The idea is that targets with LOCAL_SANITIZE = signed-integer-overflow
and SANITIZE_TARGET=safe-stack should get both sanitizers.
This should work just fine for SANITIZE_TARGET=address, too.
Bug: 27729263
Change-Id: Ifee350da4877008fb061bc7f6c700e7fade405bc
* changes:
Build: Add module-level product configuration of sanitization
Build: Add option to restrict sanitization by owner
Build: Add option to restrict sanitization by architecture
Fix the directory for secondary-architecture libraries under
sanitization. These incorrectly wrote into vendor/lib instead
of data/vendor/lib.
Bug: 29498013
Change-Id: Iee08422a1f7ad42cbe71a322347e98cb74e3ef7f
-Wl,-no-undefined is currently disabled for any SANITIZE_TARGET. Limit that to
the sanitizers with a runtime library (i.e. address, thread).
Re-enable the relocation packer for ASan. This has been fixed upstream a long
time ago.
Bug: 27729263
Change-Id: I566df6104de816223dc1c519d41a87629ce9c47c
Only sanitizers that intercept stuff need that. For example,
SafeStack does not, and I think UBSan too.
Bug: 27729263
Change-Id: I413cd46cc6c6914a363a3c53da7954beacd8f0d8
To allow special sanitizer settings for modules shared between
products, add product-specific module settings.
This was copied from the product-specific dexopt settings.
Bug: 29498013
Change-Id: I17a96b975bb6ac7f4ffb3d5b08e2f00b21bd97a1
(cherry picked from commit bb5454b6db)
Add Make variable SANITIZE_NEVER_BY_OWNER to selectively
sanitize modules. By default, both are being sanitized. The
value of the variable is interpreted as a space or colon
separated list of owner names.
This can be used to create builds that lower the sanitization
burden by not sanitizing parts of the platform.
Bug: 29498013
Change-Id: Ib4412657fd38ff28a5c0863eddc2acde63c88ebb
(cherry picked from commit ea38d8e95d)
Add Make variable SANITIZE_ARCH to selectively sanitize binaries.
This uses the "bitness," i.e., 32 or 64, to potentially filter
the sanitization. By default, both are being sanitized.
This can be used to create builds that lower the sanitization
burden by not sanitizing "half" of the platform.
Bug: 29498013
Change-Id: I73e6d479f08a970ba912f4f63967d32f3487125f
(cherry picked from commit 0290a416c8)
This can be used to selectively disable individual sanitizers on a
target. For example, some parts of libc should be built with
SafeStack (when requested with SANITIZE_TARGET), but never with
AddressSanitizer. Current build rules specify LOCAL_SANITIZE := never
to disable AddressSanitizer; the idea is to change that to
LOCAL_NOSANITIZE := address thread.
Bug: 27729263
Change-Id: I2b770f2ce3faf6ad6798792327e96adb86fe4a4f
We're beginning to enforce (still warning) that NDK code only links to
other NDK code. So we should never need to link them to the address
sanitizer libraries.
This breaks down a bit when platform code starts depending on NDK-built
code, where the NDK-built code should be mostly the same as if it was
built with the platform, but has an implicit LOCAL_SANITIZE := never.
Even so, this change shouldn't make that worse, as we'll still compile
fine, and anything platform code that uses asan should pull in the
shared library.
Change-Id: I81b30b9edd971468c3cb1467f809f184807b505e
Verity is not enabled in eng builds. Pass the build variant so
that kernel does not try to enable verity in eng builds
BUG:29276559
Change-Id: I7f412196ac59aa63e91c21d825ad15bae9f51691
Extracts keyid inline using openssl commands.
The keyid is passed as one of the kernel command line parameters
for the dm-android-verity module to mount root fs(system)
with verity enabled.
(cherry-picked from 3af315aed5https://googleplex-android-review.git.corp.google.com/#/c/1061691/)
BUG: 28384658
Change-Id: I8efbe1b0e415ef1d396f9b51cfa4b3fa01b22484
All instances have disappeared from the build server, so switch this to
error before more turn up.
Change-Id: Iac07526a6e77ebf33733033249f2a108aae3fa7d
Allow exceptions specified by module (VENDOR_EXCEPTION_MODULES) and
path (VENDOR_EXCEPTION_PATHS, not including leading vendor/).
BUG=26968426
Change-Id: I068e43f3eae14f8793c33ae916d46979ab1681d1
