ARM: compile everything with relro / bind_now. Enable relro / bind_now when compiling Android applications. This marks certain regions of memory as read-only after linking, making memory corruption security vulnerabilities are harder to exploit. See: * http://www.akkadia.org/drepper/nonselsec.pdf (section 6) * http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html Stop using the custom linker script, which inhibits relro / bind_now support. Change-Id: Ie97ccdd2845886bbc2ba2fdd47eed0ff4b29b60b

commit: 233d460f21d372f964f8078b8b0d5fd17af7c6b6 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Apr 26 09:09:24 2012 -0700
committer: Nick Kralevich <nnk@google.com> Thu Apr 26 09:09:24 2012 -0700
tree: 4ea1764bf21ae03a9ca20fa85c440385eed61081
parent: a56be342c2b948e837584199d491a149d2e69064 [diff] [blame]
diff --git a/core/combo/TARGET_linux-arm.mk b/core/combo/TARGET_linux-arm.mk
index ca12ba2..4a461f8 100644
--- a/core/combo/TARGET_linux-arm.mk
+++ b/core/combo/TARGET_linux-arm.mk

@@ -135,6 +135,8 @@
 
 TARGET_GLOBAL_LDFLAGS += \
 			-Wl,-z,noexecstack \
+			-Wl,-z,relro \
+			-Wl,-z,now \
 			-Wl,--icf=safe \
 			$(arch_variant_ldflags)
 
@@ -246,7 +248,7 @@
 
 define transform-o-to-shared-lib-inner
 $(hide) $(PRIVATE_CXX) \
-	-nostdlib -Wl,-soname,$(notdir $@) -Wl,-T,$(BUILD_SYSTEM)/armelf.xsc \
+	-nostdlib -Wl,-soname,$(notdir $@) \
 	-Wl,--gc-sections \
 	-Wl,-shared,-Bsymbolic \
 	$(PRIVATE_TARGET_GLOBAL_LD_DIRS) \
commit	233d460f21d372f964f8078b8b0d5fd17af7c6b6	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Apr 26 09:09:24 2012 -0700
committer	Nick Kralevich <nnk@google.com>	Thu Apr 26 09:09:24 2012 -0700
tree	4ea1764bf21ae03a9ca20fa85c440385eed61081
parent	a56be342c2b948e837584199d491a149d2e69064 [diff] [blame]