From 79890139045043994e60e02717b981df7fcf2a3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE?= Date: Wed, 17 Apr 2024 19:23:35 +0800 Subject: [PATCH 1/5] =?UTF-8?q?CFI=20=E6=95=B4=E6=94=B9=20Signed-off-by:?= =?UTF-8?q?=20=E9=82=B9=E5=8F=8B=E6=9D=BE=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- frameworks/js/napi/update/BUILD.gn | 1 - frameworks/js/napi/update/cfi_blocklist.txt | 29 --------------------- services/engine/BUILD.gn | 10 +++++++ 3 files changed, 10 insertions(+), 30 deletions(-) delete mode 100644 frameworks/js/napi/update/cfi_blocklist.txt diff --git a/frameworks/js/napi/update/BUILD.gn b/frameworks/js/napi/update/BUILD.gn index 7afa4825..36390c4d 100644 --- a/frameworks/js/napi/update/BUILD.gn +++ b/frameworks/js/napi/update/BUILD.gn @@ -23,7 +23,6 @@ ohos_shared_library("$updateengine_client_library_name") { cfi = true cfi_cross_dso = true debug = false - blocklist = "./cfi_blocklist.txt" } branch_protector_ret = "pac_ret" diff --git a/frameworks/js/napi/update/cfi_blocklist.txt b/frameworks/js/napi/update/cfi_blocklist.txt deleted file mode 100644 index 55ec1d1e..00000000 --- a/frameworks/js/napi/update/cfi_blocklist.txt +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright (C) 2022-2024 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -[cfi] -type:*OHOS::UpdateEngine::IUpdater* -type:*OHOS::UpdateEngine::BaseSession* -type:*OHOS::UpdateEngine::BaseUpdateSession* -type:*OHOS::UpdateEngine::BaseMigratePromiseSession* -type:*OHOS::UpdateEngine::UpdateAsyncession* -type:*OHOS::UpdateEngine::BaseAsyncSession* -type:*OHOS::UpdateEngine::NapiSession* -type:*OHOS::UpdateEngine::BasePromiseSession* -type:*OHOS::UpdateEngine::BaseMigratePromiseSession* -src:*iupdater.cpp -src:*update_client.cpp -src:*update_session.cpp -src:*session_manager.cpp -src:*update_moudle.cpp -src:*napi_session.cpp \ No newline at end of file diff --git a/services/engine/BUILD.gn b/services/engine/BUILD.gn index c88b23cf..8404e373 100644 --- a/services/engine/BUILD.gn +++ b/services/engine/BUILD.gn @@ -33,6 +33,16 @@ ohos_prebuilt_etc("updater_sa.cfg") { } ohos_shared_library("$updateengine_library_name") { + sanitize = { + integer_overflow = true + ubsan = true + boundary_sanitize = true + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + shlib_type = "sa" include_dirs = sa_include_dirs sources = sa_sources -- Gitee From 4febfce550e2f39618b2eb69eb434d314ebeb44b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE?= Date: Thu, 18 Apr 2024 02:09:21 +0000 Subject: [PATCH 2/5] =?UTF-8?q?cfi=E5=B1=8F=E8=94=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 邹友松 --- frameworks/js/napi/update/src/session_manager.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/frameworks/js/napi/update/src/session_manager.cpp b/frameworks/js/napi/update/src/session_manager.cpp index 58ded004..fb40d6e0 100644 --- a/frameworks/js/napi/update/src/session_manager.cpp +++ b/frameworks/js/napi/update/src/session_manager.cpp @@ -85,6 +85,7 @@ bool SessionManager::GetNextSessionId(uint32_t &sessionId) } int32_t SessionManager::ProcessUnsubscribe(const std::string &eventType, size_t argc, napi_value arg) + __attribute__((no_sanitize("cfi"))) { napi_handle_scope scope; napi_status status = napi_open_handle_scope(env_, &scope); @@ -120,6 +121,7 @@ int32_t