CFI include/exclude path support (Soong)
This CL adds the ability to centrally enable or disable CFI for
components using either an environment or product config
variable. This is a better, nore manageable option that enabling CFI
across each component individually.
Bug: 67507323
Test: CFI_INCLUDE_PATHS= system/nfc m -j40
Test: CFI_EXCLUDE_PATHS = frameworks/av m -j40
Change-Id: I38b77946759121aec99ab25f31aaee2e5d993f73
diff --git a/android/config.go b/android/config.go
index e9a8d42..b73680e 100644
--- a/android/config.go
+++ b/android/config.go
@@ -656,3 +656,17 @@
}
return prefixInList(path, *c.ProductVariables.IntegerOverflowExcludePaths)
}
+
+func (c *config) CFIDisabledForPath(path string) bool {
+ if c.ProductVariables.CFIExcludePaths == nil {
+ return false
+ }
+ return prefixInList(path, *c.ProductVariables.CFIExcludePaths)
+}
+
+func (c *config) CFIEnabledForPath(path string) bool {
+ if c.ProductVariables.CFIIncludePaths == nil {
+ return false
+ }
+ return prefixInList(path, *c.ProductVariables.CFIIncludePaths)
+}
diff --git a/android/variable.go b/android/variable.go
index 28841e2..d89c146 100644
--- a/android/variable.go
+++ b/android/variable.go
@@ -153,7 +153,6 @@
UseGoma *bool `json:",omitempty"`
Debuggable *bool `json:",omitempty"`
Eng *bool `json:",omitempty"`
- EnableCFI *bool `json:",omitempty"`
Device_uses_hwc2 *bool `json:",omitempty"`
Treble *bool `json:",omitempty"`
Pdk *bool `json:",omitempty"`
@@ -162,6 +161,10 @@
IntegerOverflowExcludePaths *[]string `json:",omitempty"`
+ EnableCFI *bool `json:",omitempty"`
+ CFIExcludePaths *[]string `json:",omitempty"`
+ CFIIncludePaths *[]string `json:",omitempty"`
+
VendorPath *string `json:",omitempty"`
ClangTidy *bool `json:",omitempty"`
diff --git a/cc/sanitize.go b/cc/sanitize.go
index aeaaf16..70aa412 100644
--- a/cc/sanitize.go
+++ b/cc/sanitize.go
@@ -187,7 +187,9 @@
}
if found, globalSanitizers = removeFromList("cfi", globalSanitizers); found && s.Cfi == nil {
- s.Cfi = boolPtr(true)
+ if !ctx.AConfig().CFIDisabledForPath(ctx.ModuleDir()) {
+ s.Cfi = boolPtr(true)
+ }
}
if found, globalSanitizers = removeFromList("integer_overflow", globalSanitizers); found && s.Integer_overflow == nil {
@@ -205,11 +207,24 @@
s.Diag.Integer_overflow = boolPtr(true)
}
+ if found, globalSanitizersDiag = removeFromList("cfi", globalSanitizersDiag); found &&
+ s.Diag.Cfi == nil && Bool(s.Cfi) {
+ s.Diag.Cfi = boolPtr(true)
+ }
+
if len(globalSanitizersDiag) > 0 {
ctx.ModuleErrorf("unknown global sanitizer diagnostics option %s", globalSanitizersDiag[0])
}
}
+ // Enable CFI for all components in the include paths
+ if s.Cfi == nil && ctx.AConfig().CFIEnabledForPath(ctx.ModuleDir()) {
+ s.Cfi = boolPtr(true)
+ if inList("cfi", ctx.AConfig().SanitizeDeviceDiag()) {
+ s.Diag.Cfi = boolPtr(true)
+ }
+ }
+
// CFI needs gold linker, and mips toolchain does not have one.
if !ctx.AConfig().EnableCFI() || ctx.Arch().ArchType == android.Mips || ctx.Arch().ArchType == android.Mips64 {
s.Cfi = nil