Makefile文件  |  438行  |  16.4 KB

##############################################
## Perform configuration steps for sanitizers.
##############################################

my_sanitize := $(strip $(LOCAL_SANITIZE))
my_sanitize_diag := $(strip $(LOCAL_SANITIZE_DIAG))

my_global_sanitize :=
my_global_sanitize_diag :=
ifdef LOCAL_IS_HOST_MODULE
  ifneq ($($(my_prefix)OS),windows)
    my_global_sanitize := $(strip $(SANITIZE_HOST))

    # SANITIZE_HOST=true is a deprecated way to say SANITIZE_HOST=address.
    my_global_sanitize := $(subst true,address,$(my_global_sanitize))
  endif
else
  my_global_sanitize := $(strip $(SANITIZE_TARGET))
  my_global_sanitize_diag := $(strip $(SANITIZE_TARGET_DIAG))
endif

# Disable global integer_overflow in excluded paths.
ifneq ($(filter integer_overflow, $(my_global_sanitize)),)
  combined_exclude_paths := $(INTEGER_OVERFLOW_EXCLUDE_PATHS) \
                            $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS)

  ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
         $(filter $(dir)%,$(LOCAL_PATH)))),)
    my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize))
    my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag))
  endif
endif

# Global integer sanitization doesn't support static modules.
ifeq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
  my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize))
  my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag))
endif
ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
  my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize))
  my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag))
endif

# Disable global CFI in excluded paths
ifneq ($(filter cfi, $(my_global_sanitize)),)
  combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
                            $(PRODUCT_CFI_EXCLUDE_PATHS)

  ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
         $(filter $(dir)%,$(LOCAL_PATH)))),)
    my_global_sanitize := $(filter-out cfi,$(my_global_sanitize))
    my_global_sanitize_diag := $(filter-out cfi,$(my_global_sanitize_diag))
  endif
endif

ifneq ($(my_global_sanitize),)
  my_sanitize := $(my_global_sanitize) $(my_sanitize)
endif
ifneq ($(my_global_sanitize_diag),)
  my_sanitize_diag := $(my_global_sanitize_diag) $(my_sanitize_diag)
endif

# The sanitizer specified in the product configuration wins over the previous.
ifneq ($(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG),)
  my_sanitize := $(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG)
  ifeq ($(my_sanitize),never)
    my_sanitize :=
    my_sanitize_diag :=
  endif
endif

ifndef LOCAL_IS_HOST_MODULE
  # Add a filter point for 32-bit vs 64-bit sanitization (to lighten the burden)
  SANITIZE_TARGET_ARCH ?= $(TARGET_ARCH) $(TARGET_2ND_ARCH)
  ifeq ($(filter $(SANITIZE_TARGET_ARCH),$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
    my_sanitize :=
    my_sanitize_diag :=
  endif
endif

# Add a filter point based on module owner (to lighten the burden). The format is a space- or
# colon-separated list of owner names.
ifneq (,$(SANITIZE_NEVER_BY_OWNER))
  ifneq (,$(LOCAL_MODULE_OWNER))
    ifneq (,$(filter $(LOCAL_MODULE_OWNER),$(subst :, ,$(SANITIZE_NEVER_BY_OWNER))))
      $(warning Not sanitizing $(LOCAL_MODULE) based on module owner.)
      my_sanitize :=
      my_sanitize_diag :=
    endif
  endif
endif

# Don't apply sanitizers to NDK code.
ifdef LOCAL_SDK_VERSION
  my_sanitize :=
  my_global_sanitize :=
  my_sanitize_diag :=
endif

# Never always wins.
ifeq ($(LOCAL_SANITIZE),never)
  my_sanitize :=
  my_sanitize_diag :=
endif

# Enable CFI in included paths (for Arm64 only).
ifeq ($(filter cfi, $(my_sanitize)),)
  ifneq ($(filter arm64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
    combined_include_paths := $(CFI_INCLUDE_PATHS) \
                              $(PRODUCT_CFI_INCLUDE_PATHS)

    ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
           $(filter $(dir)%,$(LOCAL_PATH)))),)
      my_sanitize := cfi $(my_sanitize)
    endif
  endif
endif

# If CFI is disabled globally, remove it from my_sanitize.
ifeq ($(strip $(ENABLE_CFI)),false)
  my_sanitize := $(filter-out cfi,$(my_sanitize))
  my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
endif

# Disable CFI for arm32 (b/35157333).
ifneq ($(filter arm,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
  my_sanitize := $(filter-out cfi,$(my_sanitize))
  my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
endif

