StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix evaluation order of (Cfi|Memtag) exclude paths.

Browse Source 
Before this change, exclude paths disabled sanitization of targets that
would otherwise be enabled by SanitizeDevice product variable (aka
SANITIZE_TARGET).

With this change, in addition to the above logic, exclude path disables
sanitization of targets that would otherwise be enabled by the
corresponding include path.

Effectively, this change disables sanitization of targets that are
covered by *both* include and exclude paths.

Test: MEMTAG_HEAP_SYNC_INCLUDE_PATHS=system/extras \
      MEMTAG_HEAP_EXCLUDE_PATHS=system/extras/su m su && \
      readelf -n path/to/su | grep .note.android.memtag
Bug: b/184976817
Change-Id: Ifa44b85556c6468fe5a37b5e6864c4ce9561ae2b
This commit is contained in:
Evgenii Stepanov
2021-04-09 14:52:33 -07:00
parent 002dd30e94
commit 13bc227ef0
1 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
core/config_sanitizers.mk
View File

@@ -120,12 +120,17 @@ ifeq ($(filter cfi, $(my_sanitize)),)
ifneq ($(filter arm64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
combined_include_paths := $(CFI_INCLUDE_PATHS) \
$(PRODUCT_CFI_INCLUDE_PATHS)
combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
$(PRODUCT_CFI_EXCLUDE_PATHS)
ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
$(filter $(dir)%,$(LOCAL_PATH)))),)
ifeq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
$(filter $(dir)%,$(LOCAL_PATH)))),)
my_sanitize := cfi $(my_sanitize)
endif
endif
endif
endif
# Enable memtag_heap in included paths (for Arm64 only).
@@ -135,7 +140,11 @@ ifeq ($(filter memtag_heap, $(my_sanitize)),)
$(PRODUCT_MEMTAG_HEAP_SYNC_INCLUDE_PATHS)
combined_async_include_paths := $(MEMTAG_HEAP_ASYNC_INCLUDE_PATHS) \
$(PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS)
combined_exclude_paths := $(MEMTAG_HEAP_EXCLUDE_PATHS) \
$(PRODUCT_MEMTAG_HEAP_EXCLUDE_PATHS)
ifeq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
$(filter $(dir)%,$(LOCAL_PATH)))),)
ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_sync_include_paths)),\
$(filter $(dir)%,$(LOCAL_PATH)))),)
my_sanitize := memtag_heap $(my_sanitize)
@@ -145,6 +154,7 @@ ifeq ($(filter memtag_heap, $(my_sanitize)),)
my_sanitize := memtag_heap $(my_sanitize)
endif
endif
endif
endif
# If CFI is disabled globally, remove it from my_sanitize.