1#!special-case-list-v1 2# 3# Copyright (c) 2019, Google, Inc. All rights reserved 4# 5# Permission is hereby granted, free of charge, to any person obtaining 6# a copy of this software and associated documentation files 7# (the "Software"), to deal in the Software without restriction, 8# including without limitation the rights to use, copy, modify, merge, 9# publish, distribute, sublicense, and/or sell copies of the Software, 10# and to permit persons to whom the Software is furnished to do so, 11# subject to the following conditions: 12# 13# The above copyright notice and this permission notice shall be 14# included in all copies or substantial portions of the Software. 15# 16# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 20# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 21# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 22# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 23# 24 25# Entries in this section disable sanitizers listed in enable.mk. 26[alignment|bool|builtin|bounds|enum|float-cast-overflow|float-divide-by-zero|implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change|integer-divide-by-zero|pointer-overflow|return|shift|signed-integer-overflow|unreachable|unsigned-integer-overflow|vla-bound] 27 28# dlmalloc is fragile enough that it isn't worth the risk to try to make it 29# UBSan clean 30src:*/dlmalloc.c 31 32# Fixing errors in boringssl is more likely to cause problems than fix them 33src:external/boringssl/* 34 35# ocb.c implements pseudo-bignum math, and so plays fast and loose with signs 36# We would either need to annotate many of the functions in here, or rewrite 37# it dangerously to avoid this exemption. 38src:*/system/keymaster/key_blob_utils/ocb.c 39 40# test-runner is missing important facilities for error reporting (e.g. printf) 41# and is not a actual product, just testing infrastructure. 42src:external/trusty/bootloader/* 43 44# If we are inside Musl's ldso or crt components, we're too early in process 45# start for a lot of information to be correct, and our error reporting 46# facilities won't work yet. 47src:external/trusty/musl/crt/* 48src:external/trusty/musl/ldso/* 49 50# Musl is fond of negating unsigned integers to round values up. 51# There are also a few not-quite-buggy unsigned overflows and signed constants 52# being coerced to unsigned values. 53[unsigned-integer-overflow|implicit-integer-sign-change] 54src:external/trusty/musl/src/* 55 56# Signature of memset is void* memset(void *s, int c, size_t n); 57# i.e. it has to convert its second argument to a 8-bit type, which can result 58# in a truncation. 59[implicit-signed-integer-truncation] 60src:external/trusty/musl/src/string/memset.c 61 62# Allow unsigned overflow in keymaster until keymaster's checks are reworked. 63# The cases we know can overflow *are* overflow checks. 64[unsigned-integer-overflow|pointer-overflow] 65src:*/system/keymaster/android_keymaster/authorization_set.cpp 66src:*/system/keymaster/android_keymaster/serializable.cpp 67 68# Exempt libfreetype from overflow sanitization. 69[unsigned-integer-overflow|implicit-integer-sign-change|pointer-overflow|cfi] 70src:*/external/freetype/* 71 72# Exempt libfdt from implicit integer sign changes 73[implicit-integer-sign-change] 74src:external/dtc/libfdt/* 75 76# Exempt some libbinder functions from CFI because they make indirect 77# calls from C++ into Rust and the latter does not support CFI. 78# TODO(b/181755948): Remove these lines when that changes. 79[cfi-icall] 80# This is the file path as seen by clang 81src:frameworks/native/libs/binder/trusty/binder_rpc_unstable/../../libbinder_rpc_unstable.cpp 82src:frameworks/native/libs/binder/ndk/ibinder.cpp 83src:frameworks/native/libs/binder/ndk/parcel.cpp 84src:frameworks/native/libs/binder/trusty/rust/binder_rpc_server_bindgen/cpp/ARpcServerTrusty.cpp 85