Merge "Revert "Pack relocations for mips""
diff --git a/core/clang/TARGET_arm.mk b/core/clang/TARGET_arm.mk
index 6f6d624..62ce242 100644
--- a/core/clang/TARGET_arm.mk
+++ b/core/clang/TARGET_arm.mk
@@ -66,3 +66,7 @@
$(clang_2nd_arch_prefix)RS_COMPAT_TRIPLE := armv7-none-linux-gnueabi
$(clang_2nd_arch_prefix)TARGET_LIBPROFILE_RT := $(LLVM_RTLIB_PATH)/libclang_rt.profile-arm-android.a
+
+# Address sanitizer clang config
+$(clang_2nd_arch_prefix)ADDRESS_SANITIZER_RUNTIME_LIBRARY := libclang_rt.asan-arm-android
+$(clang_2nd_arch_prefix)ADDRESS_SANITIZER_RPATH := /system/lib/asan
diff --git a/core/clang/TARGET_arm64.mk b/core/clang/TARGET_arm64.mk
index b67d458..ea4d937 100644
--- a/core/clang/TARGET_arm64.mk
+++ b/core/clang/TARGET_arm64.mk
@@ -64,3 +64,7 @@
RS_COMPAT_TRIPLE := aarch64-linux-android
TARGET_LIBPROFILE_RT := $(LLVM_RTLIB_PATH)/libclang_rt.profile-aarch64-android.a
+
+# Address sanitizer clang config
+ADDRESS_SANITIZER_RUNTIME_LIBRARY := libclang_rt.asan-arm64-android
+ADDRESS_SANITIZER_RPATH := /system/lib64/asan
diff --git a/core/clang/config.mk b/core/clang/config.mk
index 24c06b6..7947e61 100644
--- a/core/clang/config.mk
+++ b/core/clang/config.mk
@@ -144,12 +144,10 @@
include $(BUILD_SYSTEM)/clang/TARGET_$(TARGET_2ND_ARCH).mk
endif
-# Address sanitizer clang config
-ADDRESS_SANITIZER_RUNTIME_LIBRARY := libclang_rt.asan_$(TARGET_ARCH)_android
ADDRESS_SANITIZER_CONFIG_EXTRA_CFLAGS := -fno-omit-frame-pointer
ADDRESS_SANITIZER_CONFIG_EXTRA_LDFLAGS := -Wl,-u,__asan_preinit
-ADDRESS_SANITIZER_CONFIG_EXTRA_SHARED_LIBRARIES := libdl $(ADDRESS_SANITIZER_RUNTIME_LIBRARY)
+ADDRESS_SANITIZER_CONFIG_EXTRA_SHARED_LIBRARIES := libdl
ADDRESS_SANITIZER_CONFIG_EXTRA_STATIC_LIBRARIES := libasan
# This allows us to use the superset of functionality that compiler-rt
diff --git a/core/clear_vars.mk b/core/clear_vars.mk
index 6bc3632..1357b39 100644
--- a/core/clear_vars.mk
+++ b/core/clear_vars.mk
@@ -173,6 +173,7 @@
LOCAL_DPI_VARIANTS:=
LOCAL_DPI_FILE_STEM:=
LOCAL_SANITIZE:=
+LOCAL_SANITIZE_RECOVER:=
# arch specific variables
LOCAL_SRC_FILES_$(TARGET_ARCH):=
diff --git a/core/combo/HOST_linux-x86.mk b/core/combo/HOST_linux-x86.mk
index 5f62400..8eda6c0 100644
--- a/core/combo/HOST_linux-x86.mk
+++ b/core/combo/HOST_linux-x86.mk
@@ -29,7 +29,7 @@
# We expect SSE3 floating point math.
$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -msse3 -mfpmath=sse -m32 -Wa,--noexecstack -march=prescott
-$(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack
+$(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now
ifneq ($(strip $(BUILD_HOST_static)),)
# Statically-linked binaries are desirable for sandboxed environment
@@ -40,8 +40,8 @@
-no-canonical-prefixes \
-include $(call select-android-config-h,linux-x86)
-# Disable new longjmp in glibc 2.11 and later. See bug 2967937. Same for 2.15?
-$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0
+# TODO: Set _FORTIFY_SOURCE=2. Bug 20558757.
