diff --git a/base/process/process_handle_posix.cc b/base/process/process_handle_posix.cc index 7525a52c7b4d8bb545460c257a2dd8429c4871f9..2099c039b6135f3061a637b3b23fe3b74169addb 100644 --- a/base/process/process_handle_posix.cc +++ b/base/process/process_handle_posix.cc @@ -16,7 +16,7 @@ ProcessId GetCurrentProcId() { } #if BUILDFLAG(IS_OHOS) -ProcessId GetCurrentRealPid() { +NO_SANITIZE("cfi-icall") ProcessId GetCurrentRealPid() { using GetProcXid = int (*)(void); static GetProcXid getProcPid = nullptr; if (getProcPid == nullptr) { diff --git a/base/threading/platform_thread_posix.cc b/base/threading/platform_thread_posix.cc index a385a0e65f093cf5ab6efa5c5e2db85ee11fa8ba..059d92c593dad67f250af0e425f5e58fae5fd6ee 100644 --- a/base/threading/platform_thread_posix.cc +++ b/base/threading/platform_thread_posix.cc @@ -271,7 +271,7 @@ PlatformThreadId PlatformThread::CurrentId() { } #if BUILDFLAG(IS_OHOS) -PlatformThreadId PlatformThread::CurrentRealId() { +NO_SANITIZE("cfi-icall") PlatformThreadId PlatformThread::CurrentRealId() { // - getproctid() is fast, since its return value is cached in pthread (in the // thread control block of pthread). See gettid.c in bionic. using GetProcXid = int (*)(void); diff --git a/build/config/ohos/BUILD.gn b/build/config/ohos/BUILD.gn index c87875fc70967a815358be5837b4b272c25c342c..75748e0472c6ee9002220c3bf79bc498b26d8fc6 100644 --- a/build/config/ohos/BUILD.gn +++ b/build/config/ohos/BUILD.gn @@ -180,6 +180,10 @@ config("runtime_library") { libs += [ rebase_path(libasan_file) ] dynamic_linker = "/lib/ld-musl-aarch64-asan.so.1" } + if (using_sanitizer && is_ohos) { + libusan_file = "$ohos_toolchain_root/lib/clang/current/lib/aarch64-linux-ohos/libclang_rt.ubsan_standalone.so" + libs += [ rebase_path(libusan_file) ] + } } if (current_cpu == "x64") { diff --git a/build/config/sanitizers/sanitizers.gni b/build/config/sanitizers/sanitizers.gni index 446736e790cc410652da67eef7932022f14b19c8..93946e61a8f1c1a10980b907d26738cd8775a2b8 100644 --- a/build/config/sanitizers/sanitizers.gni +++ b/build/config/sanitizers/sanitizers.gni @@ -9,6 +9,12 @@ import("//build/config/chromeos/ui_mode.gni") import("//build/config/profiling/profiling.gni") import("//build/toolchain/toolchain.gni") +declare_args() { + # The global switch of cfi. Disable it to improve compiling efficiency while + # being vulnerable to cfi attack. + use_cfi = false +} + declare_args() { # Compile for Address Sanitizer to find memory bugs. is_asan = false @@ -49,13 +55,13 @@ declare_args() { # TODO(pcc): Remove this flag if/when CFI is enabled in all official builds. is_cfi = is_official_build && is_clang && ((target_os == "linux" && target_cpu == "x64") || + (is_ohos && use_cfi) || (is_chromeos && is_chromeos_device)) # Enable checks for indirect function calls via a function pointer. # TODO(pcc): remove this when we're ready to add these checks by default. # https://crbug.com/701919 - use_cfi_icall = - target_os == "linux" && target_cpu == "x64" && is_official_build + use_cfi_icall = false # Print detailed diagnostics when Control Flow Integrity detects a violation. use_cfi_diag = false @@ -113,7 +119,7 @@ declare_args() { # Enable checks for bad casts: derived cast and unrelated cast. # TODO(krasin): remove this, when we're ready to add these checks by default. # https://crbug.com/626794 - use_cfi_cast = is_cfi && is_chromeos + use_cfi_cast = false # Compile for Undefined Behaviour Sanitizer's vptr checks. is_ubsan_vptr = is_ubsan_security diff --git a/components/crash/core/app/crashpad_ohos.cc b/components/crash/core/app/crashpad_ohos.cc index 5472dcbfa01a8feb59d163626574c79fe41c215e..3fdda9861942ae754717f11f5910660b91456e49 100644 --- a/components/crash/core/app/crashpad_ohos.cc +++ b/components/crash/core/app/crashpad_ohos.cc @@ -493,7 +493,7 @@ bool g_is_browser = false; // TODO(jperaza): This might be simplified to have both the browser and child // processes use CRASHPAD_SIMULATE_CRASH() if