# Also disable CFI if ASAN is enabled.
ifneq ($(filter address,$(my_sanitize)),)
  my_sanitize := $(filter-out cfi,$(my_sanitize))
  my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
endif

# CFI needs gold linker, and mips toolchain does not have one.
ifneq ($(filter mips mips64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
  my_sanitize := $(filter-out cfi,$(my_sanitize))
  my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
endif

# Disable sanitizers which need the UBSan runtime for host targets.
ifdef LOCAL_IS_HOST_MODULE
  my_sanitize := $(filter-out cfi,$(my_sanitize))
  my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
  my_sanitize := $(filter-out signed-integer-overflow unsigned-integer-overflow integer_overflow,$(my_sanitize))
  my_sanitize_diag := $(filter-out signed-integer-overflow unsigned-integer-overflow integer_overflow,$(my_sanitize_diag))
endif

# Support for local sanitize blacklist paths.
ifneq ($(my_sanitize)$(my_global_sanitize),)
  ifneq ($(LOCAL_SANITIZE_BLACKLIST),)
    my_cflags += -fsanitize-blacklist=$(LOCAL_PATH)/$(LOCAL_SANITIZE_BLACKLIST)
  endif
endif

# Disable integer_overflow if LOCAL_NOSANITIZE=integer.
ifneq ($(filter integer_overflow, $(my_global_sanitize) $(my_sanitize)),)
  ifneq ($(filter integer, $(strip $(LOCAL_NOSANITIZE))),)
    my_sanitize := $(filter-out integer_overflow,$(my_sanitize))
    my_sanitize_diag := $(filter-out integer_overflow,$(my_sanitize_diag))
  endif
endif

my_nosanitize = $(strip $(LOCAL_NOSANITIZE))
ifneq ($(my_nosanitize),)
  my_sanitize := $(filter-out $(my_nosanitize),$(my_sanitize))
endif

ifneq ($(filter arm x86 x86_64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
  my_sanitize := $(filter-out hwaddress,$(my_sanitize))
endif

ifneq ($(filter hwaddress,$(my_sanitize)),)
  my_sanitize := $(filter-out address,$(my_sanitize))
  my_sanitize := $(filter-out thread,$(my_sanitize))
  my_sanitize := $(filter-out cfi,$(my_sanitize))
endif

ifneq ($(filter hwaddress,$(my_sanitize)),)
  my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)HWADDRESS_SANITIZER_RUNTIME_LIBRARY)
  ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),)
    ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
      my_static_libraries := $(my_static_libraries) $($(LOCAL_2ND_ARCH_VAR_PREFIX)HWADDRESS_SANITIZER_STATIC_LIBRARY)
    endif
  endif
endif

# TSAN is not supported on 32-bit architectures. For non-multilib cases, make
# its use an error. For multilib cases, don't use it for the 32-bit case.
ifneq ($(filter thread,$(my_sanitize)),)
  ifeq ($(my_32_64_bit_suffix),32)
    ifeq ($(my_module_multilib),both)
        my_sanitize := $(filter-out thread,$(my_sanitize))
    else
        $(error $(LOCAL_PATH): $(LOCAL_MODULE): TSAN cannot be used for 32-bit modules.)
    endif
  else
    my_shared_libraries += $(TSAN_RUNTIME_LIBRARY)
  endif
endif

ifneq ($(filter safe-stack,$(my_sanitize)),)
  ifeq ($(my_32_64_bit_suffix),32)
    my_sanitize := $(filter-out safe-stack,$(my_sanitize))
  endif
endif

# Disable Scudo if ASan or TSan is enabled.
ifneq ($(filter address thread hwaddress,$(my_sanitize)),)
  my_sanitize := $(filter-out scudo,$(my_sanitize))
endif

# Or if disabled globally.
ifeq ($(PRODUCT_DISABLE_SCUDO),true)
  my_sanitize := $(filter-out scudo,$(my_sanitize))
endif

