phs_v1.0.1.0/build/config/security/security_config.gni

# Copyright (c) 2022 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/config/clang/clang.gni")

declare_args() {
  # Enable the config that variables are automatically initialized by default.
  enable_auto_var_init = false
  support_stack_protector_ret = false
}

using_security_flag = enable_auto_var_init

if (!is_ohos) {
  using_security_flag = false
}

# support_stack_protector_ret = true if clang support -fstack-protector-ret-all
clang_bin = rebase_path("${default_clang_base_path}/bin/clang", root_build_dir)
cmd = "${clang_bin} --help | grep fstack-protector-ret-all | wc -l"

# exec_script returns 1 if grep -fstack-protector-ret-all failed, indicating -fstack-protector-ret-all not supported
res = exec_script("//build/scripts/run_shell_cmd.py", [ cmd ], "value")
if (target_cpu == "arm64" && res == 1 && is_ohos && is_standard_system &&
    !is_mingw) {
  support_stack_protector_ret = true
} else {
  support_stack_protector_ret = false
}

assert(
    !using_security_flag || is_clang,
    "automatic variable initialization requires setting is_clang = true in 'gn args'")

template("ohos_auto_initialize_config") {
  config(target_name) {
    forward_variables_from(invoker, [ "auto_var_init" ])

    configs = []

    # Currently, only the clang compiler and standard system support automatic variable initialization.
    if (is_clang && is_standard_system) {
      if (defined(auto_var_init)) {
        assert(
            auto_var_init == "pattern" || auto_var_init == "zero" ||
                auto_var_init == "uninit",
            "auto_var_init can only be set to pattern, zero or uninit, for example, auto_var_init = \"pattern\"")

        if (auto_var_init == "pattern") {
          configs += [ "//build/config/security:auto_var_pattern_init_config" ]
        } else if (auto_var_init == "zero") {
          configs += [ "//build/config/security:auto_var_zero_init_config" ]
        } else if (auto_var_init == "uninit") {
          configs += [ "//build/config/security:auto_var_uninit_config" ]
        }
      } else {
        configs += [ "//build/config/security:auto_var_zero_init_config" ]
      }
    }
  }
}

template("ohos_security_config") {
  config(target_name) {
    configs = []
    _auto_initialize_config_target = "${target_name}__auto_initialize_config"
    ohos_auto_initialize_config(_auto_initialize_config_target) {
      forward_variables_from(invoker, [ "auto_var_init" ])
    }

    configs += [ ":$_auto_initialize_config_target" ]
  }
}
提交 #1 2024-09-27 19:16:49 +08:00			`# Copyright (c) 2022 Huawei Device Co., Ltd.`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`import("//build/config/clang/clang.gni")`

			`declare_args() {`
			`# Enable the config that variables are automatically initialized by default.`
			`enable_auto_var_init = false`
			`support_stack_protector_ret = false`
			`}`

			`using_security_flag = enable_auto_var_init`

			`if (!is_ohos) {`
			`using_security_flag = false`
			`}`

			`# support_stack_protector_ret = true if clang support -fstack-protector-ret-all`
			`clang_bin = rebase_path("${default_clang_base_path}/bin/clang", root_build_dir)`
			`cmd = "${clang_bin} --help \| grep fstack-protector-ret-all \| wc -l"`

			`# exec_script returns 1 if grep -fstack-protector-ret-all failed, indicating -fstack-protector-ret-all not supported`
			`res = exec_script("//build/scripts/run_shell_cmd.py", [ cmd ], "value")`
			`if (target_cpu == "arm64" && res == 1 && is_ohos && is_standard_system &&`
			`!is_mingw) {`
			`support_stack_protector_ret = true`
			`} else {`
			`support_stack_protector_ret = false`
			`}`

			`assert(`
			`!using_security_flag \|\| is_clang,`
			`"automatic variable initialization requires setting is_clang = true in 'gn args'")`

			`template("ohos_auto_initialize_config") {`
			`config(target_name) {`
			`forward_variables_from(invoker, [ "auto_var_init" ])`

			`configs = []`

			`# Currently, only the clang compiler and standard system support automatic variable initialization.`
			`if (is_clang && is_standard_system) {`
			`if (defined(auto_var_init)) {`
			`assert(`
			`auto_var_init == "pattern" \|\| auto_var_init == "zero" \|\|`
			`auto_var_init == "uninit",`
			`"auto_var_init can only be set to pattern, zero or uninit, for example, auto_var_init = \"pattern\"")`

			`if (auto_var_init == "pattern") {`
			`configs += [ "//build/config/security:auto_var_pattern_init_config" ]`
			`} else if (auto_var_init == "zero") {`
			`configs += [ "//build/config/security:auto_var_zero_init_config" ]`
			`} else if (auto_var_init == "uninit") {`
			`configs += [ "//build/config/security:auto_var_uninit_config" ]`
			`}`
			`} else {`
			`configs += [ "//build/config/security:auto_var_zero_init_config" ]`
			`}`
			`}`
			`}`
			`}`

			`template("ohos_security_config") {`
			`config(target_name) {`
			`configs = []`
			`_auto_initialize_config_target = "${target_name}__auto_initialize_config"`
			`ohos_auto_initialize_config(_auto_initialize_config_target) {`
			`forward_variables_from(invoker, [ "auto_var_init" ])`
			`}`

			`configs += [ ":$_auto_initialize_config_target" ]`
			`}`
			`}`