This moves all of the date references under build/ to using a single
datetime that can be set manually using BUILD_DATETIME.
It also adds an option, OVERRIDE_C_DATE_TIME, that if set to true, will
redefine __DATE__ and __TIME__ for all C/C++ files so that it matches
BUILD_DATETIME.
Bug: 23117013
Change-Id: I880ef103a26bca86bd7bf42d58e62e740a6228c8
Also removed the unneeded variable DISTTOOLS
and the unnecessary dependency of otapackage/updatepackage on DISTTOOLS.
Bug: 23085297
Change-Id: I6b269003a72bb48eda1260c8d9b4bd88974bcde9
This also drops the NDK default back to C++98 (or C++11 for code using
libc++). The platform NDK build should match the normal NDK build.
Bug: http://b/23043421
Change-Id: I3a336767ce271e84f4dfdebdadb3a98e5689def9
Set TARGET_PRIVATE_RES_DIRS in your BoardConfig.mk to specify custom
private recovery resource directories.
With this change you can share the same recovery resource dir for more
than one device; Also you can specify more than one directories.
Change-Id: Ieeb18f5ac11c98b6f08d0ab6fb4e0d9aa72b27e7
Make 4.0 (and Kati) removed the implicit sort from the $(wildcard)
function. In order to ensure that makefiles are always loaded in the
same order, and an explicit sort.
This shouldn't matter, but some makefiles are modifying variables used
by siblings (LLVM_ROOT_PATH under frameworks/compile). In this case, the
path value still pointed to the same path, it just had extra '..'
references, and was enough to cause the binaries to be different.
Change-Id: Ief6551f999351ee2c193275aaae426dc064f8b34
The transitive symbol resolving causes build breakage when a binary
has indirect dependency on the NDK library.
This matches the change made for the the aarch64 toolchain:
https://android-review.googlesource.com/#/c/120654
Change-Id: Id5b2a63301cb1cdcdd84b4bcd9fbec8cf6ec0b3c
Its presence requires #include directives to contain the build target
name, which is problematic because these directives can live in headers
that are shared by multiple build targets. Furthermore, having
LOCAL_MODULE in the generated header path is redundant because the
target directory is already private to the current build target (e.g.
.../<target_name>_intermediates/...).
Bug: 22608897
Change-Id: I059f71a1231e80f89c99441794a4491f2685036f
If system image contains the root directory
(BOARD_BUILD_SYSTEM_ROOT_IMAGE == "true"), we package the root directory
into ROOT/ instead of BOOT/RAMDISK/ in the target_files zip.
Change-Id: I817776ca97194991308b2131d0e34ab136283464
Change all uses of the file_contexts file to use the
file_contexts.bin file instead.
Depends on
I75a781100082c23536f70ce3603f7de42408b5ba
I43806d564b83d57f05f5c36c8eba7b1ff4831b04
Id560d093440a2aba99cef28c20133b35feebf950
I15660f4b3e4c5cb8ae0ec1498c74d6fcbb9a0400
Change-Id: Iaf8c4b2e420f610425a07f48db7af32bda3f5b3a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
We have deferred the CC_WRAPPER prepending to binary.mk per module.
Bug: 22612634
Change-Id: If2c0549503989d17ff7be619fdd49c26fd78f0a5
(cherry-pick from commit 66c8e8c756)
Now that symlinks are created at build time, the rsync while
making recovery runs into issues around the etc symlink
Change-Id: Ie781507b22e4661629840075b274eaab2f712de6
With this patch, we can now write Android makefiles like:
include $(CLEAR_VARS)
LOCAL_MODULE := dbus-binding-example
LOCAL_SRC_FILES := main.cpp \
dbus-service-config.json \
org.example.Daemon.Command.dbus.xml \
org.example.Daemon.Manager.dbus.xml
include $(BUILD_EXECUTABLE)
This will cause header files defining native DBus interfaces
to be generated. These can be included from main.cpp to
easily expose object oriented interface over DBus.
