third_party/boringssl/Android.bp - platform/external/cronet - Git at Google

 // Copyright (C) 2023 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 // Cronet handles all of its licenses declaration in the top level Android.bp and
 // LICENSE files (//external/cronet/Android.bp and //external/cronet/LICENSE).
 // Boringsll's license can also be found at
 // //external/cronet/third_party/boringssl/src/LICENSE.

 // Guard with a namespace not to clash with //external/boringssl's targets.
 // All targets, with the exception of :cronet_defaults, have been copied from
 // //external/boringssl/Android.bp with just some minor changes due to the smaller
 // scope of Cronet's Boringssl.
 soong_namespace {}

 package {
     default_visibility: [
         "//external/cronet:__subpackages__",
         "//packages/modules/Connectivity/Tethering:__subpackages__",
     ],
     // See: http://go/android-license-faq
     // A large-scale-change added 'default_applicable_licenses' to import
     // all of the 'license_kinds' from "external_cronet_license"
     // to get the below license kinds:
     //   legacy_unencumbered
     //   SPDX-license-identifier-Apache-2.0
     //   SPDX-license-identifier-BSD
     //   SPDX-license-identifier-BSD-3-Clause
     //   SPDX-license-identifier-ISC
     //   SPDX-license-identifier-MIT
     //   SPDX-license-identifier-OpenSSL
     default_applicable_licenses: ["external_cronet_license"],
 }

 build = ["sources.bp"]

 cc_defaults {
     name: "cronet_defaults",
     stl: "none",
     apex_available: [
         "com.android.tethering",
     ],
     min_sdk_version: "30",
     include_dirs: [
         "external/cronet/buildtools/third_party/libc++/",
         "external/cronet/third_party/libc++/src/include",
         "external/cronet/third_party/libc++abi/src/include",
     ],
     static_libs: [
         "cronet_aml_buildtools_third_party_libc___libc__",
         "cronet_aml_buildtools_third_party_libc__abi_libc__abi"
     ],
 }

 cc_defaults {
     name: "boringssl_flags",
     cflags: [
         "-fvisibility=hidden",
         "-DBORINGSSL_SHARED_LIBRARY",
         "-DBORINGSSL_ANDROID_SYSTEM",
         // Chromium uses extensive harderning mode, so setting the same for boringssl.
         "-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE",
         "-DOPENSSL_SMALL",
         "-Werror",
         "-Wno-unused-parameter",
     ],
     cppflags: [
         "-Wall",
         "-Werror",
     ],
 }

 cc_defaults {
     name: "boringssl_defaults",
     local_include_dirs: ["src/include"],
     export_include_dirs: ["src/include"],
     cflags: [
         "-DBORINGSSL_IMPLEMENTATION",
     ],
 }

 cc_defaults {
     name: "libcrypto_defaults",
     target: {
         android: {
             // On FIPS builds (i.e. Android only) prevent other libraries
             // from pre-empting symbols in libcrypto which could affect FIPS
             // compliance and cause integrity checks to fail. See b/160231064.
             ldflags: ["-Wl,-Bsymbolic"],
         },
     },
     local_include_dirs: ["src/crypto"],
 }

 cc_object {
     name: "bcm_object",
     defaults: [
         "boringssl_defaults",
         "boringssl_flags",
         "cronet_defaults",
         "libcrypto_bcm_sources",
         "libcrypto_defaults",
     ],
     sanitize: {
         address: false,
         hwaddress: false,
         // This is a placeholder
         // to help prevent
         // merge conflicts.
         memtag_stack: false,
         // This is a placeholder
         // to help prevent
         // merge conflicts.
         fuzzer: false,
         memtag_globals: false,
     },
     target: {
         android: {
             cflags: [
                 "-DBORINGSSL_FIPS",
                 "-fPIC",
                 // -fno[data|text]-sections required to ensure a
                 // single text and data section for FIPS integrity check
                 "-fno-data-sections",
                 "-fno-function-sections",
             ],
             linker_script: "src/crypto/fipsmodule/fips_shared.lds",
         },
         // From //external/boringssl: Temporary hack to let BoringSSL build with a new compiler.
         // This doesn't enable HWASAN unconditionally, it just causes
         // BoringSSL's asm code to unconditionally use a HWASAN-compatible
         // global variable reference so that the non-HWASANified (because of
         // sanitize: { hwaddress: false } above) code in the BCM can
         // successfully link against the HWASANified code in the rest of
         // BoringSSL in HWASAN builds.
         android_arm64: {
             asflags: [
                 "-fsanitize=hwaddress",
             ],
         },
     },
 }

