1*6777b538SAndroid Build Coastguard Worker// Copyright (C) 2023 The Android Open Source Project 2*6777b538SAndroid Build Coastguard Worker// 3*6777b538SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*6777b538SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*6777b538SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*6777b538SAndroid Build Coastguard Worker// 7*6777b538SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*6777b538SAndroid Build Coastguard Worker// 9*6777b538SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*6777b538SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*6777b538SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*6777b538SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*6777b538SAndroid Build Coastguard Worker// limitations under the License. 14*6777b538SAndroid Build Coastguard Worker 15*6777b538SAndroid Build Coastguard Worker// Cronet handles all of its licenses declaration in the top level Android.bp and 16*6777b538SAndroid Build Coastguard Worker// LICENSE files (//external/cronet/Android.bp and //external/cronet/LICENSE). 17*6777b538SAndroid Build Coastguard Worker// Boringsll's license can also be found at 18*6777b538SAndroid Build Coastguard Worker// //external/cronet/third_party/boringssl/src/LICENSE. 19*6777b538SAndroid Build Coastguard Worker 20*6777b538SAndroid Build Coastguard Worker// Guard with a namespace not to clash with //external/boringssl's targets. 21*6777b538SAndroid Build Coastguard Worker// All targets, with the exception of :cronet_defaults, have been copied from 22*6777b538SAndroid Build Coastguard Worker// //external/boringssl/Android.bp with just some minor changes due to the smaller 23*6777b538SAndroid Build Coastguard Worker// scope of Cronet's Boringssl. 24*6777b538SAndroid Build Coastguard Workersoong_namespace {} 25*6777b538SAndroid Build Coastguard Worker 26*6777b538SAndroid Build Coastguard Workerpackage { 27*6777b538SAndroid Build Coastguard Worker default_visibility: [ 28*6777b538SAndroid Build Coastguard Worker "//external/cronet:__subpackages__", 29*6777b538SAndroid Build Coastguard Worker "//packages/modules/Connectivity/Tethering:__subpackages__", 30*6777b538SAndroid Build Coastguard Worker ], 31*6777b538SAndroid Build Coastguard Worker // See: http://go/android-license-faq 32*6777b538SAndroid Build Coastguard Worker // A large-scale-change added 'default_applicable_licenses' to import 33*6777b538SAndroid Build Coastguard Worker // all of the 'license_kinds' from "external_cronet_license" 34*6777b538SAndroid Build Coastguard Worker // to get the below license kinds: 35*6777b538SAndroid Build Coastguard Worker // legacy_unencumbered 36*6777b538SAndroid Build Coastguard Worker // SPDX-license-identifier-Apache-2.0 37*6777b538SAndroid Build Coastguard Worker // SPDX-license-identifier-BSD 38*6777b538SAndroid Build Coastguard Worker // SPDX-license-identifier-BSD-3-Clause 39*6777b538SAndroid Build Coastguard Worker // SPDX-license-identifier-ISC 40*6777b538SAndroid Build Coastguard Worker // SPDX-license-identifier-MIT 41*6777b538SAndroid Build Coastguard Worker // SPDX-license-identifier-OpenSSL 42*6777b538SAndroid Build Coastguard Worker default_applicable_licenses: ["external_cronet_license"], 43*6777b538SAndroid Build Coastguard Worker} 44*6777b538SAndroid Build Coastguard Worker 45*6777b538SAndroid Build Coastguard Workerbuild = ["sources.bp"] 46*6777b538SAndroid Build Coastguard Worker 47*6777b538SAndroid Build Coastguard Workercc_defaults { 48*6777b538SAndroid Build Coastguard Worker name: "cronet_defaults", 49*6777b538SAndroid Build Coastguard Worker stl: "none", 50*6777b538SAndroid Build Coastguard Worker apex_available: [ 51*6777b538SAndroid Build Coastguard Worker "com.android.tethering", 52*6777b538SAndroid Build Coastguard Worker ], 53*6777b538SAndroid Build Coastguard Worker min_sdk_version: "30", 54*6777b538SAndroid Build Coastguard Worker include_dirs: [ 55*6777b538SAndroid Build Coastguard Worker "external/cronet/buildtools/third_party/libc++/", 56*6777b538SAndroid Build Coastguard Worker "external/cronet/third_party/libc++/src/include", 57*6777b538SAndroid Build Coastguard Worker "external/cronet/third_party/libc++abi/src/include", 58*6777b538SAndroid Build Coastguard Worker ], 59*6777b538SAndroid Build Coastguard Worker static_libs: [ 60*6777b538SAndroid Build Coastguard Worker "cronet_aml_buildtools_third_party_libc___libc__", 61*6777b538SAndroid Build Coastguard Worker "cronet_aml_buildtools_third_party_libc__abi_libc__abi" 62*6777b538SAndroid Build Coastguard Worker ], 63*6777b538SAndroid Build Coastguard Worker} 64*6777b538SAndroid Build Coastguard Worker 65*6777b538SAndroid Build Coastguard Workercc_defaults { 66*6777b538SAndroid Build Coastguard Worker name: "boringssl_flags", 67*6777b538SAndroid Build Coastguard Worker cflags: [ 68*6777b538SAndroid Build Coastguard Worker "-fvisibility=hidden", 69*6777b538SAndroid Build Coastguard Worker "-DBORINGSSL_SHARED_LIBRARY", 70*6777b538SAndroid Build Coastguard Worker "-DBORINGSSL_ANDROID_SYSTEM", 71*6777b538SAndroid Build Coastguard Worker // Chromium uses extensive harderning mode, so setting the same for boringssl. 72*6777b538SAndroid Build Coastguard Worker "-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE", 73*6777b538SAndroid Build Coastguard Worker "-DOPENSSL_SMALL", 74*6777b538SAndroid Build Coastguard Worker "-Werror", 75*6777b538SAndroid Build Coastguard Worker "-Wno-unused-parameter", 76*6777b538SAndroid Build Coastguard Worker ], 77*6777b538SAndroid Build Coastguard Worker cppflags: [ 78*6777b538SAndroid Build Coastguard Worker "-Wall", 79*6777b538SAndroid Build Coastguard Worker "-Werror", 80*6777b538SAndroid Build Coastguard Worker ], 81*6777b538SAndroid Build Coastguard Worker} 82*6777b538SAndroid Build Coastguard Worker 83*6777b538SAndroid Build Coastguard Workercc_defaults { 84*6777b538SAndroid Build Coastguard Worker name: "boringssl_defaults", 85*6777b538SAndroid Build Coastguard Worker local_include_dirs: ["src/include"], 86*6777b538SAndroid Build Coastguard Worker export_include_dirs: ["src/include"], 87*6777b538SAndroid Build Coastguard Worker cflags: [ 88*6777b538SAndroid Build Coastguard Worker "-DBORINGSSL_IMPLEMENTATION", 89*6777b538SAndroid Build Coastguard Worker ], 90*6777b538SAndroid Build Coastguard Worker} 91*6777b538SAndroid Build Coastguard Worker 92*6777b538SAndroid Build Coastguard Workercc_defaults { 93*6777b538SAndroid Build Coastguard Worker name: "libcrypto_defaults", 94*6777b538SAndroid Build Coastguard Worker target: { 95*6777b538SAndroid Build Coastguard Worker android: { 96*6777b538SAndroid Build Coastguard Worker // On FIPS builds (i.e. Android only) prevent other libraries 97*6777b538SAndroid Build Coastguard Worker // from pre-empting symbols in libcrypto which could affect FIPS 98*6777b538SAndroid Build Coastguard Worker // compliance and cause integrity checks to fail. See b/160231064. 