Merge "Overflow sanitization in frameworks/ and system/."

core/config_sanitizers.mk

@@ -34,6 +34,26 @@ ifneq ($(filter integer_overflow, $(my_global_sanitize)),)
   endif
 endif
 
+# Enable integer overflow sanitizer in included paths.
+# (includes override excludes)
+ifeq ($(my_clang),true)
+  ifndef LOCAL_IS_HOST_MODULE
+    ifeq ($(filter integer_overflow, $(my_sanitize)),)
+      combined_include_paths := $(DEFAULT_INTEGER_OVERFLOW_PATHS) \
+                            $(INTEGER_OVERFLOW_INCLUDE_PATHS) \
+                            $(PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS)
+      ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
+             $(filter $(dir)%,$(LOCAL_PATH)))),)
+        my_global_sanitize := integer_overflow $(my_sanitize)
+        # Ensure default paths do not run in diagnostics unless SANITIZE_TARGET_DIAG
+        ifneq ($(filter integer_overflow, $(SANITIZE_TARGET_DIAG)),)
+          my_global_sanitize_diag := integer_overflow $(my_sanitize_diag)
+        endif
+      endif
+    endif
+  endif
+endif
+
 # Disable global CFI in excluded paths
 ifneq ($(filter cfi, $(my_global_sanitize)),)
   combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
@@ -211,6 +231,19 @@ ifneq ($(filter coverage,$(my_sanitize)),)
   my_sanitize := $(filter-out coverage,$(my_sanitize))
 endif
 
+# Use minimal diagnostics when integer overflow is enabled on userdebug and eng
+# and full diagnostics not enabled.
+ifneq ($(findstring integer,$(my_sanitize)),)
+  ifeq ($(findstring integer,$(my_sanitize_diag)),)
+    ifeq ($(filter address,$(my_sanitize)),)
+      # TODO(ivanlozano): uncomment after switch to clang-4536805
+      ifneq ($(filter $(TARGET_BUILD_VARIANT),userdebug eng),)
+        # my_cflags += -fsanitize-minimal-runtime
+      endif
+    endif
+  endif
+endif
+
 ifneq ($(filter integer_overflow,$(my_sanitize)),)
   ifneq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
     ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
@@ -226,7 +259,7 @@ ifneq ($(filter integer_overflow,$(my_sanitize)),)
       my_cflags += -ftrap-function=abort
       my_cflags += $(INTEGER_OVERFLOW_EXTRA_CFLAGS)
 
-      # Check for diagnostics mode (on by default).
+      # Check for diagnostics mode.
       ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
         my_cflags += -fno-sanitize-trap=signed-integer-overflow,unsigned-integer-overflow
         my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY) $(my_shared_libraries)

core/envsetup.mk

@@ -657,3 +657,8 @@ endif
 ifeq ($(CALLED_FROM_SETUP),true)
 PRINT_BUILD_CONFIG ?= true
 endif
+
+# Set default integer overflow sanitization paths.
+# Separate from INTEGER_OVERFLOW_INCLUDE_PATHS to ensure this is not overridden.
+DEFAULT_INTEGER_OVERFLOW_PATHS := frameworks/ \
+                                  system/

core/product.mk

@@ -146,6 +146,7 @@ _product_var_list := \
     PRODUCT_SYSTEM_HEADROOM \
     PRODUCT_MINIMIZE_JAVA_DEBUG_INFO \
     PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS \
+    PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS \
     PRODUCT_ADB_KEYS \
     PRODUCT_CFI_INCLUDE_PATHS \
     PRODUCT_CFI_EXCLUDE_PATHS \

core/product_config.mk

@@ -463,6 +463,11 @@ PRODUCT_MINIMIZE_JAVA_DEBUG_INFO := \
 PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS := \
     $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
 
+# Paths that should have integer overflow sanitization applied by default
+# (overrides excludes)
+PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS := \
+    $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS))
+
 # ADB keys for debuggable builds
 PRODUCT_ADB_KEYS :=
 ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),)

core/soong_config.mk

@@ -94,6 +94,7 @@ $(call add_json_bool, Safestack,                         $(filter true,$(USE_SAF
 $(call add_json_bool, EnableCFI,                         $(call invert_bool,$(filter false,$(ENABLE_CFI))))
 $(call add_json_list, CFIExcludePaths,                   $(CFI_EXCLUDE_PATHS) $(PRODUCT_CFI_EXCLUDE_PATHS))
 $(call add_json_list, CFIIncludePaths,                   $(CFI_INCLUDE_PATHS) $(PRODUCT_CFI_INCLUDE_PATHS))
+$(call add_json_list, IntegerOverflowIncludePaths,       $(DEFAULT_INTEGER_OVERFLOW_PATHS) $(INTEGER_OVERFLOW_INCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS))
 $(call add_json_list, IntegerOverflowExcludePaths,       $(INTEGER_OVERFLOW_EXCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
 
 $(call add_json_bool, ClangTidy,                         $(filter 1 true,$(WITH_TIDY)))