xref: /aosp_15_r20/external/cronet/third_party/boringssl/Android.bp (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1// Copyright (C) 2023 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// Cronet handles all of its licenses declaration in the top level Android.bp and
16// LICENSE files (//external/cronet/Android.bp and //external/cronet/LICENSE).
17// Boringsll's license can also be found at
18// //external/cronet/third_party/boringssl/src/LICENSE.
19
20// Guard with a namespace not to clash with //external/boringssl's targets.
21// All targets, with the exception of :cronet_defaults, have been copied from
22// //external/boringssl/Android.bp with just some minor changes due to the smaller
23// scope of Cronet's Boringssl.
24soong_namespace {}
25
26package {
27    default_visibility: [
28        "//external/cronet:__subpackages__",
29        "//packages/modules/Connectivity/Tethering:__subpackages__",
30    ],
31    // See: http://go/android-license-faq
32    // A large-scale-change added 'default_applicable_licenses' to import
33    // all of the 'license_kinds' from "external_cronet_license"
34    // to get the below license kinds:
35    //   legacy_unencumbered
36    //   SPDX-license-identifier-Apache-2.0
37    //   SPDX-license-identifier-BSD
38    //   SPDX-license-identifier-BSD-3-Clause
39    //   SPDX-license-identifier-ISC
40    //   SPDX-license-identifier-MIT
41    //   SPDX-license-identifier-OpenSSL
42    default_applicable_licenses: ["external_cronet_license"],
43}
44
45build = ["sources.bp"]
46
47cc_defaults {
48    name: "cronet_defaults",
49    stl: "none",
50    apex_available: [
51        "com.android.tethering",
52    ],
53    min_sdk_version: "30",
54    include_dirs: [
55        "external/cronet/buildtools/third_party/libc++/",
56        "external/cronet/third_party/libc++/src/include",
57        "external/cronet/third_party/libc++abi/src/include",
58    ],
59    static_libs: [
60        "cronet_aml_buildtools_third_party_libc___libc__",
61        "cronet_aml_buildtools_third_party_libc__abi_libc__abi"
62    ],
63}
64
65cc_defaults {
66    name: "boringssl_flags",
67    cflags: [
68        "-fvisibility=hidden",
69        "-DBORINGSSL_SHARED_LIBRARY",
70        "-DBORINGSSL_ANDROID_SYSTEM",
71        // Chromium uses extensive harderning mode, so setting the same for boringssl.
72        "-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE",
73        "-DOPENSSL_SMALL",
74        "-Werror",
75        "-Wno-unused-parameter",
76    ],
77    cppflags: [
78        "-Wall",
79        "-Werror",
80    ],
81}
82
83cc_defaults {
84    name: "boringssl_defaults",
85    local_include_dirs: ["src/include"],
86    export_include_dirs: ["src/include"],
87    cflags: [
88        "-DBORINGSSL_IMPLEMENTATION",
89    ],
90}
91
92cc_defaults {
93    name: "libcrypto_defaults",
94    target: {
95        android: {
96            // On FIPS builds (i.e. Android only) prevent other libraries
97            // from pre-empting symbols in libcrypto which could affect FIPS
98            // compliance and cause integrity checks to fail. See b/160231064.
99            ldflags: ["-Wl,-Bsymbolic"],
100        },
101    },
102    local_include_dirs: ["src/crypto"],
103}
104
105cc_object {
106    name: "bcm_object",
107    defaults: [
108        "boringssl_defaults",
109        "boringssl_flags",
110        "cronet_defaults",
111        "libcrypto_bcm_sources",
112        "libcrypto_defaults",
113    ],
114    sanitize: {
115        address: false,
116        hwaddress: false,
117        // This is a placeholder
118        // to help prevent
119        // merge conflicts.
120        memtag_stack: false,
121        // This is a placeholder
122        // to help prevent
123        // merge conflicts.
124        fuzzer: false,
125        memtag_globals: false,
126    },
127    target: {
128        android: {
129            cflags: [
130                "-DBORINGSSL_FIPS",
131                "-fPIC",
132                // -fno[data|text]-sections required to ensure a
133                // single text and data section for FIPS integrity check
134                "-fno-data-sections",
135                "-fno-function-sections",
136            ],
137            linker_script: "src/crypto/fipsmodule/fips_shared.lds",
138        },
139        // From //external/boringssl: Temporary hack to let BoringSSL build with a new compiler.
140        // This doesn't enable HWASAN unconditionally, it just causes
141        // BoringSSL's asm code to unconditionally use a HWASAN-compatible
142        // global variable reference so that the non-HWASANified (because of
143        // sanitize: { hwaddress: false } above) code in the BCM can
144        // successfully link against the HWASANified code in the rest of
145        // BoringSSL in HWASAN builds.
