Enable FORTIFY_SOURCE for Android x86. This adds certain security
protections to Android programs, checking for common programming
mistakes and buffer overflows.
FORTIFY_SOURCE protections have been enabled for ARM since
a46c480e43 (Jun 4th 2012)
Change-Id: Idae6f93d37ddae605088867cd3029f12632456e1
Before this change, because the file_contexts is not in the system,
data or cache directory, the dependency is not reliable.
This fixed the gms build error:
out/target/product/gms/root/file_contexts: No such file or directory
Change-Id: Id8d5b3f4557d43a509ccc00b21dd426a414b7c42
Before this change, because the file_contexts is not in the system,
data or cache directory, the dependency is not reliable.
This fixed the gms build error:
out/target/product/gms/root/file_contexts: No such file or directory
Change-Id: Id8d5b3f4557d43a509ccc00b21dd426a414b7c42
Among other things, this helps monitoring of automated tests, to
properly show which branch the device is running on
Change-Id: I8bb8e3ec347849da44d29ce502b09a593d61ae0e
1) Move check-api to definition.mk, so it can be used in other places.
2) Add additional dependency to the api-stub module to consolidate the
apicheck dependency. Previously you have to run 2 "make"s in a row and
only in the 2nd run apicheck is run, due to a gnu-make optimization.
Bug: 7540265
Change-Id: Ib24ed87d9330027a9f95ed7b16dd4002cc0e3198
1. Use prebuilts/gcc/darwin-x86/host/i686-apple-darwin-4.2.1
See https://android-review.googlesource.com/#/c/46223/
2. Rewrite logic dealing with mac_sdk_version to support all
MacOSX SDK 10.6, 10.7 and 10.8. Note that since
ad2342375963c2468849c1f83a97158383db6511 emulator no longer
depends on 10.6 to build. Since the lowest SDK among intersection
of the "available" and the "supported" SDKs is picked, add a
new variable MAC_SDK_VERSION for developer really want to overwrite
it. MAC_SDK_VERSION still has to be one of the supported, though.
3. Improve mac_sdk_path detection to deal with case where Xcode
*dmg is mounted only, not installed at /Applications.
4. Now we can retire BUILD_MAC_SDK_EXPERIMENTAL
Change-Id: I83e463556a857d527710f766de0e19e1b576151f
1. Check $(HOST_CC) instead of gcc for llvm-gcc.
2. Remvoe Mac SDK 10.4 check because emulator uses
the same SDK version as the rest of framework
Change-Id: I4071fd45dc09a18c5341ad79e6a85e61df060fb4
Phantasm PDK support doesn't work with the factory build.
It's not needed for eng support so we'll disable it.
Change-Id: I9b65cdbb20bbcff601600d6b0cac7cc98f6f614c
Signed-off-by: Nick Sanders <nsanders@google.com>
To pick up a NOTICE file in LOCAL_PATH and attach it to
/system/lib/libfoo.so, use the following syntax:
include $(CLEAR_VARS)
LOCAL_MODULE_CLASS := NOTICE_FILES
LOCAL_INSTALLED_MODULE := $(PRODUCT_OUT)/system/lib/libfoo.so
include $(BUILD_NOTICE_FILE)
Bug: 7460213
Change-Id: Ie692be72deab37be04d1b578578c131a0885a090
When a device java module was using the layers.txt files, and that device java module depenended on
a host java module, when building the host java module, the layer checker tried to run and would
fail, complaining about the host module.
The problem was that since the value wasn't set for the host module, it would be inherited from its
dependent module (a make "feature") and would cause the layer checker to run. So this change makes
it explicitly set PRIVATE_JAVA_LAYERS_FILE for host java modules too.
Change-Id: Ifbc085295d0995a2da5d6d63d8cb379ef2631cc4
When a device java module was using the layers.txt files, and that device java module depenended on
a host java module, when building the host java module, the layer checker tried to run and would
fail, complaining about the host module.
The problem was that since the value wasn't set for the host module, it would be inherited from its
dependent module (a make "feature") and would cause the layer checker to run. So this change makes
it explicitly set PRIVATE_JAVA_LAYERS_FILE for host java modules too.
Change-Id: Ifbc085295d0995a2da5d6d63d8cb379ef2631cc4
This can fix the error "/bin/bash: Argument list too long", if we get a
really long apk list.
