Fix the bug that caused boot failure on ASAN builds with VNDK
restriciton. The major cause is because incorrect (old) ld.config.txt
was used when the build is sanitized, which prevented the dynamic linker
to find some VNDK libs that only exist in /system/lib/vndk; the old
ld.config.txt does not have the directory in its search paths. So, this
CL fixes the problem by having the same ld.config.txt for both sanitized
and non-sanitizied builds.
Furthermore, ld.config.txt is modified so that dependency to
libclang_rt* libs are redirected to those in /system/lib directory. This
ensures that the sanitizer runtime libs are not dual loaded but are
provided for both platform and vendors.
Bug: 65217017
Test: SANITIZE_TARGET=integer_overflow SANITIZE_TARGET_DIAG=integer_overflow m
on 2017 pixel devices. The build is successful and the device boots to
the UI.
Merged-In: I0e21e20d9aca340b984968e07d4ce542ae10fd31
Change-Id: I0e21e20d9aca340b984968e07d4ce542ae10fd31
(cherry picked from commit faefa6bd36)
Lists of libraries in between the linker namespaces are no longer
hard-coded in ld.config.txt, but instead come from Soong.
Bug: 37139976
Test: build 2017 pixel device with BOARD_VNDK_VERSION=current m -j
Test: the device is bootable, basic functionalities (camera, camcorder,
wifi, bt, gps, etc.) work.
Merged-In: I8170e6c3f6ee04b16359791d64cc46bd2714a073
Change-Id: I8170e6c3f6ee04b16359791d64cc46bd2714a073
(cherry picked from commit 367984602a)
For vendor process default namespace searches as following order:
1. /vendor/lib/(hw|egl), /vendor/lib: Vendor libs + VNDK-vnd-ext
2. /system/lib/vndk-$(ver): VNDK libs
3. /vendor/lib/vndk-sp-$(ver): VNDK-SP-vnd-ext
4. /system/lib/vndk-sp-$(ver): VNDK-SP
and searches system namespace (/system/lib) only for LL-NDK libs.
This configuarion is used only with BOARD_VNDK_VERSION is defined.
Bug: 37192038
Test: build with 'BOARD_VNDK_VERSION=current' and boot
Merged-In: If9778b9266a084846ba8fe73e6bff25828359d33
Change-Id: If9778b9266a084846ba8fe73e6bff25828359d33
(cherry picked from commit 24c29f1be4)
The new linker namespace config causes problem when the target is
sanitized: vendor libs which are loaded in the sphal namespace can't
link against to libclang_rt* libs which are in /system/lib directory
because the directory is not allowed for sphal namsapce.
Long-term solution would be installing libclang_rt* to both /system/lib
and /vendor/lib so that vendor libs can link against to the one in
/vendor/lib.
Until the work is done, let's just disable the new linker namespace
config when the target is to be sanitized.
Bug: 63535130
Test: make SANITIZE_TARGET=integer_overflow
SANITIZE_TARGET_DIAG=integer_overflow builds and boots to the UI
Merged-In: I6afb69885aaa3d25e554b9ca699a572248bfc50a
Change-Id: I6afb69885aaa3d25e554b9ca699a572248bfc50a
(cherry picked from commit fff6f75fc1)
Now, framework process (any process that is executing /system/bin/* or
/system/xbin/*) are started with three namespaces; default, sphal and
vndk.
default namespace is the namespace that is responsible for loading libs
from /system/lib. It can't load libs from other places such as
/vendor/lib. (However, we temporarily open the path since we haven't
finished the system partition cleanup, but will do eventually).
sphal namespace is the namespace where SP-HAL (Same-process HAL) is
loaded. SP-HAL are the only vendor libraries that are allowed to be
loaded inside framework processes. libEGL_<chipset>.so and
android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs. When
framework needs to load those SP-HALs, it explicitly loads it from this
namespace using android_get_exported_namespace() and
android_dlopen_ext().
vndk namespace is the namespace for loading vndk-sp (Vendor-NDK for
Same-Process) libs, which is a small set of framework libraries that
SP-HALs can link against. These libraries are compiled for the same
version of Android that the vendor partition is compiled against.
SP-HALs can not use libraries other than vndk-sp and ndk libs.
Membership to vndk-sp and ndk are strictly closed.
Note that in a system, there are two copies of vndk-sp libs. One at
/system/lib and the other at /vendor/lib/vndk-sp. As a result, there can
be two instances of a same library in a process.
Also adds ld.config.legacy.txt which is used on non-Treble devices where
PRODUCT_FULL_TREBLE is not set to true.
Note, this split can be cleaned up further after b/37139976 is solved.
Bug: 34407260
Test: git diff HEAD:rootdir/etc/ld.config.legacy.txt
HEAD^:rootdir/etc/ld.config.txt => 0
Test: sailfish boots (because BOARD_VNDK_VERSION is not set to
'current')
Change-Id: I8331d94edc38f22c4f8abc66cdf2050af9d0605b
Add init script and shell script to unzip a tar containing ASAN
libraries on boot.
Bug: 36458146
Test: m && m SANITIZE_TARGET=address
Test: manual (build steps for tar missing)
Change-Id: I1bcf332f86c5bf2e0333cbe3def684999c1002f8
Add SANITIZE_LITE_SERVICES to drive usage of asan.options for a
large set of native services.
