forked from openkylin/platform_build
Build: Change SANITIZE_LITE install settings
Under SANITIZE_LITE, the default app_process is not instrumented. Embedding sanitized libraries into APKs will lead to crashing apps. So move second-stage APKs to /data/asan. The tradeoff is that for now we won't run these sanitized binaries. Adding support for that is future work. Also do not do a rebuild of the boot image. This would invalidate the first-stage results. Note that this is technically dangerous, as stack overflow guard sizes will not be adapted for ASAN runs. However, this is a general incompatibility. Also do not rebuild system_other. Apps are not rebuilt, so it will create an empty image. Bug: 36458146 Test: m && m SANITIZE_TARGET=address SANITIZE_LITE=true Change-Id: I3898bc53cad264529f126e6bf0af9c6ca1736877
This commit is contained in:
Andreas Gampe
parent
06956fe54c
commit
481660ef34
|
|
@ -1786,8 +1786,11 @@ endef
|
|||
|
||||
# We just build this directly to the install location.
|
||||
INSTALLED_SYSTEMOTHERIMAGE_TARGET := $(BUILT_SYSTEMOTHERIMAGE_TARGET)
|
||||
ifneq (true,$(SANITIZE_LITE))
|
||||
# Only create system_other when not building the second stage of a SANITIZE_LITE build.
|
||||
$(INSTALLED_SYSTEMOTHERIMAGE_TARGET): $(INTERNAL_USERIMAGES_DEPS) $(INTERNAL_SYSTEMOTHERIMAGE_FILES) $(INSTALLED_FILES_FILE_SYSTEMOTHER)
|
||||
$(build-systemotherimage-target)
|
||||
endif
|
||||
|
||||
.PHONY: systemotherimage-nodeps
|
||||
systemotherimage-nodeps: | $(INTERNAL_USERIMAGES_DEPS)
|
||||
|
|
|
|||
|
|
@ -24,7 +24,12 @@ DEX_PREOPT_DEFAULT ?= true
|
|||
SYSTEM_OTHER_ODEX_FILTER ?= app/% priv-app/%
|
||||
|
||||
# Method returning whether the install path $(1) should be for system_other.
|
||||
# Under SANITIZE_LITE, we do not want system_other. Just put things under /data/asan.
|
||||
ifeq ($(SANITIZE_LITE),true)
|
||||
install-on-system-other =
|
||||
else
|
||||
install-on-system-other = $(filter-out $(PRODUCT_DEXPREOPT_SPEED_APPS) $(PRODUCT_SYSTEM_SERVER_APPS),$(basename $(notdir $(filter $(foreach f,$(SYSTEM_OTHER_ODEX_FILTER),$(TARGET_OUT)/$(f)),$(1)))))
|
||||
endif
|
||||
|
||||
# The default values for pre-opting: always preopt PIC.
|
||||
# Conditional to building on linux, as dex2oat currently does not work on darwin.
|
||||
|
|
|
|||
|
|
@ -58,6 +58,12 @@ my_boot_image_flags := --compiler-filter=speed-profile
|
|||
my_boot_image_flags += --profile-file=$(my_out_boot_image_profile_location)
|
||||
endif
|
||||
|
||||
ifneq (addresstrue,$(SANITIZE_TARGET)$(SANITIZE_LITE))
|
||||
# Skip recompiling the boot image for the second sanitization phase. We'll get separate paths
|
||||
# and invalidate first-stage artifacts which are crucial to SANITIZE_LITE builds.
|
||||
# Note: this is technically incorrect. Compiled code contains stack checks which may depend
|
||||
# on ASAN settings.
|
||||
|
||||
$($(my_2nd_arch_prefix)DEFAULT_DEX_PREOPT_BUILT_IMAGE_FILENAME): PRIVATE_BOOT_IMAGE_FLAGS := $(my_boot_image_flags)
|
||||
$($(my_2nd_arch_prefix)DEFAULT_DEX_PREOPT_BUILT_IMAGE_FILENAME): PRIVATE_2ND_ARCH_VAR_PREFIX := $(my_2nd_arch_prefix)
|
||||
# Use dex2oat debug version for better error reporting
|
||||
|
|
@ -85,3 +91,5 @@ $($(my_2nd_arch_prefix)DEFAULT_DEX_PREOPT_BUILT_IMAGE_FILENAME) : $(LIBART_TARGE
|
|||
--no-generate-debug-info --generate-build-id \
|
||||
--multi-image --no-inline-from=core-oj.jar \
|
||||
$(PRODUCT_DEX_PREOPT_BOOT_FLAGS) $(GLOBAL_DEXPREOPT_FLAGS) $(ART_BOOT_IMAGE_EXTRA_ARGS)
|
||||
|
||||
endif
|
||||
|
|
|
|||
|
|
@ -421,8 +421,16 @@ TARGET_OUT_COMMON_GEN := $(TARGET_COMMON_OUT_ROOT)/gen
|
|||
TARGET_OUT := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_SYSTEM)
|
||||
ifneq ($(filter address,$(SANITIZE_TARGET)),)
|
||||
target_out_shared_libraries_base := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_ASAN)/system
|
||||
ifeq ($(SANITIZE_LITE),true)
