diff --git a/BUILD.gn b/BUILD.gn index c3e391b531e145fa37c72580853eff8fb3f427e1..e66fd0ec3914d3077cdada853fca0e9fca22bf61 100755 --- a/BUILD.gn +++ b/BUILD.gn @@ -104,12 +104,6 @@ config("module_manager_config") { ohos_source_set("pac_data_protector_feature") { sources = [ "utils/data_protector.cpp" ] - sanitize = { - cfi = true - cfi_cross_dso = true - debug = false - } - branch_protector_ret = "pac_ret" configs = [ ":ace_napi_config", ":data_protector_config", @@ -129,6 +123,11 @@ ohos_source_set("ace_napi_static") { sources = napi_sources + if (enabled_data_protector) { + sources -= [ "utils/data_protector.cpp" ] + public_deps = [ ":pac_data_protector_feature" ] + } + if (current_cpu == "arm64") { defines += [ "_ARM64_" ] } @@ -226,9 +225,6 @@ if (is_arkui_x) { ohos_shared_library("ace_napi") { stack_protector_ret = false deps = [ ":ace_napi_static" ] - if (enabled_data_protector) { - deps += [ ":pac_data_protector_feature" ] - } external_deps = [ "bounds_checking_function:libsec_shared" ] public_configs = [ ":ace_napi_config", diff --git a/napi.gni b/napi.gni index accd0a86208d6434a47e2701ed5439ad831ed462..b3853da2ac95ec03ee0f693d941bdf8ed6060e2b 100755 --- a/napi.gni +++ b/napi.gni @@ -13,6 +13,8 @@ napi_path = "//foundation//arkui/napi" ets_runtime_path = "//arkcompiler/ets_runtime" +# Set is enable data_protector +enabled_data_protector = false napi_sources = [ "callback_scope_manager/native_callback_scope_manager.cpp", @@ -34,6 +36,7 @@ napi_sources = [ "native_engine/native_sendable.cpp", "native_engine/worker_manager.cpp", "reference_manager/native_reference_manager.cpp", + "utils/data_protector.cpp", "utils/log.cpp", ] @@ -52,14 +55,10 @@ declare_args() { # Set pgo profdata path napi_feature_pgo_path = "" - - # Enable PAC(Pointer Authentication Code) feature - napi_enable_data_protector = false - enabled_data_protector = false } if (defined(target_cpu) && target_cpu == "arm64" && - napi_enable_data_protector && !is_emulator) { + !(defined(is_arkui_x) && is_arkui_x) && is_ohos && !is_emulator) { enabled_data_protector = true } diff --git a/utils/data_protector.cpp b/utils/data_protector.cpp index 1ce7f11566c5518f5c3226bfa7fc11a707e19a10..b5fb2570f8d72f18f2fd9fdc81c0918c36c8d27c 100644 --- a/utils/data_protector.cpp +++ b/utils/data_protector.cpp @@ -19,7 +19,7 @@ #include #include -uintptr_t DataProtector::AutDecrypt(const uintptr_t pointer, [[maybe_unused]]const uintptr_t address) +uintptr_t DataProtector::AutDecrypt(const uintptr_t pointer, [[maybe_unused]]const uintptr_t address) const { auto hwcaps = getauxval(AT_HWCAP); if (!(hwcaps & HWCAP_PACA)) { @@ -51,7 +51,7 @@ uintptr_t DataProtector::PacEncrypt(const uintptr_t pointer, [[maybe_unused]]con return reinterpret_cast(t1); } #else -uintptr_t DataProtector::AutDecrypt(const uintptr_t pointer, [[maybe_unused]]const uintptr_t address) +uintptr_t DataProtector::AutDecrypt(const uintptr_t pointer, [[maybe_unused]]const uintptr_t address) const { return pointer; } diff --git a/utils/data_protector.h b/utils/data_protector.h index 089121f3ec6f6a6af49ce4b99566731856819c3a..300bd3971615f92496a97acf86828e439bdc91e2 100644 --- a/utils/data_protector.h +++ b/utils/data_protector.h @@ -17,6 +17,7 @@ #define FOUNDATION_ACE_NAPI_UTILS_DATA_PROTECTOR_H #include +#include "utils/macros.h" class DataProtector { public: @@ -28,32 +29,24 @@ public: ~DataProtector() = default; - static uintptr_t AutDecrypt(const uintptr_t pointer, [[maybe_unused]]const uintptr_t address); - static uintptr_t PacEncrypt(const uintptr_t pointer, [[maybe_unused]]const uintptr_t address); + NAPI_EXPORT uintptr_t AutDecrypt(const uintptr_t pointer, [[maybe_unused]]const uintptr_t address) const; + NAPI_EXPORT uintptr_t PacEncrypt(const uintptr_t pointer, [[maybe_unused]]const uintptr_t address); void Update(const uintptr_t pointer) { -#if defined(NAPI_ENABLE_DATA_PROTECT) if (pointer == 0) { encryptedAddrOrData = 0; return; } encryptedAddrOrData = PacEncrypt(pointer, reinterpret_cast(&encryptedAddrOrData)); -#else - encryptedAddrOrData = pointer; -#endif } uintptr_t GetData() const { -#if defined(NAPI_ENABLE_DATA_PROTECT) if (encryptedAddrOrData == 0) { return encryptedAddrOrData; } return AutDecrypt(encryptedAddrOrData, reinterpret_cast(&encryptedAddrOrData)); -#else - return encryptedAddrOrData; -#endif } private: