Also suppress a clang-tidy warning and a ubsan check to pass compilation.
Bug: 171348143
Test: build.
Change-Id: Ie5162c15df172cefd7cff9776e54531fd620bc23
To avoid adding ubsan to the apex allowed_dep list, this commit adds a
check on depedency tags to see if apex check should be skipped.
The check is only used on sharedLib dependencies when diag mode are enabled
for sanitizers.
Bug: 158010610
Test: make build for aosp-sargo and aosp_cf_x86_phone-userdebug
Change-Id: I3d7dbb70d8c80ffae1854819cf8cf9e6b0b15c00
Rewriting LLNDK dependencies with .llndk suffix requries referencing
a global data structure to determine if a given library is an LLNDK
library and therefore needs the .llndk suffix. References to
global data structures from mutators must be removed to support
incremental Soong analysis. Instead, move the LLNDK stubs rules
into the vendor variant of the implementing cc_library so that
the original name can be used.
As an incremental step, the llndk_library modules are left in
place, and the properties are copied into the cc_library via
the dependency specified by the llndk_stub property. A followup
will move the LLNDK properties directly into the cc_library and
delete the llndk_library modules.
The global list of LLNDK libraries is kept for now as it is used
to generate the vndk.libraries.txt file.
Bug: 170784825
Test: m checkbuild
Test: compare Soong outputs
Test: all Soong tests
Change-Id: I2a942b21c162541a49e27b2e5833c9aebccff1d0
Allow for different arch to specify sanitizer options.
Bug: 158010610
Test: Compiles with build options
Change-Id: I4db72f682e920e3c1a6d55473f316e56567636e6
This commit adds an new option to the sanitizer build config to enable CFI with the
"-fno-sanitize-cfi-canonical-jump-tables" flag in order to provide more
support for assembly heavy libraries.
Bug: 158010610
Test: Compile with option enabled in libaom and libvpx
Change-Id: I7d0d3ed6ff876582043fd72b687757426e3dc5aa
Add vendor_ramdisk_available and vendor_ramdisk attribute to
various rules. When a vendor_ramdisk variant of a module is
generated, it is installed to $OUT/vendor-ramdisk.
It is similar to a ramdisk image.
Test: m nothing -j
Change-Id: Ib2d16459f3094dbe21c3bdb7c016cb4b2bf62765
The hwasan runtime has stubs, make the function to add all version
variants of a shared library available to the sanitizer mutator.
Test: m checkbuild
Change-Id: Ie4124022140f8520834d7bf7b59f0499cd381083
liblog snapshot needs to sanitizer.address=false to avoid cycle in asan
builds. Adding that separately in library_sdk_member.go would start to
feel like whack-a-mole, so the snapshot generation is instead extended
to handle nested property structs.
This uses the BpPropertySet.AddProperty extension in
https://r.android.com/1423510, and common value optimisation now
recurses into non-anonymous structs, instead of comparing them as a
whole.
Test: m nothing
Test: `m SANITIZE_TARGET=address nothing` with prebuilts/runtime
present in the manifest and a fresh snapshot made with this
Bug: 151303681
Change-Id: I472554117a488e6c800045cb2ed59377778571a4
When building a vendor snapshot, the general rule the
build system uses to select a module for inclusion into
the vendor snapshot is if it's a framework module.
However, there are cases where a partner may modify the
framework module, thereby assuming control of that
module.
This change adds the exclude_from_vendor_snapshot
property allowing the partner to mark a module that
would normally be included in the vendor snapshot for
exclusion. This module is then built from source when
building the vendor image against the vendor snapshot.
Bug: 165705527
Test: m nothing
Test: build partner code against vendor snapshot
Change-Id: I6c5c15f13eeeb8f29717a4abd84b65fa72096889
AddFarVariationDependencies was broken, which allowed sdk modules to
request dependencies using image and version variations, even for
host modules that do not have image or version variations. Make
the image and version variations conditional on device sdk modules.
Test: go test ./sdk
Change-Id: I59b7a32a3782254fd5feb828a5258ee13d4db812
CFI modules can't link against non-CFI static libraries, and vice versa.
So without capturing both CFI and non-CFI static libraries, vendor
modules won't be able to use CFI, which will be a critical security
hole.
This captures both CFI and non-CFI variants of all static libraries for
vendor snapshot, except for those whose cfi are explicitly disabled.