Bug: 22608897
Change-Id: Ic4304ac8de77de74d6955ed17789e5477be9a53e
For system images that contain the root directory, "adb shell" in
recovery stops working if the image is mounted at "/system", because
sh now locates at /system/system/bin/sh. We fix the issue by mounting
the image on /system_root and create a symlink to /system_root/system
for /system.
Bug: 22855115
Change-Id: Ia6b257b75aeb67687c3909063d1725a23a5ccd60
TSAN is not supported on 32-bit architectures. For non-multilib cases,
make its use an error. For multilib cases, don't use it for the 32-bit
case.
Change-Id: I8e40be4002379cc2c9aa98ab8b812b337d6e077e
Now we requires Mac OS X SDK version at least 10.8.
Also removed the unnecessary sort call in getting
mac_sdk_versions_installed.
Lexical sort doesn't make sense when 10.10 is added to that list.
Actually the next makefile line makes sure we always get the first
match in $(mac_sdk_versions_supported):
mac_sdk_version := $(firstword $(filter $(mac_sdk_versions_installed),
$(mac_sdk_versions_supported)))
Bug: 22825165
Change-Id: I4bfafabb11f94b66704d4799fe61fe3f16429538
The build system removes targets like "PRODUCT-full-eng" from
MAKECMDGOALS in build/core/product_config.mk.
Without this change, such target isn't passed to kati.
Change-Id: I0b3949ed1f5557445d7f5d5bd59b7875c0b2ea7f
If BOARD_USES_FULL_RECOVERY_IMAGE == true, a full copy of recovery
image will be carried as /system/etc/recovery.img instead of a patch
at /system/recovery_from_boot.p.
Bug: 22641135
Change-Id: Ie271d3e2d55d7b003f667ac5b44203d69b23c63b
(cherry picked from commit 8beab69bd5)
Currently, DEX2OATD_DEPENDENCY is created by appending $(DEX2OATD) to
the value of DEX2OAT_DEPENDENCY and then if USE_DEX2OAT_DEBUG is set,
DEX2OAT_DEPENDENCY is set to DEX2OATD_DEPENDENCY, adding a dependency
on $(DEX2OAT) even in configurations where this will not be built.
This change removes DEX2OATD and DEX2OATD_DEPENDENCY entirely to instead
assign dex2oat or dex2oatd to DEX2OAT depending on USE_DEX2OAT_DEBUG,
making it possible to build with these flags set:
USE_DEX2OAT_DEBUG=true
ART_BUILD_HOST_NDEBUG=false
ART_BUILD_HOST_DEBUG=true
ART_BUILD_TARGET_NDEBUG=false
ART_BUILD_TARGET_DEBUG=true
make build-art-host
Change-Id: I4fa75d1b7e9751c73c43ec943fd8446cc231a070
Fix mmma uses like "mmma ./external/apache-harmony" by removing the
leading ./ in entries in BUILD_MODULES_IN_PATHS.
Change-Id: I414e734c8a29434fc89ddb2b745613c33709c5e3
If USE_NINJA=true, use kati to translate makefiles into ninja files,
and then execute them with ninja.
Builds kati from source using simplified versions of the rules
in binary.mk and definitions.mk.
Adds two new goals when USE_NINJA=true: generateonly will regenerate
build.ninja but not rebuild (useful for comparing build.ninja output
between runs), and fastincremental will skip regenerating build.ninja
and go directly to running ninja, providing ~5 second incremental
builds.
Change-Id: Ib85399e730f1fbb1be7371fafeee7d1c31080771
- Deleted unused functions in definitions.mk.
- lint is never fully functional in the platform source tree.
- Retire LOCAL_DIST_BUNDLED_BINARIES: now the build system/framework
supports JNI embedded in apk.
Change-Id: I6314cb20d1544c704ccbc4c1f9cccb9c54fb5a51
- Don't overwrite [TARGET|HOST]_[CC|CXX] with the [CC|CXX]_WRAPPER prefix,
so that we can disable the wrapper per module.