SessionManager::ProcessUnsubscribe(const std::string &eventType, size_t } void SessionManager::Unsubscribe(const EventClassifyInfo &eventClassifyInfo, napi_value handle) + __attribute__((no_sanitize("cfi"))) { std::lock_guard guard(sessionMutex_); for (auto iter = sessions_.begin(); iter != sessions_.end();) { @@ -153,6 +155,7 @@ void SessionManager::Unsubscribe(const EventClassifyInfo &eventClassifyInfo, nap } BaseSession *SessionManager::FindSessionByHandle(napi_env env, const std::string &eventType, napi_value arg) + __attribute__((no_sanitize("cfi"))) { uint32_t nextSessId = 0; bool hasNext = GetFirstSessionId(nextSessId); @@ -176,7 +179,7 @@ BaseSession *SessionManager::FindSessionByHandle(napi_env env, const std::string } BaseSession *SessionManager::FindSessionByHandle(napi_env env, const EventClassifyInfo &eventClassifyInfo, - napi_value arg) + napi_value arg) __attribute__((no_sanitize("cfi"))) { std::lock_guard guard(sessionMutex_); for (auto &iter : sessions_) { @@ -197,6 +200,7 @@ BaseSession *SessionManager::FindSessionByHandle(napi_env env, const EventClassi } void SessionManager::PublishToJS(const EventClassifyInfo &eventClassifyInfo, const EventInfo &eventInfo) + __attribute__((no_sanitize("cfi"))) { napi_handle_scope scope; napi_status status = napi_open_handle_scope(env_, &scope); -- Gitee From a20c64e352a3f114dd39f919d6a5bcd7bb010b14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE?= Date: Thu, 18 Apr 2024 10:48:43 +0800 Subject: [PATCH 3/5] =?UTF-8?q?cfi=E4=BF=AE=E6=94=B9=20Signed-off-by:=20?= =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- frameworks/js/napi/update/BUILD.gn | 1 + frameworks/js/napi/update/cfi_blocklist.txt | 23 +++++++++++++++++++ .../js/napi/update/src/session_manager.cpp | 6 +---- 3 files changed, 25 insertions(+), 5 deletions(-) create mode 100644 frameworks/js/napi/update/cfi_blocklist.txt diff --git a/frameworks/js/napi/update/BUILD.gn b/frameworks/js/napi/update/BUILD.gn index 36390c4d..7afa4825 100644 --- a/frameworks/js/napi/update/BUILD.gn +++ b/frameworks/js/napi/update/BUILD.gn @@ -23,6 +23,7 @@ ohos_shared_library("$updateengine_client_library_name") { cfi = true cfi_cross_dso = true debug = false + blocklist = "./cfi_blocklist.txt" } branch_protector_ret = "pac_ret" diff --git a/frameworks/js/napi/update/cfi_blocklist.txt b/frameworks/js/napi/update/cfi_blocklist.txt new file mode 100644 index 00000000..13ecc6be --- /dev/null +++ b/frameworks/js/napi/update/cfi_blocklist.txt @@ -0,0 +1,23 @@ +# Copyright (C) 2022-2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[cfi] +type:*OHOS::UpdateEngine::IUpdater* +type:*OHOS::UpdateEngine::BaseSession* +type:*OHOS::UpdateEngine::BaseUpdateSession* +type:*OHOS::UpdateEngine::BaseMigratePromiseSession* +type:*OHOS::UpdateEngine::UpdateAsyncession* +type:*OHOS::UpdateEngine::BaseAsyncSession* +type:*OHOS::UpdateEngine::NapiSession* +type:*OHOS::UpdateEngine::BasePromiseSession* +type:*OHOS::UpdateEngine::UpdateListener * \ No newline at end of file diff --git a/frameworks/js/napi/update/src/session_manager.cpp b/frameworks/js/napi/update/src/session_manager.cpp index fb40d6e0..58ded004 100644 --- a/frameworks/js/napi/update/src/session_manager.cpp +++ b/frameworks/js/napi/update/src/session_manager.cpp @@ -85,7 +85,6 @@ bool SessionManager::GetNextSessionId(uint32_t &sessionId) } int32_t SessionManager::ProcessUnsubscribe(const std::string &eventType, size_t argc, napi_value arg) - __attribute__((no_sanitize("cfi"))) { napi_handle_scope scope; napi_status status = napi_open_handle_scope(env_, &scope); @@ -121,7 +120,6 @@ int32_t SessionManager::ProcessUnsubscribe(const std::string &eventType, size_t } void SessionManager::Unsubscribe(const EventClassifyInfo &eventClassifyInfo, napi_value handle) - __attribute__((no_sanitize("cfi"))) { std::lock_guard guard(sessionMutex_); for (auto iter = sessions_.begin(); iter != sessions_.end();) { @@ -155,7 +153,6 @@ void SessionManager::Unsubscribe(const EventClassifyInfo &eventClassifyInfo, nap } BaseSession *SessionManager::FindSessionByHandle(napi_env env, const std::string &eventType, napi_value arg) - __attribute__((no_sanitize("cfi"))) { uint32_t nextSessId = 0; bool hasNext = GetFirstSessionId(nextSessId); @@ -179,7 +176,7 @@ BaseSession *SessionManager::FindSessionByHandle(napi_env env, const std::string } BaseSession *SessionManager::FindSessionByHandle(napi_env env, const EventClassifyInfo &eventClassifyInfo, - napi_value arg) __attribute__((no_sanitize("cfi"))) + napi_value arg) { std::lock_guard guard(sessionMutex_); for (auto &iter : sessions_) { @@ -200,7 +197,6 @@ BaseSession *SessionManager::FindSessionByHandle(napi_env env, const EventClassi } void SessionManager::PublishToJS(const EventClassifyInfo &eventClassifyInfo, const EventInfo &eventInfo) - __attribute__((no_sanitize("cfi"))) { napi_handle_scope scope; napi_status status = napi_open_handle_scope(env_, &scope); -- Gitee From 737e631ee2c2ed9dc545f3d159ba335a3d557c74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE?= Date: Thu, 18 Apr 2024 02:56:06 +0000 Subject: [PATCH 4/5] =?UTF-8?q?cfi=20=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 邹友松 --- frameworks/js/napi/update/cfi_blocklist.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frameworks/js/napi/update/cfi_blocklist.txt b/frameworks/js/napi/update/cfi_blocklist.txt index 13ecc6be..c20c6f51 100644 --- a/frameworks/js/napi/update/cfi_blocklist.txt +++ b/frameworks/js/napi/update/cfi_blocklist.txt @@ -20,4 +20,4 @@ type:*OHOS::UpdateEngine::UpdateAsyncession* type:*OHOS::UpdateEngine::BaseAsyncSession* type:*OHOS::UpdateEngine::NapiSession* type:*OHOS::UpdateEngine::BasePromiseSession* -type:*OHOS::UpdateEngine::UpdateListener * \ No newline at end of file +type:*OHOS::UpdateEngine::UpdateListener* \ No newline at end of file -- Gitee From 4f9a411ecf72da2afdbb3dfc2dee1599dae7963b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE?= Date: Thu, 18 Apr 2024 09:36:42 +0000 Subject: [PATCH 5/5] =?UTF-8?q?cfi=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 邹友松 --- services/engine/BUILD.gn | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/services/engine/BUILD.gn b/services/engine/BUILD.gn index 8404e373..c88b23cf 100644 --- a/services/engine/BUILD.gn +++ b/services/engine/BUILD.gn @@ -33,16 +33,6 @@ ohos_prebuilt_etc("updater_sa.cfg") { } ohos_shared_library("$updateengine_library_name") { - sanitize = { - integer_overflow = true - ubsan = true - boundary_sanitize = true - cfi = true - cfi_cross_dso = true - debug = false - } - branch_protector_ret = "pac_ret" - shlib_type = "sa" include_dirs = sa_include_dirs sources = sa_sources -- Gitee