99*6777b538SAndroid Build Coastguard Worker ldflags: ["-Wl,-Bsymbolic"], 100*6777b538SAndroid Build Coastguard Worker }, 101*6777b538SAndroid Build Coastguard Worker }, 102*6777b538SAndroid Build Coastguard Worker local_include_dirs: ["src/crypto"], 103*6777b538SAndroid Build Coastguard Worker} 104*6777b538SAndroid Build Coastguard Worker 105*6777b538SAndroid Build Coastguard Workercc_object { 106*6777b538SAndroid Build Coastguard Worker name: "bcm_object", 107*6777b538SAndroid Build Coastguard Worker defaults: [ 108*6777b538SAndroid Build Coastguard Worker "boringssl_defaults", 109*6777b538SAndroid Build Coastguard Worker "boringssl_flags", 110*6777b538SAndroid Build Coastguard Worker "cronet_defaults", 111*6777b538SAndroid Build Coastguard Worker "libcrypto_bcm_sources", 112*6777b538SAndroid Build Coastguard Worker "libcrypto_defaults", 113*6777b538SAndroid Build Coastguard Worker ], 114*6777b538SAndroid Build Coastguard Worker sanitize: { 115*6777b538SAndroid Build Coastguard Worker address: false, 116*6777b538SAndroid Build Coastguard Worker hwaddress: false, 117*6777b538SAndroid Build Coastguard Worker // This is a placeholder 118*6777b538SAndroid Build Coastguard Worker // to help prevent 119*6777b538SAndroid Build Coastguard Worker // merge conflicts. 120*6777b538SAndroid Build Coastguard Worker memtag_stack: false, 121*6777b538SAndroid Build Coastguard Worker // This is a placeholder 122*6777b538SAndroid Build Coastguard Worker // to help prevent 123*6777b538SAndroid Build Coastguard Worker // merge conflicts. 124*6777b538SAndroid Build Coastguard Worker fuzzer: false, 125*6777b538SAndroid Build Coastguard Worker memtag_globals: false, 126*6777b538SAndroid Build Coastguard Worker }, 127*6777b538SAndroid Build Coastguard Worker target: { 128*6777b538SAndroid Build Coastguard Worker android: { 129*6777b538SAndroid Build Coastguard Worker cflags: [ 130*6777b538SAndroid Build Coastguard Worker "-DBORINGSSL_FIPS", 131*6777b538SAndroid Build Coastguard Worker "-fPIC", 132*6777b538SAndroid Build Coastguard Worker // -fno[data|text]-sections required to ensure a 133*6777b538SAndroid Build Coastguard Worker // single text and data section for FIPS integrity check 134*6777b538SAndroid Build Coastguard Worker "-fno-data-sections", 135*6777b538SAndroid Build Coastguard Worker "-fno-function-sections", 136*6777b538SAndroid Build Coastguard Worker ], 137*6777b538SAndroid Build Coastguard Worker linker_script: "src/crypto/fipsmodule/fips_shared.lds", 138*6777b538SAndroid Build Coastguard Worker }, 139*6777b538SAndroid Build Coastguard Worker // From //external/boringssl: Temporary hack to let BoringSSL build with a new compiler. 140*6777b538SAndroid Build Coastguard Worker // This doesn't enable HWASAN unconditionally, it just causes 141*6777b538SAndroid Build Coastguard Worker // BoringSSL's asm code to unconditionally use a HWASAN-compatible 142*6777b538SAndroid Build Coastguard Worker // global variable reference so that the non-HWASANified (because of 143*6777b538SAndroid Build Coastguard Worker // sanitize: { hwaddress: false } above) code in the BCM can 144*6777b538SAndroid Build Coastguard Worker // successfully link against the HWASANified code in the rest of 145*6777b538SAndroid Build Coastguard Worker // BoringSSL in HWASAN builds. 