- Disable ccache on a module when FDO is enabled.
Bug: 22612634
Change-Id: Ibc04a4742d589955066c7eceb43a0da9a2b893bc
(cherry-pick from commit c671a7cf5c)
I'm adding a rule which regenerates ninja files to kati:
8666cfba20
With this regeneration rule, unnecessary re-generation will happen
when these .mk files are updated even if there are no changes in
their contents. With this patch, these .mk files are updated only
when the contents will be actually changed.
Change-Id: I4c796f9454502f6bb25019b3806ca577ea5258c1
For apps_only (also PDK build) we use prebuilt host tools in
prebuilts/sdk/tools; For platform build we use tools built from source.
Auto-clean intermediate files of these tools when build type change is
detected.
Bug: 20213206
Change-Id: I9173af322684c017fdb91a3abfbe39ecfe5650e9
(cherry-pick from commit 036b53b6de)
Using $(BUILD_NUMBER) inside a rule causes odd behavior, as the rule
is different every time make is run, but since make doesn't depend
on the command line it only ends up being built with the new value
if some other dependency has changed.
To allow ninja, which does depend on the command line, to provide the
same behavior, store the build number in out/build_number.txt, and
use a shell expansion to cat the file in rules that use it. This will
cause the rule command to stay identical between builds, while still
getting the new build number if the rule is rerun for a dependency.
Also use the same trick for BUILD_FINGERPRINT, and the date in
droiddoc rules.
Change-Id: I6c5e6b6b3ef4c613563d7f5604df0e401575ba5f
Move the @echo command that prints the rule description to be the
first command in each rule so that the kati tool can find it to
use as a ninja rule description.
Change-Id: I90f27c35bb719d327a7f2109f8d00d3589082f19
Another change in bionic/linker adds linker_asan/linker_asan64 that
know where to find ASan shared libraries.
Also, include linker_asan to the required packages list when building
for ASan.
Change-Id: I8ebe7c0091bbeb0c135708a891d33d9844373d37
This is a temporary change pending code cleanup.
We are already disabling detection of ODR violations. As it turns out,
an ODR between an ASan-instrumented library and a non-instrumented library
may actually crash ASan, and there is no obvious way out, and one of those
prevents us from booting a SANITIZE_TARGET image right now.
Bug: 21951850
Change-Id: I49508242ec96089a3d4d8b7e45f36323d62f2be9
file_contexts (specified by SELINUX_FC) is needed both when building
and (re)packaging. We used to use the copy in out/ when building, and
looked for the copy in BOOT/RAMDISK/ when packaging from target_files
zip. With system_root_image enabled, the file_contexts needed for
building and packaging might be different from the one on device. So
we explicitly pack the file as META/file_contexts in target_files zip.
Also refactor out the overriding of selinux_fc property into
common.LoadInfoDict().
Change-Id: I94f9ea6671b3792c12c1c21573840743d63da39a
(cherry picked from commit aa7318c384)
Upstream clang r239152 (http://reviews.llvm.org/D10239) caused a pretty
significant change in behavior. Passing an FPU feature via -mfpu
disables any feature not supported by those flags (in addition to the
old behavior of enabling features supported by the flags). For e.g.,
-mfpu=neon used to just pass +neon, +vfp3 as target features to the
backend. Now, -mfpu=neon also passes -vfp4, -fp16, -fp-armv8.
The backend has always disabled implied feature bits if a feature is
disabled. Upon seeing the target feature -vfp4, it will disable any
processor/feature that implies vfp4, including the bit that the
processor is a Krait. Since Krait has both Neon and vfp4, it is safe to
pass '-mfpu=neon-vfpv4'.
Change-Id: Ibbb992e80b8cbc8dc36d5df556885d0912baea22
It's only ever referred to directly. (Should probably move to
system/core/include, but that's orthogonal to this change.)
