commit ff87a9f9d962e94a023520e9c55850af7e9400fd
author Tao Bao <tbao@google.com> Thu Nov 09 23:46:53 2017 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Nov 09 23:46:53 2017 +0000
tree 5fea64d360e0291e749488991b4f9d644073eb1a
parent 7cd5386b51a40aac988fead6f0b38728b01ccb6b
parent f718f902120b4d1d3019dd51e42d2f55e863377a

Merge "releasetools: Write back default_system_dev_certificate."

core/config_sanitizers.mk

diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index fce0b5a..8bd9248 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -34,6 +34,18 @@
   endif
 endif
 
+# Disable global CFI in excluded paths
+ifneq ($(filter cfi, $(my_global_sanitize)),)
+  combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
+                            $(PRODUCT_CFI_EXCLUDE_PATHS)
+
+  ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
+         $(filter $(dir)%,$(LOCAL_PATH)))),)
+    my_global_sanitize := $(filter-out cfi,$(my_global_sanitize))
+    my_global_sanitize_diag := $(filter-out cfi,$(my_global_sanitize_diag))
+  endif
+endif
+
 ifneq ($(my_global_sanitize),)
   my_sanitize := $(my_global_sanitize) $(my_sanitize)
 endif
@@ -84,6 +96,18 @@
   my_sanitize_diag :=
 endif
 
+# Enable CFI in included paths.
+ifeq ($(filter cfi, $(my_sanitize)),)
+  combined_include_paths := $(CFI_INCLUDE_PATHS) \
+                            $(PRODUCT_CFI_INCLUDE_PATHS)
+
+  ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
+         $(filter $(dir)%,$(LOCAL_PATH)))),)
+    my_sanitize := cfi $(my_sanitize)
+    my_sanitize_diag := cfi $(my_sanitize_diag)
+  endif
+endif
+
 # If CFI is disabled globally, remove it from my_sanitize.
 ifeq ($(strip $(ENABLE_CFI)),false)
   my_sanitize := $(filter-out cfi,$(my_sanitize))

core/java.mk

diff --git a/core/java.mk b/core/java.mk
index 5772ba2..71bed38 100644
--- a/core/java.mk
+++ b/core/java.mk
@@ -726,6 +726,7 @@
 endif # !USE_R8
 
 else  # LOCAL_PROGUARD_ENABLED not defined
+proguard_flag_files :=
 full_classes_proguard_jar := $(full_classes_pre_proguard_jar)
 endif # LOCAL_PROGUARD_ENABLED defined
 

core/product.mk

diff --git a/core/product.mk b/core/product.mk
index 03098b7..c01a856 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -146,8 +146,8 @@
     PRODUCT_MINIMIZE_JAVA_DEBUG_INFO \
     PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS \
     PRODUCT_ADB_KEYS \
-
-
+    PRODUCT_CFI_INCLUDE_PATHS \
+    PRODUCT_CFI_EXCLUDE_PATHS \
 
 define dump-product
 $(info ==== $(1) ====)\

core/product_config.mk

diff --git a/core/product_config.mk b/core/product_config.mk
index 3879036..4e2d5ae 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -472,3 +472,11 @@
   $(error Only one file may be in PRODUCT_ADB_KEYS: $(PRODUCT_ADB_KEYS))
 endif
 .KATI_READONLY := PRODUCT_ADB_KEYS
+
+# Whether any paths are excluded from sanitization when SANITIZE_TARGET=cfi
+PRODUCT_CFI_EXCLUDE_PATHS := \
+    $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CFI_EXCLUDE_PATHS))
+
+# Whether any paths should have CFI enabled for components
+PRODUCT_CFI_INCLUDE_PATHS := \
+    $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CFI_INCLUDE_PATHS))

core/soong_config.mk

diff --git a/core/soong_config.mk b/core/soong_config.mk
index 41e2382..5ebd123 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -90,6 +90,8 @@
 
 $(call add_json_bool, Safestack,                         $(filter true,$(USE_SAFESTACK)))
 $(call add_json_bool, EnableCFI,                         $(call invert_bool,$(filter false,$(ENABLE_CFI))))
+$(call add_json_list, CFIExcludePaths,                   $(CFI_EXCLUDE_PATHS) $(PRODUCT_CFI_EXCLUDE_PATHS))
+$(call add_json_list, CFIIncludePaths,                   $(CFI_INCLUDE_PATHS) $(PRODUCT_CFI_INCLUDE_PATHS))
 $(call add_json_list, IntegerOverflowExcludePaths,       $(INTEGER_OVERFLOW_EXCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
 
 $(call add_json_bool, ClangTidy,                         $(filter 1 true,$(WITH_TIDY)))