CFI include/exclude path support (Soong)

This CL adds the ability to centrally enable or disable CFI for components using either an environment or product config variable. This is a better, nore manageable option that enabling CFI across each component individually. Bug: 67507323 Test: CFI_INCLUDE_PATHS= system/nfc m -j40 Test: CFI_EXCLUDE_PATHS = frameworks/av m -j40 Change-Id: I38b77946759121aec99ab25f31aaee2e5d993f73
2017-10-31 02:26:14 -07:00 · 2017-10-31 02:26:14 -07:00 · 1fa3ac552d
commit 1fa3ac552d
parent 06643be323
3 changed files with 34 additions and 2 deletions
--- a/android/config.go
+++ b/android/config.go
@ -656,3 +656,17 @@ func (c *config) IntegerOverflowDisabledForPath(path string) bool {
 	}
 	return prefixInList(path, *c.ProductVariables.IntegerOverflowExcludePaths)
 }
+
+func (c *config) CFIDisabledForPath(path string) bool {
+	if c.ProductVariables.CFIExcludePaths == nil {
+		return false
+	}
+	return prefixInList(path, *c.ProductVariables.CFIExcludePaths)
+}
+
+func (c *config) CFIEnabledForPath(path string) bool {
+	if c.ProductVariables.CFIIncludePaths == nil {
+		return false
+	}
+	return prefixInList(path, *c.ProductVariables.CFIIncludePaths)
+}
--- a/android/variable.go
+++ b/android/variable.go
@ -153,7 +153,6 @@ type productVariables struct {
 	UseGoma                    *bool `json:",omitempty"`
 	Debuggable                 *bool `json:",omitempty"`
 	Eng                        *bool `json:",omitempty"`
-	EnableCFI                  *bool `json:",omitempty"`
 	Device_uses_hwc2           *bool `json:",omitempty"`
 	Treble                     *bool `json:",omitempty"`
 	Pdk                        *bool `json:",omitempty"`
@ -162,6 +161,10 @@ type productVariables struct {

 	IntegerOverflowExcludePaths *[]string `json:",omitempty"`

+	EnableCFI       *bool     `json:",omitempty"`
+	CFIExcludePaths *[]string `json:",omitempty"`
+	CFIIncludePaths *[]string `json:",omitempty"`
+
 	VendorPath *string `json:",omitempty"`

 	ClangTidy  *bool   `json:",omitempty"`
--- a/cc/sanitize.go
+++ b/cc/sanitize.go
@ -187,7 +187,9 @@ func (sanitize *sanitize) begin(ctx BaseModuleContext) {
 		}

 		if found, globalSanitizers = removeFromList("cfi", globalSanitizers); found && s.Cfi == nil {
-			s.Cfi = boolPtr(true)
+			if !ctx.AConfig().CFIDisabledForPath(ctx.ModuleDir()) {
+				s.Cfi = boolPtr(true)
+			}
 		}

 		if found, globalSanitizers = removeFromList("integer_overflow", globalSanitizers); found && s.Integer_overflow == nil {
@ -205,11 +207,24 @@ func (sanitize *sanitize) begin(ctx BaseModuleContext) {
 			s.Diag.Integer_overflow = boolPtr(true)
 		}

+		if found, globalSanitizersDiag = removeFromList("cfi", globalSanitizersDiag); found &&
+			s.Diag.Cfi == nil && Bool(s.Cfi) {
+			s.Diag.Cfi = boolPtr(true)
+		}
+
 		if len(globalSanitizersDiag) > 0 {
 			ctx.ModuleErrorf("unknown global sanitizer diagnostics option %s", globalSanitizersDiag[0])
 		}
 	}

+	// Enable CFI for all components in the include paths
+	if s.Cfi == nil && ctx.AConfig().CFIEnabledForPath(ctx.ModuleDir()) {
+		s.Cfi = boolPtr(true)
+		if inList("cfi", ctx.AConfig().SanitizeDeviceDiag()) {
+			s.Diag.Cfi = boolPtr(true)
+		}
+	}
+
 	// CFI needs gold linker, and mips toolchain does not have one.
 	if !ctx.AConfig().EnableCFI() || ctx.Arch().ArchType == android.Mips || ctx.Arch().ArchType == android.Mips64 {
 		s.Cfi = nil