Change-Id: I353afff031a29206aaa5a0991fe0ccb39e4731e2
Sanitized RPATH now mentions /system/vendor/lib to preserve overlay
in the case when a sanitized version of a vendor library can not be
built.
Bug: 22199458
Change-Id: I3222d2e1d6c08fdd1e0404fcb7db347aa4a92bb7
Due to the change in https://lwn.net/Articles/546473/, kernel reserves a
few extra blocks (lesser of 2% and 4096 blocks) on ext4 FS which leads to
OTA update failures. Adjust the size computation if the device has
BOARD_HAS_EXT4_RESERVED_BLOCKS := true.
It amends the last attemp in [1]. Now it computes the used blocks from the
make_ext4fs output, instead of altering its argument.
[1]: commit efbb5d2e69.
Bug: 21522719
Bug: 22023465
Bug: 22174684
Change-Id: Iaae6507f6de68a5892f2e3035d330039287b4492
(cherry picked from commit c7a6f1e4f8)
These symbols are defined in the ASan runtime library, which is always
present at runtime.
Bug:21785137
Change-Id: Ib8418c66323fd4cdfdc05548048f32380cb84ee5
Introduce a way to speed up local builds. Don't build all test
modules if ANDROID_NO_TEST_CHECK is set to true.
On master branch this reduces what is built by more than
300 apps and 50 java libraries. Time for doing this on a
12 core machine running with -j13 is about 10 minutes.
Change-Id: I90feb108695ee60d0dbbf497644f767cc3748215
Do not clean installed files, only intermediate files. This way, two
consequitive builds first without, then with SANITIZE_TARGET will
produce a frankenbuild with both sets of shared libraries.
Bug: 21785137
Change-Id: I231868b15331be942c783458cf36233c2e7740d3
A fully (or even mostly) asan-instrumented device will have 2 copies of each
shared library, which might not fit on system partition. Moving instrumented
libraries to /data.
Bug: 21785137
Change-Id: I64184261da2eb24a1382c67e4931c34a5a38b3c0
This also does a bit of cleanup in config_sanitizers.mk. The result is
that `LOCAL_SANITIZE := <any arbitrary ubsan group>` should function
fine for both host and target.
This is a superset of LOCAL_DETECT_INTEGER_OVERFLOWS, so remove that.
This also checks integer division by zero. It's supposed to cover
shifting undefined behaviors as well, but apparently it does not
(though `LOCAL_SANITIZE := shift` works fine).
Change-Id: I4ac99eafa6920a3f8cb82af37ce56ff0fdb95223
The same as SANITIZE_HOST, but for the target.
Also, skip all LOCAL_FORCE_STATIC_EXECUTABLE targets, as ASan does not
support static linking.
Bug: 21785137
Change-Id: Ief53ff8de1fee18f230d6c7dd31845db5bbd415c
I've migrated all users of this to the new option now, so we can drop
this.
Dropping `SANITIZE_HOST := true` will have to wait until the build
server configs have been updated.
Change-Id: I591436e197a6c6c079a6cd6a2decb702b574cd71
Add build system support for LOCAL_DETECT_INTEGER_OVERFLOWS. When enabled,
an attempt to perform an integer arithmetic operation which overflows
will result in a call to abort(). This is intended for security
sensitive code, where integer overflow operations are not expected
nor desirable.
Two classes of underflows/overflows are detected and blocked:
1) Signed integer underflow/overflow.
2) Unsigned integer underflow/overflows.
Signed integer overflows are undefined behavior, according to the
C standard. Unsigned integer overflows are defined behavior, but
still undesirable in security sensitive code.
Only clang is supported today. gcc has -ftrapv for handling signed
integer overflow, but it's widely considered broken
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=35412) and we're
deliberately avoiding it's use here.
Change-Id: Ib4918dc84e37e83d4205e5035544545d91671e5f
Vaguely-Related-Bug: 11859726
Clang is really aggressive at optimizing a handful of cases (read:
clang will ruin your day some if you write bad code). Fortunately, it
also emits a warning when it's about to do this.