Test: m SANITIZE_TARGET=address SANITIZE_LITE=true
Test: m SANITIZE_TARGET=address SANITIZE_LITE=true SANITIZE_LITE_SERVICES=true
Change-Id: I84458dcc1b193b762daeb3004cf6c49e2fd8fae2
When native coverage is enabled, add a global GCOV_PREFIX
environment variable specifying that gcda files be output
with path prefix /data/local/tmp.
Bug: 35635587
Test: make NATIVE_COVERAGE=true; check init.environ.rc
Change-Id: I40972aea3ca3168d0687bdc93e9d4b7b3a1071b9
It's 5 characters shorter, has no runtime costs, can be stored on a
read-only partition, and avoids problems like b/27262109 and b/27204904.
It allows makes some security hardening easier.
Bug: 27262109
Bug: 27204904
Bug: 32799236
Test: verified new symlink created and old one not present
Change-Id: Ief362e13569ad9c868a7f0f9c4dbd6a328c96c6b
When building without vendor/... in the tree, we won't be creating a
vendorimage, so BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE won't be defined. But
we still need to use the vendor image that will be present.
Bug: 30040825
Change-Id: I756adc615aea11da60da4d3a4568caca9fed93ab
Extend the asan.options file to read binary-specific configuration
from files out of /system. For early services, the system image
location is important as /data may not be available when they are
started.
Add a template that turns most sanitization off. At this point in
time, it is, however, impossible to get to a zero overhead state
after the fact. The template is meant to adapt a build after the
fact, and work around issues with LOCAL_SANITIZE := never.
Add a Make variable and rule copying the template to the path and
name expected by ASAN. Add SANITIZE_LITE to automatically add a
large set of options files.
Bug: 29498013
Change-Id: I8e9e6929a55cee3f3fa0acb377a886bfa7006c91
Create symlink from /cache to /data/cache for devices
which have no cache partition.
Bug: 28747374
Change-Id: Ifb0c3250f1be345ce46fcdb78533e36c2250bb85
The new top level directory /postinstall is used by the A/B updater to
mount the new partition and run a post-install program before rebooting
into that new system.
init.rc was extended to label this new directory since the initrd has
no extended attributes.
Bug: 27177071
TEST=`ls -laZ /` shows the /postinstall directory on edison-eng
(cherry picked from commit bb968fb04d)
Change-Id: Iff993135c7ce3a1a0f6450892ef7382da408fd5e
The new top level directory /postinstall is used by the A/B updater to
mount the new partition and run a post-install program before rebooting
into that new system.
init.rc was extended to label this new directory since the initrd has
no extended attributes.
Bug: 27177071
TEST=`ls -laZ /` shows the /postinstall directory on edison-eng
Change-Id: I6cdee7eb1d61ac7d447528962a4fad1a7bbf138d
If / is not write-able and system.img contains system/vendor, symlink
for `/vendor/ -> /system/vendor/` that is otherwise done in init.rc
should be done at build time.
BUG=b:25512724
Change-Id: Iaa63d6440373a4fd754a933c9f1960b3787a6d98
Building without ramdisk requires a way to specify board specific
directoryies and symlinks in the root directory at build time.
Change-Id: I11301e98228bc4761f3aee177a546146651b9f25
(cherry picked from commit d7549c9a65cad886f672af41f5fca6f0bd0c12fa)
The goal is to enable SANITIZE_TARGET='address coverage', which
will be used by LLVMFuzzer.
Bug: 22850550
Change-Id: Iea756eaaedaa56aee4daf714510269efe3aaa553
Instead of setting global ASAN_OPTIONS in immutable init.environ.rc,
load them from a file that can be changed later. The file has to be
on the /system partition to both be editable and available at the
early stages of boot.
Also add allocator_may_return_null=1 as that is closer to the
non-ASan allocator behavior.
Bug: 22846541
Change-Id: Ib0f41393c528f2e7cb398470e41f50abf5f4f455
system.img may contain the root directory as well. In that case, we
need to create some symlinks init.rc would during the build.
Change-Id: I4e7726f38c0f9cd9846c761fad1446738edb52c0
system.img may contain the root directory as well. In that case, we
need to create some folders init.rc would during the build.
Change-Id: I312104ff926fb08d98ac8256b76d01b0a90ea5e5
system.img may contain the root directory as well. In that case, we
need to create some folders init.rc would during the build.
Change-Id: I157ccbebf36bee9916f3f584551704ec481ae1d1
allow_user_segv_handler=1 is required to run ART under ASan
detect_odr_violation=0 and alloc_dealloc_mismatch=0 suppress some of
the existing bug reports during boot.
Bug: 21951850, 21785137
Change-Id: I4d36967c6d8d936dacbfdf1b94b87fa94766bd3e
The /oem mount point is used to mount semi-trusted data, and
many Android One devices depend on it. Make sure it's guaranteed
to always be available.
Bug: 20816563
Change-Id: Ib5272f025d14d4da6125d753879054b3faeae696
- BOOTCLASSPATH now is derived from PRODUCT_BOOT_JARS, which is a product
configuration variable set up by the core build system.
- Moved files from the legacy ALL_PREBUILT to PRODUCT_COPY_FILES in
build/target/product/embedded.mk.
Bug: 9990214
Change-Id: I98bac36c1ca8c779dda572a0a5e0a22b7e4c4a7a
DBUS had been needed by bluetooth bluz stack. It is not needed after
we replaced bluez stack with bluedroid stack.
bug 6872904
Change-Id: I3fa41c1dd4ac80bc679d5950b3b20c7f6d12265f
This is done by ensuring that /init.goldfish.rc and /system/etc/init.goldfish.sh
are part of the system image, even if it lacks other emulator related bits.