bvb_refimpl: Add script to check symbols.
This change introduces a script to verify only symbols starting with
bvb_ are used in the reference implementation. This is to catch mistakes
where the standard C library (e.g. malloc() or printf()) is used by
mistake.
TEST=Manually tested by using malloc() in bvb_verify().
BUG=None
Change-Id: I54bc1bf30d7081cf60c49720b5f8d82e563ffa21
diff --git a/Android.mk b/Android.mk
index 4c93406..6d10718 100644
--- a/Android.mk
+++ b/Android.mk
@@ -47,7 +47,7 @@
LOCAL_MODULE_HOST_OS := linux
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_CLANG := true
-LOCAL_CFLAGS := $(bvb_common_cflags) -DBVB_ENABLE_DEBUG -DBVB_REFIMPL_COMPILATION
+LOCAL_CFLAGS := $(bvb_common_cflags) -fno-stack-protector -DBVB_ENABLE_DEBUG -DBVB_REFIMPL_COMPILATION
LOCAL_LDFLAGS := $(bvb_common_ldflags)
LOCAL_C_INCLUDES :=
LOCAL_SRC_FILES := \
@@ -55,12 +55,23 @@
refimpl/bvb_rsa.c \
refimpl/bvb_sha256.c \
refimpl/bvb_sha512.c \
- refimpl/bvb_sysdeps_stub.c \
refimpl/bvb_util.c \
refimpl/bvb_verify.c
include $(BUILD_HOST_STATIC_LIBRARY)
include $(CLEAR_VARS)
+LOCAL_MODULE := libbvb_refimpl_sysdeps
+LOCAL_MODULE_HOST_OS := linux
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_CLANG := true
+LOCAL_CFLAGS := $(bvb_common_cflags) -DBVB_ENABLE_DEBUG -DBVB_REFIMPL_COMPILATION
+LOCAL_LDFLAGS := $(bvb_common_ldflags)
+LOCAL_C_INCLUDES :=
+LOCAL_SRC_FILES := \
+ refimpl/bvb_sysdeps_stub.c
+include $(BUILD_HOST_STATIC_LIBRARY)
+
+include $(CLEAR_VARS)
LOCAL_MODULE := libbvb_refimpl_unittest
LOCAL_MODULE_HOST_OS := linux
LOCAL_CPP_EXTENSION := .cc
@@ -71,10 +82,20 @@
LOCAL_C_INCLUDES := $(LOCAL_PATH)/refimpl external/gtest/include
LOCAL_STATIC_LIBRARIES := \
libbvb_refimpl \
+ libbvb_refimpl_sysdeps \
libgmock_host \
libgtest_host
LOCAL_SHARED_LIBRARIES := \
libchrome
-LOCAL_SRC_FILES := bvb_util_unittest.cc bvb_verify_unittest.cc bvbtool_unittest.cc
+LOCAL_SRC_FILES := \
+ bvb_util_unittest.cc \
+ bvb_verify_unittest.cc \
+ bvbtool_unittest.cc
LOCAL_LDLIBS_linux := -lrt
include $(BUILD_HOST_NATIVE_TEST)
+
+include $(CLEAR_VARS)
+LOCAL_SRC_FILES := bvb_refimpl_symbols_test
+LOCAL_MODULE_TAGS := debug
+LOCAL_ADDITIONAL_DEPENDENCIES := libbvb_refimpl
+include $(BUILD_HOST_PREBUILT)
diff --git a/bvb_refimpl_symbols_test b/bvb_refimpl_symbols_test
new file mode 100755
index 0000000..6c29871
--- /dev/null
+++ b/bvb_refimpl_symbols_test
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+#
+# Copyright (C) 2016 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# This shell-script checks the symbols in libbvb_refimpl.a and fails
+# if a reference not starting with bvb_ is referenced. It's intended
+# to catch mistakes where the standard C library is inadvertently
+# used.
+
+set -e
+
+SYMBOLS_FILE=$(mktemp /tmp/libbvb_refimpl_symbols.XXXXXXXXXX)
+
+trap "rm -f '${SYMBOLS_FILE}'" EXIT
+
+readelf --symbols --wide "${ANDROID_HOST_OUT}/obj/STATIC_LIBRARIES/libbvb_refimpl_intermediates/libbvb_refimpl.a" | \
+ awk '$7 == "UND" && $8 != "" {print $8}' | \
+ grep -v ^bvb_ | \
+ sort -u > "${SYMBOLS_FILE}"
+
+# If this file is non-empty, it means that the library is using
+# symbols not starting with "bvb_".
+if [ -s "${SYMBOLS_FILE}" ] ; then
+ echo "ERROR: $0: Unexpected symbols in libbvb_refimpl:" >&2
+ cat "${SYMBOLS_FILE}" >&2
+ exit 1
+fi
diff --git a/bvb_unittest_util.h b/bvb_unittest_util.h
index 1735a01..30951a9 100644
--- a/bvb_unittest_util.h
+++ b/bvb_unittest_util.h
@@ -17,8 +17,14 @@
#ifndef BVB_UNITTEST_UTIL_H_
#define BVB_UNITTEST_UTIL_H_
+#include <inttypes.h>
+
#include <gtest/gtest.h>
+#include <base/files/file_util.h>
+#include <base/strings/string_util.h>
+#include <base/strings/stringprintf.h>
+
/* Utility macro to run the command expressed by the printf()-style string
* |command_format| using the system(3) utility function. Will assert unless
* the command exits normally with exit status |expected_exit_status|.
