From beb305190a0120752c3d0006dbef6dfc5100276f Mon Sep 17 00:00:00 2001 From: zhushengle Date: Mon, 30 Dec 2024 19:07:08 +0800 Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81CFI?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhushengle --- base/process/process_handle_posix.cc | 2 +- base/threading/platform_thread_posix.cc | 2 +- build/config/ohos/BUILD.gn | 4 ++++ build/config/sanitizers/sanitizers.gni | 12 +++++++++--- components/crash/core/app/crashpad_ohos.cc | 2 +- .../content/browser/ruleset_service.h | 2 +- .../content/browser/user_ruleset_service.h | 2 +- ohos_nweb/src/cef_delegate/nweb_application.cc | 2 +- .../nweb_download_handler_delegate.cc | 4 ++-- .../src/cef_delegate/nweb_handler_delegate.cc | 2 +- .../nweb_scheme_handler_factory.cc | 4 ++-- ohos_nweb/src/ndk/arkweb_model.cc | 18 +++++++++--------- .../src/ndk/scheme_handler/http_body_stream.cc | 5 +++-- 13 files changed, 36 insertions(+), 25 deletions(-) diff --git a/base/process/process_handle_posix.cc b/base/process/process_handle_posix.cc index 7525a52c7b..2099c039b6 100644 --- a/base/process/process_handle_posix.cc +++ b/base/process/process_handle_posix.cc @@ -16,7 +16,7 @@ ProcessId GetCurrentProcId() { } #if BUILDFLAG(IS_OHOS) -ProcessId GetCurrentRealPid() { +NO_SANITIZE("cfi-icall") ProcessId GetCurrentRealPid() { using GetProcXid = int (*)(void); static GetProcXid getProcPid = nullptr; if (getProcPid == nullptr) { diff --git a/base/threading/platform_thread_posix.cc b/base/threading/platform_thread_posix.cc index a385a0e65f..059d92c593 100644 --- a/base/threading/platform_thread_posix.cc +++ b/base/threading/platform_thread_posix.cc @@ -271,7 +271,7 @@ PlatformThreadId PlatformThread::CurrentId() { } #if BUILDFLAG(IS_OHOS) -PlatformThreadId PlatformThread::CurrentRealId() { +NO_SANITIZE("cfi-icall") PlatformThreadId PlatformThread::CurrentRealId() { // - getproctid() is fast, since its return value is cached in pthread (in the // thread control block of pthread). See gettid.c in bionic. using GetProcXid = int (*)(void); diff --git a/build/config/ohos/BUILD.gn b/build/config/ohos/BUILD.gn index c87875fc70..75748e0472 100644 --- a/build/config/ohos/BUILD.gn +++ b/build/config/ohos/BUILD.gn @@ -180,6 +180,10 @@ config("runtime_library") { libs += [ rebase_path(libasan_file) ] dynamic_linker = "/lib/ld-musl-aarch64-asan.so.1" } + if (using_sanitizer && is_ohos) { + libusan_file = "$ohos_toolchain_root/lib/clang/current/lib/aarch64-linux-ohos/libclang_rt.ubsan_standalone.so" + libs += [ rebase_path(libusan_file) ] + } } if (current_cpu == "x64") { diff --git a/build/config/sanitizers/sanitizers.gni b/build/config/sanitizers/sanitizers.gni index 446736e790..93946e61a8 100644 --- a/build/config/sanitizers/sanitizers.gni +++ b/build/config/sanitizers/sanitizers.gni @@ -9,6 +9,12 @@ import("//build/config/chromeos/ui_mode.gni") import("//build/config/profiling/profiling.gni") import("//build/toolchain/toolchain.gni") +declare_args() { + # The global switch of cfi. Disable it to improve compiling efficiency while + # being vulnerable to cfi attack. + use_cfi = false +} + declare_args() { # Compile for Address Sanitizer to find memory bugs. is_asan = false @@ -49,13 +55,13 @@ declare_args() { # TODO(pcc): Remove this flag if/when CFI is enabled in all official builds. is_cfi = is_official_build && is_clang && ((target_os == "linux" && target_cpu == "x64") || + (is_ohos && use_cfi) || (is_chromeos && is_chromeos_device)) # Enable checks for indirect function calls via a function pointer. # TODO(pcc): remove this when we're ready to add these checks by default. # https://crbug.com/701919 - use_cfi_icall = - target_os == "linux" && target_cpu == "x64" && is_official_build + use_cfi_icall = false # Print detailed diagnostics when Control Flow Integrity detects a violation. use_cfi_diag = false @@ -113,7 +119,7 @@ declare_args() { # Enable checks for bad casts: derived cast and unrelated cast. # TODO(krasin): remove this, when we're ready to add these checks by