1##############################################
2## Perform configuration steps for sanitizers.
3##############################################
4
5my_sanitize := $(strip $(LOCAL_SANITIZE))
6my_sanitize_diag := $(strip $(LOCAL_SANITIZE_DIAG))
7
8my_global_sanitize :=
9my_global_sanitize_diag :=
10ifdef LOCAL_IS_HOST_MODULE
11  ifneq ($($(my_prefix)OS),windows)
12    my_global_sanitize := $(strip $(SANITIZE_HOST))
13
14    # SANITIZE_HOST=true is a deprecated way to say SANITIZE_HOST=address.
15    my_global_sanitize := $(subst true,address,$(my_global_sanitize))
16  endif
17else
18  my_global_sanitize := $(strip $(SANITIZE_TARGET))
19  my_global_sanitize_diag := $(strip $(SANITIZE_TARGET_DIAG))
20endif
21
22# Disable global integer_overflow in excluded paths.
23ifneq ($(filter integer_overflow, $(my_global_sanitize)),)
24  combined_exclude_paths := $(INTEGER_OVERFLOW_EXCLUDE_PATHS) \
25                            $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS)
26
27  ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
28         $(filter $(dir)%,$(LOCAL_PATH)))),)
29    my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize))
30    my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag))
31  endif
32endif
33
34# Global integer sanitization doesn't support static modules.
35ifeq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
36  my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize))
37  my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag))
38endif
39ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
40  my_global_sanitize := $(filter-out integer_overflow,$(my_global_sanitize))
41  my_global_sanitize_diag := $(filter-out integer_overflow,$(my_global_sanitize_diag))
42endif
43
44# Disable global CFI in excluded paths
45ifneq ($(filter cfi, $(my_global_sanitize)),)
46  combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
47                            $(PRODUCT_CFI_EXCLUDE_PATHS)
48
49  ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
50         $(filter $(dir)%,$(LOCAL_PATH)))),)
51    my_global_sanitize := $(filter-out cfi,$(my_global_sanitize))
52    my_global_sanitize_diag := $(filter-out cfi,$(my_global_sanitize_diag))
53  endif
54endif
55
56ifneq ($(my_global_sanitize),)
57  my_sanitize := $(my_global_sanitize) $(my_sanitize)
58endif
59ifneq ($(my_global_sanitize_diag),)
60  my_sanitize_diag := $(my_global_sanitize_diag) $(my_sanitize_diag)
61endif
62
63# The sanitizer specified in the product configuration wins over the previous.
64ifneq ($(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG),)
65  my_sanitize := $(SANITIZER.$(TARGET_PRODUCT).$(LOCAL_MODULE).CONFIG)
66  ifeq ($(my_sanitize),never)
67    my_sanitize :=
68    my_sanitize_diag :=
69  endif
70endif
71
72ifndef LOCAL_IS_HOST_MODULE
73  # Add a filter point for 32-bit vs 64-bit sanitization (to lighten the burden)
74  SANITIZE_TARGET_ARCH ?= $(TARGET_ARCH) $(TARGET_2ND_ARCH)
75  ifeq ($(filter $(SANITIZE_TARGET_ARCH),$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
76    my_sanitize :=
77    my_sanitize_diag :=
78  endif
79endif
80
81# Add a filter point based on module owner (to lighten the burden). The format is a space- or
82# colon-separated list of owner names.
83ifneq (,$(SANITIZE_NEVER_BY_OWNER))
84  ifneq (,$(LOCAL_MODULE_OWNER))
85    ifneq (,$(filter $(LOCAL_MODULE_OWNER),$(subst :, ,$(SANITIZE_NEVER_BY_OWNER))))
86      $(warning Not sanitizing $(LOCAL_MODULE) based on module owner.)
87      my_sanitize :=
88      my_sanitize_diag :=
89    endif
90  endif
91endif
92
93# Don't apply sanitizers to NDK code.