For example, suppose that "libfoo" is defined as follows.
cc_library_static {
name: "libfoo",
vendor_available: true,
}
As it doesn't have cfi disabled, two libraries "libfoo.a" and
"libfoo.cfi.a" will be captured. When installed, vendor snapshot module
for "libfoo" will look like:
vendor_snapshot_static {
name: "libfoo",
src: "libfoo.a",
cfi: {
src: "libfoo.cfi.a",
},
}
The build system will recognize the "cfi" property, and will create both
CFI and non-CFI variant, allowing any modules to link against "libfoo"
safely, no matter whether CFI is enabled or not.
Two clarification:
1) The reason why we don't create separate modules is that DepsMutator
runs before sanitize mutators. CFI and non-CFI variant of a library
should exist in a single module.
2) We can't capture CFI variant if the source module explicitly disables
cfi variant by specifying the following.
sanitize: {
cfi: false,
}
In this case, only non-CFI variant will be created for the vendor
snapshot module.
Bug: 65377115
Test: m dist vendor-snapshot && install && build against snapshot
Change-Id: Idbf3e3205d581800d6093c8d6cf6152374129ba4
Dependencies of makefile modules are being redirected according to
SOONG_CFI_STATIC_LIBRARIES and SOONG_HWASAN_STATIC_LIBRARIES. But the
variables are shared among all variants (e.g. core, vendor, product,
arch), which can cause build error.
This splits the Makefile variables into several lists, one list per each
arch and each image variant, to correctly make the redirection.
Bug: 162476652
Test: build and inspect ninja
Change-Id: Icc753382f1c53de8468cc85243a6954e1986297a
All uses of this property have been migrated to 'blocklist' instead.
Update language to comply with Android’s inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for
reference
Bug: 161896447
Bug: 162245450
Test: TH
Change-Id: I4b83b41ad5a4b2caf1166b1acece9537f545aaad
dependencyTag uses a set of predefined tags to identify different types
of dependencies. There are already multiple bits of metadata stored
in the dependency tag (Library, Shared, ReexportFlags), and supporting
them all requires a combinatorial explosion of predefined tags and
causes issues when using equality comparisons if a new bit of metadata
is added.
Add a new libraryDependencyTag type that will contain the metadata
bits, and replace the quality comparisons with checks on the metadata
bits.
There are 5 TODOs where modifying the checks identified problems with
the existing checks. These were left in place to produce identical
build output and will be fixed separately.
Bug: 162437057
Test: no change to build.ninja or {Android,make_vars,late}-${TARGET_PRODUCT}.mk
Change-Id: I72d4207dcf381c07c92e00e5a03968ebb5ed8d30
Bug: 162024969
Test: Successfully builds targets for both host and device
"writeonly" flag in SANITIZE_(HOST|TARGET) enables it with "address"
and "hwaddress"
Change-Id: Ia89d43230deef15a67dee09ed015fea14f0717ff
This will eventually replace the Blacklist property.
Update language to comply with Android’s inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for
reference
Bug: 161896447
Bug: 162245450
Test: build topic
Change-Id: I3c2609c791c27b8ba3bcb55f79304b78bce1f518
There're two ways to enable hwasan:
- global setting: TARGET_SANITIZE=hwaddress
- individual setting: sanitize: { hwaddress: true }
This change covers both cases by looking up if com.android.runtime is
hwaddress santized or not.
Bug: 156678661
Test: m (soong test added)
Change-Id: I67c382c3e76a06f4b27f221eebd153c698647227
This was causing build breaks when different devices moved to Android.bp
at different times.
Bug: 150878976
Test: build *_hwasan targets
Change-Id: I68912bb6a5696809c318d1ec816a1bcfbe2df245
Merged-In: I68912bb6a5696809c318d1ec816a1bcfbe2df245
(cherry picked from commit 7b6af23db6)
This was causing build breaks when different devices moved to Android.bp
at different times.
Bug: 150878976
Test: build *_hwasan targets
Change-Id: I68912bb6a5696809c318d1ec816a1bcfbe2df245
Also remove a deprecated flag -fsanitize-hwaddress-abi=platform.
Switching to the new pass manager reduces size of the "lib64" directory
by almost 6%.
Bug: 135298400
Test: objdump -d path/to/symbols/system/lib64/*.so | grep __hwasan_check_
Test: adb shell sanitizer-status
Change-Id: I327ee982e20c02b3b2126d93189048d9f4bfb301
Only disable CFI on incompatible variants rather than the base module.
Bug: 142157676
Test: Manual llvm-cfi-verify checks
Change-Id: I999e1dbcccc1ffb102b2fe01c47f1bda4df5e601
Merged-In: I999e1dbcccc1ffb102b2fe01c47f1bda4df5e601
(cherry picked from commit 4774a81c0f)
Host binaries by default use the UBSan runtime whether or not
diagnostics are requested in the module definition. The rest of the code
assumes the runtime is only needed when diag properties are set.
