Overflow sanitization in frameworks/ and system/. Enables signed and unsigned integer overflow sanitization on-by-default for modules in frameworks/ and system/ by using the integer_overflow sanitization setting. This applies sanitization to dynamically linked binaries and shared libraries, and comes with a default set of regex for functions to exclude from sanitization. (see build/soong/cc/config/integer_overflow_blacklist.txt) Prepare to enable minimal runtime diagnostics for integer overflow sanitization on userdebug and eng builds. Adds an additional Make and product variable pair to apply integer overflow sanitization by default to additional code paths. Bug: 30969751 Bug: 63927620 Test: Included paths are being sanitized. Test: CTS test suite run on Pixel, runtime errors resolved. Test: Performance impact in benchmarks acceptable. Test: Boot-up successful on current Google devices. Test: Teamfooded in diagnostics mode on Pixel for a month. Test: Phone calls, camera photos + videos, bluetooth pairing. Test: Wifi, work profiles, streaming videos, app installation. Test: Split-screen, airplane mode, battery saver. Test: Toggling accessibility settings. Change-Id: Icc7a558c86f8655267afb4ca01b316773325c91a

commit: c2d7db1c7d650ec6b1ca006812404c8fd4bcf01e [log] [tgz]
author: Ivan Lozano <ivanlozano@google.com> Tue Jan 09 09:56:54 2018 -0800
committer: Ivan Lozano <ivanlozano@google.com> Tue Jan 16 10:17:02 2018 -0800
tree: 08a208bbbbaf53dac87aea14c10730031862a1ca
parent: a7229a08b7c5d481cb813d810f1d88c3de3cdc8b [diff]
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index 9415143..2064d8d 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk

@@ -34,6 +34,26 @@
   endif
 endif
 
+# Enable integer overflow sanitizer in included paths.
+# (includes override excludes)
+ifeq ($(my_clang),true)
+  ifndef LOCAL_IS_HOST_MODULE
+    ifeq ($(filter integer_overflow, $(my_sanitize)),)
+      combined_include_paths := $(DEFAULT_INTEGER_OVERFLOW_PATHS) \
+                            $(INTEGER_OVERFLOW_INCLUDE_PATHS) \
+                            $(PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS)
+      ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
+             $(filter $(dir)%,$(LOCAL_PATH)))),)
+        my_global_sanitize := integer_overflow $(my_sanitize)
+        # Ensure default paths do not run in diagnostics unless SANITIZE_TARGET_DIAG
+        ifneq ($(filter integer_overflow, $(SANITIZE_TARGET_DIAG)),)
+          my_global_sanitize_diag := integer_overflow $(my_sanitize_diag)
+        endif
+      endif
+    endif
+  endif
+endif
+
 # Disable global CFI in excluded paths
 ifneq ($(filter cfi, $(my_global_sanitize)),)
   combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
@@ -211,6 +231,19 @@
   my_sanitize := $(filter-out coverage,$(my_sanitize))
 endif
 
+# Use minimal diagnostics when integer overflow is enabled on userdebug and eng
+# and full diagnostics not enabled.
+ifneq ($(findstring integer,$(my_sanitize)),)
+  ifeq ($(findstring integer,$(my_sanitize_diag)),)
+    ifeq ($(filter address,$(my_sanitize)),)
+      # TODO(ivanlozano): uncomment after switch to clang-4536805
+      ifneq ($(filter $(TARGET_BUILD_VARIANT),userdebug eng),)
+        # my_cflags += -fsanitize-minimal-runtime
+      endif
+    endif
+  endif
+endif
+
 ifneq ($(filter integer_overflow,$(my_sanitize)),)
   ifneq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
     ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
@@ -226,7 +259,7 @@
       my_cflags += -ftrap-function=abort
       my_cflags += $(INTEGER_OVERFLOW_EXTRA_CFLAGS)
 
-      # Check for diagnostics mode (on by default).
+      # Check for diagnostics mode.
       ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
         my_cflags += -fno-sanitize-trap=signed-integer-overflow,unsigned-integer-overflow
         my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY) $(my_shared_libraries)

diff --git a/core/envsetup.mk b/core/envsetup.mk
index 05add60..a945b62 100644
--- a/core/envsetup.mk
+++ b/core/envsetup.mk

@@ -657,3 +657,8 @@
 ifeq ($(CALLED_FROM_SETUP),true)
 PRINT_BUILD_CONFIG ?= true
 endif
+
+# Set default integer overflow sanitization paths.
+# Separate from INTEGER_OVERFLOW_INCLUDE_PATHS to ensure this is not overridden.
+DEFAULT_INTEGER_OVERFLOW_PATHS := frameworks/ \
+                                  system/

diff --git a/core/product.mk b/core/product.mk
index f15f6b3..725d15b 100644
--- a/core/product.mk
+++ b/core/product.mk

@@ -146,6 +146,7 @@
     PRODUCT_SYSTEM_HEADROOM \
     PRODUCT_MINIMIZE_JAVA_DEBUG_INFO \
     PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS \
+    PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS \
     PRODUCT_ADB_KEYS \
     PRODUCT_CFI_INCLUDE_PATHS \
     PRODUCT_CFI_EXCLUDE_PATHS \

diff --git a/core/product_config.mk b/core/product_config.mk
index 5b0e257..5bc85f0 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk

@@ -463,6 +463,11 @@
 PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS := \
     $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
 
+# Paths that should have integer overflow sanitization applied by default
+# (overrides excludes)
+PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS := \
+    $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS))
+
 # ADB keys for debuggable builds
 PRODUCT_ADB_KEYS :=
 ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),)

diff --git a/core/soong_config.mk b/core/soong_config.mk
index c7eefc9..cd5a593 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk

@@ -94,6 +94,7 @@
 $(call add_json_bool, EnableCFI,                         $(call invert_bool,$(filter false,$(ENABLE_CFI))))
 $(call add_json_list, CFIExcludePaths,                   $(CFI_EXCLUDE_PATHS) $(PRODUCT_CFI_EXCLUDE_PATHS))
 $(call add_json_list, CFIIncludePaths,                   $(CFI_INCLUDE_PATHS) $(PRODUCT_CFI_INCLUDE_PATHS))
+$(call add_json_list, IntegerOverflowIncludePaths,       $(DEFAULT_INTEGER_OVERFLOW_PATHS) $(INTEGER_OVERFLOW_INCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS))
 $(call add_json_list, IntegerOverflowExcludePaths,       $(INTEGER_OVERFLOW_EXCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
 
 $(call add_json_bool, ClangTidy,                         $(filter 1 true,$(WITH_TIDY)))
commit	c2d7db1c7d650ec6b1ca006812404c8fd4bcf01e	[log] [tgz]
author	Ivan Lozano <ivanlozano@google.com>	Tue Jan 09 09:56:54 2018 -0800
committer	Ivan Lozano <ivanlozano@google.com>	Tue Jan 16 10:17:02 2018 -0800
tree	08a208bbbbaf53dac87aea14c10730031862a1ca
parent	a7229a08b7c5d481cb813d810f1d88c3de3cdc8b [diff]