|
||||
# When using SANITIZE_LITE, APKs must not be packaged with sanitized libraries, as they will not
|
||||
# work with unsanitized app_process. For simplicity, generate APKs into /data/asan/.
|
||||
target_out_app_base := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_ASAN)/system
|
||||
else
|
||||
target_out_app_base := $(TARGET_OUT)
|
||||
endif
|
||||
else
|
||||
target_out_shared_libraries_base := $(TARGET_OUT)
|
||||
target_out_app_base := $(TARGET_OUT)
|
||||
endif
|
||||
|
||||
TARGET_OUT_EXECUTABLES := $(TARGET_OUT)/bin
|
||||
|
|
@ -436,8 +444,8 @@ TARGET_OUT_SHARED_LIBRARIES := $(target_out_shared_libraries_base)/lib
|
|||
endif
|
||||
TARGET_OUT_RENDERSCRIPT_BITCODE := $(TARGET_OUT_SHARED_LIBRARIES)
|
||||
TARGET_OUT_JAVA_LIBRARIES := $(TARGET_OUT)/framework
|
||||
TARGET_OUT_APPS := $(TARGET_OUT)/app
|
||||
TARGET_OUT_APPS_PRIVILEGED := $(TARGET_OUT)/priv-app
|
||||
TARGET_OUT_APPS := $(target_out_app_base)/app
|
||||
TARGET_OUT_APPS_PRIVILEGED := $(target_out_app_base)/priv-app
|
||||
TARGET_OUT_KEYLAYOUT := $(TARGET_OUT)/usr/keylayout
|
||||
TARGET_OUT_KEYCHARS := $(TARGET_OUT)/usr/keychars
|
||||
TARGET_OUT_ETC := $(TARGET_OUT)/etc
|
||||
|
|
@ -445,7 +453,13 @@ TARGET_OUT_NOTICE_FILES := $(TARGET_OUT_INTERMEDIATES)/NOTICE_FILES
|
|||
TARGET_OUT_FAKE := $(PRODUCT_OUT)/fake_packages
|
||||
TARGET_OUT_TESTCASES := $(PRODUCT_OUT)/testcases
|
||||
|
||||
ifeq ($(SANITIZE_LITE),true)
|
||||
# When using SANITIZE_LITE, APKs must not be packaged with sanitized libraries, as they will not
|
||||
# work with unsanitized app_process. For simplicity, generate APKs into /data/asan/.
|
||||
TARGET_OUT_SYSTEM_OTHER := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_ASAN)/$(TARGET_COPY_OUT_SYSTEM_OTHER)
|
||||
else
|
||||
TARGET_OUT_SYSTEM_OTHER := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_SYSTEM_OTHER)
|
||||
endif
|
||||
|
||||
# Out for TARGET_2ND_ARCH
|
||||
TARGET_2ND_ARCH_VAR_PREFIX := $(HOST_2ND_ARCH_VAR_PREFIX)
|
||||
|
|
@ -514,8 +528,16 @@ TARGET_OUT_CACHE := $(PRODUCT_OUT)/cache
|
|||
TARGET_OUT_VENDOR := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_VENDOR)
|
||||
ifneq ($(filter address,$(SANITIZE_TARGET)),)
|
||||
target_out_vendor_shared_libraries_base := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_ASAN)/vendor
|
||||
ifeq ($(SANITIZE_LITE),true)
|
||||
# When using SANITIZE_LITE, APKs must not be packaged with sanitized libraries, as they will not
|
||||
# work with unsanitized app_process. For simplicity, generate APKs into /data/asan/.
|
||||
target_out_vendor_app_base := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_ASAN)/vendor
|
||||
else
|
||||
target_out_vendor_app_base := $(TARGET_OUT_VENDOR)
|
||||
endif
|
||||
else
|
||||
target_out_vendor_shared_libraries_base := $(TARGET_OUT_VENDOR)
|
||||
target_out_vendor_app_base := $(TARGET_OUT_VENDOR)
|
||||
endif
|
||||
|
||||
TARGET_OUT_VENDOR_EXECUTABLES := $(TARGET_OUT_VENDOR)/bin
|
||||
|
|
@ -527,8 +549,8 @@ TARGET_OUT_VENDOR_SHARED_LIBRARIES := $(target_out_vendor_shared_libraries_base)
|
|||
endif
|
||||
TARGET_OUT_VENDOR_RENDERSCRIPT_BITCODE := $(TARGET_OUT_VENDOR_SHARED_LIBRARIES)
|
||||
TARGET_OUT_VENDOR_JAVA_LIBRARIES := $(TARGET_OUT_VENDOR)/framework
|
||||
TARGET_OUT_VENDOR_APPS := $(TARGET_OUT_VENDOR)/app
|
||||
TARGET_OUT_VENDOR_APPS_PRIVILEGED := $(TARGET_OUT_VENDOR)/priv-app
|
||||
TARGET_OUT_VENDOR_APPS := $(target_out_vendor_app_base)/app
|
||||
TARGET_OUT_VENDOR_APPS_PRIVILEGED := $(target_out_vendor_app_base)/priv-app
|
||||
TARGET_OUT_VENDOR_ETC := $(TARGET_OUT_VENDOR)/etc
|
||||
|
||||
$(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_EXECUTABLES := $(TARGET_OUT_VENDOR_EXECUTABLES)
|
||||
|
|
|
|||
Loading…
Reference in New Issue