To prevent anyone from suffering from these optimizations, make these
warnings errors and make them impossible to disable.
Change-Id: I5e10bb0fc2ca23190017da716b3b84635577a0bd
The catch all "org" package was catching several thousand
org.apache.harmony.tests.* tests that are already covered by
other packages. Replace the catch-all org.* with specific prefixes.
Needs additional support in CollectAllTests to handle multiple
prefixes. This is implemented in the companion change.
bug: 20862863
(cherry picked from commit cf7fbcd03d)
Change-Id: I1d28f91cfca098ccdcd62e88bb486b433d9c29d8
For historical reason, the aosp_* products were named full_*.
We keep the full, full_x86 and full_mips in case some tools still
reference these legacy names; But no reason the have the full_* product
names for the new 64-bit archs.
Change-Id: I240ed0c6ded0ded2d80603bd0c5ff24750999afc
New custom image configuration variables:
- CUSTOM_IMAGE_SELINUX, set to "true" if the image supports selinux.
- CUSTOM_IMAGE_SUPPORT_VERITY, set to "true" if the product supports verity.
- CUSTOM_IMAGE_VERITY_BLOCK_DEVICE
Also changed the staging directory name to the mount point, like we do
for other images built by the build system.
Bug: 19609718
Change-Id: I6bbf06b79eee63e4c77834f2e6f1d5a7f7e00a12
(cherry picked from commit 7d51a40295)
Build additional images requested by the product makefile.
This script gives the ability to build multiple additional images and
you can configure what modules/files to include in each image.
1. Define PRODUCT_CUSTOM_IMAGE_MAKEFILES in your product makefile.
PRODUCT_CUSTOM_IMAGE_MAKEFILES is a list of makefiles.
Each makefile configures an image.
For image configuration makefile foo/bar/xyz.mk, the built image
file name
will be xyz.img. So make sure they won't conflict.
2. In each image's configuration makefile, you can define variables:
- CUSTOM_IMAGE_MOUNT_POINT, the mount point, such as "oem", "odm"
etc.
- CUSTOM_IMAGE_PARTITION_SIZE
- CUSTOM_IMAGE_FILE_SYSTEM_TYPE
- CUSTOM_IMAGE_DICT_FILE, a text file defining a dictionary
accepted by BuildImage() in tools/releasetools/build_image.py.
- CUSTOM_IMAGE_MODULES, a list of module names you want to include
in the image; Not only the module itself will be installed to proper
path in the image, you can also piggyback additional files/directories
with the module's LOCAL_PICKUP_FILES.
- CUSTOM_IMAGE_COPY_FILES, a list of "<src>:<dest>" to be copied to
the image. <dest> is relativ to the root of the image.
To build all those images, run "make custom_images".
Bug: 19609718
Change-Id: Ic73587e08503a251be27797c7b00329716051927
(cherry picked from commit 5fcf1094f9)
Normally the binaries use the exsiting $ORIGIN/../lib[64] with binaries
in the bin subdirectory;
For historical reason the binaries in the SDK package don't have a bin
subdirectory. This workaround enables them to work in the existing SDK
directory structure.
Bug: 21301578
Change-Id: Ibebfbfb8b30e81e7bbaf13a21bb205f3f0282d24
(cherry-pick from commit 4fe7bfd373)
The gcc 4.9 devirtualization bug was fixed with a cherry pick of r212222.
BUG: 19872411
Change-Id: I6d9677f112402fe84d70da770f364392398e9cc9
(cherry picked from commit ad2494bb79)
GDB does not yet have support for compact branches, and is unable to
set a breakpoint on them. Turn compact branch generation off, until
GDB is fixed.
Change-Id: Ie7d6fb891e9934f8fc645fe9cf8f706be15a5f77
This allows to compile dex targeted java sources using Jack and Jill.
