1############################################## 2## Perform configuration steps for sanitizers. 3############################################## 4 5my_sanitize := $(strip $(LOCAL_SANITIZE)) 6my_sanitize_diag := $(strip $(LOCAL_SANITIZE_DIAG)) 7 8my_global_sanitize := 9my_global_sanitize_diag := 10ifdef LOCAL_IS_HOST_MODULE 11 ifneq ($($(my_prefix)OS),windows) 12 my_global_sanitize := $(strip $(SANITIZE_HOST)) 13 14 # SANITIZE_HOST=true is a deprecated way to say SANITIZE_HOST=address. 15 my_global_sanitize := $(subst true,address,$(my_global_sanitize)) 16 endif 17else 18 my_global_sanitize := $(strip $(SANITIZE_TARGET)) 19 my_global_sanitize_diag := $(strip $(SANITIZE_TARGET_DIAG)) 20endif 21 22# Disable global integer_overflow in excluded paths. 23ifneq ($(filter integer_overflow, $(my_global_sanitize)),) 24 combined_exclude_paths := $(INTEGER_OVERFLOW_EXCLUDE_PATHS) \ 25 $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS) 26 27 ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\ 28 $(filter $(dir)%,$(LOCAL_PATH)))),) 29 my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize)) 30 my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag)) 31 endif 32endif 33 34# Global integer sanitization doesn't support static modules. 35ifeq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),) 36 my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize)) 37 my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag)) 38endif 39ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true) 40 my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize)) 41 my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag)) 42endif 43 44# Disable global CFI in excluded paths 45ifneq ($(filter cfi, $(my_global_sanitize)),) 46 combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \ 47 $(PRODUCT_CFI_EXCLUDE_PATHS) 48 49 ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\ 50 $(filter $(dir)%,$(LOCAL_PATH)))),) 51 my_global_sanitize := $(filter-out cfi,$(my_global_sanitize)) 52 my_global_sanitize_diag := $(filter-out cfi,$(my_global_sanitize_diag)) 53 endif 54endif 55 56ifneq ($(my_global_sanitize),) 57 my_sanitize := $(my_global_sanitize) $(my_sanitize) 58endif 59ifneq ($(my_global_sanitize_diag),) 60 my_sanitize_diag := $(my_global_sanitize_diag) $(my_sanitize_diag) 61endif 62 63# The sanitizer specified in the product configuration wins over the previous. 64ifneq ($(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG),) 65 my_sanitize := $(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG) 66 ifeq ($(my_sanitize),never) 67 my_sanitize := 68 my_sanitize_diag := 69 endif 70endif 71 72ifndef LOCAL_IS_HOST_MODULE 73 # Add a filter point for 32-bit vs 64-bit sanitization (to lighten the burden) 74 SANITIZE_TARGET_ARCH ?= $(TARGET_ARCH) $(TARGET_2ND_ARCH) 75 ifeq ($(filter $(SANITIZE_TARGET_ARCH),$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),) 76 my_sanitize := 77 my_sanitize_diag := 78 endif 79endif 80 81# Add a filter point based on module owner (to lighten the burden). The format is a space- or 82# colon-separated list of owner names. 83ifneq (,$(SANITIZE_NEVER_BY_OWNER)) 84 ifneq (,$(LOCAL_MODULE_OWNER)) 85 ifneq (,$(filter $(LOCAL_MODULE_OWNER),$(subst :, ,$(SANITIZE_NEVER_BY_OWNER)))) 86 $(warning Not sanitizing $(LOCAL_MODULE) based on module owner.) 