+$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fstack-protector
# Workaround differences in inttypes.h between host and target.
# See bug 12708004.
diff --git a/core/combo/HOST_linux-x86_64.mk b/core/combo/HOST_linux-x86_64.mk
index 3685712..e268e41 100644
--- a/core/combo/HOST_linux-x86_64.mk
+++ b/core/combo/HOST_linux-x86_64.mk
@@ -28,7 +28,7 @@
HOST_TOOLCHAIN_FOR_CLANG := prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.15-4.8/
HOST_GLOBAL_CFLAGS += -m64 -Wa,--noexecstack
-HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack
+HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now
ifneq ($(strip $(BUILD_HOST_static)),)
# Statically-linked binaries are desirable for sandboxed environment
@@ -40,8 +40,8 @@
-no-canonical-prefixes \
-include $(call select-android-config-h,linux-x86)
-# Disable new longjmp in glibc 2.11 and later. See bug 2967937. Same for 2.15?
-HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0
+# TODO: Set _FORTIFY_SOURCE=2. Bug 20558757.
+HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fstack-protector
# Workaround differences in inttypes.h between host and target.
# See bug 12708004.
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index 210d442..e13790b 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -78,17 +78,37 @@
ifdef LOCAL_IS_HOST_MODULE
# -nodefaultlibs (provided with libc++) prevents the driver from linking
# libraries needed with -fsanitize=address. http://b/18650275 (WAI)
- my_ldlibs += -ldl -lpthread
+ my_ldlibs += -lm -ldl -lpthread
+ my_ldflags += -Wl,--no-as-needed
else
- my_shared_libraries += $(ADDRESS_SANITIZER_CONFIG_EXTRA_SHARED_LIBRARIES)
+ # ASan runtime library must be the first in the link order.
+ my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
+ $(my_shared_libraries) \
+ $(ADDRESS_SANITIZER_CONFIG_EXTRA_SHARED_LIBRARIES)
my_static_libraries += $(ADDRESS_SANITIZER_CONFIG_EXTRA_STATIC_LIBRARIES)
+ my_ldflags += -Wl,-rpath,$($(LOCAL_2ND_ARCH_VAR_PREFIX)ADDRESS_SANITIZER_RPATH)
+
+ # http://b/20665974
+ # The relocation packer is causing the kernel to load the executable
+ # overlapping ASAN's shadow space.
+ ifeq ($(LOCAL_MODULE_CLASS),EXECUTABLES)
+ LOCAL_PACK_MODULE_RELOCATIONS := false
+ endif
endif
endif
ifneq ($(filter undefined,$(my_sanitize)),)
+ my_cflags += -fno-sanitize-recover=all
+
ifdef LOCAL_IS_HOST_MODULE
my_ldlibs += -ldl
else
$(error ubsan is not yet supported on the target)
endif
endif
+
+
+ifneq ($(strip $(LOCAL_SANITIZE_RECOVER)),)
+ recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_RECOVER)),
+ my_cflags += -fsanitize-recover=$(recover_arg)
+endif
diff --git a/core/main.mk b/core/main.mk
index 13465e3..41e2801 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -29,7 +29,7 @@
# TOPDIR is the normal variable you should use, because
# if we are executing relative to the current directory
# it can be "", whereas TOP must be "." which causes
-# pattern matching probles when make strips off the
+# pattern matching problems when make strips off the
# trailing "./" from paths in various places.
#ifeq ($(TOP),.)
