152 lines
4.2 KiB
Plaintext
152 lines
4.2 KiB
Plaintext
# Copyright (c) 2022 Huawei Device Co., Ltd.
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import("//build/config/security/security_config.gni")
|
|
|
|
config("auto_var_init_configs") {
|
|
if (using_security_flag && !is_mingw) {
|
|
assert(
|
|
is_clang,
|
|
"currently, automatic variable initialization only supported with clang")
|
|
configs = [ ":auto_var_zero_init_config" ]
|
|
}
|
|
}
|
|
|
|
all_security_configs = [ ":auto_var_init_configs" ]
|
|
|
|
# This config is applied by default to all targets. It sets the compiler flags
|
|
# for automatic variable initialization, or, if no config is set, does nothing.
|
|
config("default_security_configs") {
|
|
configs = all_security_configs
|
|
}
|
|
|
|
# Set the uninitialized local variables to pattern.
|
|
config("auto_var_pattern_init_config") {
|
|
cflags = [ "-ftrivial-auto-var-init=pattern" ]
|
|
}
|
|
|
|
# Set the uninitialized local variables to zero. But it will be removed from clang int the future.
|
|
# Currently, enabling the config of pattern for all components is impractical and may cause system
|
|
# instability. So on the premise that the system is stable, the config of zero need to be gradually replaced with
|
|
# the config of pattern.
|
|
config("auto_var_zero_init_config") {
|
|
cflags = [
|
|
"-ftrivial-auto-var-init=zero",
|
|
"-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang",
|
|
]
|
|
}
|
|
|
|
# Do not set the uninitialized local variables to any value.
|
|
config("auto_var_uninit_config") {
|
|
cflags = [ "-ftrivial-auto-var-init=uninitialized" ]
|
|
}
|
|
|
|
# Stack protection.
|
|
config("stack_protector_config") {
|
|
cflags = []
|
|
if (is_mac) {
|
|
if (is_debug) {
|
|
cflags += [ "-fstack-protector-strong" ]
|
|
} else {
|
|
cflags += [ "-fstack-protector" ]
|
|
}
|
|
} else if (is_posix && !is_chromeos && !is_nacl) {
|
|
cflags += [ "--param=ssp-buffer-size=4" ]
|
|
|
|
if (is_mingw) {
|
|
cflags += [ "-fno-stack-protector" ]
|
|
} else if (is_ohos && current_cpu == "x86") {
|
|
cflags += [ "-fno-stack-protector" ]
|
|
} else if (current_os != "aix") {
|
|
cflags += [ "-fstack-protector-strong" ]
|
|
}
|
|
}
|
|
}
|
|
|
|
config("stack_protector_ret_all_config") {
|
|
cflags = []
|
|
if (is_mac) {
|
|
if (is_debug) {
|
|
cflags += [ "-fstack-protector-strong" ]
|
|
} else {
|
|
cflags += [ "-fstack-protector" ]
|
|
}
|
|
} else if (is_posix && !is_chromeos && !is_nacl) {
|
|
cflags += [ "--param=ssp-buffer-size=4" ]
|
|
|
|
if (is_mingw) {
|
|
cflags += [ "-fno-stack-protector" ]
|
|
} else if (is_ohos && current_cpu == "x86") {
|
|
cflags += [ "-fno-stack-protector" ]
|
|
} else if (current_os != "aix") {
|
|
if (support_stack_protector_ret == true) {
|
|
cflags += [
|
|
"-fstack-protector-ret-all",
|
|
"--param=ssp-ret-cookie-size=1000",
|
|
]
|
|
} else {
|
|
cflags += [ "-fstack-protector-strong" ]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
config("stack_protector_ret_strong_config") {
|
|
cflags = []
|
|
if (is_mac) {
|
|
if (is_debug) {
|
|
cflags += [ "-fstack-protector-strong" ]
|
|
} else {
|
|
cflags += [ "-fstack-protector" ]
|
|
}
|
|
} else if (is_posix && !is_chromeos && !is_nacl) {
|
|
cflags += [ "--param=ssp-buffer-size=4" ]
|
|
|
|
if (is_mingw) {
|
|
cflags += [ "-fno-stack-protector" ]
|
|
} else if (is_ohos && current_cpu == "x86") {
|
|
cflags += [ "-fno-stack-protector" ]
|
|
} else if (current_os != "aix") {
|
|
if (support_stack_protector_ret == true) {
|
|
cflags += [ "-fstack-protector-ret-strong" ]
|
|
} else {
|
|
cflags += [ "-fstack-protector-strong" ]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
#-fPIC or fpic
|
|
config("pic_config") {
|
|
cflags = [ "-fPIC" ]
|
|
ldflags = [ "-fPIC" ]
|
|
}
|
|
|
|
#-Wl,-z,noexecstack.
|
|
#-Wl,-z,now.
|
|
#-Wl,-z,relro.
|
|
config("-Wl-z_config") {
|
|
ldflags = [
|
|
"-Wl,-z,noexecstack",
|
|
"-Wl,-z,now",
|
|
"-Wl,-z,relro",
|
|
]
|
|
}
|
|
|
|
#pie
|
|
config("executable_config") {
|
|
cflags = [ "-fPIE" ]
|
|
asmflags = [ "-fPIE" ]
|
|
ldflags = [ "-pie" ]
|
|
}
|