# Undefined symbols can occur if a non-sanitized library links
# sanitized static libraries. That's OK, because the executable
# always depends on the ASan runtime library, which defines these
# symbols.
ifneq ($(filter address thread,$(strip $(SANITIZE_TARGET))),)
  ifndef LOCAL_IS_HOST_MODULE
    ifeq ($(LOCAL_MODULE_CLASS),SHARED_LIBRARIES)
      ifeq ($(my_sanitize),)
        my_allow_undefined_symbols := true
      endif
    endif
  endif
endif

ifneq ($(filter default-ub,$(my_sanitize)),)
  my_sanitize := $(CLANG_DEFAULT_UB_CHECKS)
endif

ifneq ($(filter coverage,$(my_sanitize)),)
  ifeq ($(filter address,$(my_sanitize)),)
    $(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address')
  endif
  my_cflags += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
  my_sanitize := $(filter-out coverage,$(my_sanitize))
endif

ifneq ($(filter integer_overflow,$(my_sanitize)),)
  # Respect LOCAL_NOSANITIZE for integer-overflow flags.
  ifeq ($(filter signed-integer-overflow, $(strip $(LOCAL_NOSANITIZE))),)
    my_sanitize += signed-integer-overflow
  endif
  ifeq ($(filter unsigned-integer-overflow, $(strip $(LOCAL_NOSANITIZE))),)
    my_sanitize += unsigned-integer-overflow
  endif
  my_cflags += $(INTEGER_OVERFLOW_EXTRA_CFLAGS)

  # Check for diagnostics mode.
  ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
    ifneq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
      ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
        my_sanitize_diag += signed-integer-overflow
        my_sanitize_diag += unsigned-integer-overflow
      else
        $(call pretty-error,Make cannot apply integer overflow diagnostics to static binary.)
      endif
    else
      $(call pretty-error,Make cannot apply integer overflow diagnostics to static library.)
    endif
  endif
  my_sanitize := $(filter-out integer_overflow,$(my_sanitize))
endif

# Makes sure integer_overflow diagnostics is removed from the diagnostics list
# even if integer_overflow is not set for some reason.
ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
  my_sanitize_diag := $(filter-out integer_overflow,$(my_sanitize_diag))
endif

ifneq ($(my_sanitize),)
  fsanitize_arg := $(subst $(space),$(comma),$(my_sanitize))
  my_cflags += -fsanitize=$(fsanitize_arg)
  my_asflags += -fsanitize=$(fsanitize_arg)

  ifdef LOCAL_IS_HOST_MODULE
    my_cflags += -fno-sanitize-recover=all
    my_ldflags += -fsanitize=$(fsanitize_arg)
  else
    my_cflags += -fsanitize-trap=all
    my_cflags += -ftrap-function=abort
    ifneq ($(filter address thread,$(my_sanitize)),)
      my_cflags += -fno-sanitize-trap=address,thread
      my_shared_libraries += libdl
    endif
  endif
endif

ifneq ($(filter cfi,$(my_sanitize)),)
  # __cfi_check needs to be built as Thumb (see the code in linker_cfi.cpp).
  # LLVM is not set up to do this on a function basis, so force Thumb on the
  # entire module.
  LOCAL_ARM_MODE := thumb
  my_cflags += $(CFI_EXTRA_CFLAGS)
  my_asflags += $(CFI_EXTRA_ASFLAGS)
  # Only append the default visibility flag if -fvisibility has not already been
  # set to hidden.
  ifeq ($(filter -fvisibility=hidden,$(LOCAL_CFLAGS)),)
    my_cflags += -fvisibility=default
  endif
  my_ldflags += $(CFI_EXTRA_LDFLAGS)
  my_arflags += --plugin $(LLVM_PREBUILTS_PATH)/../lib64/LLVMgold.so

  ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
        my_ldflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_ldflags))
        my_cflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_cflags))
  else
        # Apply the version script to non-static executables
        my_ldflags += -Wl,--version-script,build/soong/cc/config/cfi_exports.map
        LOCAL_ADDITIONAL_DEPENDENCIES += build/soong/cc/config/cfi_exports.map
  endif
endif

# If local or global modules need ASAN, add linker flags.
ifneq ($(filter address,$(my_global_sanitize) $(my_sanitize)),)
  my_ldflags += $(ADDRESS_SANITIZER_CONFIG_EXTRA_LDFLAGS)
  ifdef LOCAL_IS_HOST_MODULE
    # -nodefaultlibs (provided with libc++) prevents the driver from linking
    # libraries needed with -fsanitize=address. http://b/18650275 (WAI)
    my_ldflags += -Wl,--no-as-needed
  else
    # Add asan libraries unless LOCAL_MODULE is the asan library.
    # ASan runtime library must be the first in the link order.
    ifeq (,$(filter $(LOCAL_MODULE),$($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RUNTIME_LIBRARY)))
      my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
                             $(my_shared_libraries)
    endif
    ifeq (,$(filter $(LOCAL_MODULE),$(ADDRESS_SANITIZER_CONFIG_EXTRA_STATIC_LIBRARIES)))
      my_static_libraries += $(ADDRESS_SANITIZER_CONFIG_EXTRA_STATIC_LIBRARIES)
    endif

