from clang int the future. 39# Currently, enabling the config of pattern for all components is impractical and may cause system 40# instability. So on the premise that the system is stable, the config of zero need to be gradually replaced with 41# the config of pattern. 42config("auto_var_zero_init_config") { 43 cflags = [ 44 "-ftrivial-auto-var-init=zero", 45 "-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang", 46 ] 47} 48 49# Do not set the uninitialized local variables to any value. 50config("auto_var_uninit_config") { 51 cflags = [ "-ftrivial-auto-var-init=uninitialized" ] 52} 53 54# Stack protection. 55config("stack_protector_config") { 56 cflags = [] 57 if (is_mac) { 58 if (is_debug) { 59 cflags += [ "-fstack-protector-strong" ] 60 } else { 61 cflags += [ "-fstack-protector" ] 62 } 63 } else if (is_posix && !is_chromeos && !is_nacl) { 64 if (is_mingw) { 65 cflags += [ "-fno-stack-protector" ] 66 } else if (is_ohos && current_cpu == "x86") { 67 cflags += [ "-fno-stack-protector" ] 68 } else if (current_os != "aix") { 69 cflags += [ "-fstack-protector-strong" ] 70 } 71 } 72} 73 74config("stack_protector_ret_all_config") { 75 cflags = [] 76 cflags_c = [] 77 cflags_cc = [] 78 if (is_mac) { 79 if (is_debug) { 80 cflags += [ "-fstack-protector-strong" ] 81 } else { 82 cflags += [ "-fstack-protector" ] 83 } 84 } else if (is_posix && !is_chromeos && !is_nacl) { 85 if (is_mingw) { 86 cflags += [ "-fno-stack-protector" ] 87 } else if (is_ohos && current_cpu == "x86") { 88 cflags += [ "-fno-stack-protector" ] 89 } else if (current_os != "aix") { 90 if (support_stack_protector_ret == true) { 91 cflags += [ 92 "-fstack-protector-ret-all", 93 "--param=ssp-ret-cookie-size=1000", 94 ] 95 cflags_c += [ 96 "-fstack-protector-ret-all", 97 "--param=ssp-ret-cookie-size=1000", 98 ] 99 cflags_cc += [ 100 "-fstack-protector-ret-all", 101 "--param=ssp-ret-cookie-size=1000", 102 ] 103 } else { 104 cflags += [ "-fstack-protector-strong" ] 105 } 106 } 107 } 108} 109 110config("stack_protector_ret_strong_config") { 111 cflags = [] 112 cflags_c = [] 113 cflags_cc = [] 114 if (is_mac) { 115 if (is_debug) { 116 cflags += [ "-fstack-protector-strong" ] 117 } else { 118 cflags += [ "-fstack-protector" ] 119 } 120 } else if (is_posix && !is_chromeos && !is_nacl) { 121 if (is_mingw) { 122 cflags += [ "-fno-stack-protector" ] 123 } else if (is_ohos && current_cpu == "x86") { 124 cflags += [ "-fno-stack-protector" ] 125 } else if (current_os != "aix") { 126 if (support_stack_protector_ret == true) { 127 cflags += [ "-fstack-protector-ret-strong" ] 128 cflags_c += [ "-fstack-protector-ret-strong" ] 129 cflags_cc += [ "-fstack-protector-ret-strong" ] 130 } else { 131 cflags += [ "-fstack-protector-strong" ] 132 } 133 } 134 } 135} 136