Bug tracker Link: http://code.google.com/p/android/issues/detail?id=38937
Change-Id: I72258125c4297dfd9f8f502a96dbfa5a08f3cc50
The Chromium makefile generator used to use module class NONE for the
meta-targets in the gyp files; this was changed to GYP in order to make
it more obvious where they come from in the build. Update the build
system's handling of NOTICE files to reflect this change.
Change-Id: Iff7d4487f3024ec83db0c2a896ec0caf8fb18b24
Default to 4.6, but can overwritten to something else in
prebuilts/gcc/$os/$arch/$arch-linux-android*-$ver
Change-Id: I16f99d642b8ff8e831d392261a0c536041107051
Emit a warning when the static linker detects a shared library
has text relocations. Text relocations make it harder to
share pages across processes, and make it harder to use
certain memory protection features in, for example, SELinux.
This warning will turn into an error in a future change
(via --fatal-warnings)
Change-Id: I2d169c7ce3600d02e25591f3ec15aba363730298
References: http://www.akkadia.org/drepper/textrelocs.html
Third time's the charm. :-)
In b238210c01, we added
-Wl,--warn-shared-textrel to TARGET_GLOBAL_LDFLAGS. This generated
a warning whenever we created a shared library with a text
relocation. At the time, we wrote:
=====
Emit a warning when the static linker detects a shared library
has text relocations. Text relocations make it harder to
share pages across processes, and make it harder to use
certain memory protection features in, for example, SELinux.
This warning will turn into an error in a future change
(via --fatal-warnings)
=====
All code which uses text relocations has either been fixed, or
we've temporarily worked around the issue so the code can still
compile.
Enable --fatal-warnings.
This reverts commit 942167dab8.
Change-Id: I578701692ead7e7cd60d73d2070a5bed366e2c6c
In b238210c01, we added
-Wl,--warn-shared-textrel to TARGET_GLOBAL_LDFLAGS. This generated
a warning whenever we created a shared library with a text
relocation. At the time, we wrote:
=====
Emit a warning when the static linker detects a shared library
has text relocations. Text relocations make it harder to
share pages across processes, and make it harder to use
certain memory protection features in, for example, SELinux.
This warning will turn into an error in a future change
(via --fatal-warnings)
=====
All code which uses text relocations has either been fixed, or
we've temporarily worked around the issue so the code can still
compile.
Enable --fatal-warnings.
This reverts commit 4dc781657b.
Change-Id: I81b96477f1c11069637f28cfd8fb98d42b39be5e
In b238210c01, we added
-Wl,--warn-shared-textrel to TARGET_GLOBAL_LDFLAGS. This generated
a warning whenever we created a shared library with a text
relocation. At the time, we wrote:
=====
Emit a warning when the static linker detects a shared library
has text relocations. Text relocations make it harder to
share pages across processes, and make it harder to use
certain memory protection features in, for example, SELinux.
This warning will turn into an error in a future change
(via --fatal-warnings)
=====
We've successfully removed all text relocations from Android's
compiled code, so turn on -Wl,--fatal-warnings .
Some pre-compiled shared libraries continue to have text relocations,
but they will be unaffected by this change.
Change-Id: I505ea23120048afc45f62593704fe1d6d26a352c
This change piggybacks Filterscript rules onto the existing Renderscript
rules. There is no real difference other than the file extension (which
llvm-rs-cc uses to apply a more stringent set of warnings/errors).
Bug: 7166741
Change-Id: I27175ff1c16c27129cafa92b4e8caabf2e5f4150
When using mm, which passes in absolute path, while in full build relative
paths are used to encode clean steps.
Change-Id: I3e39ce3125194589f9a464f27eef4a9c96fa06c1
Use "LOCAL_SDK_VERSION := <number>" to build against the NDK when you
include $(BUILD_EXECUTABLE).
Cherry-picked from master.
Bug: 7170098
Change-Id: Ib35a294bd6aa4e969d46ecd8ebab8ca5d843e24b
Use "LOCAL_SDK_VERSION := <number>" to build against the NDK when you
include $(BUILD_EXECUTABLE).
Bug: 7170098
Change-Id: I4cebeae3355e79a4d2f2f5549ef0613ced77e3f0
* commit '2d17b1aba6ea529dc618d50c784f69fb7f1a8141':
Build only modules required by the current product.
Load only the current product config makefile.
Run clean steps in only given paths when using mm/mmm
* commit '69a49f75860b4849fd1c2fe68d97fa2243171131':
Build only modules required by the current product.
Load only the current product config makefile.