146*6777b538SAndroid Build Coastguard Worker android_arm64: { 147*6777b538SAndroid Build Coastguard Worker asflags: [ 148*6777b538SAndroid Build Coastguard Worker "-fsanitize=hwaddress", 149*6777b538SAndroid Build Coastguard Worker ], 150*6777b538SAndroid Build Coastguard Worker }, 151*6777b538SAndroid Build Coastguard Worker }, 152*6777b538SAndroid Build Coastguard Worker} 153*6777b538SAndroid Build Coastguard Worker 154*6777b538SAndroid Build Coastguard Worker// Version of bcm_object built with BORINGSSL_FIPS_BREAK_TESTS defined. 155*6777b538SAndroid Build Coastguard Worker// Only for use with the FIPS break-tests.sh script. 156*6777b538SAndroid Build Coastguard Worker// Must be kept in sync with bcm_object. 157*6777b538SAndroid Build Coastguard Workercc_object { 158*6777b538SAndroid Build Coastguard Worker name: "bcm_object_for_testing", 159*6777b538SAndroid Build Coastguard Worker visibility: ["//visibility:private"], 160*6777b538SAndroid Build Coastguard Worker defaults: [ 161*6777b538SAndroid Build Coastguard Worker "boringssl_defaults", 162*6777b538SAndroid Build Coastguard Worker "boringssl_flags", 163*6777b538SAndroid Build Coastguard Worker "cronet_defaults", 164*6777b538SAndroid Build Coastguard Worker "libcrypto_bcm_sources", 165*6777b538SAndroid Build Coastguard Worker "libcrypto_defaults", 166*6777b538SAndroid Build Coastguard Worker ], 167*6777b538SAndroid Build Coastguard Worker sanitize: { 168*6777b538SAndroid Build Coastguard Worker address: false, 169*6777b538SAndroid Build Coastguard Worker hwaddress: false, 170*6777b538SAndroid Build Coastguard Worker fuzzer: false, 171*6777b538SAndroid Build Coastguard Worker memtag_globals: false, 172*6777b538SAndroid Build Coastguard Worker }, 173*6777b538SAndroid Build Coastguard Worker target: { 174*6777b538SAndroid Build Coastguard Worker android: { 175*6777b538SAndroid Build Coastguard Worker cflags: [ 176*6777b538SAndroid Build Coastguard Worker "-DBORINGSSL_FIPS", 177*6777b538SAndroid Build Coastguard Worker "-DBORINGSSL_FIPS_BREAK_TESTS", 178*6777b538SAndroid Build Coastguard Worker "-fPIC", 179*6777b538SAndroid Build Coastguard Worker // -fno[data|text]-sections required to ensure a 180*6777b538SAndroid Build Coastguard Worker // single text and data section for FIPS integrity check 181*6777b538SAndroid Build Coastguard Worker "-fno-data-sections", 182*6777b538SAndroid Build Coastguard Worker "-fno-function-sections", 183*6777b538SAndroid Build Coastguard Worker ], 184*6777b538SAndroid Build Coastguard Worker linker_script: "src/crypto/fipsmodule/fips_shared.lds", 185*6777b538SAndroid Build Coastguard Worker }, 186*6777b538SAndroid Build Coastguard Worker // From //external/boringssl: Temporary hack to let BoringSSL build with a new compiler. 187*6777b538SAndroid Build Coastguard Worker // This doesn't enable HWASAN unconditionally, it just causes 188*6777b538SAndroid Build Coastguard Worker // BoringSSL's asm code to unconditionally use a HWASAN-compatible 189*6777b538SAndroid Build Coastguard Worker // global variable reference so that the non-HWASANified (because of 190*6777b538SAndroid Build Coastguard Worker // sanitize: { hwaddress: false } above) code in the BCM can 191*6777b538SAndroid Build Coastguard Worker // successfully link against the HWASANified code in the rest of 192*6777b538SAndroid Build Coastguard Worker // BoringSSL in HWASAN builds. 