Commit graph

27163 commits

Author SHA1 Message Date
Treehugger Robot
c78147c650 Merge "Move apksigner library to tools/apksig." 2016-07-07 20:33:05 +00:00
Treehugger Robot
aa3525dcf1 Merge "Support LOCAL_STRIP_MODULE := keep_symbols for prebuilts" 2016-07-07 19:14:54 +00:00
Colin Cross
5d934c7924 Support LOCAL_STRIP_MODULE := keep_symbols for prebuilts
Change-Id: I92a838b07fe4116d5a4b8521fe1ce8d44e6e84e2
2016-07-07 11:16:49 -07:00
Treehugger Robot
1734523900 Merge "Recognize new C/C++ compiler and static analyzer warnings." 2016-07-07 18:07:21 +00:00
Alex Klyubin
1b09a508ba Move apksigner library to tools/apksig.
This moves build/tools/apksigner/core to its own project tools/apksig.
The move also renames the moved Java packages from
com.android.apksigner.core.* to com.android.apksig.* to reflect the
new name of the library.

Bug: 27461702
Change-Id: Iab812ae2b8f0a741014f842460c78e35bc249d43
2016-07-07 10:53:14 -07:00
Dan Willemsen
59a405c831 Merge "Never add asan libraries to NDK code" 2016-07-07 17:07:43 +00:00
Treehugger Robot
d81beca2b2 Merge "APK signer primitive." 2016-07-06 22:59:32 +00:00
Chih-Hung Hsieh
8d14543a9b Recognize new C/C++ compiler and static analyzer warnings.
Change-Id: I5f47c45498c640702922704aa5305a85e9493fcc
Test: run with Android build.log.
2016-07-06 10:22:23 -07:00
Evgenii Stepanov
997a6cd1a1 Merge "Apply SANITIZE_TARGET=safe-stack to 64 bit targets only." 2016-07-01 20:09:45 +00:00
Evgenii Stepanov
7dcb8b80c5 Apply SANITIZE_TARGET=safe-stack to 64 bit targets only.
Bug: 27729263
Change-Id: I214a9f40b94f6e6716aca05be774f014e62f73e8
2016-07-01 20:07:38 +00:00
Evgenii Stepanov
9c88e0bfa2 Merge "Apply SANITIZE_TARGET and LOCAL_SANITIZE when both are present." 2016-07-01 20:07:05 +00:00
Evgenii Stepanov
71faa1990b Apply SANITIZE_TARGET and LOCAL_SANITIZE when both are present.
The idea is that targets with LOCAL_SANITIZE = signed-integer-overflow
and SANITIZE_TARGET=safe-stack should get both sanitizers.
This should work just fine for SANITIZE_TARGET=address, too.

Bug: 27729263
Change-Id: Ifee350da4877008fb061bc7f6c700e7fade405bc
2016-07-01 20:06:34 +00:00
Treehugger Robot
9d73af0934 Merge changes I17a96b97,Ib4412657,I73e6d479
* changes:
  Build: Add module-level product configuration of sanitization
  Build: Add option to restrict sanitization by owner
  Build: Add option to restrict sanitization by architecture
2016-07-01 04:26:26 +00:00
Treehugger Robot
2302a76966 Merge "Build: Fix vendor sanitizer library for secondary arch" 2016-07-01 04:24:46 +00:00
Andreas Gampe
cf6268f471 Build: Fix vendor sanitizer library for secondary arch
Fix the directory for secondary-architecture libraries under
sanitization. These incorrectly wrote into vendor/lib instead
of data/vendor/lib.

Bug: 29498013
Change-Id: Iee08422a1f7ad42cbe71a322347e98cb74e3ef7f
2016-06-30 20:20:38 -07:00
Evgenii Stepanov
24dc27e643 Merge "Sanitizer build tweaks." 2016-07-01 00:42:12 +00:00
Evgenii Stepanov
912b51f8ab Sanitizer build tweaks.
-Wl,-no-undefined is currently disabled for any SANITIZE_TARGET. Limit that to
the sanitizers with a runtime library (i.e. address, thread).

Re-enable the relocation packer for ASan. This has been fixed upstream a long
time ago.

Bug: 27729263
Change-Id: I566df6104de816223dc1c519d41a87629ce9c47c
2016-07-01 00:41:33 +00:00
Evgenii Stepanov
3d8ee8896b Merge "Only add libdl dependency for ASan/TSan on target." 2016-06-30 23:49:26 +00:00
Evgenii Stepanov
55f73e6c43 Only add libdl dependency for ASan/TSan on target.
Only sanitizers that intercept stuff need that. For example,
SafeStack does not, and I think UBSan too.

