And add a thing to remind us to enable the malloc FORTIFY test when we
pull a new clang in.
Bug: 34747525
Test: vts -m BionicUnitTests on bullhead
Change-Id: If341a27756d608a0fa77ba6518e9bcc725f7632c
Useful for testing whether apps have actually stopped using greylisted
libraries even if they still have references to them in their apk to support
old Android releases but also haven't bumped their targetSdkVersion yet.
Since we already have two expensive __system_property_get calls and this
would add a third, optimize two (but leave the third since it's not
obviously amenable to optimization). None of this matters for user builds,
but I don't want userdebug/eng to have distractingly different performance.
(cherrypick of 7933bec2872aa1c3430149c7649726333c0ac9d8.)
Bug: http://b/36106661
Test: ran "can you escape 5" with and without this property
Change-Id: Id9a804695c1dca9b4be2ebd0e72f01817bb13cba
This gives more useful diagnostics if clang needs to mention these
functions (or a parameter of them).
Bug: 36984245
Test: m on bullhead completes successfully.
Change-Id: I17c2b624d08bc9dd3f08185b30029ed0c49ebb08
libcxx provides const-correct overloads for a few string.h functions.
These overloads use clang's enable_if attribute, so they're preferred
over our FORTIFY'ed equivalents.
This weakens _FORTIFY_SOURCE=2 when used with some of these functions,
since clang needs to see __pass_object_size in order to pass an accurate
result for __builtin_object_size(s, 1) at a callsite. Since those
functions don't have __pass_object_size on their params, clang can't do
that. This makes LLVM lower the __builtin_object_size calls, which means
we get the same result as __builtin_object_size(s, 0).
We have to provide all of the overloads in Bionic, since enable_if is
only used to disambiguate overloads with (otherwise) the same type. In
other words:
// overload 1
char *strchr(const char *, int s) __attribute__((enable_if(1, "")));
// overload 2
char *strchr(char *, int s);
void foo() {
char cs[1] = {};
strchr(static_cast<const char *>(cs), '\0'); // calls overload #1.
strchr(cs, '\0'); // calls overload #2.
}
Bug: 34747525
Test: m checkbuild on bullhead internal master + AOSP. vts -m
BionicUnitTests passes on both. Surprisingly, the only code that this
seems to break is contained in Bionic.
Change-Id: Ie406f42fb3d1c5bf940dc857889876fc39b57c90
This change was forgotten when I uploaded tzlookup.xml for
review. I meant to check this with enh@. Apologies. This fixes
the the NOTICE file so others can upload.
Test: repo upload
Change-Id: I9e722952f9ae8c8d971b1c2d23d53079d85f4ae7
I dunno why I used __bos0 in the first place; clang's strrchr (and
GCC's strchr+strrchr) both use __bos.
Bug: 34747525
Test: m. Device still boots. cts -m BionicUnitTests shows no new
failures.
Change-Id: Ifec0e05a6a1144fa3e3ac70562af3ec57c09c194
libc_logging is getting statically linked into the crash handler
library, resulting in two copies of the abort message code existing in
processes, one in the linker, and one in the crash handler.
Move android_set_abort_message to its own file to solve this.
Bug: http://b/36862204
Test: /data/nativetest/debuggerd_test/debuggerd_test32
Change-Id: Ie198c5a3bb07645aa43296915c9a6752693f14a9
Currently, using kryo is the same as using krait, but there are specialized
routines that are pending that will be used after this commit.
Bug: 36728278
Test: Built and booted a sailfish using kryo.
Change-Id: Id7510640673c31f7536367041212db6d96a564f0
For security reasons, when a binary is executed which causes a security
transition (eg, a setuid binary, setgid binary, filesystem capabilities,
or SELinux domain transition), the AT_SECURE flag is set. This causes
certain blacklisted environment variables to be stripped before the
process is executed. The list of blacklisted environment variables is
stored in UNSAFE_VARIABLE_NAMES. Generally speaking, most environment
variables used internally by libc show up in this list.
Add ANDROID_DNS_MODE to the list of unsafe variables.
Similar to RESOLV_HOST_CONF and RES_OPTIONS (which are already
blacklisted), this variable controls how name resolution requests are
handled. Allowing ANDROID_DNS_MODE to be set across a security
boundary could induce resolution failures or otherwise impact
name resolution.
Remove BIONIC_DNSCACHE. This does not appear to be used, and setting
this variable across a security boundary could cause name resolution
problems.
Test: Android compiles and runs with no obvious problems.
Change-Id: I835a7b42d6afbc9c67866594c7951cfd9b355d81
It's faster and safer to skip them on the device, where we know where
everything is anyway.
(cherrypick of cf6365690cc68bdd7e16648fb7881ba0b5cae93d.)
Bug: http://b/36807787
Test: ran tests
Change-Id: I0bb7879cc46f194152c67ddaf072cbebb424f789
This file is to replace the time_zones_by_country.xml
file from frameworks/base/core/res/res/xml/
This new file is intended to be updated outside of
an OTA, unlike time_zones_by_country.xml.
The tzlookup.xml file is read by code in libcore, not
frameworks/base.
The format of the file is slightly different from
time_zones_by_country.xml but the information is the
same as the current version. It was generated using
a sed transform and manual coallescing of the
<country> elements / comments:
sed 's/<timezones>$/<timezones>\n <countryzones>/' frameworks/base/core/res/res/xml/time_zones_by_country.xml \
| sed 's/<\/timezones>/ <\/countryzones>\n<\/timezones>/' \
| sed 's/<timezone\( code=\"..\">\)/<country\1\n <id>/g' \
| sed 's/<\/timezone>/<\/id>\n <\/country>/g'
The time_zones_by_country.xml file will be deleted
in a follow up change when the new code is wired into
the code that uses this data.
Test: See associated libcore change that will ensure the file
is kept in sync with tzdata when applying IANA rules
changes.
Bug: 25338903
Change-Id: I8912307bf6a41750ac06ffce9143e8055ea4e7c5
This CL changes the linker to point to the newly refactored location
of ASAN-ified libraries on disk.
This supports changes made by the following CLs -
https://android-review.googlesource.com/#/c/359087/https://android-review.googlesource.com/#/c/359389/
Which refactor the on-disk location as follows:
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*
There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.
Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*.
Change-Id: Iad8b298a66c38eb0f6327f6b51027f0728aa7a40
While this change is correct, GNU libstdc++ 4.9 isn't able to handle a
standard compliant C library. Its <cmath> will `#undef isnan` from
math.h and only adds the function overloads to the std namespace,
making it impossible to use both <cmath> (which gets included by a
lot of other standard headers) and ::isnan.
We're going to have to revert this until we can start turning down
support for gnustl.
This reverts commit e76ee993ff.
Bug: https://code.google.com/p/android/issues/detail?id=271629
Test: make checkbuild
Change-Id: I394f50271430e78ab801d85c3ee4e87019eda6af