87 my_sanitize := 88 my_sanitize_diag := 89 endif 90 endif 91endif 92 93# Don't apply sanitizers to NDK code. 94ifdef LOCAL_SDK_VERSION 95 my_sanitize := 96 my_global_sanitize := 97 my_sanitize_diag := 98endif 99 100# Never always wins. 101ifeq ($(LOCAL_SANITIZE),never) 102 my_sanitize := 103 my_sanitize_diag := 104endif 105 106# Enable CFI in included paths (for Arm64 only). 107ifeq ($(filter cfi, $(my_sanitize)),) 108 ifneq ($(filter arm64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),) 109 combined_include_paths := $(CFI_INCLUDE_PATHS) \ 110 $(PRODUCT_CFI_INCLUDE_PATHS) 111 112 ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\ 113 $(filter $(dir)%,$(LOCAL_PATH)))),) 114 my_sanitize := cfi $(my_sanitize) 115 endif 116 endif 117endif 118 119# If CFI is disabled globally, remove it from my_sanitize. 120ifeq ($(strip $(ENABLE_CFI)),false) 121 my_sanitize := $(filter-out cfi,$(my_sanitize)) 122 my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag)) 123endif 124 125# Disable CFI for arm32 (b/35157333). 126ifneq ($(filter arm,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),) 127 my_sanitize := $(filter-out cfi,$(my_sanitize)) 128 my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag)) 129endif 130 131# Also disable CFI if ASAN is enabled. 132ifneq ($(filter address,$(my_sanitize)),) 133 my_sanitize := $(filter-out cfi,$(my_sanitize)) 134 my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag)) 135endif 136 137# CFI needs gold linker, and mips toolchain does not have one. 138ifneq ($(filter mips mips64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),) 139 my_sanitize := $(filter-out cfi,$(my_sanitize)) 140 my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag)) 141endif 142 143# Disable sanitizers which need the UBSan runtime for host targets. 144ifdef LOCAL_IS_HOST_MODULE 145 my_sanitize := $(filter-out cfi,$(my_sanitize)) 146 my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag)) 147 my_sanitize := $(filter-out signed-integer-overflow unsigned-integer-overflow integer_overflow,$(my_sanitize)) 148 my_sanitize_diag := $(filter-out signed-integer-overflow unsigned-integer-overflow integer_overflow,$(my_sanitize_diag)) 149endif 150 151# Support for local sanitize blacklist paths. 152ifneq ($(my_sanitize)$(my_global_sanitize),) 153 ifneq ($(LOCAL_SANITIZE_BLACKLIST),) 154 my_cflags += -fsanitize-blacklist=$(LOCAL_PATH)/$(LOCAL_SANITIZE_BLACKLIST) 155 endif 156endif 157 158# Disable integer_overflow if LOCAL_NOSANITIZE=integer. 159ifneq ($(filter integer_overflow, $(my_global_sanitize) $(my_sanitize)),) 160 ifneq ($(filter integer, $(strip $(LOCAL_NOSANITIZE))),) 161 my_sanitize := $(filter-out integer_overflow,$(my_sanitize)) 162 my_sanitize_diag := $(filter-out integer_overflow,$(my_sanitize_diag)) 163 endif 164endif 165 166my_nosanitize = $(strip $(LOCAL_NOSANITIZE)) 167ifneq ($(my_nosanitize),) 168 my_sanitize := $(filter-out $(my_nosanitize),$(my_sanitize)) 169endif 170 171ifneq ($(filter arm x86 x86_64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),) 172 my_sanitize := $(filter-out hwaddress,$(my_sanitize)) 173endif 174 175ifneq ($(filter hwaddress,$(my_sanitize)),) 176 my_sanitize := $(filter-out address,$(my_sanitize)) 177 my_sanitize := $(filter-out thread,$(my_sanitize)) 178 my_sanitize := $(filter-out cfi,$(my_sanitize)) 179endif 180 181ifneq ($(filter hwaddress,$(my_sanitize)),) 182 my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)HWADDRESS_SANITIZER_RUNTIME_LIBRARY) 183 ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),) 184 ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true) 185 my_static_libraries := $(my_static_libraries) \ 186 $($(LOCAL_2ND_ARCH_VAR_PREFIX)HWADDRESS_SANITIZER_STATIC_LIBRARY) \ 187 libdl 188 endif 189 endif 190endif 191 192# TSAN is not supported on 32-bit architectures. For non-multilib cases, make 193# its use an error. For multilib cases, don't use it for the 32-bit case. 194ifneq ($(filter thread,$(my_sanitize)),) 195 ifeq ($(my_32_64_bit_suffix),32) 196 ifeq ($(my_module_multilib),both) 197 my_sanitize := $(filter-out thread,$(my_sanitize)) 198 else 199 $(error $(LOCAL_PATH): $(LOCAL_MODULE): TSAN cannot be used for 32-bit modules.) 