From 13bc227ef0e800650baf7da6b644c7c8a61b5e66 Mon Sep 17 00:00:00 2001
From: Evgenii Stepanov <eugenis@google.com>
Date: Fri, 9 Apr 2021 14:52:33 -0700
Subject: [PATCH] Fix evaluation order of (Cfi|Memtag) exclude paths.

Before this change, exclude paths disabled sanitization of targets that
would otherwise be enabled by SanitizeDevice product variable (aka
SANITIZE_TARGET).

With this change, in addition to the above logic, exclude path disables
sanitization of targets that would otherwise be enabled by the
corresponding include path.

Effectively, this change disables sanitization of targets that are
covered by *both* include and exclude paths.

Test: MEMTAG_HEAP_SYNC_INCLUDE_PATHS=system/extras \
      MEMTAG_HEAP_EXCLUDE_PATHS=system/extras/su m su && \
      readelf -n path/to/su | grep .note.android.memtag
Bug: b/184976817
Change-Id: Ifa44b85556c6468fe5a37b5e6864c4ce9561ae2b
---
 core/config_sanitizers.mk | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index 4a94e93f95..f9042c290b 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -120,10 +120,15 @@ ifeq ($(filter cfi, $(my_sanitize)),)
   ifneq ($(filter arm64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
     combined_include_paths := $(CFI_INCLUDE_PATHS) \
                               $(PRODUCT_CFI_INCLUDE_PATHS)
+    combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
+                              $(PRODUCT_CFI_EXCLUDE_PATHS)
 
     ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
            $(filter $(dir)%,$(LOCAL_PATH)))),)
-      my_sanitize := cfi $(my_sanitize)
+      ifeq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
+           $(filter $(dir)%,$(LOCAL_PATH)))),)
+        my_sanitize := cfi $(my_sanitize)
+      endif
     endif
   endif
 endif
@@ -135,14 +140,19 @@ ifeq ($(filter memtag_heap, $(my_sanitize)),)
                                    $(PRODUCT_MEMTAG_HEAP_SYNC_INCLUDE_PATHS)
     combined_async_include_paths := $(MEMTAG_HEAP_ASYNC_INCLUDE_PATHS) \
                                     $(PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS)
+    combined_exclude_paths := $(MEMTAG_HEAP_EXCLUDE_PATHS) \
+                              $(PRODUCT_MEMTAG_HEAP_EXCLUDE_PATHS)
 
-    ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_sync_include_paths)),\
-           $(filter $(dir)%,$(LOCAL_PATH)))),)
-      my_sanitize := memtag_heap $(my_sanitize)
-      my_sanitize_diag := memtag_heap $(my_sanitize_diag)
-    else ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_async_include_paths)),\
-           $(filter $(dir)%,$(LOCAL_PATH)))),)
-      my_sanitize := memtag_heap $(my_sanitize)
+    ifeq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
+          $(filter $(dir)%,$(LOCAL_PATH)))),)
+      ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_sync_include_paths)),\
+             $(filter $(dir)%,$(LOCAL_PATH)))),)
+        my_sanitize := memtag_heap $(my_sanitize)
+        my_sanitize_diag := memtag_heap $(my_sanitize_diag)
+      else ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_async_include_paths)),\
+             $(filter $(dir)%,$(LOCAL_PATH)))),)
+        my_sanitize := memtag_heap $(my_sanitize)
+      endif
     endif
   endif
 endif