94ifdef LOCAL_SDK_VERSION
95  my_sanitize :=
96  my_global_sanitize :=
97  my_sanitize_diag :=
98endif
99
100# Never always wins.
101ifeq ($(LOCAL_SANITIZE),never)
102  my_sanitize :=
103  my_sanitize_diag :=
104endif
105
106# Enable CFI in included paths (for Arm64 only).
107ifeq ($(filter cfi, $(my_sanitize)),)
108  ifneq ($(filter arm64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
109    combined_include_paths := $(CFI_INCLUDE_PATHS) \
110                              $(PRODUCT_CFI_INCLUDE_PATHS)
111
112    ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
113           $(filter $(dir)%,$(LOCAL_PATH)))),)
114      my_sanitize := cfi $(my_sanitize)
115    endif
116  endif
117endif
118
119# If CFI is disabled globally, remove it from my_sanitize.
120ifeq ($(strip $(ENABLE_CFI)),false)
121  my_sanitize := $(filter-out cfi,$(my_sanitize))
122  my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
123endif
124
125# Disable CFI for arm32 (b/35157333).
126ifneq ($(filter arm,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
127  my_sanitize := $(filter-out cfi,$(my_sanitize))
128  my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
129endif
130
131# Also disable CFI if ASAN is enabled.
132ifneq ($(filter address,$(my_sanitize)),)
133  my_sanitize := $(filter-out cfi,$(my_sanitize))
134  my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
135endif
136
137# CFI needs gold linker, and mips toolchain does not have one.
138ifneq ($(filter mips mips64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
139  my_sanitize := $(filter-out cfi,$(my_sanitize))
140  my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
141endif
142
143# Disable sanitizers which need the UBSan runtime for host targets.
144ifdef LOCAL_IS_HOST_MODULE
145  my_sanitize := $(filter-out cfi,$(my_sanitize))
146  my_sanitize_diag := $(filter-out cfi,$(my_sanitize_diag))
147  my_sanitize := $(filter-out signed-integer-overflow unsigned-integer-overflow integer_overflow,$(my_sanitize))
148  my_sanitize_diag := $(filter-out signed-integer-overflow unsigned-integer-overflow integer_overflow,$(my_sanitize_diag))
149endif
150
151# Support for local sanitize blacklist paths.
152ifneq ($(my_sanitize)$(my_global_sanitize),)
153  ifneq ($(LOCAL_SANITIZE_BLACKLIST),)
154    my_cflags += -fsanitize-blacklist=$(LOCAL_PATH)/$(LOCAL_SANITIZE_BLACKLIST)
155  endif
156endif
157
158# Disable integer_overflow if LOCAL_NOSANITIZE=integer.
159ifneq ($(filter integer_overflow, $(my_global_sanitize) $(my_sanitize)),)
160  ifneq ($(filter integer, $(strip $(LOCAL_NOSANITIZE))),)
161    my_sanitize := $(filter-out integer_overflow,$(my_sanitize))
162    my_sanitize_diag := $(filter-out integer_overflow,$(my_sanitize_diag))
163  endif
164endif
165
166my_nosanitize = $(strip $(LOCAL_NOSANITIZE))
167ifneq ($(my_nosanitize),)
168  my_sanitize := $(filter-out $(my_nosanitize),$(my_sanitize))
169endif
170
171ifneq ($(filter arm x86 x86_64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
172  my_sanitize := $(filter-out hwaddress,$(my_sanitize))
173endif
174
175ifneq ($(filter hwaddress,$(my_sanitize)),)
176  my_sanitize := $(filter-out address,$(my_sanitize))
177  my_sanitize := $(filter-out thread,$(my_sanitize))
178  my_sanitize := $(filter-out cfi,$(my_sanitize))
179endif
180
181ifneq ($(filter hwaddress,$(my_sanitize)),)
182  my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)HWADDRESS_SANITIZER_RUNTIME_LIBRARY)
183  ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),)
184    ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
185      my_static_libraries := $(my_static_libraries) $($(LOCAL_2ND_ARCH_VAR_PREFIX)HWADDRESS_SANITIZER_STATIC_LIBRARY)
186    endif
187  endif
188endif
189
190# TSAN is not supported on 32-bit architectures. For non-multilib cases, make
191# its use an error. For multilib cases, don't use it for the 32-bit case.
