CFI include/exclude path support (Make)
This CL adds the ability to centrally enable or disable CFI for components using either an environment or product config variable. This is a better, nore manageable option that enabling CFI across each component individually. Bug: 67507323 Test: CFI_INCLUDE_PATHS= system/nfc m -j40 Test: CFI_EXCLUDE_PATHS = frameworks/av m -j40 Change-Id: I02fe1960a822c124fd101ab5419aa81e2dd51adf
This commit is contained in:
parent
8639879e60
commit
23b2d2e531
|
@ -34,6 +34,18 @@ ifneq ($(filter integer_overflow, $(my_global_sanitize)),)
|
|||
endif
|
||||
endif
|
||||
|
||||
# Disable global CFI in excluded paths
|
||||
ifneq ($(filter cfi, $(my_global_sanitize)),)
|
||||
combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
|
||||
$(PRODUCT_CFI_EXCLUDE_PATHS)
|
||||
|
||||
ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
|
||||
$(filter $(dir)%,$(LOCAL_PATH)))),)
|
||||
my_global_sanitize := $(filter-out cfi,$(my_global_sanitize))
|
||||
my_global_sanitize_diag := $(filter-out cfi,$(my_global_sanitize_diag))
|
||||
endif
|
||||
endif
|
||||
|
||||
ifneq ($(my_global_sanitize),)
|
||||
my_sanitize := $(my_global_sanitize) $(my_sanitize)
|
||||
endif
|
||||
|
@ -84,6 +96,18 @@ ifeq ($(LOCAL_SANITIZE),never)
|
|||
my_sanitize_diag :=
|
||||
endif
|
||||
|
||||
# Enable CFI in included paths.
|
||||
ifeq ($(filter cfi, $(my_sanitize)),)
|
||||
combined_include_paths := $(CFI_INCLUDE_PATHS) \
|
||||
$(PRODUCT_CFI_INCLUDE_PATHS)
|
||||
|
||||
ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
|
||||
$(filter $(dir)%,$(LOCAL_PATH)))),)
|
||||
my_sanitize := cfi $(my_sanitize)
|
||||
my_sanitize_diag := cfi $(my_sanitize_diag)
|
||||
endif
|
||||
endif
|
||||
|
||||
# If CFI is disabled globally, remove it from my_sanitize.
|
||||
ifeq ($(strip $(ENABLE_CFI)),false)
|
||||
my_sanitize := $(filter-out cfi,$(my_sanitize))
|
||||
|
|
|
@ -146,8 +146,8 @@ _product_var_list := \
|
|||
PRODUCT_MINIMIZE_JAVA_DEBUG_INFO \
|
||||
PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS \
|
||||
PRODUCT_ADB_KEYS \
|
||||
|
||||
|
||||
PRODUCT_CFI_INCLUDE_PATHS \
|
||||
PRODUCT_CFI_EXCLUDE_PATHS \
|
||||
|
||||
define dump-product
|
||||
$(info ==== $(1) ====)\
|
||||
|
|
|
@ -472,3 +472,11 @@ ifneq ($(filter-out 0 1,$(words $(PRODUCT_ADB_KEYS))),)
|
|||
$(error Only one file may be in PRODUCT_ADB_KEYS: $(PRODUCT_ADB_KEYS))
|
||||
endif
|
||||
.KATI_READONLY := PRODUCT_ADB_KEYS
|
||||
|
||||
# Whether any paths are excluded from sanitization when SANITIZE_TARGET=cfi
|
||||
PRODUCT_CFI_EXCLUDE_PATHS := \
|
||||
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CFI_EXCLUDE_PATHS))
|
||||
|
||||
# Whether any paths should have CFI enabled for components
|
||||
PRODUCT_CFI_INCLUDE_PATHS := \
|
||||
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CFI_INCLUDE_PATHS))
|
||||
|
|
|
@ -90,6 +90,8 @@ $(call add_json_list, SanitizeDeviceArch, $(SANITIZE_TARGET_ARCH)
|
|||
|
||||
$(call add_json_bool, Safestack, $(filter true,$(USE_SAFESTACK)))
|
||||
$(call add_json_bool, EnableCFI, $(call invert_bool,$(filter false,$(ENABLE_CFI))))
|
||||
$(call add_json_list, CFIExcludePaths, $(CFI_EXCLUDE_PATHS) $(PRODUCT_CFI_EXCLUDE_PATHS))
|
||||
$(call add_json_list, CFIIncludePaths, $(CFI_INCLUDE_PATHS) $(PRODUCT_CFI_INCLUDE_PATHS))
|
||||
$(call add_json_list, IntegerOverflowExcludePaths, $(INTEGER_OVERFLOW_EXCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
|
||||
|
||||
$(call add_json_bool, ClangTidy, $(filter 1 true,$(WITH_TIDY)))
|
||||
|
|
Loading…
Reference in New Issue