Default is still to compile with the legacy toolchain. Default can be
switched to the new toolchain by setting environement variable:
export ANDROID_COMPILE_WITH_JACK=true
Toolchain can also be forced for one module by defining
LOCAL_JACK_ENABLED:=full # disabled, full, incremental
in the mk portion defining the module.
Jack execution environement can be controlled with:
Global variable ANDROID_JACK_VM allow to change the jvm executing Jack.
Global variable ANDROID_JACK_VM_ARGS allows to change default args given
to the jvm.
Global variable ANDROID_JACK_EXTRA_ARGS allows to define some default args
to give to Jack
LOCAL_JACK_VM_ARGS allows to override default args given to the jvm for
the module.
LOCAL_JACK_EXTRA_ARGS allows to override default args passed to Jack.
This includes cherry-picks of the following changes:
b4c49cba5722c3fa6d73138768c1bb5dd3e1d31283d5d040478bc90fd2d6140274707e0fbc9ff2a2833b427d72f9a27f45b4280966694137822c443dc6b44d43c3d2a76c14bf06744f60fc95573d5036b8213916142794e7b582801f2c44d0c76d99dca1f528e132d676a5e0bd1ae25b3984ff Partially, only Jack related parts werekept
ec46a3b71fabee3a9f4177cbe10fd9daf07db4cdb6bfb5893a
Ie all Jack related changes untill
b6bfb5893a
except
a96cc59ab5 "Use Jack by default"
Change-Id: If9d47ef1c4fd1e6765ad2a47d816c1ad3cfab0e3
Clang++ for Mips and Mips64 generates read-only exception unwind
tables that trigger DT_TEXTREL warnings at link time. Until Clang
is fixed, ignore those performance warnings instead of failing the build.
With this patch, Mips clang++ can be (optionally) used when building
libdeqp.
NDK's Mips llvm has been using an alternate temporary fix, marking the
.gcc_exception_table section as read-write for Mips only:
https://android-review.googlesource.com/#/c/119660/
A permanent fix using a read-only exception table is pending upstream:
http://reviews.llvm.org/D9669
Change-Id: Ie0cd7da398acbe45dbe39adc251e7fd5b5ca1445
Commit 28acbeab18f6083299c07f9ebe769d22e49f8107 removed the dependency of
sepolicy-analyze on libc++, eliminating the only consumer of the library for the
cts host-side tests. Remove the library since it is no longer needed but leave
the ability to add other shared libs in the future.
Bug: 19566396
Change-Id: I4fbfa44ce9f099ad058fd0630ac48749e389e3e1
This reverts commit 32e1689684.
Now that prebuilts/gcc/darwin-x86/aarch64/aarch64-linux-android-4.9 is also updated
Change-Id: Id95c1c4cc651c434461655e62b8f23afd56b53e4
Print modules and their transitive dependencies with license files.
To invoke, run
"make deps-license PROJ_PATH=<proj-path-patterns> DEP_PATH=<dep-path-patterns>".
PROJ_PATH restricts the paths of the source modules;
DEP_PATH restricts the paths of the dependency modules.
Both can be makefile patterns supported by makefile function $(filter).
Example:
$ make deps-license packages/app/% external/%
prints all modules in packages/app/ with their dpendencies in external/.
The printout lines look like "<module_name> :: <module_paths> :: <license_files>".
Bug: 20823995
Change-Id: I06b66e85ff56c8628bffa3d948085ed45870100f
The only remaining users of stlport are vendor blobs. Prevent any new
users from using it.
Bug: http://b/15193147
Change-Id: I577a16c8c52e2c7d939c3b5026e18ad90e4b9f26
We don't have a toolchain for 64-bit windows.
This allows running `USE_MINGW=1 mm` in a directory that has a host
module with LOCAL_MULTILIB := both.
Change-Id: I31f981b38fb80b0d6582bab0a4bd580a3c654c91
The previous check tested against USE_MINGW even for target builds.
Hadn't been a problem because people don't typically set USE_MINGW
directly.
