From 41d034f98b3c570363f155f3348a247a87b18e9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE?= Date: Tue, 16 Apr 2024 20:50:48 +0800 Subject: [PATCH] =?UTF-8?q?cfi=20Signed-off-by:=20=E9=82=B9=E5=8F=8B?= =?UTF-8?q?=E6=9D=BE=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../js/napi/session/src/napi_session.cpp | 4 +-- frameworks/js/napi/update/BUILD.gn | 1 - .../js/napi/update/include/update_session.h | 4 +-- .../js/napi/update/src/session_manager.cpp | 6 ++++- .../js/napi/update/src/update_client.cpp | 26 ++++++++++--------- services/engine/BUILD.gn | 10 +++++++ 6 files changed, 33 insertions(+), 18 deletions(-) diff --git a/frameworks/js/napi/session/src/napi_session.cpp b/frameworks/js/napi/session/src/napi_session.cpp index 99c006fb..567b799e 100644 --- a/frameworks/js/napi/session/src/napi_session.cpp +++ b/frameworks/js/napi/session/src/napi_session.cpp @@ -75,7 +75,7 @@ void NapiSession::ExecuteWork(napi_env env) } // JS thread, which is used to notify the JS page upon completion of the operation. -void NapiSession::CompleteWork(napi_env env, napi_status status, void *data) +void NapiSession::CompleteWork(napi_env env, napi_status status, void *data) __attribute__((no_sanitize("cfi"))) { auto sess = reinterpret_cast(data); PARAM_CHECK(sess != nullptr && sess->GetNapiClient() != nullptr, return, "Session is null pointer"); @@ -89,7 +89,7 @@ void NapiSession::CompleteWork(napi_env env, napi_status status, void *data) // The C++ thread executes the synchronization operation. After the synchronization is complete, // the CompleteWork is called to notify the JS page of the completion of the operation. -void NapiSession::ExecuteWork(napi_env env, void *data) +void NapiSession::ExecuteWork(napi_env env, void *data) __attribute__((no_sanitize("cfi"))) { auto sess = reinterpret_cast(data); PARAM_CHECK(sess != nullptr, return, "sess is null"); diff --git a/frameworks/js/napi/update/BUILD.gn b/frameworks/js/napi/update/BUILD.gn index 7afa4825..36390c4d 100644 --- a/frameworks/js/napi/update/BUILD.gn +++ b/frameworks/js/napi/update/BUILD.gn @@ -23,7 +23,6 @@ ohos_shared_library("$updateengine_client_library_name") { cfi = true cfi_cross_dso = true debug = false - blocklist = "./cfi_blocklist.txt" } branch_protector_ret = "pac_ret" diff --git a/frameworks/js/napi/update/include/update_session.h b/frameworks/js/napi/update/include/update_session.h index dfe615f1..319888e4 100644 --- a/frameworks/js/napi/update/include/update_session.h +++ b/frameworks/js/napi/update/include/update_session.h @@ -35,7 +35,7 @@ public: ~BaseUpdateSession() override = default; - void GetUpdateResult(UpdateResult &result) + void GetUpdateResult(UpdateResult &result) __attribute__((no_sanitize("cfi"))) { result.businessError = businessError_; IUpdater *migrateClient = static_cast(client_); @@ -71,7 +71,7 @@ public: size_t callbackNumber = 0) : BasePromiseSession(client, sessionParams, argc, callbackNumber) {} - void GetUpdateResult(UpdateResult &result) + void GetUpdateResult(UpdateResult &result) __attribute__((no_sanitize("cfi"))) { result.businessError = businessError_; IUpdater *migrateClient = static_cast(client_); diff --git a/frameworks/js/napi/update/src/session_manager.cpp b/frameworks/js/napi/update/src/session_manager.cpp index 58ded004..fb40d6e0 100644 --- a/frameworks/js/napi/update/src/session_manager.cpp +++ b/frameworks/js/napi/update/src/session_manager.cpp @@ -85,6 +85,7 @@ bool SessionManager::GetNextSessionId(uint32_t &sessionId) } int32_t SessionManager::ProcessUnsubscribe(const std::string &eventType, size_t argc, napi_value arg) + __attribute__((no_sanitize("cfi"))) { napi_handle_scope scope; napi_status status = napi_open_handle_scope(env_, &scope); @@ -120,6 +121,7 @@ int32_t