default. # https://crbug.com/626794 - use_cfi_cast = is_cfi && is_chromeos + use_cfi_cast = false # Compile for Undefined Behaviour Sanitizer's vptr checks. is_ubsan_vptr = is_ubsan_security diff --git a/components/crash/core/app/crashpad_ohos.cc b/components/crash/core/app/crashpad_ohos.cc index 5472dcbfa0..3fdda98619 100644 --- a/components/crash/core/app/crashpad_ohos.cc +++ b/components/crash/core/app/crashpad_ohos.cc @@ -493,7 +493,7 @@ bool g_is_browser = false; // TODO(jperaza): This might be simplified to have both the browser and child // processes use CRASHPAD_SIMULATE_CRASH() if CrashpadClient allows injecting // the Chromium specific SandboxedHandler. -void DumpWithoutCrashing() { +NO_SANITIZE("cfi-icall") void DumpWithoutCrashing() { if (g_is_browser) { CRASHPAD_SIMULATE_CRASH(); } else { diff --git a/components/subresource_filter/content/browser/ruleset_service.h b/components/subresource_filter/content/browser/ruleset_service.h index 6d043370f3..a2fbc9de3b 100644 --- a/components/subresource_filter/content/browser/ruleset_service.h +++ b/components/subresource_filter/content/browser/ruleset_service.h @@ -64,7 +64,7 @@ class RulesetServiceClient { public: RulesetServiceClient() {} virtual ~RulesetServiceClient() {} - virtual void OnDeleteRulesetFile(); + virtual void OnDeleteRulesetFile() = 0; private: }; diff --git a/components/subresource_filter/content/browser/user_ruleset_service.h b/components/subresource_filter/content/browser/user_ruleset_service.h index 7b0864a361..43e08b5d66 100644 --- a/components/subresource_filter/content/browser/user_ruleset_service.h +++ b/components/subresource_filter/content/browser/user_ruleset_service.h @@ -68,7 +68,7 @@ class UserRulesetServiceClient { public: UserRulesetServiceClient() {} virtual ~UserRulesetServiceClient() {} - virtual void OnDeleteUserRulesetFile(); + virtual void OnDeleteUserRulesetFile() = 0; private: }; diff --git a/ohos_nweb/src/cef_delegate/nweb_application.cc b/ohos_nweb/src/cef_delegate/nweb_application.cc index 716dd0b406..d953674723 100644 --- a/ohos_nweb/src/cef_delegate/nweb_application.cc +++ b/ohos_nweb/src/cef_delegate/nweb_application.cc @@ -179,7 +179,7 @@ void NWebApplication::OnContextInitialized() { } #ifdef OHOS_INIT_CALLBACK -void NWebApplication::RunWebInitedCallback(WebRunInitedCallback* callback) +NO_SANITIZE("cfi-vcall") void NWebApplication::RunWebInitedCallback(WebRunInitedCallback* callback) { if (callback != nullptr) { callback->RunInitedCallback(); diff --git a/ohos_nweb/src/cef_delegate/nweb_download_handler_delegate.cc b/ohos_nweb/src/cef_delegate/nweb_download_handler_delegate.cc index 62593feddf..3f4cdc5899 100644 --- a/ohos_nweb/src/cef_delegate/nweb_download_handler_delegate.cc +++ b/ohos_nweb/src/cef_delegate/nweb_download_handler_delegate.cc @@ -53,7 +53,7 @@ void NWebDownloadHandlerDelegate::RegisterWebDownloadDelegateListener( } /* CefDownloadHandler methods begin */ -void NWebDownloadHandlerDelegate::OnBeforeDownload( +NO_SANITIZE("cfi-icall") void NWebDownloadHandlerDelegate::OnBeforeDownload( CefRefPtr browser, CefRefPtr download_item, const CefString& suggested_name, @@ -83,7 +83,7 @@ void NWebDownloadHandlerDelegate::OnBeforeDownload( } } -void NWebDownloadHandlerDelegate::OnDownloadUpdated( +NO_SANITIZE("cfi-icall") void NWebDownloadHandlerDelegate::OnDownloadUpdated( CefRefPtr browser, CefRefPtr download_item, CefRefPtr callback) { diff --git a/ohos_nweb/src/cef_delegate/nweb_handler_delegate.cc b/ohos_nweb/src/cef_delegate/nweb_handler_delegate.cc index 017f2bb551..40e6f88ca4 100644 --- a/ohos_nweb/src/cef_delegate/nweb_handler_delegate.cc +++ b/ohos_nweb/src/cef_delegate/nweb_handler_delegate.cc @@ -2102,7 +2102,7 @@ void NWebHandlerDelegate::OnTopControlsChanged(float top_controls_offset, #endif } -int NWebHandlerDelegate::OnGetTopControlsHeight() { +NO_SANITIZE("cfi-icall") int NWebHandlerDelegate::OnGetTopControlsHeight() { #if defined(OHOS_EX_TOPCONTROLS) if (web_app_client_extension_listener_ == nullptr || web_app_client_extension_listener_->OnGetTopControlsHeight == nullptr) { diff --git a/ohos_nweb/src/cef_delegate/nweb_scheme_handler_factory.cc b/ohos_nweb/src/cef_delegate/nweb_scheme_handler_factory.cc index f4d7430c11..9e35d8fbfb 100644 --- a/ohos_nweb/src/cef_delegate/nweb_scheme_handler_factory.cc +++ b/ohos_nweb/src/cef_delegate/nweb_scheme_handler_factory.cc @@ -81,7 +81,7 @@ std::string NWebSchemeHandlerFactory::GetWebTag(CefRefPtr browser) { return web_tag; } -CefRefPtr NWebSchemeHandlerFactory::Create( +NO_SANITIZE("cfi-icall") CefRefPtr NWebSchemeHandlerFactory::Create( CefRefPtr browser, CefRefPtr frame, const CefString& scheme_name, @@ -208,7 +208,7 @@ ArkWeb_SchemeHandler* NWebSchemeHandlerFactory::FromTag( return nullptr; } -void NWebSchemeHandlerFactory::OnRequestStop( +NO_SANITIZE("cfi-icall") void NWebSchemeHandlerFactory::OnRequestStop( const ArkWeb_ResourceRequest* resource_request, const std::string& web_tag, bool from_service_worker) { diff --git a/ohos_nweb/src/ndk/arkweb_model.cc b/ohos_nweb/src/ndk/arkweb_model.cc index 2d2295d9f2..434a17557d 100644 --- a/ohos_nweb/src/ndk/arkweb_model.cc +++ b/ohos_nweb/src/ndk/arkweb_model.cc @@ -109,7 +109,7 @@ ARKWEB_NDK_EXPORT void OH_ArkWeb_Refresh(const char* webTag) { } } -ARKWEB_NDK_EXPORT void OH_ArkWeb_OnControllerAttached( +NO_SANITIZE("cfi-icall") ARKWEB_NDK_EXPORT void OH_ArkWeb_OnControllerAttached( const char* webTag, ArkWeb_OnComponentCallback callback, void* userData) { @@ -133,7 +133,7 @@ ARKWEB_NDK_EXPORT void OH_ArkWeb_OnControllerAttached( }); } -ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageBegin( +NO_SANITIZE("cfi-icall") ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageBegin( const char* webTag, ArkWeb_OnComponentCallback callback, void* userData) { @@ -157,9 +157,9 @@ ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageBegin( }); } -ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageEnd(const char* webTag, - ArkWeb_OnComponentCallback callback, - void* userData) { +NO_SANITIZE("cfi-icall") ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageEnd(const char* webTag, + ArkWeb_OnComponentCallback callback, + void* userData) { if (callback == nullptr) { LOG(ERROR) << "NativeArkWeb OnPageEnd callback is nullptr"; return; @@ -180,9 +180,9 @@ ARKWEB_NDK_EXPORT void OH_ArkWeb_OnPageEnd(const char* webTag, }); } -ARKWEB_NDK_EXPORT void OH_ArkWeb_OnDestroy(const char* webTag, - ArkWeb_OnComponentCallback callback, - void* userData) { +NO_SANITIZE("cfi-icall") ARKWEB_NDK_EXPORT void OH_ArkWeb_OnDestroy(const char* webTag, + ArkWeb_OnComponentCallback callback, + void* userData) { if (callback == nullptr) { LOG(ERROR) << "NativeArkWeb OnDestroy callback is nullptr"; return; @@ -209,7 +209,7 @@ ARKWEB_NDK_EXPORT void OH_ArkWeb_RegisterAsyncJavaScriptProxy( RegisterJavaScriptProxy(webTag, proxyObject, true, ""); } -void RegisterJavaScriptProxy( +NO_SANITIZE("cfi-icall") void RegisterJavaScriptProxy( const char* webTag, const ArkWeb_ProxyObject* proxyObject, bool isAsync, diff --git a/ohos_nweb/src/ndk/scheme_handler/http_body_stream.cc b/ohos_nweb/src/ndk/scheme_handler/http_body_stream.cc index a90ecdaa80..ea5cdf2780 100644 --- a/ohos_nweb/src/ndk/scheme_handler/http_body_stream.cc +++ b/ohos_nweb/src/ndk/scheme_handler/http_body_stream.cc @@ -138,7 +138,7 @@ bool ArkWeb_HttpBodyStream_::IsInMemory() const { return post_data_stream->IsInMemory(); } -void ArkWeb_HttpBodyStream_::OnInitComplete(int rv) { +NO_SANITIZE("cfi-icall") void ArkWeb_HttpBodyStream_::OnInitComplete(int rv) { if (!post_data_stream) { LOG(ERROR) << "scheme_handler post_data_stream is nullptr."; return; @@ -159,7 +159,8 @@ void ArkWeb_HttpBodyStream_::OnInitComplete(int rv) { stream_init_callback(this, static_cast(rv)); } -void ArkWeb_HttpBodyStream_::OnReadComplete(char* buffer, int bytes_read) { +NO_SANITIZE("cfi-icall") void ArkWeb_HttpBodyStream_::OnReadComplete( + char* buffer, int bytes_read) { if (!post_data_stream) { LOG(ERROR) << "scheme_handler post_data_stream is nullptr."; } -- Gitee