 // Version of bcm_object built with BORINGSSL_FIPS_BREAK_TESTS defined.
 // Only for use with the FIPS break-tests.sh script.
 // Must be kept in sync with bcm_object.
 cc_object {
     name: "bcm_object_for_testing",
     visibility: ["//visibility:private"],
     defaults: [
         "boringssl_defaults",
         "boringssl_flags",
         "cronet_defaults",
         "libcrypto_bcm_sources",
         "libcrypto_defaults",
     ],
     sanitize: {
         address: false,
         hwaddress: false,
         fuzzer: false,
         memtag_globals: false,
     },
     target: {
         android: {
             cflags: [
                 "-DBORINGSSL_FIPS",
                 "-DBORINGSSL_FIPS_BREAK_TESTS",
                 "-fPIC",
                 // -fno[data|text]-sections required to ensure a
                 // single text and data section for FIPS integrity check
                 "-fno-data-sections",
                 "-fno-function-sections",
             ],
             linker_script: "src/crypto/fipsmodule/fips_shared.lds",
         },
         // From //external/boringssl: Temporary hack to let BoringSSL build with a new compiler.
         // This doesn't enable HWASAN unconditionally, it just causes
         // BoringSSL's asm code to unconditionally use a HWASAN-compatible
         // global variable reference so that the non-HWASANified (because of
         // sanitize: { hwaddress: false } above) code in the BCM can
         // successfully link against the HWASANified code in the rest of
         // BoringSSL in HWASAN builds.
         android_arm64: {
             asflags: [
                 "-fsanitize=hwaddress",
             ],
         },
     },
 }

 cc_library_shared {
     name: "libcrypto",
     defaults: [
         "boringssl_defaults",
         "boringssl_flags",
         "cronet_defaults",
         "libcrypto_defaults",
         "libcrypto_sources",
     ],
     unique_host_soname: true,
     srcs: [
         ":bcm_object",
     ],
     target: {
         android: {
             cflags: [
                 "-DBORINGSSL_FIPS",
             ],
             sanitize: {
                 // Disable address sanitizing otherwise libcrypto will not report
                 // itself as being in FIPS mode, which causes boringssl_self_test
                 // to fail.
                 address: false,
             },
             inject_bssl_hash: true,
         },
     },
 }

 cc_library_shared {
     name: "libcrypto_for_testing",
     visibility: ["//visibility:private"],
     defaults: [
         "boringssl_defaults",
         "boringssl_flags",
         "cronet_defaults",
         "libcrypto_defaults",
         "libcrypto_sources",
     ],
     unique_host_soname: true,
     srcs: [
         ":bcm_object_for_testing",
     ],
     target: {
         android: {
             cflags: [
                 "-DBORINGSSL_FIPS",
                 "-DBORINGSSL_FIPS_BREAK_TESTS",
             ],
             sanitize: {
                 // Disable address sanitizing otherwise libcrypto will not report
                 // itself as being in FIPS mode, which causes boringssl_self_test
                 // to fail.
                 address: false,
             },
             inject_bssl_hash: true,
         },
     },
 }

 cc_library_shared {
     name: "libssl",
     defaults: [
         "boringssl_defaults",
         "boringssl_flags",
         "cronet_defaults",
         "libssl_sources",
     ],
     unique_host_soname: true,
     shared_libs: ["libcrypto"],
 }

 cc_library_shared {
     name: "libpki",
     defaults: [
         "boringssl_defaults",
         "boringssl_flags",
         "cronet_defaults",
         "libpki_sources",
     ],
     unique_host_soname: true,
     cflags: ["-D_BORINGSSL_LIBPKI_"],
     shared_libs: ["libcrypto"],
 }

 // Utility binary for CMVP on-site testing.
 cc_binary {
     name: "test_fips",
     host_supported: false,
     defaults: [
         "boringssl_flags",
     ],
     shared_libs: [
         "libcrypto",
     ],
     srcs: [
         "src/util/fipstools/test_fips.c",
     ],
     required: [
         "adb",
         "libcrypto_for_testing",
     ],
 }
	// Copyright (C) 2023 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	// Cronet handles all of its licenses declaration in the top level Android.bp and
	// LICENSE files (//external/cronet/Android.bp and //external/cronet/LICENSE).
	// Boringsll's license can also be found at
	// //external/cronet/third_party/boringssl/src/LICENSE.