Run clean steps in only given paths when using mm/mmm
Don't build modules_to_check by default.
Instead add "checkbuild" to the command line as a build goal, if you
want to build everything.
We can use the "checkbuild" goal to make sure some build targets on the
build server still build everything.
(cherry-pick of 5a88269ad6ed44fb163f96847954faac21292567.)
Bug: 7253452
Change-Id: I21eb93f3cb430c9531fe41a2f5d7b445c09938b9
To reduce the start time.
With the change and previous change of doing clean step in only given paths,
start time of mm/mmm is reduced from ~5s to about 1s;
lunch time is reduced from ~40s to 3.5s.
(cherry-pick of 157a5e1695593f935c3223430f4530e21f990378.)
Bug: 7186768,7169854
Change-Id: I0be5e2721efa66a80f112acf8f95e177ebc2f65b
To speed up mm/mmm start time.
At the same time, we should copy over the other clean steps.
(cherry-pick of 6ea58cb3dc564ce112b28f1a7c6936317168d931.)
Bug: 7186768
Change-Id: I158b0d7e4ecaa773ec3a336cd326e27ee8c26a88
This allows more flexibility with symlinking subtrees within projects.
For example, a build bot with a read-only copy of the src can copy
directories which will be affected by applied patches while symlinking
to directories that will remain untouched.
Change-Id: I9c783180f3ebdd737d8daf17550f562e4f00b200
Bug: 5368571
Now we have a phony target "tests" instead.
The target can be built in any other build variant (eg userdebug).
For example, "make PRODUCT-full-userdebug tests dist" will build and
put the *-test-* zip file in the dist dir.
The "tests" target will include all modules tagged as "tests" in
addition to other modules in specific target out directories.
Change-Id: I8383097380d8e6846c3e2107d6dd5f68788cfc39
To reduce the start time.
With the change and previous change of doing clean step in only given paths,
start time of mm/mmm is reduced from ~5s to about 1s;
lunch time is reduced from ~40s to 3.5s.
Bug: 7186768,7169854
Change-Id: Ifd72ba1c6362a5e1125a23c505fd47947ab56675
Don't build modules_to_check by default.
Instead add "checkbuild" to the command line as a build goal, if you
want to build everything.
We can use the "checkbuild" goal to make sure some build targets on the
build server still build everything.
Bug: 7253452
Change-Id: I84b62116131e85d1f32d58a424cdfd9d51fa9755
To speed up mm/mmm start time.
At the same time, we should copy over the other clean steps.
Bug: 7186768
Change-Id: I250e64256343afe788d79817af36eafaadb47028
To reduce the start time.
With the change and previous change of doing clean step in only given paths,
start time of mm/mmm is reduced from ~5s to about 1s;
lunch time is reduced from ~40s to 3.5s.
Bug: 7186768,7169854
Change-Id: Ifd72ba1c6362a5e1125a23c505fd47947ab56675
To speed up mm/mmm start time.
At the same time, we should copy over the other clean steps.
Bug: 7186768
Change-Id: I250e64256343afe788d79817af36eafaadb47028
Use "LOCAL_SDK_VERSION := <number>" to build against the NDK when you
include $(BUILD_EXECUTABLE).
Bug: 7170098
Change-Id: I4cebeae3355e79a4d2f2f5549ef0613ced77e3f0
Instead we should explicitly set up the dependency, if the module will
be used in the build process; Use LOCAL_MODULE_TAGS with eng, debug or
tests if the module is for testing; or add to PRODUCT_PACKAGES if it's
required by a product.
Change-Id: I326e97df6630dee4acc6582ce6cef2dec8289155
The support library contains references to newer platform versions.
Don't warn about those in case this app is linking against an older
platform version. We know about them, and they are safe.
Change-Id: Ia2a90398b1db1858d005ec09ded56751cc6ffb00
PRODUCT_COPY_FILES now is a list of words like <source
path>:<destination path>[:<owner>].
The optional :<owner> is used to indicate the owner of a vendor file.
Bug: 7048854
Change-Id: I435d1e18b7a091fb62513062cfc2e420e51557ec
This new indirection allows us too to output .P files when we are
generating non-.o files, such as .s or .S files.
Bug: 7127743
Change-Id: I9e46c417031764fefc9909ba4a3eb63885f34f9e
If you try to build a recovery image without having built the main
system, creating the recovery resourc file can fail due to the
directory not existing.
Change-Id: I2daff847c0b58dfa519d0f742636f01dba28c689
Ben Cheng