15f9996aaSopenharmony_ci# Copyright (c) 2022 Huawei Device Co., Ltd. 25f9996aaSopenharmony_ci# Licensed under the Apache License, Version 2.0 (the "License"); 35f9996aaSopenharmony_ci# you may not use this file except in compliance with the License. 45f9996aaSopenharmony_ci# You may obtain a copy of the License at 55f9996aaSopenharmony_ci# 65f9996aaSopenharmony_ci# http://www.apache.org/licenses/LICENSE-2.0 75f9996aaSopenharmony_ci# 85f9996aaSopenharmony_ci# Unless required by applicable law or agreed to in writing, software 95f9996aaSopenharmony_ci# distributed under the License is distributed on an "AS IS" BASIS, 105f9996aaSopenharmony_ci# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 115f9996aaSopenharmony_ci# See the License for the specific language governing permissions and 125f9996aaSopenharmony_ci# limitations under the License. 135f9996aaSopenharmony_ci 145f9996aaSopenharmony_ciimport("//build/config/security/security_config.gni") 155f9996aaSopenharmony_ci 165f9996aaSopenharmony_ciconfig("auto_var_init_configs") { 175f9996aaSopenharmony_ci if (using_security_flag && !is_mingw) { 185f9996aaSopenharmony_ci assert( 195f9996aaSopenharmony_ci is_clang, 205f9996aaSopenharmony_ci "currently, automatic variable initialization only supported with clang") 215f9996aaSopenharmony_ci configs = [ ":auto_var_zero_init_config" ] 225f9996aaSopenharmony_ci } 235f9996aaSopenharmony_ci} 245f9996aaSopenharmony_ci 255f9996aaSopenharmony_ciall_security_configs = [ ":auto_var_init_configs" ] 265f9996aaSopenharmony_ci 275f9996aaSopenharmony_ci# This config is applied by default to all targets. It sets the compiler flags 285f9996aaSopenharmony_ci# for automatic variable initialization, or, if no config is set, does nothing. 295f9996aaSopenharmony_ciconfig("default_security_configs") { 305f9996aaSopenharmony_ci configs = all_security_configs 315f9996aaSopenharmony_ci} 325f9996aaSopenharmony_ci 335f9996aaSopenharmony_ci# Set the uninitialized local variables to pattern. 345f9996aaSopenharmony_ciconfig("auto_var_pattern_init_config") { 355f9996aaSopenharmony_ci cflags = [ "-ftrivial-auto-var-init=pattern" ] 365f9996aaSopenharmony_ci} 375f9996aaSopenharmony_ci 385f9996aaSopenharmony_ci# Set the uninitialized local variables to zero. But it will be removed from clang int the future. 395f9996aaSopenharmony_ci# Currently, enabling the config of pattern for all components is impractical and may cause system 405f9996aaSopenharmony_ci# instability. So on the premise that the system is stable, the config of zero need to be gradually replaced with 415f9996aaSopenharmony_ci# the config of pattern. 425f9996aaSopenharmony_ciconfig("auto_var_zero_init_config") { 435f9996aaSopenharmony_ci cflags = [ 445f9996aaSopenharmony_ci "-ftrivial-auto-var-init=zero", 455f9996aaSopenharmony_ci "-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang", 465f9996aaSopenharmony_ci ] 475f9996aaSopenharmony_ci} 485f9996aaSopenharmony_ci 495f9996aaSopenharmony_ci# Do not set the uninitialized local variables to any value. 505f9996aaSopenharmony_ciconfig("auto_var_uninit_config") { 515f9996aaSopenharmony_ci cflags = [ "-ftrivial-auto-var-init=uninitialized" ] 525f9996aaSopenharmony_ci} 535f9996aaSopenharmony_ci 545f9996aaSopenharmony_ci# Stack protection. 