	// Guard with a namespace not to clash with //external/boringssl's targets.
	// All targets, with the exception of :cronet_defaults, have been copied from
	// //external/boringssl/Android.bp with just some minor changes due to the smaller
	// scope of Cronet's Boringssl.
	soong_namespace {}

	package {
	default_visibility: [
	"//external/cronet:__subpackages__",
	"//packages/modules/Connectivity/Tethering:__subpackages__",
	],
	// See: http://go/android-license-faq
	// A large-scale-change added 'default_applicable_licenses' to import
	// all of the 'license_kinds' from "external_cronet_license"
	// to get the below license kinds:
	// legacy_unencumbered
	// SPDX-license-identifier-Apache-2.0
	// SPDX-license-identifier-BSD
	// SPDX-license-identifier-BSD-3-Clause
	// SPDX-license-identifier-ISC
	// SPDX-license-identifier-MIT
	// SPDX-license-identifier-OpenSSL
	default_applicable_licenses: ["external_cronet_license"],
	}

	build = ["sources.bp"]

	cc_defaults {
	name: "cronet_defaults",
	stl: "none",
	apex_available: [
	"com.android.tethering",
	],
	min_sdk_version: "30",
	include_dirs: [
	"external/cronet/buildtools/third_party/libc++/",
	"external/cronet/third_party/libc++/src/include",
	"external/cronet/third_party/libc++abi/src/include",
	],
	static_libs: [
	"cronet_aml_buildtools_third_party_libc___libc__",
	"cronet_aml_buildtools_third_party_libc__abi_libc__abi"
	],
	}

	cc_defaults {
	name: "boringssl_flags",
	cflags: [
	"-fvisibility=hidden",
	"-DBORINGSSL_SHARED_LIBRARY",
	"-DBORINGSSL_ANDROID_SYSTEM",
	// Chromium uses extensive harderning mode, so setting the same for boringssl.
	"-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE",
	"-DOPENSSL_SMALL",
	"-Werror",
	"-Wno-unused-parameter",
	],
	cppflags: [
	"-Wall",
	"-Werror",
	],
	}

	cc_defaults {
	name: "boringssl_defaults",
	local_include_dirs: ["src/include"],
	export_include_dirs: ["src/include"],
	cflags: [
	"-DBORINGSSL_IMPLEMENTATION",
	],
	}

	cc_defaults {
	name: "libcrypto_defaults",
	target: {
	android: {
	// On FIPS builds (i.e. Android only) prevent other libraries
	// from pre-empting symbols in libcrypto which could affect FIPS
	// compliance and cause integrity checks to fail. See b/160231064.
	ldflags: ["-Wl,-Bsymbolic"],
	},
	},
	local_include_dirs: ["src/crypto"],
	}

	cc_object {
	name: "bcm_object",
	defaults: [
	"boringssl_defaults",
	"boringssl_flags",
	"cronet_defaults",
	"libcrypto_bcm_sources",
	"libcrypto_defaults",
	],
	sanitize: {
	address: false,
	hwaddress: false,
	// This is a placeholder
	// to help prevent
	// merge conflicts.
	memtag_stack: false,
	// This is a placeholder
	// to help prevent
	// merge conflicts.
	fuzzer: false,
	memtag_globals: false,
	},
	target: {
	android: {
	cflags: [
	"-DBORINGSSL_FIPS",
	"-fPIC",
	// -fno[data\|text]-sections required to ensure a
	// single text and data section for FIPS integrity check
	"-fno-data-sections",
	"-fno-function-sections",
	],
	linker_script: "src/crypto/fipsmodule/fips_shared.lds",
	},
	// From //external/boringssl: Temporary hack to let BoringSSL build with a new compiler.
	// This doesn't enable HWASAN unconditionally, it just causes
	// BoringSSL's asm code to unconditionally use a HWASAN-compatible
	// global variable reference so that the non-HWASANified (because of
	// sanitize: { hwaddress: false } above) code in the BCM can
	// successfully link against the HWASANified code in the rest of
	// BoringSSL in HWASAN builds.
	android_arm64: {
	asflags: [
	"-fsanitize=hwaddress",
	],
	},
	},
	}