193*6777b538SAndroid Build Coastguard Worker android_arm64: { 194*6777b538SAndroid Build Coastguard Worker asflags: [ 195*6777b538SAndroid Build Coastguard Worker "-fsanitize=hwaddress", 196*6777b538SAndroid Build Coastguard Worker ], 197*6777b538SAndroid Build Coastguard Worker }, 198*6777b538SAndroid Build Coastguard Worker }, 199*6777b538SAndroid Build Coastguard Worker} 200*6777b538SAndroid Build Coastguard Worker 201*6777b538SAndroid Build Coastguard Workercc_library_shared { 202*6777b538SAndroid Build Coastguard Worker name: "libcrypto", 203*6777b538SAndroid Build Coastguard Worker defaults: [ 204*6777b538SAndroid Build Coastguard Worker "boringssl_defaults", 205*6777b538SAndroid Build Coastguard Worker "boringssl_flags", 206*6777b538SAndroid Build Coastguard Worker "cronet_defaults", 207*6777b538SAndroid Build Coastguard Worker "libcrypto_defaults", 208*6777b538SAndroid Build Coastguard Worker "libcrypto_sources", 209*6777b538SAndroid Build Coastguard Worker ], 210*6777b538SAndroid Build Coastguard Worker unique_host_soname: true, 211*6777b538SAndroid Build Coastguard Worker srcs: [ 212*6777b538SAndroid Build Coastguard Worker ":bcm_object", 213*6777b538SAndroid Build Coastguard Worker ], 214*6777b538SAndroid Build Coastguard Worker target: { 215*6777b538SAndroid Build Coastguard Worker android: { 216*6777b538SAndroid Build Coastguard Worker cflags: [ 217*6777b538SAndroid Build Coastguard Worker "-DBORINGSSL_FIPS", 218*6777b538SAndroid Build Coastguard Worker ], 219*6777b538SAndroid Build Coastguard Worker sanitize: { 220*6777b538SAndroid Build Coastguard Worker // Disable address sanitizing otherwise libcrypto will not report 221*6777b538SAndroid Build Coastguard Worker // itself as being in FIPS mode, which causes boringssl_self_test 222*6777b538SAndroid Build Coastguard Worker // to fail. 223*6777b538SAndroid Build Coastguard Worker address: false, 224*6777b538SAndroid Build Coastguard Worker }, 225*6777b538SAndroid Build Coastguard Worker inject_bssl_hash: true, 226*6777b538SAndroid Build Coastguard Worker }, 227*6777b538SAndroid Build Coastguard Worker }, 228*6777b538SAndroid Build Coastguard Worker} 229*6777b538SAndroid Build Coastguard Worker 230*6777b538SAndroid Build Coastguard Workercc_library_shared { 231*6777b538SAndroid Build Coastguard Worker name: "libcrypto_for_testing", 232*6777b538SAndroid Build Coastguard Worker visibility: ["//visibility:private"], 233*6777b538SAndroid Build Coastguard Worker defaults: [ 234*6777b538SAndroid Build Coastguard Worker "boringssl_defaults", 235*6777b538SAndroid Build Coastguard Worker "boringssl_flags", 236*6777b538SAndroid Build Coastguard Worker "cronet_defaults", 237*6777b538SAndroid Build Coastguard Worker "libcrypto_defaults", 238*6777b538SAndroid Build Coastguard Worker "libcrypto_sources", 239*6777b538SAndroid Build Coastguard Worker ], 240*6777b538SAndroid Build Coastguard Worker unique_host_soname: true, 241*6777b538SAndroid Build Coastguard Worker srcs: [ 242*6777b538SAndroid Build Coastguard Worker ":bcm_object_for_testing", 243*6777b538SAndroid Build Coastguard Worker ], 244*6777b538SAndroid Build Coastguard Worker target: { 245*6777b538SAndroid Build Coastguard Worker android: { 246*6777b538SAndroid Build Coastguard Worker cflags: [ 247*6777b538SAndroid Build Coastguard Worker "-DBORINGSSL_FIPS", 248*6777b538SAndroid Build