From ecb1a565849b40ab7aa45b7fe71e24e29a059376 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 9 May 2012 14:49:04 -0700
Subject: [PATCH] x86: compile everything with relro / bind_now

Enable relro / bind_now when compiling Android applications.
This marks certain regions of memory as read-only after linking,
making memory corruption security vulnerabilities are harder
to exploit.

See:
 * http://www.akkadia.org/drepper/nonselsec.pdf (section 6)
 * http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html

relro support has been enabled for ARM since 233d460f21d372f964f8078b8b0d5fd17af7c6b6.
This change enables it for x86.

Change-Id: Ib90704f2fecffcfdc3587607112804faa0e16385
---
 core/combo/TARGET_linux-x86.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/combo/TARGET_linux-x86.mk b/core/combo/TARGET_linux-x86.mk
index 9e1d4bd78d..dc4afb87a7 100644
--- a/core/combo/TARGET_linux-x86.mk
+++ b/core/combo/TARGET_linux-x86.mk
@@ -139,6 +139,7 @@ TARGET_GLOBAL_CFLAGS += -D__ANDROID__
 TARGET_GLOBAL_LDFLAGS += -m32
 
 TARGET_GLOBAL_LDFLAGS += -Wl,-z,noexecstack
+TARGET_GLOBAL_LDFLAGS += -Wl,-z,relro -Wl,-z,now
 TARGET_GLOBAL_LDFLAGS += -Wl,--gc-sections
 
 TARGET_C_INCLUDES := \