192ifneq ($(filter thread,$(my_sanitize)),)
193  ifeq ($(my_32_64_bit_suffix),32)
194    ifeq ($(my_module_multilib),both)
195        my_sanitize := $(filter-out thread,$(my_sanitize))
196    else
197        $(error $(LOCAL_PATH): $(LOCAL_MODULE): TSAN cannot be used for 32-bit modules.)
198    endif
199  else
200    my_shared_libraries += $(TSAN_RUNTIME_LIBRARY)
201  endif
202endif
203
204ifneq ($(filter safe-stack,$(my_sanitize)),)
205  ifeq ($(my_32_64_bit_suffix),32)
206    my_sanitize := $(filter-out safe-stack,$(my_sanitize))
207  endif
208endif
209
210# Disable Scudo if ASan or TSan is enabled.
211ifneq ($(filter address thread hwaddress,$(my_sanitize)),)
212  my_sanitize := $(filter-out scudo,$(my_sanitize))
213endif
214
215# Or if disabled globally.
216ifeq ($(PRODUCT_DISABLE_SCUDO),true)
217  my_sanitize := $(filter-out scudo,$(my_sanitize))
218endif
219
220# Undefined symbols can occur if a non-sanitized library links
221# sanitized static libraries. That's OK, because the executable
222# always depends on the ASan runtime library, which defines these
223# symbols.
224ifneq ($(filter address thread,$(strip $(SANITIZE_TARGET))),)
225  ifndef LOCAL_IS_HOST_MODULE
226    ifeq ($(LOCAL_MODULE_CLASS),SHARED_LIBRARIES)
227      ifeq ($(my_sanitize),)
228        my_allow_undefined_symbols := true
229      endif
230    endif
231  endif
232endif
233
234ifneq ($(filter default-ub,$(my_sanitize)),)
235  my_sanitize := $(CLANG_DEFAULT_UB_CHECKS)
236endif
237
238ifneq ($(filter coverage,$(my_sanitize)),)
239  ifeq ($(filter address,$(my_sanitize)),)
240    $(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address')
241  endif
242  my_cflags += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
243  my_sanitize := $(filter-out coverage,$(my_sanitize))
244endif
245
246ifneq ($(filter integer_overflow,$(my_sanitize)),)
247  # Respect LOCAL_NOSANITIZE for integer-overflow flags.
248  ifeq ($(filter signed-integer-overflow, $(strip $(LOCAL_NOSANITIZE))),)
249    my_sanitize += signed-integer-overflow
250  endif
251  ifeq ($(filter unsigned-integer-overflow, $(strip $(LOCAL_NOSANITIZE))),)
252    my_sanitize += unsigned-integer-overflow
253  endif
254  my_cflags += $(INTEGER_OVERFLOW_EXTRA_CFLAGS)
255
256  # Check for diagnostics mode.
257  ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
258    ifneq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
259      ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
260        my_sanitize_diag += signed-integer-overflow
261        my_sanitize_diag += unsigned-integer-overflow
262      else
263        $(call pretty-error,Make cannot apply integer overflow diagnostics to static binary.)
264      endif
265    else
266      $(call pretty-error,Make cannot apply integer overflow diagnostics to static library.)
267    endif
268  endif
269  my_sanitize := $(filter-out integer_overflow,$(my_sanitize))
270endif
271
272# Makes sure integer_overflow diagnostics is removed from the diagnostics list
273# even if integer_overflow is not set for some reason.
274ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
275  my_sanitize_diag := $(filter-out integer_overflow,$(my_sanitize_diag))
276endif
277
278ifneq ($(my_sanitize),)
279  fsanitize_arg := $(subst $(space),$(comma),$(my_sanitize))
280  my_cflags += -fsanitize=$(fsanitize_arg)
281  my_asflags += -fsanitize=$(fsanitize_arg)
282
283  ifdef LOCAL_IS_HOST_MODULE
284    my_cflags += -fno-sanitize-recover=all
285    my_ldflags += -fsanitize=$(fsanitize_arg)
286  else
287    my_cflags += -fsanitize-trap=all
288    my_cflags += -ftrap-function=abort
289    ifneq ($(filter address thread,$(my_sanitize)),)
290      my_cflags += -fno-sanitize-trap=address,thread
291      my_shared_libraries += libdl
292    endif
293  endif
294endif
295
296ifneq ($(filter cfi,$(my_sanitize)),)
297  # __cfi_check needs to be built as Thumb (see the code in linker_cfi.cpp).
298  # LLVM is not set up to do this on a function basis, so force Thumb on the
299  # entire module.
300  LOCAL_ARM_MODE := thumb
301  my_cflags += $(CFI_EXTRA_CFLAGS)
302  my_asflags += $(CFI_EXTRA_ASFLAGS)
303  # Only append the default visibility flag if -fvisibility has not already been
304  # set to hidden.
305  ifeq ($(filter -fvisibility=hidden,$(LOCAL_CFLAGS)),)
306    my_cflags += -fvisibility=default
307  endif
308  my_ldflags += $(CFI_EXTRA_LDFLAGS)
309  my_arflags += --plugin $(LLVM_PREBUILTS_PATH)/../lib64/LLVMgold.so
310
311  ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
312        my_ldflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_ldflags))
313        my_cflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_cflags))
314  else
315        # Apply the version script to non-static executables
316        my_ldflags += -Wl,--version-script,build/soong/cc/config/cfi_exports.map
317        LOCAL_ADDITIONAL_DEPENDENCIES += build/soong/cc/config/cfi_exports.map
318  endif
319endif
320
321# If local or global modules need ASAN, add linker flags.
322ifneq ($(filter address,$(my_global_sanitize) $(my_sanitize)),)
323  my_ldflags += $(ADDRESS_SANITIZER_CONFIG_EXTRA_LDFLAGS)
324  ifdef LOCAL_IS_HOST_MODULE
325    # -nodefaultlibs (provided with libc++) prevents the driver from linking
326    # libraries needed with -fsanitize=address. http://b/18650275 (WAI)
327    my_ldflags += -Wl,--no-as-needed
328  else
329    # Add asan libraries unless LOCAL_MODULE is the asan library.
330    # ASan runtime library must be the first in the link order.
331    ifeq (,$(filter $(LOCAL_MODULE),$($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RUNTIME_LIBRARY)))
332      my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
333                             $(my_shared_libraries)
334    endif
335    ifeq (,$(filter $(LOCAL_MODULE),$(ADDRESS_SANITIZER_CONFIG_EXTRA_STATIC_LIBRARIES)))
336      my_static_libraries += $(ADDRESS_SANITIZER_CONFIG_EXTRA_STATIC_LIBRARIES)
337    endif
338
339    # Do not add unnecessary dependency in shared libraries.
340    ifeq ($(LOCAL_MODULE_CLASS),SHARED_LIBRARIES)
341      my_ldflags += -Wl,--as-needed
342    endif
343
344    ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),)
345      ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
346        my_linker := $($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_LINKER)
347        # Make sure linker_asan get installed.
348        $(LOCAL_INSTALLED_MODULE) : | $(PRODUCT_OUT)$($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_LINKER_FILE)
349      endif
350    endif
351  endif
352endif
353
354# If local module needs ASAN, add compiler flags.
355ifneq ($(filter address,$(my_sanitize)),)
356  # Frame pointer based unwinder in ASan requires ARM frame setup.