CrashpadClient allows injecting // the Chromium specific SandboxedHandler. -void DumpWithoutCrashing() { +NO_SANITIZE("cfi-icall") void DumpWithoutCrashing() { if (g_is_browser) { CRASHPAD_SIMULATE_CRASH(); } else { diff --git a/components/subresource_filter/content/browser/ruleset_service.h b/components/subresource_filter/content/browser/ruleset_service.h index 6d043370f3cc2f16ffd7a6378176c0fccc3c8648..a2fbc9de3b06f196458eebdbc72b005a0353e09c 100644 --- a/components/subresource_filter/content/browser/ruleset_service.h +++ b/components/subresource_filter/content/browser/ruleset_service.h @@ -64,7 +64,7 @@ class RulesetServiceClient { public: RulesetServiceClient() {} virtual ~RulesetServiceClient() {} - virtual void OnDeleteRulesetFile(); + virtual void OnDeleteRulesetFile() = 0; private: }; diff --git a/components/subresource_filter/content/browser/user_ruleset_service.h b/components/subresource_filter/content/browser/user_ruleset_service.h index 7b0864a361be0396a2b873495c92057693e05d34..43e08b5d66a2ba142aec381670ec621e282f9887 100644 --- a/components/subresource_filter/content/browser/user_ruleset_service.h +++ b/components/subresource_filter/content/browser/user_ruleset_service.h @@ -68,7 +68,7 @@ class UserRulesetServiceClient { public: UserRulesetServiceClient() {} virtual ~UserRulesetServiceClient() {} - virtual void OnDeleteUserRulesetFile(); + virtual void OnDeleteUserRulesetFile() = 0; private: }; diff --git a/ohos_nweb/src/cef_delegate/nweb_application.cc b/ohos_nweb/src/cef_delegate/nweb_application.cc index 716dd0b406eb896e48bc88214f3295f68a0576e6..d95367472322c2af6028ebbdcf573bd2fbb1eafc 100644 --- a/ohos_nweb/src/cef_delegate/nweb_application.cc +++ b/ohos_nweb/src/cef_delegate/nweb_application.cc @@ -179,7 +179,7 @@ void NWebApplication::OnContextInitialized() { } #ifdef OHOS_INIT_CALLBACK -void NWebApplication::RunWebInitedCallback(WebRunInitedCallback* callback) +NO_SANITIZE("cfi-vcall") void NWebApplication::RunWebInitedCallback(WebRunInitedCallback* callback) { if (callback != nullptr) { callback->RunInitedCallback(); diff --git a/ohos_nweb/src/cef_delegate/nweb_download_handler_delegate.cc b/ohos_nweb/src/cef_delegate/nweb_download_handler_delegate.cc index 62593feddf50fee5c892e682a56ebe1258483add..3f4cdc5899e2400132a61b215514f9b62dcfe3a5 100644 --- a/ohos_nweb/src/cef_delegate/nweb_download_handler_delegate.cc +++ b/ohos_nweb/src/cef_delegate/nweb_download_handler_delegate.cc @@ -53,7 +53,7 @@ void NWebDownloadHandlerDelegate::RegisterWebDownloadDelegateListener( } /* CefDownloadHandler methods begin */ -void NWebDownloadHandlerDelegate::OnBeforeDownload( +NO_SANITIZE("cfi-icall") void NWebDownloadHandlerDelegate::OnBeforeDownload( CefRefPtr browser, CefRefPtr download_item, const CefString& suggested_name, @@ -83,7 +83,7 @@ void NWebDownloadHandlerDelegate::OnBeforeDownload( } } -void NWebDownloadHandlerDelegate::OnDownloadUpdated( +NO_SANITIZE("cfi-icall") void NWebDownloadHandlerDelegate::OnDownloadUpdated( CefRefPtr browser, CefRefPtr download_item, CefRefPtr callback) { diff --git a/ohos_nweb/src/cef_delegate/nweb_handler_delegate.cc b/ohos_nweb/src/cef_delegate/nweb_handler_delegate.cc index 017f2bb55140adce8400ab25988074b4161e3242..40e6f88ca41207140d5610de71bb1eddfdc8312e 100644 --- a/ohos_nweb/src/cef_delegate/nweb_handler_delegate.cc +++ b/ohos_nweb/src/cef_delegate/nweb_handler_delegate.cc @@ -2102,7 +2102,7 @@ void NWebHandlerDelegate::OnTopControlsChanged(float top_controls_offset, #endif } -int NWebHandlerDelegate::OnGetTopControlsHeight() { +NO_SANITIZE("cfi-icall") int NWebHandlerDelegate::OnGetTopControlsHeight() { #if defined(OHOS_EX_TOPCONTROLS) if (web_app_client_extension_listener_ == nullptr || web_app_client_extension_listener_->OnGetTopControlsHeight == nullptr) { diff --git a/ohos_nweb/src/cef_delegate/nweb_scheme_handler_factory.cc b/ohos_nweb/src/cef_delegate/nweb_scheme_handler_factory.cc index f4d7430c11bbf651de7367b37e2f5cb94d0d5881..9e35d8fbfbd89b734f3c8a4bac4c0a401358ae70 