SessionManager::ProcessUnsubscribe(const std::string &eventType, size_t } void SessionManager::Unsubscribe(const EventClassifyInfo &eventClassifyInfo, napi_value handle) + __attribute__((no_sanitize("cfi"))) { std::lock_guard guard(sessionMutex_); for (auto iter = sessions_.begin(); iter != sessions_.end();) { @@ -153,6 +155,7 @@ void SessionManager::Unsubscribe(const EventClassifyInfo &eventClassifyInfo, nap } BaseSession *SessionManager::FindSessionByHandle(napi_env env, const std::string &eventType, napi_value arg) + __attribute__((no_sanitize("cfi"))) { uint32_t nextSessId = 0; bool hasNext = GetFirstSessionId(nextSessId); @@ -176,7 +179,7 @@ BaseSession *SessionManager::FindSessionByHandle(napi_env env, const std::string } BaseSession *SessionManager::FindSessionByHandle(napi_env env, const EventClassifyInfo &eventClassifyInfo, - napi_value arg) + napi_value arg) __attribute__((no_sanitize("cfi"))) { std::lock_guard guard(sessionMutex_); for (auto &iter : sessions_) { @@ -197,6 +200,7 @@ BaseSession *SessionManager::FindSessionByHandle(napi_env env, const EventClassi } void SessionManager::PublishToJS(const EventClassifyInfo &eventClassifyInfo, const EventInfo &eventInfo) + __attribute__((no_sanitize("cfi"))) { napi_handle_scope scope; napi_status status = napi_open_handle_scope(env_, &scope); diff --git a/frameworks/js/napi/update/src/update_client.cpp b/frameworks/js/napi/update/src/update_client.cpp index 2bc0d39d..cb19f441 100644 --- a/frameworks/js/napi/update/src/update_client.cpp +++ b/frameworks/js/napi/update/src/update_client.cpp @@ -106,7 +106,7 @@ void UpdateClient::UnRegisterCallback() UpdateServiceKits::GetInstance().UnregisterUpdateCallback(upgradeInfo_); } -napi_value UpdateClient::CheckNewVersion(napi_env env, napi_callback_info info) +napi_value UpdateClient::CheckNewVersion(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { SessionParams sessionParams(SessionType::SESSION_CHECK_VERSION, CALLBACK_POSITION_ONE, true); napi_value ret = StartSession(env, info, sessionParams, [=](void *context) -> int { @@ -117,7 +117,7 @@ napi_value UpdateClient::CheckNewVersion(napi_env env, napi_callback_info info) return ret; } -napi_value UpdateClient::CancelUpgrade(napi_env env, napi_callback_info info) +napi_value UpdateClient::CancelUpgrade(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { ENGINE_LOGI("CancelUpgrade"); SessionParams sessionParams(SessionType::SESSION_CANCEL_UPGRADE, CALLBACK_POSITION_ONE, true); @@ -162,7 +162,7 @@ template ClientStatus UpdateClient::ParseUpgOptions(napi_env env, n return ClientStatus::CLIENT_SUCCESS; } -napi_value UpdateClient::Download(napi_env env, napi_callback_info info) +napi_value UpdateClient::Download(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { size_t argc = MAX_ARGC; napi_value args[MAX_ARGC] = { 0 }; @@ -187,7 +187,7 @@ napi_value UpdateClient::Download(napi_env env, napi_callback_info info) return retValue; } -napi_value UpdateClient::PauseDownload(napi_env env, napi_callback_info info) +napi_value UpdateClient::PauseDownload(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { size_t argc = MAX_ARGC; napi_value args[MAX_ARGC] = { 0 }; @@ -211,7 +211,7 @@ napi_value UpdateClient::PauseDownload(napi_env env, napi_callback_info info) return retValue; } -napi_value UpdateClient::ResumeDownload(napi_env env, napi_callback_info info) +napi_value UpdateClient::ResumeDownload(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { size_t argc = MAX_ARGC; napi_value args[MAX_ARGC] = { 0 }; @@ -235,7 +235,7 @@ napi_value UpdateClient::ResumeDownload(napi_env env, napi_callback_info info) return retValue; } -napi_value UpdateClient::Upgrade(napi_env env, napi_callback_info info) +napi_value UpdateClient::Upgrade(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { size_t argc = MAX_ARGC; napi_value args[MAX_ARGC] = { 0 }; @@ -259,7 +259,7 @@ napi_value UpdateClient::Upgrade(napi_env env, napi_callback_info info) return retValue; } -napi_value UpdateClient::ClearError(napi_env env, napi_callback_info info) +napi_value UpdateClient::ClearError(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { size_t argc = MAX_ARGC; napi_value args[MAX_ARGC] = { 0 }; @@ -283,7 +283,7 @@ napi_value UpdateClient::ClearError(napi_env env, napi_callback_info info) return retValue; } -napi_value UpdateClient::TerminateUpgrade(napi_env env, napi_callback_info info) +napi_value UpdateClient::TerminateUpgrade(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { size_t argc = MAX_ARGC; napi_value args[MAX_ARGC] = { 0 }; @@ -299,7 +299,7 @@ napi_value UpdateClient::TerminateUpgrade(napi_env env, napi_callback_info info) return retValue; } -napi_value UpdateClient::SetUpgradePolicy(napi_env env, napi_callback_info info) +napi_value UpdateClient::SetUpgradePolicy(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { size_t argc = MAX_ARGC; napi_value args[MAX_ARGC] = { 0 }; @@ -321,7 +321,7 @@ napi_value UpdateClient::SetUpgradePolicy(napi_env env, napi_callback_info info) return retValue; } -napi_value UpdateClient::GetUpgradePolicy(napi_env env, napi_callback_info info) +napi_value UpdateClient::GetUpgradePolicy(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { SessionParams sessionParams(SessionType::SESSION_GET_POLICY, CALLBACK_POSITION_ONE, true); napi_value retValue = StartSession(env, info, sessionParams, [=](void *context) -> int { @@ -332,7 +332,7 @@ napi_value UpdateClient::GetUpgradePolicy(napi_env env, napi_callback_info info) return retValue; } -napi_value UpdateClient::GetNewVersionInfo(napi_env env, napi_callback_info info) +napi_value UpdateClient::GetNewVersionInfo(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { SessionParams sessionParams(SessionType::SESSION_GET_NEW_VERSION, CALLBACK_POSITION_ONE, true); napi_value retValue = StartSession(env, info, sessionParams, [=](void *context) -> int { @@ -369,6 +369,7 @@ napi_value UpdateClient::GetNewVersionDescription(napi_env env, napi_callback_in } napi_value UpdateClient::GetCurrentVersionInfo(napi_env env, napi_callback_info info) + __attribute__((no_sanitize("cfi"))) { SessionParams sessionParams(SessionType::SESSION_GET_CUR_VERSION, CALLBACK_POSITION_ONE, true); napi_value retValue = StartSession(env, info, sessionParams, [=](void *context) -> int { @@ -381,6 +382,7 @@ napi_value UpdateClient::GetCurrentVersionInfo(napi_env env, napi_callback_info } napi_value UpdateClient::GetCurrentVersionDescription(napi_env env, napi_callback_info info) + __attribute__((no_sanitize("cfi"))) { size_t argc = MAX_ARGC; napi_value args[MAX_ARGC] = { 0 }; @@ -404,7 +406,7 @@ napi_value UpdateClient::GetCurrentVersionDescription(napi_env env, napi_callbac return retValue; } -napi_value UpdateClient::GetTaskInfo(napi_env env, napi_callback_info info) +napi_value UpdateClient::GetTaskInfo(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi"))) { SessionParams sessionParams(SessionType::SESSION_GET_TASK_INFO, CALLBACK_POSITION_ONE, true); napi_value retValue = StartSession(env, info, sessionParams, [=](void *context) -> int { diff --git a/services/engine/BUILD.gn b/services/engine/BUILD.gn index c88b23cf..8404e373 100644 --- a/services/engine/BUILD.gn +++ b/services/engine/BUILD.gn @@ -33,6 +33,16 @@ ohos_prebuilt_etc("updater_sa.cfg") { } ohos_shared_library("$updateengine_library_name") { + sanitize = { + integer_overflow = true + ubsan = true + boundary_sanitize = true + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + shlib_type = "sa" include_dirs = sa_include_dirs sources = sa_sources -- Gitee