#
# Copyright (c) 2019, Google, Inc. All rights reserved
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files
# (the "Software"), to deal in the Software without restriction,
# including without limitation the rights to use, copy, modify, merge,
# publish, distribute, sublicense, and/or sell copies of the Software,
# and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#

# Entries in this section disable sanitizers listed in enable.mk.
[alignment|bool|builtin|bounds|enum|float-cast-overflow|float-divide-by-zero|implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change|integer-divide-by-zero|pointer-overflow|return|shift|signed-integer-overflow|unreachable|unsigned-integer-overflow|vla-bound]

# dlmalloc is fragile enough that it isn't worth the risk to try to make it
# UBSan clean
src:*/dlmalloc.c

# Fixing errors in boringssl is more likely to cause problems than fix them
src:external/boringssl/*

# ocb.c implements pseudo-bignum math, and so plays fast and loose with signs
# We would either need to annotate many of the functions in here, or rewrite
# it dangerously to avoid this exemption.
src:*/system/keymaster/key_blob_utils/ocb.c

# test-runner is missing important facilities for error reporting (e.g. printf)
# and is not a actual product, just testing infrastructure.
src:external/trusty/bootloader/*

# If we are inside Musl's ldso or crt components, we're too early in process
# start for a lot of information to be correct, and our error reporting
# facilities won't work yet.
src:external/trusty/musl/crt/*
src:external/trusty/musl/ldso/*

# Musl is fond of negating unsigned integers to round values up.
# There are also a few not-quite-buggy unsigned overflows and signed constants
# being coerced to unsigned values.
[unsigned-integer-overflow|implicit-integer-sign-change]
src:external/trusty/musl/src/*

# Signature of memset is void* memset(void *s, int c, size_t n);
# i.e. it has to convert its second argument to a 8-bit type, which can result
# in a truncation.
[implicit-signed-integer-truncation]
src:external/trusty/musl/src/string/memset.c

# Allow unsigned overflow in keymaster until keymaster's checks are reworked.
# The cases we know can overflow *are* overflow checks.
[unsigned-integer-overflow|pointer-overflow]
src:*/system/keymaster/android_keymaster/authorization_set.cpp
src:*/system/keymaster/android_keymaster/serializable.cpp

# Exempt libfreetype from overflow sanitization.
[unsigned-integer-overflow|implicit-integer-sign-change|pointer-overflow|cfi]
src:*/external/freetype/*

# Exempt libfdt from implicit integer sign changes
[implicit-integer-sign-change]
src:external/dtc/libfdt/*

# Exempt some libbinder functions from CFI because they make indirect
# calls from C++ into Rust and the latter does not support CFI.
# TODO(b/181755948): Remove these lines when that changes.
[cfi-icall]
# This is the file path as seen by clang
src:frameworks/native/libs/binder/trusty/binder_rpc_unstable/../../libbinder_rpc_unstable.cpp
src:frameworks/native/libs/binder/ndk/ibinder.cpp
src:frameworks/native/libs/binder/ndk/parcel.cpp
src:frameworks/native/libs/binder/trusty/rust/binder_rpc_server_bindgen/cpp/ARpcServerTrusty.cpp