100644 --- a/ohos_nweb/src/cef_delegate/nweb_scheme_handler_factory.cc +++ b/ohos_nweb/src/cef_delegate/nweb_scheme_handler_factory.cc @@ -81,7 +81,7 @@ std::string NWebSchemeHandlerFactory::GetWebTag(CefRefPtr browser) { return web_tag; } -CefRefPtr NWebSchemeHandlerFactory::Create( +NO_SANITIZE("cfi-icall") CefRefPtr NWebSchemeHandlerFactory::Create( CefRefPtr browser, CefRefPtr frame, const CefString& scheme_name, @@ -208,7 +208,7 @@ ArkWeb_SchemeHandler* NWebSchemeHandlerFactory::FromTag( return nullptr; } -void NWebSchemeHandlerFactory::OnRequestStop( +NO_SANITIZE("cfi-icall") void NWebSchemeHandlerFactory::OnRequestStop( const ArkWeb_ResourceRequest* resource_request, const std::string& web_tag, bool from_service_worker) { diff --git a/ohos_nweb/src/ndk/arkweb_model.cc b/ohos_nweb/src/ndk/arkweb_model.cc index 2d2295d9f28b463dc1931666b50478710782bae8..434a17557dee1a22cac8fbc735e1ee2451f43348 100644 --- a/ohos_nweb/src/ndk/arkweb_model.cc +++ b/ohos_nweb/src/ndk/arkweb_model.cc @@ -109,7 +109,7 @@ ARKWEB_NDK_EXPORT void OH_ArkWeb_Refresh(const char* webTag) { } } -ARKWEB_NDK_EXPORT void OH_ArkWeb_OnControllerAttached( +NO_SANITIZE("cfi-icall") ARKWEB_NDK_EXPORT void OH_ArkWeb_OnControllerAttached( const char* webTag, ArkWeb_OnComponentCallback callback, void* userData) { @@ -133,7 +133,7 @@ ARKWEB_NDK_EXPORT void OH_ArkWeb_OnControllerAttached( }); } -ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageBegin( +NO_SANITIZE("cfi-icall") ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageBegin( const char* webTag, ArkWeb_OnComponentCallback callback, void* userData) { @@ -157,9 +157,9 @@ ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageBegin( }); } -ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageEnd(const char* webTag, - ArkWeb_OnComponentCallback callback, - void* userData) { +NO_SANITIZE("cfi-icall") ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageEnd(const char* webTag, + ArkWeb_OnComponentCallback callback, + void* userData) { if (callback == nullptr) { LOG(ERROR) << "NativeArkWeb OnPageEnd callback is nullptr"; return; @@ -180,9 +180,9 @@ ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageEnd(const char* webTag, }); } -ARKWEB_NDK_EXPORT void OH_ArkWeb_OnDestroy(const char* webTag, - ArkWeb_OnComponentCallback callback, - void* userData) { +NO_SANITIZE("cfi-icall") ARKWEB_NDK_EXPORT void OH_ArkWeb_OnDestroy(const char* webTag, + ArkWeb_OnComponentCallback callback, + void* userData) { if (callback == nullptr) { LOG(ERROR) << "NativeArkWeb OnDestroy callback is nullptr"; return; @@ -209,7 +209,7 @@ ARKWEB_NDK_EXPORT void OH_ArkWeb_RegisterAsyncJavaScriptProxy( RegisterJavaScriptProxy(webTag, proxyObject, true, ""); } -void RegisterJavaScriptProxy( +NO_SANITIZE("cfi-icall") void RegisterJavaScriptProxy( const char* webTag, const ArkWeb_ProxyObject* proxyObject, bool isAsync, diff --git a/ohos_nweb/src/ndk/scheme_handler/http_body_stream.cc b/ohos_nweb/src/ndk/scheme_handler/http_body_stream.cc index a90ecdaa808f18781d8e3bf75b4f2b36328bcd45..ea5cdf2780536ddfae8735cf5ca6e5b8eb0c6050 100644 --- a/ohos_nweb/src/ndk/scheme_handler/http_body_stream.cc +++ b/ohos_nweb/src/ndk/scheme_handler/http_body_stream.cc @@ -138,7 +138,7 @@ bool ArkWeb_HttpBodyStream_::IsInMemory() const { return post_data_stream->IsInMemory(); } -void ArkWeb_HttpBodyStream_::OnInitComplete(int rv) { +NO_SANITIZE("cfi-icall") void ArkWeb_HttpBodyStream_::OnInitComplete(int rv) { if (!post_data_stream) { LOG(ERROR) << "scheme_handler post_data_stream is nullptr."; return; @@ -159,7 +159,8 @@ void ArkWeb_HttpBodyStream_::OnInitComplete(int rv) { stream_init_callback(this, static_cast(rv)); } -void ArkWeb_HttpBodyStream_::OnReadComplete(char* buffer, int bytes_read) { +NO_SANITIZE("cfi-icall") void ArkWeb_HttpBodyStream_::OnReadComplete( + char* buffer, int bytes_read) { if (!post_data_stream) { LOG(ERROR) << "scheme_handler post_data_stream is nullptr."; }