This makes sure to add the runtime to the dependency graph of host
binaries that are UBSanitized.
Bug: 150336284
Test: ./art/tools/dist_linux_bionic.sh com.android.art.host
Test: runtime appropriately identified as a dependency of libziparchive
Change-Id: I2704aaba4abc7f4e6d96747917c77b5147fd1d56
Merged-In: I2704aaba4abc7f4e6d96747917c77b5147fd1d56
(cherry picked from commit f3b190f8e7)
Host binaries by default use the UBSan runtime whether or not
diagnostics are requested in the module definition. The rest of the code
assumes the runtime is only needed when diag properties are set.
This makes sure to add the runtime to the dependency graph of host
binaries that are UBSanitized.
Bug: 150336284
Test: ./art/tools/dist_linux_bionic.sh com.android.art.host
Test: runtime appropriately identified as a dependency of libziparchive
Change-Id: I2704aaba4abc7f4e6d96747917c77b5147fd1d56
Only disable CFI on incompatible variants rather than the base module.
Bug: 142157676
Test: Manual llvm-cfi-verify checks
Change-Id: I999e1dbcccc1ffb102b2fe01c47f1bda4df5e601
Use AndroidMkEntries so the next patch can use ExtraFooters, which
doesn't exist in AndroidMkData.
Bug: 149591522
the bug is not exactly related to this change, but it is the bug
that the follow-up changes are trying to fix.
Test: manually diff out/soong/Android.aosp_x86_64.mk
Merged-In: Ia3006b6747813693cf7e2b536030b21f3109f538
Change-Id: Ia3006b6747813693cf7e2b536030b21f3109f538
(cherry picked from commit d80cbca76d)
Use AndroidMkEntries so the next patch can use ExtraFooters, which
doesn't exist in AndroidMkData.
Test: manually diff out/soong/Android.aosp_x86_64.mk
Change-Id: Ia3006b6747813693cf7e2b536030b21f3109f538
Linux host prebuilts for UBSan runtime are available now, so we can
enable these. There's a bit more work to be done for Windows/Darwin
support, so that's left to another CL.
Bug: 148289941
Test: Build host binary with integer overflow sanitization enabled.
Test: ./art/test/testrunner/run_build_test_target.py art-linux-bionic-x64
Change-Id: Ie98979116fa3bb8accb23d1788adcc28330a9530
This implements four modules (static/shared/header libraries, and
binaries) for vendor snapshot. These modules will override source
modules if BOARD_VNDK_VERSION != current.
Bug: 65377115
Test: 1) VNDK_SNAPSHOT_BUILD_ARTIFACTS=true m dist vndk vendor-snapshot
Test: 2) install snapshot under source tree
Test: 3) set BOARD_VNDK_VERSION and boot cuttlefish
Change-Id: I24ddb4c3aa6abeab60bbfd31bcbd8753e2592dc5
Vendor snapshot can be captured with "m dist vendor-snapshot". With
vendor snapshot and vndk snapshot, older version of /vendor and newer
version of /system will be able to be built together by setting
BOARD_VNDK_VERSION to past vendor's version.
Only vendor modules under AOSP are to be captured. In detail, modules
under following directories are ignored:
- device/
- vendor/
- hardware/, except for interfaces/, libhardware/, libhardware_legacy/,
and ril/
Test modules (cc_test, etc.) and sanitized modules are also ignored.
Bug: 65377115
Test: m dist vendor-snapshot
Change-Id: If7a2f6de7f36deee936930c0ccf7c47c4a0cebf6
Build fuzzer-sanitized libraries with an $ORIGIN DT_RUNPATH. Android's linker
uses DT_RUNPATH, not DT_RPATH. When we deploy cc_fuzz targets and their
libraries to /data/fuzz/<arch>/lib, any transient shared library gets the
DT_RUNPATH from the shared library above it, and not the executable, meaning
that the lookup falls back to the system. Adding the $ORIGIN to the DT_RUNPATH
here means that transient shared libraries can be found colocated with their
parents.
This may have some interesting consequences if:
1. Your fuzz target depends on a shared library which has `sanitize.fuzzer:
false` (as the DT_RUNPATH won't have `$ORIGIN`, and so you may get missing
libraries).
2. A `SANITIZE_TARGET=fuzzer` platform has a shared object in two
different directories (like system vs. ndk) and is depending on the linker
implementation details to resolve this in some manner.
I don't believe either of these instances should reasonably happen in
practise.
Fixes: 145973404
Fixes: 145988908
Test: m example_fuzzer
Change-Id: I94cbf628fc1ce15c43283d72bdabd9817de1fef8