    # Do not add unnecessary dependency in shared libraries.
    ifeq ($(LOCAL_MODULE_CLASS),SHARED_LIBRARIES)
      my_ldflags += -Wl,--as-needed
    endif

    ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),)
      ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
        my_linker := $($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_LINKER)
        # Make sure linker_asan get installed.
        $(LOCAL_INSTALLED_MODULE) : | $(PRODUCT_OUT)$($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_LINKER_FILE)
      endif
    endif
  endif
endif

# If local module needs ASAN, add compiler flags.
ifneq ($(filter address,$(my_sanitize)),)
  # Frame pointer based unwinder in ASan requires ARM frame setup.
  LOCAL_ARM_MODE := arm
  my_cflags += $(ADDRESS_SANITIZER_CONFIG_EXTRA_CFLAGS)
  ifndef LOCAL_IS_HOST_MODULE
    my_cflags += -mllvm -asan-globals=0
  endif
endif

# If local module needs HWASAN, add compiler flags.
ifneq ($(filter hwaddress,$(my_sanitize)),)
  my_cflags += $(HWADDRESS_SANITIZER_CONFIG_EXTRA_CFLAGS)
endif

# Use minimal diagnostics when integer overflow is enabled; never do it for HOST or AUX modules
ifeq ($(LOCAL_IS_HOST_MODULE)$(LOCAL_IS_AUX_MODULE),)
  # Pre-emptively add UBSAN minimal runtime incase a static library dependency requires it
  ifeq ($(filter STATIC_LIBRARIES,$(LOCAL_MODULE_CLASS)),)
    ifndef LOCAL_SDK_VERSION
      my_static_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_MINIMAL_RUNTIME_LIBRARY)
      my_ldflags += -Wl,--exclude-libs,$($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_MINIMAL_RUNTIME_LIBRARY).a
    endif
  endif
  ifneq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize)),)
    ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize_diag)),)
      ifeq ($(filter cfi,$(my_sanitize_diag)),)
        ifeq ($(filter address hwaddress,$(my_sanitize)),)
          my_cflags += -fsanitize-minimal-runtime
          my_cflags += -fno-sanitize-trap=integer
          my_cflags += -fno-sanitize-recover=integer
        endif
      endif
    endif
  endif
endif

# For Scudo, we opt for the minimal runtime, unless some diagnostics are enabled.
ifneq ($(filter scudo,$(my_sanitize)),)
  ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer cfi,$(my_sanitize_diag)),)
    my_cflags += -fsanitize-minimal-runtime
  endif
  ifneq ($(filter -fsanitize-minimal-runtime,$(my_cflags)),)
    my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)SCUDO_MINIMAL_RUNTIME_LIBRARY)
  else
    my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)SCUDO_RUNTIME_LIBRARY)
  endif
endif

ifneq ($(strip $(LOCAL_SANITIZE_RECOVER)),)
  recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_RECOVER)),
  my_cflags += -fsanitize-recover=$(recover_arg)
endif

ifneq ($(strip $(LOCAL_SANITIZE_NO_RECOVER)),)
  no_recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_NO_RECOVER)),
  my_cflags += -fno-sanitize-recover=$(no_recover_arg)
endif

ifneq ($(my_sanitize_diag),)
  # TODO(vishwath): Add diagnostic support for static executables once
  # we switch to clang-4393122 (which adds the static ubsan runtime
  # that this depends on)
  ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
    notrap_arg := $(subst $(space),$(comma),$(my_sanitize_diag)),
    my_cflags += -fno-sanitize-trap=$(notrap_arg)
    # Diagnostic requires a runtime library, unless ASan or TSan are also enabled.
    ifeq ($(filter address thread scudo hwaddress,$(my_sanitize)),)
      # Does not have to be the first DT_NEEDED unlike ASan.
      my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY)
    endif
  endif
endif

# http://b/119329758, Android core does not boot up with this sanitizer yet.
# Previously sanitized modules might not pass new implicit-integer-sign-change check.
# Disable this check unless it has been explicitly specified.
ifneq ($(findstring fsanitize,$(my_cflags)),)
  ifneq ($(findstring integer,$(my_cflags)),)
    ifeq ($(findstring sanitize=implicit-integer-sign-change,$(my_cflags)),)
      my_cflags += -fno-sanitize=implicit-integer-sign-change
    endif
  endif
endif