200 endif 201 else 202 my_shared_libraries += $(TSAN_RUNTIME_LIBRARY) 203 endif 204endif 205 206ifneq ($(filter safe-stack,$(my_sanitize)),) 207 ifeq ($(my_32_64_bit_suffix),32) 208 my_sanitize := $(filter-out safe-stack,$(my_sanitize)) 209 endif 210endif 211 212# Disable Scudo if ASan or TSan is enabled. 213ifneq ($(filter address thread hwaddress,$(my_sanitize)),) 214 my_sanitize := $(filter-out scudo,$(my_sanitize)) 215endif 216 217# Or if disabled globally. 218ifeq ($(PRODUCT_DISABLE_SCUDO),true) 219 my_sanitize := $(filter-out scudo,$(my_sanitize)) 220endif 221 222# Undefined symbols can occur if a non-sanitized library links 223# sanitized static libraries. That's OK, because the executable 224# always depends on the ASan runtime library, which defines these 225# symbols. 226ifneq ($(filter address thread,$(strip $(SANITIZE_TARGET))),) 227 ifndef LOCAL_IS_HOST_MODULE 228 ifeq ($(LOCAL_MODULE_CLASS),SHARED_LIBRARIES) 229 ifeq ($(my_sanitize),) 230 my_allow_undefined_symbols := true 231 endif 232 endif 233 endif 234endif 235 236ifneq ($(filter default-ub,$(my_sanitize)),) 237 my_sanitize := $(CLANG_DEFAULT_UB_CHECKS) 238endif 239 240ifneq ($(filter fuzzer,$(my_sanitize)),) 241 # SANITIZE_TARGET='fuzzer' actually means to create the fuzzer coverage 242 # information, not to link against the fuzzer main(). 243 my_sanitize := $(filter-out fuzzer,$(my_sanitize)) 244 my_sanitize += fuzzer-no-link 245 246 # TODO(b/131771163): Disable LTO for fuzzer builds. Note that Cfi causes 247 # dependency on LTO. 248 my_sanitize := $(filter-out cfi,$(my_sanitize)) 249 my_cflags += -fno-lto 250 my_ldflags += -fno-lto 251 252 # TODO(b/133876586): Disable experimental pass manager for fuzzer builds. 253 my_cflags += -fno-experimental-new-pass-manager 254endif 255 256ifneq ($(filter integer_overflow,$(my_sanitize)),) 257 # Respect LOCAL_NOSANITIZE for integer-overflow flags. 258 ifeq ($(filter signed-integer-overflow, $(strip $(LOCAL_NOSANITIZE))),) 259 my_sanitize += signed-integer-overflow 260 endif 261 ifeq ($(filter unsigned-integer-overflow, $(strip $(LOCAL_NOSANITIZE))),) 262 my_sanitize += unsigned-integer-overflow 263 endif 264 my_cflags += $(INTEGER_OVERFLOW_EXTRA_CFLAGS) 265 266 # Check for diagnostics mode. 267 ifneq ($(filter integer_overflow,$(my_sanitize_diag)),) 268 ifneq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),) 269 ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true) 270 my_sanitize_diag += signed-integer-overflow 271 my_sanitize_diag += unsigned-integer-overflow 272 else 273 $(call pretty-error,Make cannot apply integer overflow diagnostics to static binary.) 274 endif 275 else 276 $(call pretty-error,Make cannot apply integer overflow diagnostics to static library.) 277 endif 278 endif 279 my_sanitize := $(filter-out integer_overflow,$(my_sanitize)) 280endif 281 282# Makes sure integer_overflow diagnostics is removed from the diagnostics list 283# even if integer_overflow is not set for some reason. 