357  LOCAL_ARM_MODE := arm
358  my_cflags += $(ADDRESS_SANITIZER_CONFIG_EXTRA_CFLAGS)
359  ifndef LOCAL_IS_HOST_MODULE
360    my_cflags += -mllvm -asan-globals=0
361  endif
362endif
363
364# If local module needs HWASAN, add compiler flags.
365ifneq ($(filter hwaddress,$(my_sanitize)),)
366  my_cflags += $(HWADDRESS_SANITIZER_CONFIG_EXTRA_CFLAGS)
367endif
368
369# Use minimal diagnostics when integer overflow is enabled; never do it for HOST or AUX modules
370ifeq ($(LOCAL_IS_HOST_MODULE)$(LOCAL_IS_AUX_MODULE),)
371  # Pre-emptively add UBSAN minimal runtime incase a static library dependency requires it
372  ifeq ($(filter STATIC_LIBRARIES,$(LOCAL_MODULE_CLASS)),)
373    ifndef LOCAL_SDK_VERSION
374      my_static_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_MINIMAL_RUNTIME_LIBRARY)
375      my_ldflags += -Wl,--exclude-libs,$($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_MINIMAL_RUNTIME_LIBRARY).a
376    endif
377  endif
378  ifneq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize)),)
379    ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize_diag)),)
380      ifeq ($(filter cfi,$(my_sanitize_diag)),)
381        ifeq ($(filter address hwaddress,$(my_sanitize)),)
382          my_cflags += -fsanitize-minimal-runtime
383          my_cflags += -fno-sanitize-trap=integer
384          my_cflags += -fno-sanitize-recover=integer
385        endif
386      endif
387    endif
388  endif
389endif
390
391# For Scudo, we opt for the minimal runtime, unless some diagnostics are enabled.
392ifneq ($(filter scudo,$(my_sanitize)),)
393  ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer cfi,$(my_sanitize_diag)),)
394    my_cflags += -fsanitize-minimal-runtime
395  endif
396  ifneq ($(filter -fsanitize-minimal-runtime,$(my_cflags)),)
397    my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)SCUDO_MINIMAL_RUNTIME_LIBRARY)
398  else
399    my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)SCUDO_RUNTIME_LIBRARY)
400  endif
401endif
402
403ifneq ($(strip $(LOCAL_SANITIZE_RECOVER)),)
404  recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_RECOVER)),
405  my_cflags += -fsanitize-recover=$(recover_arg)
406endif
407
408ifneq ($(strip $(LOCAL_SANITIZE_NO_RECOVER)),)
409  no_recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_NO_RECOVER)),
410  my_cflags += -fno-sanitize-recover=$(no_recover_arg)
411endif
412
413ifneq ($(my_sanitize_diag),)
414  # TODO(vishwath): Add diagnostic support for static executables once
415  # we switch to clang-4393122 (which adds the static ubsan runtime
416  # that this depends on)
417  ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
418    notrap_arg := $(subst $(space),$(comma),$(my_sanitize_diag)),
419    my_cflags += -fno-sanitize-trap=$(notrap_arg)
420    # Diagnostic requires a runtime library, unless ASan or TSan are also enabled.
421    ifeq ($(filter address thread scudo hwaddress,$(my_sanitize)),)
422      # Does not have to be the first DT_NEEDED unlike ASan.
423      my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY)
424    endif
425  endif
426endif
427
428# http://b/119329758, Android core does not boot up with this sanitizer yet.
429# Previously sanitized modules might not pass new implicit-integer-sign-change check.
430# Disable this check unless it has been explicitly specified.
431ifneq ($(findstring fsanitize,$(my_cflags)),)
432  ifneq ($(findstring integer,$(my_cflags)),)
433    ifeq ($(findstring sanitize=implicit-integer-sign-change,$(my_cflags)),)
434      my_cflags += -fno-sanitize=implicit-integer-sign-change
435    endif
436  endif
437endif
438