146        android_arm64: {
147            asflags: [
148                "-fsanitize=hwaddress",
149            ],
150        },
151    },
152}
153
154// Version of bcm_object built with BORINGSSL_FIPS_BREAK_TESTS defined.
155// Only for use with the FIPS break-tests.sh script.
156// Must be kept in sync with bcm_object.
157cc_object {
158    name: "bcm_object_for_testing",
159    visibility: ["//visibility:private"],
160    defaults: [
161        "boringssl_defaults",
162        "boringssl_flags",
163        "cronet_defaults",
164        "libcrypto_bcm_sources",
165        "libcrypto_defaults",
166    ],
167    sanitize: {
168        address: false,
169        hwaddress: false,
170        fuzzer: false,
171        memtag_globals: false,
172    },
173    target: {
174        android: {
175            cflags: [
176                "-DBORINGSSL_FIPS",
177                "-DBORINGSSL_FIPS_BREAK_TESTS",
178                "-fPIC",
179                // -fno[data|text]-sections required to ensure a
180                // single text and data section for FIPS integrity check
181                "-fno-data-sections",
182                "-fno-function-sections",
183            ],
184            linker_script: "src/crypto/fipsmodule/fips_shared.lds",
185        },
186        // From //external/boringssl: Temporary hack to let BoringSSL build with a new compiler.
187        // This doesn't enable HWASAN unconditionally, it just causes
188        // BoringSSL's asm code to unconditionally use a HWASAN-compatible
189        // global variable reference so that the non-HWASANified (because of
190        // sanitize: { hwaddress: false } above) code in the BCM can
191        // successfully link against the HWASANified code in the rest of
192        // BoringSSL in HWASAN builds.
193        android_arm64: {
194            asflags: [
195                "-fsanitize=hwaddress",
196            ],
197        },
198    },
199}
200
201cc_library_shared {
202    name: "libcrypto",
203    defaults: [
204        "boringssl_defaults",
205        "boringssl_flags",
206        "cronet_defaults",
207        "libcrypto_defaults",
208        "libcrypto_sources",
209    ],
210    unique_host_soname: true,
211    srcs: [
212        ":bcm_object",
213    ],
214    target: {
215        android: {
216            cflags: [
217                "-DBORINGSSL_FIPS",
218            ],
219            sanitize: {
220                // Disable address sanitizing otherwise libcrypto will not report
221                // itself as being in FIPS mode, which causes boringssl_self_test
222                // to fail.
223                address: false,
224            },
225            inject_bssl_hash: true,
226        },
227    },
228}
229
230cc_library_shared {
231    name: "libcrypto_for_testing",
232    visibility: ["//visibility:private"],
233    defaults: [
234        "boringssl_defaults",
235        "boringssl_flags",
236        "cronet_defaults",
237        "libcrypto_defaults",
238        "libcrypto_sources",
239    ],
240    unique_host_soname: true,
241    srcs: [
242        ":bcm_object_for_testing",
243    ],
244    target: {
245        android: {
246            cflags: [
247                "-DBORINGSSL_FIPS",
248                "-DBORINGSSL_FIPS_BREAK_TESTS",
249            ],
250            sanitize: {
251                // Disable address sanitizing otherwise libcrypto will not report
252                // itself as being in FIPS mode, which causes boringssl_self_test
253                // to fail.
254                address: false,
255            },
256            inject_bssl_hash: true,
257        },
258    },
259}
260
261cc_library_shared {
262    name: "libssl",
263    defaults: [
264        "boringssl_defaults",
265        "boringssl_flags",
266        "cronet_defaults",
267        "libssl_sources",
268    ],
269    unique_host_soname: true,
270    shared_libs: ["libcrypto"],
271}
272
273cc_library_shared {
274    name: "libpki",
275    defaults: [
276        "boringssl_defaults",
277        "boringssl_flags",
278        "cronet_defaults",
279        "libpki_sources",
280    ],
281    unique_host_soname: true,
282    cflags: ["-D_BORINGSSL_LIBPKI_"],
283    shared_libs: ["libcrypto"],
284}
285
286// Utility binary for CMVP on-site testing.
287cc_binary {
288    name: "test_fips",
289    host_supported: false,
290    defaults: [
291        "boringssl_flags",
292    ],
293    shared_libs: [
294        "libcrypto",
295    ],
296    srcs: [
297        "src/util/fipstools/test_fips.c",
298    ],
299    required: [
300        "adb",
301        "libcrypto_for_testing",
302    ],
303}
304