Change-Id: I90fe0ea890c44917eb29dd02d7c7f76c19e7fbd6
USE_MINGW=1 mm didn't work in directories that contained target modules
because the build system would use the Windows locations and extensions
when trying to find the host GCC prebuilts. Windows is the target OS,
not the OS we're building from.
Change-Id: Ic994fed15388d0c7d393f71ba28fe7afdc659f5c
Also filter out gcc-only flags -Wno-clobbered and -fno-devirtualize
when compiled with clang/llvm.
BUG: 19872411
Change-Id: I6de57583be04da607f569df65e93531787dbb789
We need PT_LOAD segments to match for the gdb sake.
If we pack module after stripping symbolic version
PT_LOAD differ from actual ones; this confuses gdb.
Bug: http://b/20687795
Change-Id: If7b1ffcda918d0cc47051a30ca1202007ed62403
(cherry picked from commit 258b29cf76)
The relocation packer is causing the kernel to load the executable
overlapping ASAN's shadow space.
Bug: http://b/20665974
Change-Id: Ifc5914f4fbed5f4f00ed1c795d01cf2fcb849cfe
Always link libm with asan. Hasn't been a problem before because ASAN
was only ever used when libc++ was as well, which already links libm.
Pass --no-as-needed for host modules.
These aren't needed for the target builds because the target uses the
shared RTL.
Change-Id: I5d6a3c2dd557b5231be2b7711df6438693753a88
ASan runtime library (when using dynamic linking) must be the first
dependency of the main executable to achieve correct symbol
interposition. This matches how the clang driver works.
In multilib setup, ASan-RT name depends on the target arch:
/system/lib/libclang_rt.asan-arm-android.so
/system/lib64/libclang_rt.asan-arm64-android.so
We also set RPATH to /system/lib/asan or /system/lib64/asan
to have a place for ASan-only versions of system libraries.
Change-Id: I5c0cdb89e5e08a1950eb276e406da9f31a6e52dd
This is needed for projects that have known ubsan issues that we can't
fix right away (perhaps because it's an upstream project that we're
diligent about keeping in sync with upsteam).
Also make the normal ubsan use -fno-sanitize-recover=all by default.
Change-Id: I1b0f3309792f32dbd08c18816d7306e76c8d7c30
Enable the following compiler hardening flags:
* -Wl,-z,relro
* -Wl,-z,now
* -fstack-protector
relro / bind_now make the relro region read-only after linking,
preventing certain attacks against ELF data structures.
stack-protector adds stack canaries, which can detect exploits
which overwrite parts of the stack.
Explicitly not added in this change is FORTIFY_SOURCE=2. Adding that
option turns on glibc's warn_unused_result attributes. This generates
a huge number of new compile time warnings, and for the multiple
makefiles which have -Werror in them, turns those warnings into errors.
I'm not able to fix all the errors right away.
Bug: 20558757
Change-Id: I86791177c6695f5325233d9dd9a5dd3ccc2b1a2f
Do not pack relocations for prebuilds unless
LOCAL_PACK_MODULE_RELOCATIONS is true
Bug: http://b/20537715
Bug: http://b/18051137
Change-Id: Iddef3b09741da6ae10d73c98103b868cc7695d38
Add replocation-packer step for dynmic executables.
Enable it by default for arm and arm64 platforms.
Bug: http://b/18051137
Change-Id: I0c88fd31595bcea62a087f219acb9ecf9c80f2e5
Add ability to include dirs to the cts distribtion to enable bundling of shared
libraries on which host-side executables rely.
Bug: 19566396
Change-Id: Id501874244ae98fbfef2aa591885c88dee5b8b02
If a prebuilt APK contains shared libraries and the flag
LOCAL_PAGE_ALIGN_JNI_SHARED_LIBRARIES := true is set, then
uncompress any shared libraries stored within the APK.
This allows processes to load the shared library directly from
the APK.
Bug: 20247329
Bug: 8076853
Bug: 1162500
Change-Id: Iac4db32457d9ce31eb7256410023819b44fda0a6