tequilaOS/platform_build
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Overflow sanitization in frameworks/ and system/." am: ee960154e5

Browse source 
am: 526c25448f

Change-Id: I2c6c2af14d3e8bdd64558d6dc8d6c8c9d3820488
This commit is contained in:
Ivan Lozano 2018-01-19 16:05:07 +00:00 committed by android-build-merger
commit 1e24f4f428
5 changed files with 46 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
core/config_sanitizers.mk
View file

@ -34,6 +34,26 @@ ifneq ($(filter integer_overflow, $(my_global_sanitize)),)
endif endif
endif endif
# Enable integer overflow sanitizer in included paths.
# (includes override excludes)
ifeq ($(my_clang),true)
ifndef LOCAL_IS_HOST_MODULE
ifeq ($(filter integer_overflow, $(my_sanitize)),)
combined_include_paths := $(DEFAULT_INTEGER_OVERFLOW_PATHS) \
$(INTEGER_OVERFLOW_INCLUDE_PATHS) \
$(PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS)
ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
$(filter $(dir)%,$(LOCAL_PATH)))),)
my_global_sanitize := integer_overflow $(my_sanitize)
# Ensure default paths do not run in diagnostics unless SANITIZE_TARGET_DIAG
ifneq ($(filter integer_overflow, $(SANITIZE_TARGET_DIAG)),)
my_global_sanitize_diag := integer_overflow $(my_sanitize_diag)
endif
endif
endif
endif
endif
# Disable global CFI in excluded paths # Disable global CFI in excluded paths
ifneq ($(filter cfi, $(my_global_sanitize)),) ifneq ($(filter cfi, $(my_global_sanitize)),)
combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \ combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
@ -211,6 +231,19 @@ ifneq ($(filter coverage,$(my_sanitize)),)
my_sanitize := $(filter-out coverage,$(my_sanitize)) my_sanitize := $(filter-out coverage,$(my_sanitize))
endif endif
# Use minimal diagnostics when integer overflow is enabled on userdebug and eng
# and full diagnostics not enabled.
ifneq ($(findstring integer,$(my_sanitize)),)
ifeq ($(findstring integer,$(my_sanitize_diag)),)
ifeq ($(filter address,$(my_sanitize)),)
# TODO(ivanlozano): uncomment after switch to clang-4536805
ifneq ($(filter $(TARGET_BUILD_VARIANT),userdebug eng),)
# my_cflags += -fsanitize-minimal-runtime
endif
endif
endif
endif
ifneq ($(filter integer_overflow,$(my_sanitize)),) ifneq ($(filter integer_overflow,$(my_sanitize)),)
ifneq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),) ifneq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true) ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
@ -226,7 +259,7 @@ ifneq ($(filter integer_overflow,$(my_sanitize)),)
my_cflags += -ftrap-function=abort my_cflags += -ftrap-function=abort
my_cflags += $(INTEGER_OVERFLOW_EXTRA_CFLAGS) my_cflags += $(INTEGER_OVERFLOW_EXTRA_CFLAGS)
# Check for diagnostics mode (on by default). # Check for diagnostics mode.
ifneq ($(filter integer_overflow,$(my_sanitize_diag)),) ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
my_cflags += -fno-sanitize-trap=signed-integer-overflow,unsigned-integer-overflow my_cflags += -fno-sanitize-trap=signed-integer-overflow,unsigned-integer-overflow
my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY) $(my_shared_libraries) my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY) $(my_shared_libraries)

5
core/envsetup.mk
View file

@ -657,3 +657,8 @@ endif
ifeq ($(CALLED_FROM_SETUP),true) ifeq ($(CALLED_FROM_SETUP),true)
PRINT_BUILD_CONFIG ?= true PRINT_BUILD_CONFIG ?= true
endif endif
# Set default integer overflow sanitization paths.
# Separate from INTEGER_OVERFLOW_INCLUDE_PATHS to ensure this is not overridden.
DEFAULT_INTEGER_OVERFLOW_PATHS := frameworks/ \
system/

1
core/product.mk
View file

@ -146,6 +146,7 @@ _product_var_list := \
PRODUCT_SYSTEM_HEADROOM \ PRODUCT_SYSTEM_HEADROOM \
PRODUCT_MINIMIZE_JAVA_DEBUG_INFO \ PRODUCT_MINIMIZE_JAVA_DEBUG_INFO \
PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS \ PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS \
PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS \
PRODUCT_ADB_KEYS \ PRODUCT_ADB_KEYS \
PRODUCT_CFI_INCLUDE_PATHS \ PRODUCT_CFI_INCLUDE_PATHS \
PRODUCT_CFI_EXCLUDE_PATHS \ PRODUCT_CFI_EXCLUDE_PATHS \

5
core/product_config.mk
View file

@ -463,6 +463,11 @@ PRODUCT_MINIMIZE_JAVA_DEBUG_INFO := \
PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS := \ PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS)) $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
# Paths that should have integer overflow sanitization applied by default
# (overrides excludes)
PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS))
# ADB keys for debuggable builds # ADB keys for debuggable builds
PRODUCT_ADB_KEYS := PRODUCT_ADB_KEYS :=
ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),) ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),)

1
core/soong_config.mk
View file

@ -94,6 +94,7 @@ $(call add_json_bool, Safestack, $(filter true,$(USE_SAF
$(call add_json_bool, EnableCFI, $(call invert_bool,$(filter false,$(ENABLE_CFI)))) $(call add_json_bool, EnableCFI, $(call invert_bool,$(filter false,$(ENABLE_CFI))))
$(call add_json_list, CFIExcludePaths, $(CFI_EXCLUDE_PATHS) $(PRODUCT_CFI_EXCLUDE_PATHS)) $(call add_json_list, CFIExcludePaths, $(CFI_EXCLUDE_PATHS) $(PRODUCT_CFI_EXCLUDE_PATHS))
$(call add_json_list, CFIIncludePaths, $(CFI_INCLUDE_PATHS) $(PRODUCT_CFI_INCLUDE_PATHS)) $(call add_json_list, CFIIncludePaths, $(CFI_INCLUDE_PATHS) $(PRODUCT_CFI_INCLUDE_PATHS))
$(call add_json_list, IntegerOverflowIncludePaths, $(DEFAULT_INTEGER_OVERFLOW_PATHS) $(INTEGER_OVERFLOW_INCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS))
$(call add_json_list, IntegerOverflowExcludePaths, $(INTEGER_OVERFLOW_EXCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS)) $(call add_json_list, IntegerOverflowExcludePaths, $(INTEGER_OVERFLOW_EXCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
$(call add_json_bool, ClangTidy, $(filter 1 true,$(WITH_TIDY))) $(call add_json_bool, ClangTidy, $(filter 1 true,$(WITH_TIDY)))