284ifneq ($(filter integer_overflow,$(my_sanitize_diag)),) 285 my_sanitize_diag := $(filter-out integer_overflow,$(my_sanitize_diag)) 286endif 287 288ifneq ($(my_sanitize),) 289 fsanitize_arg := $(subst $(space),$(comma),$(my_sanitize)) 290 my_cflags += -fsanitize=$(fsanitize_arg) 291 my_asflags += -fsanitize=$(fsanitize_arg) 292 293 # When fuzzing, we wish to crash with diagnostics on any bug. 294 ifneq ($(filter fuzzer-no-link,$(my_sanitize)),) 295 my_cflags += -fno-sanitize-trap=all 296 my_cflags += -fno-sanitize-recover=all 297 my_ldflags += -fsanitize=fuzzer-no-link 298 else ifdef LOCAL_IS_HOST_MODULE 299 my_cflags += -fno-sanitize-recover=all 300 my_ldflags += -fsanitize=$(fsanitize_arg) 301 else 302 my_cflags += -fsanitize-trap=all 303 my_cflags += -ftrap-function=abort 304 ifneq ($(filter address thread,$(my_sanitize)),) 305 my_cflags += -fno-sanitize-trap=address,thread 306 my_shared_libraries += libdl 307 endif 308 endif 309endif 310 311ifneq ($(filter cfi,$(my_sanitize)),) 312 # __cfi_check needs to be built as Thumb (see the code in linker_cfi.cpp). 313 # LLVM is not set up to do this on a function basis, so force Thumb on the 314 # entire module. 315 LOCAL_ARM_MODE := thumb 316 my_cflags += $(CFI_EXTRA_CFLAGS) 317 my_asflags += $(CFI_EXTRA_ASFLAGS) 318 # Only append the default visibility flag if -fvisibility has not already been 319 # set to hidden. 320 ifeq ($(filter -fvisibility=hidden,$(LOCAL_CFLAGS)),) 321 my_cflags += -fvisibility=default 322 endif 323 my_ldflags += $(CFI_EXTRA_LDFLAGS) 324 my_arflags += --plugin $(LLVM_PREBUILTS_PATH)/../lib64/LLVMgold.so 325 326 ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true) 327 my_ldflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_ldflags)) 328 my_cflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_cflags)) 329 else 330 # Apply the version script to non-static executables 331 my_ldflags += -Wl,--version-script,build/soong/cc/config/cfi_exports.map 332 LOCAL_ADDITIONAL_DEPENDENCIES += build/soong/cc/config/cfi_exports.map 333 endif 334endif 335 336# If local or global modules need ASAN, add linker flags. 337ifneq ($(filter address,$(my_global_sanitize) $(my_sanitize)),) 338 my_ldflags += $(ADDRESS_SANITIZER_CONFIG_EXTRA_LDFLAGS) 339 ifdef LOCAL_IS_HOST_MODULE 340 # -nodefaultlibs (provided with libc++) prevents the driver from linking 341 # libraries needed with -fsanitize=address. http://b/18650275 (WAI) 342 my_ldflags += -Wl,--no-as-needed 343 else 344 # Add asan libraries unless LOCAL_MODULE is the asan library. 345 # ASan runtime library must be the first in the link order. 346 ifeq (,$(filter $(LOCAL_MODULE),$($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RUNTIME_LIBRARY))) 347 my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RUNTIME_LIBRARY) \ 348 $(my_shared_libraries) 349 endif 350 351 # Do not add unnecessary dependency in shared libraries. 352 ifeq ($(LOCAL_MODULE_CLASS),SHARED_LIBRARIES) 353 my_ldflags += -Wl,--as-needed 354 endif 355 356 ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),) 357 ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true) 358 my_linker := $($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_LINKER) 359 # Make sure linker_asan get installed. 360 $(LOCAL_INSTALLED_MODULE) : | $(PRODUCT_OUT)$($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_LINKER_FILE) 361 endif 362 endif 363 endif 364endif 365 366# If local module needs ASAN, add compiler flags. 367ifneq ($(filter address,$(my_sanitize)),) 368 # Frame pointer based unwinder in ASan requires ARM frame setup. 