// Copyright (C) 2023 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // Cronet handles all of its licenses declaration in the top level Android.bp and // LICENSE files (//external/cronet/Android.bp and //external/cronet/LICENSE). // Boringsll's license can also be found at // //external/cronet/third_party/boringssl/src/LICENSE. package { default_visibility: [ "//external/cronet:__subpackages__", "//packages/modules/Connectivity/Tethering:__subpackages__", ], // See: http://go/android-license-faq // A large-scale-change added 'default_applicable_licenses' to import // all of the 'license_kinds' from "external_cronet_license" // to get the below license kinds: // legacy_unencumbered // SPDX-license-identifier-Apache-2.0 // SPDX-license-identifier-BSD // SPDX-license-identifier-BSD-3-Clause // SPDX-license-identifier-ISC // SPDX-license-identifier-MIT // SPDX-license-identifier-OpenSSL default_applicable_licenses: ["external_cronet_license"], } build = ["sources.bp"] cc_defaults { name: "stable_cronet_cronet_defaults", stl: "none", apex_available: [ "com.android.tethering", ], min_sdk_version: "30", include_dirs: [ "external/cronet/stable/buildtools/third_party/libc++/", "external/cronet/stable/third_party/libc++/src/include", "external/cronet/stable/third_party/libc++abi/src/include", ], static_libs: [ "stable_cronet_buildtools_third_party_libc___libc__", "stable_cronet_buildtools_third_party_libc__abi_libc__abi" ], } cc_defaults { name: "stable_cronet_boringssl_flags", cflags: [ "-fvisibility=hidden", "-DBORINGSSL_SHARED_LIBRARY", "-DBORINGSSL_ANDROID_SYSTEM", // Chromium uses extensive harderning mode, so setting the same for boringssl. "-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE", "-DOPENSSL_SMALL", "-Werror", "-Wno-unused-parameter", ], cppflags: [ "-Wall", "-Werror", ], } cc_defaults { name: "stable_cronet_boringssl_defaults", local_include_dirs: ["src/include"], export_include_dirs: ["src/include"], cflags: [ "-DBORINGSSL_IMPLEMENTATION", ], } cc_defaults { name: "stable_cronet_libcrypto_defaults", target: { android: { // On FIPS builds (i.e. Android only) prevent other libraries // from pre-empting symbols in libcrypto which could affect FIPS // compliance and cause integrity checks to fail. See b/160231064. ldflags: ["-Wl,-Bsymbolic"], }, }, local_include_dirs: ["src/crypto"], } cc_object { name: "stable_cronet_bcm_object", defaults: [ "stable_cronet_boringssl_defaults", "stable_cronet_boringssl_flags", "stable_cronet_cronet_defaults", "stable_cronet_libcrypto_bcm_sources", "stable_cronet_libcrypto_defaults", ], sanitize: { address: false, hwaddress: false, // This is a placeholder // to help prevent // merge conflicts. memtag_stack: false, // This is a placeholder // to help prevent // merge conflicts. fuzzer: false, memtag_globals: false, }, target: { android: { cflags: [ "-DBORINGSSL_FIPS", "-fPIC", // -fno[data|text]-sections required to ensure a // single text and data section for FIPS integrity check "-fno-data-sections", "-fno-function-sections", ], linker_script: "src/crypto/fipsmodule/fips_shared.lds", }, // From //external/boringssl: Temporary hack to let BoringSSL build with a new compiler. // This doesn't enable HWASAN unconditionally, it just causes // BoringSSL's asm code to unconditionally use a HWASAN-compatible // global variable reference so that the non-HWASANified (because of // sanitize: { hwaddress: false } above) code in the BCM can // successfully link against the HWASANified code in the rest of // BoringSSL in HWASAN builds. android_arm64: { asflags: [ "-fsanitize=hwaddress", ], }, }, } cc_library_shared { name: "stable_cronet_libcrypto", defaults: [ "stable_cronet_boringssl_defaults", "stable_cronet_boringssl_flags", "stable_cronet_cronet_defaults", "stable_cronet_libcrypto_defaults", "stable_cronet_libcrypto_sources", ], unique_host_soname: true, srcs: [ ":stable_cronet_bcm_object", ], target: { android: { cflags: [ "-DBORINGSSL_FIPS", ], sanitize: { // Disable address sanitizing otherwise libcrypto will not report // itself as being in FIPS mode, which causes boringssl_self_test // to fail. address: false, }, inject_bssl_hash: true, }, }, } cc_library_shared { name: "stable_cronet_libssl", defaults: [ "stable_cronet_boringssl_defaults", "stable_cronet_boringssl_flags", "stable_cronet_cronet_defaults", "stable_cronet_libssl_sources", ], unique_host_soname: true, shared_libs: ["stable_cronet_libcrypto"], } cc_library_shared { name: "stable_cronet_libpki", defaults: [ "stable_cronet_boringssl_defaults", "stable_cronet_boringssl_flags", "stable_cronet_cronet_defaults", "stable_cronet_libpki_sources", ], unique_host_soname: true, cflags: ["-D_BORINGSSL_LIBPKI_"], shared_libs: ["stable_cronet_libcrypto"], }