	// Version of bcm_object built with BORINGSSL_FIPS_BREAK_TESTS defined.
	// Only for use with the FIPS break-tests.sh script.
	// Must be kept in sync with bcm_object.
	cc_object {
	name: "bcm_object_for_testing",
	visibility: ["//visibility:private"],
	defaults: [
	"boringssl_defaults",
	"boringssl_flags",
	"cronet_defaults",
	"libcrypto_bcm_sources",
	"libcrypto_defaults",
	],
	sanitize: {
	address: false,
	hwaddress: false,
	fuzzer: false,
	memtag_globals: false,
	},
	target: {
	android: {
	cflags: [
	"-DBORINGSSL_FIPS",
	"-DBORINGSSL_FIPS_BREAK_TESTS",
	"-fPIC",
	// -fno[data\|text]-sections required to ensure a
	// single text and data section for FIPS integrity check
	"-fno-data-sections",
	"-fno-function-sections",
	],
	linker_script: "src/crypto/fipsmodule/fips_shared.lds",
	},
	// From //external/boringssl: Temporary hack to let BoringSSL build with a new compiler.
	// This doesn't enable HWASAN unconditionally, it just causes
	// BoringSSL's asm code to unconditionally use a HWASAN-compatible
	// global variable reference so that the non-HWASANified (because of
	// sanitize: { hwaddress: false } above) code in the BCM can
	// successfully link against the HWASANified code in the rest of
	// BoringSSL in HWASAN builds.
	android_arm64: {
	asflags: [
	"-fsanitize=hwaddress",
	],
	},
	},
	}

	cc_library_shared {
	name: "libcrypto",
	defaults: [
	"boringssl_defaults",
	"boringssl_flags",
	"cronet_defaults",
	"libcrypto_defaults",
	"libcrypto_sources",
	],
	unique_host_soname: true,
	srcs: [
	":bcm_object",
	],
	target: {
	android: {
	cflags: [
	"-DBORINGSSL_FIPS",
	],
	sanitize: {
	// Disable address sanitizing otherwise libcrypto will not report
	// itself as being in FIPS mode, which causes boringssl_self_test
	// to fail.
	address: false,
	},
	inject_bssl_hash: true,
	},
	},
	}

	cc_library_shared {
	name: "libcrypto_for_testing",
	visibility: ["//visibility:private"],
	defaults: [
	"boringssl_defaults",
	"boringssl_flags",
	"cronet_defaults",
	"libcrypto_defaults",
	"libcrypto_sources",
	],
	unique_host_soname: true,
	srcs: [
	":bcm_object_for_testing",
	],
	target: {
	android: {
	cflags: [
	"-DBORINGSSL_FIPS",
	"-DBORINGSSL_FIPS_BREAK_TESTS",
	],
	sanitize: {
	// Disable address sanitizing otherwise libcrypto will not report
	// itself as being in FIPS mode, which causes boringssl_self_test
	// to fail.
	address: false,
	},
	inject_bssl_hash: true,
	},
	},
	}

	cc_library_shared {
	name: "libssl",
	defaults: [
	"boringssl_defaults",
	"boringssl_flags",
	"cronet_defaults",
	"libssl_sources",
	],
	unique_host_soname: true,
	shared_libs: ["libcrypto"],
	}

	cc_library_shared {
	name: "libpki",
	defaults: [
	"boringssl_defaults",
	"boringssl_flags",
	"cronet_defaults",
	"libpki_sources",
	],
	unique_host_soname: true,
	cflags: ["-D_BORINGSSL_LIBPKI_"],
	shared_libs: ["libcrypto"],
	}

	// Utility binary for CMVP on-site testing.
	cc_binary {
	name: "test_fips",
	host_supported: false,
	defaults: [
	"boringssl_flags",
	],
	shared_libs: [
	"libcrypto",
	],
	srcs: [
	"src/util/fipstools/test_fips.c",
	],
	required: [
	"adb",
	"libcrypto_for_testing",
	],
	}