Bug: 27729263
Change-Id: I413cd46cc6c6914a363a3c53da7954beacd8f0d8
2016-06-30 23:49:03 +00:00
Andreas Gampe
6b30d770f0 Build: Add module-level product configuration of sanitization
To allow special sanitizer settings for modules shared between
products, add product-specific module settings.

This was copied from the product-specific dexopt settings.

Bug: 29498013
Change-Id: I17a96b975bb6ac7f4ffb3d5b08e2f00b21bd97a1
(cherry picked from commit bb5454b6db)
2016-06-30 16:21:36 -07:00
Andreas Gampe
3d3b0c950d Build: Add option to restrict sanitization by owner
Add Make variable SANITIZE_NEVER_BY_OWNER to selectively
sanitize modules. By default, both are being sanitized. The
value of the variable is interpreted as a space or colon
separated list of owner names.

This can be used to create builds that lower the sanitization
burden by not sanitizing parts of the platform.

Bug: 29498013
Change-Id: Ib4412657fd38ff28a5c0863eddc2acde63c88ebb
(cherry picked from commit ea38d8e95d)
2016-06-30 16:20:03 -07:00
Andreas Gampe
cd25740cba Build: Add option to restrict sanitization by architecture
Add Make variable SANITIZE_ARCH to selectively sanitize binaries.
This uses the "bitness," i.e., 32 or 64, to potentially filter
the sanitization. By default, both are being sanitized.

This can be used to create builds that lower the sanitization
burden by not sanitizing "half" of the platform.

Bug: 29498013
Change-Id: I73e6d479f08a970ba912f4f63967d32f3487125f
(cherry picked from commit 0290a416c8)
2016-06-30 16:19:53 -07:00
Evgenii Stepanov
ff3341b33b Merge "Add LOCAL_NOSANITIZE." 2016-06-30 22:49:52 +00:00
Evgenii Stepanov
428236614a Add LOCAL_NOSANITIZE.
This can be used to selectively disable individual sanitizers on a
target. For example, some parts of libc should be built with
SafeStack (when requested with SANITIZE_TARGET), but never with
AddressSanitizer. Current build rules specify LOCAL_SANITIZE := never
to disable AddressSanitizer; the idea is to change that to
LOCAL_NOSANITIZE := address thread.

Bug: 27729263
Change-Id: I2b770f2ce3faf6ad6798792327e96adb86fe4a4f
2016-06-30 22:49:17 +00:00
Treehugger Robot
55d4a46f6d Merge "Detect uname -m == i686 as a 32-bit host" 2016-06-29 20:37:13 +00:00
Dan Willemsen
88225fdfbe Detect uname -m == i686 as a 32-bit host
Change-Id: I0350629ce6ea7a5f0224489bafc98bc190e70932
Test: UNAME from https://groups.google.com/d/msg/android-building/nGQna2xuW5s/eEcXSo9ZBgAJ
2016-06-29 12:30:56 -07:00
Tianjie Xu
1767d3f918 Merge "Skip copying existing vendor images" 2016-06-29 18:37:38 +00:00
Tianjie Xu
aaca421ec1 Skip copying existing vendor images
add_img_to_target_files.py has an option of "-a" to add missing
images only. Under this option, the script should skip copying
the radio images for A/B devices when given image exists already
under "IMAGES/".

Test: Run the command on an A/B device, the existing radio images under "IMAGES/" don't get overwritten; and missing images are added correctly.
Bug: 29608905
Change-Id: Ie034b85a5d777d53e367f99470cea4d19cb1aaaf
2016-06-29 18:32:30 +00:00
Yi Kong
d2f4cbbf88 Merge "Add jdk.net to whitelist" 2016-06-29 11:00:47 +00:00
Dan Willemsen
f761c0f574 Never add asan libraries to NDK code
We're beginning to enforce (still warning) that NDK code only links to
other NDK code. So we should never need to link them to the address
sanitizer libraries.

This breaks down a bit when platform code starts depending on NDK-built
code, where the NDK-built code should be mostly the same as if it was
built with the platform, but has an implicit LOCAL_SANITIZE := never.
Even so, this change shouldn't make that worse, as we'll still compile
fine, and anything platform code that uses asan should pull in the
shared library.