555f9996aaSopenharmony_ciconfig("stack_protector_config") { 565f9996aaSopenharmony_ci cflags = [] 575f9996aaSopenharmony_ci if (is_mac) { 585f9996aaSopenharmony_ci if (is_debug) { 595f9996aaSopenharmony_ci cflags += [ "-fstack-protector-strong" ] 605f9996aaSopenharmony_ci } else { 615f9996aaSopenharmony_ci cflags += [ "-fstack-protector" ] 625f9996aaSopenharmony_ci } 635f9996aaSopenharmony_ci } else if (is_posix && !is_chromeos && !is_nacl) { 645f9996aaSopenharmony_ci if (is_mingw) { 655f9996aaSopenharmony_ci cflags += [ "-fno-stack-protector" ] 665f9996aaSopenharmony_ci } else if (is_ohos && current_cpu == "x86") { 675f9996aaSopenharmony_ci cflags += [ "-fno-stack-protector" ] 685f9996aaSopenharmony_ci } else if (current_os != "aix") { 695f9996aaSopenharmony_ci cflags += [ "-fstack-protector-strong" ] 705f9996aaSopenharmony_ci } 715f9996aaSopenharmony_ci } 725f9996aaSopenharmony_ci} 735f9996aaSopenharmony_ci 745f9996aaSopenharmony_ciconfig("stack_protector_ret_all_config") { 755f9996aaSopenharmony_ci cflags = [] 765f9996aaSopenharmony_ci if (is_mac) { 775f9996aaSopenharmony_ci if (is_debug) { 785f9996aaSopenharmony_ci cflags += [ "-fstack-protector-strong" ] 795f9996aaSopenharmony_ci } else { 805f9996aaSopenharmony_ci cflags += [ "-fstack-protector" ] 815f9996aaSopenharmony_ci } 825f9996aaSopenharmony_ci } else if (is_posix && !is_chromeos && !is_nacl) { 835f9996aaSopenharmony_ci if (is_mingw) { 845f9996aaSopenharmony_ci cflags += [ "-fno-stack-protector" ] 855f9996aaSopenharmony_ci } else if (is_ohos && current_cpu == "x86") { 865f9996aaSopenharmony_ci cflags += [ "-fno-stack-protector" ] 875f9996aaSopenharmony_ci } else if (current_os != "aix") { 885f9996aaSopenharmony_ci if (support_stack_protector_ret == true) { 895f9996aaSopenharmony_ci cflags += [ 905f9996aaSopenharmony_ci "-fstack-protector-ret-all", 915f9996aaSopenharmony_ci "--param=ssp-ret-cookie-size=1000", 925f9996aaSopenharmony_ci ] 935f9996aaSopenharmony_ci } else { 945f9996aaSopenharmony_ci cflags += [ "-fstack-protector-strong" ] 955f9996aaSopenharmony_ci } 965f9996aaSopenharmony_ci } 975f9996aaSopenharmony_ci } 985f9996aaSopenharmony_ci} 995f9996aaSopenharmony_ci 1005f9996aaSopenharmony_ciconfig("stack_protector_ret_strong_config") { 1015f9996aaSopenharmony_ci cflags = [] 1025f9996aaSopenharmony_ci if (is_mac) { 1035f9996aaSopenharmony_ci if (is_debug) { 1045f9996aaSopenharmony_ci cflags += [ "-fstack-protector-strong" ] 1055f9996aaSopenharmony_ci } else { 1065f9996aaSopenharmony_ci cflags += [ "-fstack-protector" ] 1075f9996aaSopenharmony_ci } 1085f9996aaSopenharmony_ci } else if (is_posix && !is_chromeos && !is_nacl) { 1095f9996aaSopenharmony_ci if (is_mingw) { 1105f9996aaSopenharmony_ci cflags += [ "-fno-stack-protector" ] 1115f9996aaSopenharmony_ci } else if (is_ohos && current_cpu == "x86") { 1125f9996aaSopenharmony_ci cflags += [ "-fno-stack-protector" ] 1135f9996aaSopenharmony_ci } else if (current_os != "aix") { 1145f9996aaSopenharmony_ci if (support_stack_protector_ret == true) { 1155f9996aaSopenharmony_ci cflags += [ "-fstack-protector-ret-strong" ] 1165f9996aaSopenharmony_ci } else { 1175f9996aaSopenharmony_ci cflags += [ "-fstack-protector-strong" ] 1185f9996aaSopenharmony_ci } 1195f9996aaSopenharmony_ci } 1205f9996aaSopenharmony_ci } 1215f9996aaSopenharmony_ci} 122