CFI include/exclude path support (Make)

This CL adds the ability to centrally enable or disable CFI for
components using either an environment or product config
variable. This is a better, nore manageable option that enabling CFI
across each component individually.

Bug: 67507323
Test: CFI_INCLUDE_PATHS= system/nfc m -j40
Test: CFI_EXCLUDE_PATHS = frameworks/av m -j40

Change-Id: I02fe1960a822c124fd101ab5419aa81e2dd51adf
This commit is contained in:
Vishwath Mohan 2017-10-31 02:25:16 -07:00
parent 8639879e60
commit 23b2d2e531
4 changed files with 36 additions and 2 deletions

View File

@ -34,6 +34,18 @@ ifneq ($(filter integer_overflow, $(my_global_sanitize)),)
endif
endif
# Disable global CFI in excluded paths
ifneq ($(filter cfi, $(my_global_sanitize)),)
combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
$(PRODUCT_CFI_EXCLUDE_PATHS)
ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
$(filter $(dir)%,$(LOCAL_PATH)))),)
my_global_sanitize := $(filter-out cfi,$(my_global_sanitize))
my_global_sanitize_diag := $(filter-out cfi,$(my_global_sanitize_diag))
endif
endif
ifneq ($(my_global_sanitize),)
my_sanitize := $(my_global_sanitize) $(my_sanitize)
endif
@ -84,6 +96,18 @@ ifeq ($(LOCAL_SANITIZE),never)
my_sanitize_diag :=
endif
# Enable CFI in included paths.
ifeq ($(filter cfi, $(my_sanitize)),)
combined_include_paths := $(CFI_INCLUDE_PATHS) \
$(PRODUCT_CFI_INCLUDE_PATHS)
ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
$(filter $(dir)%,$(LOCAL_PATH)))),)
my_sanitize := cfi $(my_sanitize)
my_sanitize_diag := cfi $(my_sanitize_diag)
endif
endif
# If CFI is disabled globally, remove it from my_sanitize.
ifeq ($(strip $(ENABLE_CFI)),false)
my_sanitize := $(filter-out cfi,$(my_sanitize))

View File

@ -146,8 +146,8 @@ _product_var_list := \
PRODUCT_MINIMIZE_JAVA_DEBUG_INFO \
PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS \
PRODUCT_ADB_KEYS \
PRODUCT_CFI_INCLUDE_PATHS \
PRODUCT_CFI_EXCLUDE_PATHS \
define dump-product
$(info ==== $(1) ====)\

View File

@ -472,3 +472,11 @@ ifneq ($(filter-out 0 1,$(words $(PRODUCT_ADB_KEYS))),)
$(error Only one file may be in PRODUCT_ADB_KEYS: $(PRODUCT_ADB_KEYS))
endif
.KATI_READONLY := PRODUCT_ADB_KEYS
# Whether any paths are excluded from sanitization when SANITIZE_TARGET=cfi
PRODUCT_CFI_EXCLUDE_PATHS := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CFI_EXCLUDE_PATHS))
# Whether any paths should have CFI enabled for components
PRODUCT_CFI_INCLUDE_PATHS := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CFI_INCLUDE_PATHS))

View File

@ -90,6 +90,8 @@ $(call add_json_list, SanitizeDeviceArch, $(SANITIZE_TARGET_ARCH)
$(call add_json_bool, Safestack, $(filter true,$(USE_SAFESTACK)))
$(call add_json_bool, EnableCFI, $(call invert_bool,$(filter false,$(ENABLE_CFI))))
$(call add_json_list, CFIExcludePaths, $(CFI_EXCLUDE_PATHS) $(PRODUCT_CFI_EXCLUDE_PATHS))
$(call add_json_list, CFIIncludePaths, $(CFI_INCLUDE_PATHS) $(PRODUCT_CFI_INCLUDE_PATHS))
$(call add_json_list, IntegerOverflowExcludePaths, $(INTEGER_OVERFLOW_EXCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
$(call add_json_bool, ClangTidy, $(filter 1 true,$(WITH_TIDY)))