Merge "Move MTE mode settings to a product variable."
This commit is contained in:
Treehugger Robot
Gerrit Code Review
commit
c37e824f56
6 changed files with 51 additions and 2 deletions
|
|
@ -140,6 +140,10 @@ ifeq ($(filter memtag_heap, $(my_sanitize)),)
|
|||
$(PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS)
|
||||
combined_exclude_paths := $(MEMTAG_HEAP_EXCLUDE_PATHS) \
|
||||
$(PRODUCT_MEMTAG_HEAP_EXCLUDE_PATHS)
|
||||
ifneq ($(PRODUCT_MEMTAG_HEAP_SKIP_DEFAULT_PATHS),true)
|
||||
combined_sync_include_paths += $(PRODUCT_MEMTAG_HEAP_SYNC_DEFAULT_INCLUDE_PATHS)
|
||||
combined_async_include_paths += $(PRODUCT_MEMTAG_HEAP_ASYNC_DEFAULT_INCLUDE_PATHS)
|
||||
endif
|
||||
|
||||
ifeq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
|
||||
$(filter $(dir)%,$(LOCAL_PATH)))),)
|
||||
|
|
|
|||
|
|
@ -247,6 +247,16 @@ _product_list_vars += PRODUCT_CFI_EXCLUDE_PATHS
|
|||
# Whether any paths should have HWASan enabled for components
|
||||
_product_list_vars += PRODUCT_HWASAN_INCLUDE_PATHS
|
||||
|
||||
# Whether any paths should have Memtag_heap enabled for components
|
||||
_product_list_vars += PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS
|
||||
_product_list_vars += PRODUCT_MEMTAG_HEAP_ASYNC_DEFAULT_INCLUDE_PATHS
|
||||
_product_list_vars += PRODUCT_MEMTAG_HEAP_SYNC_INCLUDE_PATHS
|
||||
_product_list_vars += PRODUCT_MEMTAG_HEAP_SYNC_DEFAULT_INCLUDE_PATHS
|
||||
_product_list_vars += PRODUCT_MEMTAG_HEAP_EXCLUDE_PATHS
|
||||
|
||||
# Whether this product wants to start with an empty list of default memtag_heap include paths
|
||||
_product_single_value_vars += PRODUCT_MEMTAG_HEAP_SKIP_DEFAULT_PATHS
|
||||
|
||||
# Whether the Scudo hardened allocator is disabled platform-wide
|
||||
_product_single_value_vars += PRODUCT_DISABLE_SCUDO
|
||||
|
||||
|
|
|
|||
|
|
@ -116,8 +116,8 @@ $(call add_json_list, IntegerOverflowExcludePaths, $(INTEGER_OVERFLOW_EXCL
|
|||
$(call add_json_list, HWASanIncludePaths, $(HWASAN_INCLUDE_PATHS) $(PRODUCT_HWASAN_INCLUDE_PATHS))
|
||||
|
||||
$(call add_json_list, MemtagHeapExcludePaths, $(MEMTAG_HEAP_EXCLUDE_PATHS) $(PRODUCT_MEMTAG_HEAP_EXCLUDE_PATHS))
|
||||
$(call add_json_list, MemtagHeapAsyncIncludePaths, $(MEMTAG_HEAP_ASYNC_INCLUDE_PATHS) $(PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS))
|
||||
$(call add_json_list, MemtagHeapSyncIncludePaths, $(MEMTAG_HEAP_SYNC_INCLUDE_PATHS) $(PRODUCT_MEMTAG_HEAP_SYNC_INCLUDE_PATHS))
|
||||
$(call add_json_list, MemtagHeapAsyncIncludePaths, $(MEMTAG_HEAP_ASYNC_INCLUDE_PATHS) $(PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS) $(if $(filter true,$(PRODUCT_MEMTAG_HEAP_SKIP_DEFAULT_PATHS)),,$(PRODUCT_MEMTAG_HEAP_ASYNC_DEFAULT_INCLUDE_PATHS)))
|
||||
$(call add_json_list, MemtagHeapSyncIncludePaths, $(MEMTAG_HEAP_SYNC_INCLUDE_PATHS) $(PRODUCT_MEMTAG_HEAP_SYNC_INCLUDE_PATHS) $(if $(filter true,$(PRODUCT_MEMTAG_HEAP_SKIP_DEFAULT_PATHS)),,$(PRODUCT_MEMTAG_HEAP_SYNC_DEFAULT_INCLUDE_PATHS)))
|
||||
|
||||
$(call add_json_bool, DisableScudo, $(filter true,$(PRODUCT_DISABLE_SCUDO)))
|
||||
|
||||
|
|
|
|||
|
|
@ -76,3 +76,7 @@ PRODUCT_VENDOR_PROPERTIES += \
|
|||
# Enable CFI for security-sensitive components
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/product/cfi-common.mk)
|
||||
$(call inherit-product-if-exists, vendor/google/products/cfi-vendor.mk)
|
||||
|
||||
# Enable MTE for security-sensitive components
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/product/memtag-common.mk)
|
||||
$(call inherit-product-if-exists, vendor/google/products/memtag-vendor.mk)
|
||||
|
|
|
|||
30
target/product/memtag-common.mk
Normal file
30
target/product/memtag-common.mk
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
# Copyright (C) 2023 The Android Open Source Project
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# This is a recommended set of common components to enable MTE for.
|
||||
|
||||
PRODUCT_MEMTAG_HEAP_ASYNC_DEFAULT_INCLUDE_PATHS := \
|
||||
external/android-clat \
|
||||
external/iproute2 \
|
||||
external/iptables \
|
||||
external/mtpd \
|
||||
external/ppp \
|
||||
hardware/st/nfc \
|
||||
hardware/st/secure_element \
|
||||
hardware/st/secure_element2 \
|
||||
packages/modules/StatsD \
|
||||
system/bpf \
|
||||
system/netd/netutil_wrappers \
|
||||
system/netd/server
|
||||
|
|
@ -17,6 +17,7 @@
|
|||
$(call inherit-product, $(SRC_TARGET_DIR)/product/default_art_config.mk)
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/product/languages_default.mk)
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/product/cfi-common.mk)
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/product/memtag-common.mk)
|
||||
|
||||
# Enables treble, which enabled certain -D compilation flags. In particular, libhidlbase
|
||||
# uses -DENFORCE_VINTF_MANIFEST. See b/185759877
|
||||
|
|
|
|||
Loading…
Reference in a new issue