#TOPDIR :=
diff --git a/core/prebuilt_internal.mk b/core/prebuilt_internal.mk
index 0a0a2ff..f85b0b8 100644
--- a/core/prebuilt_internal.mk
+++ b/core/prebuilt_internal.mk
@@ -43,6 +43,11 @@
# Strip but not try to add debuglink
LOCAL_STRIP_MODULE := no_debuglink
endif
+
+ ifeq ($(LOCAL_IS_HOST_MODULE)$(LOCAL_PACK_MODULE_RELOCATIONS),)
+ # Do not pack relocations by default
+ LOCAL_PACK_MODULE_RELOCATIONS := false
+ endif
endif
ifneq ($(filter STATIC_LIBRARIES SHARED_LIBRARIES,$(LOCAL_MODULE_CLASS)),)
@@ -63,20 +68,20 @@
LOCAL_INSTALLED_MODULE_STEM := $(LOCAL_MODULE).apk
endif
-ifneq ($(filter true no_debuglink,$(LOCAL_STRIP_MODULE)),)
+ifneq ($(filter true no_debuglink,$(LOCAL_STRIP_MODULE) $(LOCAL_PACK_MODULE_RELOCATIONS)),)
ifdef LOCAL_IS_HOST_MODULE
- $(error Cannot strip host module LOCAL_PATH=$(LOCAL_PATH))
+ $(error Cannot strip/pack host module LOCAL_PATH=$(LOCAL_PATH))
endif
ifeq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
- $(error Can strip only shared libraries or executables LOCAL_PATH=$(LOCAL_PATH))
+ $(error Can strip/pack only shared libraries or executables LOCAL_PATH=$(LOCAL_PATH))
endif
ifneq ($(LOCAL_PREBUILT_STRIP_COMMENTS),)
- $(error Cannot strip scripts LOCAL_PATH=$(LOCAL_PATH))
+ $(error Cannot strip/pack scripts LOCAL_PATH=$(LOCAL_PATH))
endif
include $(BUILD_SYSTEM)/dynamic_binary.mk
built_module := $(linked_module)
-else # LOCAL_STRIP_MODULE not true
+else # LOCAL_STRIP_MODULE and LOCAL_PACK_MODULE_RELOCATIONS not true
include $(BUILD_SYSTEM)/base_rules.mk
built_module := $(LOCAL_BUILT_MODULE)
diff --git a/target/board/generic_arm64/BoardConfig.mk b/target/board/generic_arm64/BoardConfig.mk
index c98624d..4b6136d 100644
--- a/target/board/generic_arm64/BoardConfig.mk
+++ b/target/board/generic_arm64/BoardConfig.mk
@@ -82,3 +82,5 @@
BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE := ext4
BOARD_FLASH_BLOCK_SIZE := 512
TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
+
+BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
diff --git a/target/board/generic_mips64/BoardConfig.mk b/target/board/generic_mips64/BoardConfig.mk
index 7fe6cd3..5c13447 100644
--- a/target/board/generic_mips64/BoardConfig.mk
+++ b/target/board/generic_mips64/BoardConfig.mk
@@ -71,3 +71,5 @@
BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE := ext4
BOARD_FLASH_BLOCK_SIZE := 512
TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
+
+BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
diff --git a/target/board/generic_x86_64/BoardConfig.mk b/target/board/generic_x86_64/BoardConfig.mk
index 295ee2b..62753a2 100755
--- a/target/board/generic_x86_64/BoardConfig.mk
+++ b/target/board/generic_x86_64/BoardConfig.mk
@@ -47,3 +47,7 @@
BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE := ext4
BOARD_FLASH_BLOCK_SIZE := 512
TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
+
+BOARD_SEPOLICY_DIRS += \
+ build/target/board/generic/sepolicy \
+ build/target/board/generic_x86/sepolicy
diff --git a/tools/java-event-log-tags.py b/tools/java-event-log-tags.py
index 846d9cf..f364751 100755
--- a/tools/java-event-log-tags.py
+++ b/tools/java-event-log-tags.py
@@ -129,7 +129,7 @@
out += "_"
return out
-javaTypes = ["ERROR", "int", "long", "String", "Object[]"]
+javaTypes = ["ERROR", "int", "long", "String", "Object[]", "float"]
for t in tagfile.tags:
methodName = javaName("write_" + t.tagname)
if t.description:
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 6a5d22f..a8b0035 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -1140,10 +1140,13 @@
script.Print("Image %s will be patched unconditionally." % (partition,))
else:
if self.version >= 3:
- script.AppendExtra(('if block_image_verify("%s", '
+ script.AppendExtra(('if (range_sha1("%s", "%s") == "%s" || '
+ 'block_image_verify("%s", '
'package_extract_file("%s.transfer.list"), '
- '"%s.new.dat", "%s.patch.dat") then') %
- (self.device, partition, partition, partition))
+ '"%s.new.dat", "%s.patch.dat")) then') % (
+ self.device, self.src.care_map.to_string_raw(),
+ self.src.TotalSha1(),
+ self.device, partition, partition, partition))
else:
script.AppendExtra('if range_sha1("%s", "%s") == "%s" then' % (
self.device, self.src.care_map.to_string_raw(),