Change-Id: I81b30b9edd971468c3cb1467f809f184807b505e
2016-06-28 16:47:43 -07:00
Badhri Jagan Sridharan
606ad22def Merge "Extract public key ID from cert" 2016-06-28 23:36:23 +00:00
Badhri Jagan Sridharan
131e1977f6 Extract public key ID from cert
Extracts keyid inline using openssl commands.
The keyid is passed as one of the kernel command line parameters
for the dm-android-verity module to mount root fs(system)
with verity enabled.

(cherry-picked from 3af315aed5
https://googleplex-android-review.git.corp.google.com/#/c/1061691/)

BUG: 28384658
Change-Id: I8efbe1b0e415ef1d396f9b51cfa4b3fa01b22484
2016-06-28 23:35:41 +00:00
Treehugger Robot
73609480b3 Merge "Turn unused source files from warning to error" 2016-06-28 19:41:39 +00:00
Dan Willemsen
9efeb1ea4f Turn unused source files from warning to error
All instances have disappeared from the build server, so switch this to
error before more turn up.

Change-Id: Iac07526a6e77ebf33733033249f2a108aae3fa7d
2016-06-28 10:22:08 -07:00
Treehugger Robot
2acb2d5bcf Merge "Add VENDOR_PRODUCT_RESTRICT_VENDOR_FILES" 2016-06-28 06:17:32 +00:00
Hung-ying Tyan
3c054d8e1f Add VENDOR_PRODUCT_RESTRICT_VENDOR_FILES
Allow exceptions specified by module (VENDOR_EXCEPTION_MODULES) and
path (VENDOR_EXCEPTION_PATHS, not including leading vendor/).

BUG=26968426

Change-Id: I068e43f3eae14f8793c33ae916d46979ab1681d1
2016-06-28 10:10:53 +08:00
Treehugger Robot
7c7571d510 Merge "releasetools: Change the default key path for bvbtool" 2016-06-28 01:52:36 +00:00
Alex Klyubin
819e8485e4 APK signer primitive.
This adds an APK signer primitive which preserves as much of the input
APK as possible. For example, it preserves the order of APK entries
and preserves their contents, including compressed form and alignment
of data.

Bug: 27461702
Change-Id: I51d07c530480182a66379e70a00f680544ff6214
2016-06-27 11:28:08 -07:00
Ethan Xia
37b4a9819b releasetools: Change the default key path for bvbtool
The bvb path has been changed from 'system/bvb' to 'external/bvb'

Change-Id: I8587351b7d702a287883c6bd3c9de1cd3540435b
2016-06-27 17:19:01 +08:00
Treehugger Robot
05038d84dc Merge "Fix typo in setting PRIVATE_MODULE for AIDL source" 2016-06-24 21:16:23 +00:00
Christopher Wiley
dc9e2675e6 Fix typo in setting PRIVATE_MODULE for AIDL source
Bug: 29619260
Change-Id: I59f883c1a92075800844cc2a77b307782a9ab800
2016-06-24 13:13:52 -07:00
Chih-hung Hsieh
4837ce8ca6 Merge "Add +/- buttons to expand/collapse warning categories." 2016-06-24 18:07:44 +00:00
David Sehr
be6b4fc1b3 Merge "Filter logging from dexdump/dex2oat to errors only" 2016-06-24 18:07:07 +00:00
Yi Kong
066a9c3e53 Add jdk.net to whitelist
Tracks libcore commit a434f3be3c22c6b3e7ddd426766808e76a5780fd

Bug: 29067535
Change-Id: I764b602aa0f2a991dc26b5fd42a1143bb58d67ba
2016-06-24 18:57:55 +01:00
David Sehr
49fbdd1f28 Filter logging from dexdump/dex2oat to errors only
Change-Id: Idb3f1c3d216e2db87ce3b03cbacc6fc3ceff37e0
2016-06-24 09:27:00 -07:00
Christopher Wiley
7e918b6a46 Merge "Fix path escaping for aidl generated java" 2016-06-24 16:00:33 +00:00
Tao Bao
46abc55954 Merge "Fix the path for verity_key replacement when signing." 2016-06-24 05:20:20 +00:00
Tao Bao
8e6582b238 Merge "Add ability to pass in payload_signer args" 2016-06-24 05:20:06 +00:00
Tao Bao
983a42bdf1 Merge "releasetools: Support using payload_signer." 2016-06-24 05:19:54 +00:00
Tao Bao
6efa887f9b Merge "releasetools: replace verity keyid" 2016-06-24 05:19:40 +00:00