Coastguard Worker "-DBORINGSSL_FIPS_BREAK_TESTS", 249*6777b538SAndroid Build Coastguard Worker ], 250*6777b538SAndroid Build Coastguard Worker sanitize: { 251*6777b538SAndroid Build Coastguard Worker // Disable address sanitizing otherwise libcrypto will not report 252*6777b538SAndroid Build Coastguard Worker // itself as being in FIPS mode, which causes boringssl_self_test 253*6777b538SAndroid Build Coastguard Worker // to fail. 254*6777b538SAndroid Build Coastguard Worker address: false, 255*6777b538SAndroid Build Coastguard Worker }, 256*6777b538SAndroid Build Coastguard Worker inject_bssl_hash: true, 257*6777b538SAndroid Build Coastguard Worker }, 258*6777b538SAndroid Build Coastguard Worker }, 259*6777b538SAndroid Build Coastguard Worker} 260*6777b538SAndroid Build Coastguard Worker 261*6777b538SAndroid Build Coastguard Workercc_library_shared { 262*6777b538SAndroid Build Coastguard Worker name: "libssl", 263*6777b538SAndroid Build Coastguard Worker defaults: [ 264*6777b538SAndroid Build Coastguard Worker "boringssl_defaults", 265*6777b538SAndroid Build Coastguard Worker "boringssl_flags", 266*6777b538SAndroid Build Coastguard Worker "cronet_defaults", 267*6777b538SAndroid Build Coastguard Worker "libssl_sources", 268*6777b538SAndroid Build Coastguard Worker ], 269*6777b538SAndroid Build Coastguard Worker unique_host_soname: true, 270*6777b538SAndroid Build Coastguard Worker shared_libs: ["libcrypto"], 271*6777b538SAndroid Build Coastguard Worker} 272*6777b538SAndroid Build Coastguard Worker 273*6777b538SAndroid Build Coastguard Workercc_library_shared { 274*6777b538SAndroid Build Coastguard Worker name: "libpki", 275*6777b538SAndroid Build Coastguard Worker defaults: [ 276*6777b538SAndroid Build Coastguard Worker "boringssl_defaults", 277*6777b538SAndroid Build Coastguard Worker "boringssl_flags", 278*6777b538SAndroid Build Coastguard Worker "cronet_defaults", 279*6777b538SAndroid Build Coastguard Worker "libpki_sources", 280*6777b538SAndroid Build Coastguard Worker ], 281*6777b538SAndroid Build Coastguard Worker unique_host_soname: true, 282*6777b538SAndroid Build Coastguard Worker cflags: ["-D_BORINGSSL_LIBPKI_"], 283*6777b538SAndroid Build Coastguard Worker shared_libs: ["libcrypto"], 284*6777b538SAndroid Build Coastguard Worker} 285*6777b538SAndroid Build Coastguard Worker 286*6777b538SAndroid Build Coastguard Worker// Utility binary for CMVP on-site testing. 287*6777b538SAndroid Build Coastguard Workercc_binary { 288*6777b538SAndroid Build Coastguard Worker name: "test_fips", 289*6777b538SAndroid Build Coastguard Worker host_supported: false, 290*6777b538SAndroid Build Coastguard Worker defaults: [ 291*6777b538SAndroid Build Coastguard Worker "boringssl_flags", 292*6777b538SAndroid Build Coastguard Worker ], 293*6777b538SAndroid Build Coastguard Worker shared_libs: [ 294*6777b538SAndroid Build Coastguard Worker "libcrypto", 295*6777b538SAndroid Build Coastguard Worker ], 296*6777b538SAndroid Build Coastguard Worker srcs: [ 297*6777b538SAndroid Build Coastguard Worker "src/util/fipstools/test_fips.c", 298*6777b538SAndroid Build Coastguard Worker ], 299*6777b538SAndroid Build Coastguard Worker required: [ 300*6777b538SAndroid Build Coastguard Worker "adb", 301*6777b538SAndroid Build Coastguard Worker "libcrypto_for_testing", 302*6777b538SAndroid Build Coastguard Worker ], 303*6777b538SAndroid Build Coastguard Worker} 304