369 LOCAL_ARM_MODE := arm 370 my_cflags += $(ADDRESS_SANITIZER_CONFIG_EXTRA_CFLAGS) 371 ifndef LOCAL_IS_HOST_MODULE 372 my_cflags += -mllvm -asan-globals=0 373 endif 374endif 375 376# If local module needs HWASAN, add compiler flags. 377ifneq ($(filter hwaddress,$(my_sanitize)),) 378 my_cflags += $(HWADDRESS_SANITIZER_CONFIG_EXTRA_CFLAGS) 379endif 380 381# Use minimal diagnostics when integer overflow is enabled; never do it for HOST or AUX modules 382ifeq ($(LOCAL_IS_HOST_MODULE)$(LOCAL_IS_AUX_MODULE),) 383 # Pre-emptively add UBSAN minimal runtime incase a static library dependency requires it 384 ifeq ($(filter STATIC_LIBRARIES,$(LOCAL_MODULE_CLASS)),) 385 ifndef LOCAL_SDK_VERSION 386 my_static_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_MINIMAL_RUNTIME_LIBRARY) 387 my_ldflags += -Wl,--exclude-libs,$($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_MINIMAL_RUNTIME_LIBRARY).a 388 endif 389 endif 390 ifneq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize)),) 391 ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize_diag)),) 392 ifeq ($(filter cfi,$(my_sanitize_diag)),) 393 ifeq ($(filter address hwaddress fuzzer-no-link,$(my_sanitize)),) 394 my_cflags += -fsanitize-minimal-runtime 395 my_cflags += -fno-sanitize-trap=integer 396 my_cflags += -fno-sanitize-recover=integer 397 endif 398 endif 399 endif 400 endif 401endif 402 403# For Scudo, we opt for the minimal runtime, unless some diagnostics are enabled. 404ifneq ($(filter scudo,$(my_sanitize)),) 405 ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer cfi,$(my_sanitize_diag)),) 406 my_cflags += -fsanitize-minimal-runtime 407 endif 408 ifneq ($(filter -fsanitize-minimal-runtime,$(my_cflags)),) 409 my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)SCUDO_MINIMAL_RUNTIME_LIBRARY) 410 else 411 my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)SCUDO_RUNTIME_LIBRARY) 412 endif 413endif 414 415ifneq ($(strip $(LOCAL_SANITIZE_RECOVER)),) 416 recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_RECOVER)), 417 my_cflags += -fsanitize-recover=$(recover_arg) 418endif 419 420ifneq ($(strip $(LOCAL_SANITIZE_NO_RECOVER)),) 421 no_recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_NO_RECOVER)), 422 my_cflags += -fno-sanitize-recover=$(no_recover_arg) 423endif 424 425ifneq ($(my_sanitize_diag),) 426 # TODO(vishwath): Add diagnostic support for static executables once 427 # we switch to clang-4393122 (which adds the static ubsan runtime 428 # that this depends on) 429 ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true) 430 notrap_arg := $(subst $(space),$(comma),$(my_sanitize_diag)), 431 my_cflags += -fno-sanitize-trap=$(notrap_arg) 432 # Diagnostic requires a runtime library, unless ASan or TSan are also enabled. 433 ifeq ($(filter address thread scudo hwaddress,$(my_sanitize)),) 434 # Does not have to be the first DT_NEEDED unlike ASan. 435 my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY) 436 endif 437 endif 438endif 439 440# http://b/119329758, Android core does not boot up with this sanitizer yet. 441# Previously sanitized modules might not pass new implicit-integer-sign-change check. 442# Disable this check unless it has been explicitly specified. 443ifneq ($(findstring fsanitize,$(my_cflags)),) 444 ifneq ($(findstring integer,$(my_cflags)),) 445 ifeq ($(findstring sanitize=implicit-integer-sign-change,$(my_cflags)),) 446 my_cflags += -fno-sanitize=implicit-integer-sign-change 447 endif 448 endif 449endif 450