// Copyright (C) 2023 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // Cronet handles all of its licenses declaration in the top level Android.bp and // LICENSE files (//external/cronet/Android.bp and //external/cronet/LICENSE). // Boringsll's license can also be found at // //external/cronet/third_party/boringssl/src/LICENSE. // Guard with a namespace not to clash with //external/boringssl's targets. // All targets, with the exception of :cronet_defaults, have been copied from // //external/boringssl/Android.bp with just some minor changes due to the smaller // scope of Cronet's Boringssl. soong_namespace {} package { default_visibility: [ "//external/cronet:__subpackages__", "//packages/modules/Connectivity/Tethering:__subpackages__", ], // See: http://go/android-license-faq // A large-scale-change added 'default_applicable_licenses' to import // all of the 'license_kinds' from "external_cronet_license" // to get the below license kinds: // legacy_unencumbered // SPDX-license-identifier-Apache-2.0 // SPDX-license-identifier-BSD // SPDX-license-identifier-BSD-3-Clause // SPDX-license-identifier-ISC // SPDX-license-identifier-MIT // SPDX-license-identifier-OpenSSL default_applicable_licenses: ["external_cronet_license"], } build = ["sources.bp"] cc_defaults { name: "cronet_defaults", stl: "none", apex_available: [ "com.android.tethering", ], min_sdk_version: "30", include_dirs: [ "external/cronet/buildtools/third_party/libc++/", "external/cronet/third_party/libc++/src/include", "external/cronet/third_party/libc++abi/src/include", ], static_libs: [ "cronet_aml_buildtools_third_party_libc___libc__", "cronet_aml_buildtools_third_party_libc__abi_libc__abi" ], } cc_defaults { name: "boringssl_flags", cflags: [ "-fvisibility=hidden", "-DBORINGSSL_SHARED_LIBRARY", "-DBORINGSSL_ANDROID_SYSTEM", // Chromium uses extensive harderning mode, so setting the same for boringssl. "-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE", "-DOPENSSL_SMALL", "-Werror", "-Wno-unused-parameter", ], cppflags: [ "-Wall", "-Werror", ], } cc_defaults { name: "boringssl_defaults", local_include_dirs: ["src/include"], export_include_dirs: ["src/include"], cflags: [ "-DBORINGSSL_IMPLEMENTATION", ], } cc_defaults { name: "libcrypto_defaults", target: { android: { // On FIPS builds (i.e. Android only) prevent other libraries // from pre-empting symbols in libcrypto which could affect FIPS // compliance and cause integrity checks to fail. See b/160231064. ldflags: ["-Wl,-Bsymbolic"], }, }, local_include_dirs: ["src/crypto"], } cc_object { name: "bcm_object", defaults: [ "boringssl_defaults", "boringssl_flags", "cronet_defaults", "libcrypto_bcm_sources", "libcrypto_defaults", ], sanitize: { address: false, hwaddress: false, // This is a placeholder // to help prevent // merge conflicts. memtag_stack: false, // This is a placeholder // to help prevent // merge conflicts. fuzzer: false, memtag_globals: false, }, target: { android: { cflags: [ "-DBORINGSSL_FIPS", "-fPIC", // -fno[data|text]-sections required to ensure a // single text and data section for FIPS integrity check "-fno-data-sections", "-fno-function-sections", ], linker_script: "src/crypto/fipsmodule/fips_shared.lds", }, // From //external/boringssl: Temporary hack to let BoringSSL build with a new compiler. // This doesn't enable HWASAN unconditionally, it just causes // BoringSSL's asm code to unconditionally use a HWASAN-compatible // global variable reference so that the non-HWASANified (because of // sanitize: { hwaddress: false } above) code in the BCM can // successfully link against the HWASANified code in the rest of // BoringSSL in HWASAN builds. android_arm64: { asflags: [ "-fsanitize=hwaddress", ], }, }, } // Version of bcm_object built with BORINGSSL_FIPS_BREAK_TESTS defined. // Only for use with the FIPS break-tests.sh script. // Must be kept in sync with bcm_object. cc_object { name: "bcm_object_for_testing", visibility: ["//visibility:private"], defaults: [ "boringssl_defaults", "boringssl_flags", "cronet_defaults", "libcrypto_bcm_sources", "libcrypto_defaults", ], sanitize: { address: false, hwaddress: false, fuzzer: false, memtag_globals: false, }, target: { android: { cflags: [ "-DBORINGSSL_FIPS", "-DBORINGSSL_FIPS_BREAK_TESTS", "-fPIC", // -fno[data|text]-sections required to ensure a // single text and data section for FIPS integrity check "-fno-data-sections", "-fno-function-sections", ], linker_script: "src/crypto/fipsmodule/fips_shared.lds", }, // From //external/boringssl: Temporary hack to let BoringSSL build with a new compiler. // This doesn't enable HWASAN unconditionally, it just causes // BoringSSL's asm code to unconditionally use a HWASAN-compatible // global variable reference so that the non-HWASANified (because of // sanitize: { hwaddress: false } above) code in the BCM can // successfully link against the HWASANified code in the rest of // BoringSSL in HWASAN builds. android_arm64: { asflags: [ "-fsanitize=hwaddress", ], }, }, } cc_library_shared { name: "libcrypto", defaults: [ "boringssl_defaults", "boringssl_flags", "cronet_defaults", "libcrypto_defaults", "libcrypto_sources", ], unique_host_soname: true, srcs: [ ":bcm_object", ], target: { android: { cflags: [ "-DBORINGSSL_FIPS", ], sanitize: { // Disable address sanitizing otherwise libcrypto will not report // itself as being in FIPS mode, which causes boringssl_self_test // to fail. address: false, }, inject_bssl_hash: true, }, }, } cc_library_shared { name: "libcrypto_for_testing", visibility: ["//visibility:private"], defaults: [ "boringssl_defaults", "boringssl_flags", "cronet_defaults", "libcrypto_defaults", "libcrypto_sources", ], unique_host_soname: true, srcs: [ ":bcm_object_for_testing", ], target: { android: { cflags: [ "-DBORINGSSL_FIPS", "-DBORINGSSL_FIPS_BREAK_TESTS", ], sanitize: { // Disable address sanitizing otherwise libcrypto will not report // itself as being in FIPS mode, which causes boringssl_self_test // to fail. address: false, }, inject_bssl_hash: true, }, }, } cc_library_shared { name: "libssl", defaults: [ "boringssl_defaults", "boringssl_flags", "cronet_defaults", "libssl_sources", ], unique_host_soname: true, shared_libs: ["libcrypto"], } cc_library_shared { name: "libpki", defaults: [ "boringssl_defaults", "boringssl_flags", "cronet_defaults", "libpki_sources", ], unique_host_soname: true, cflags: ["-D_BORINGSSL_LIBPKI_"], shared_libs: ["libcrypto"], } // Utility binary for CMVP on-site testing. cc_binary { name: "test_fips", host_supported: false, defaults: [ "boringssl_flags", ], shared_libs: [ "libcrypto", ], srcs: [ "src/util/fipstools/test_fips.c", ], required: [ "adb", "libcrypto_for_testing", ], }