Add additional compile and runtime buffer overflow detection to
Android. As of today, Android supports additional buffer overflow
detection for the following libc functions:
* memcpy
* memmove
* strcpy
* strcat
* strncpy
* strncat
Support for additional functions will be added to bionic libc in
future code changes.
Please see
* http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
* http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
for information on these features.
Change-Id: I1a281a4bac20009f4730dd8d8b798fa107576230
Change TARGET_ARCH_VARIANT from x86-atom to x86, for the reason
that atom-specific instruciton like "movbe" isn't "generic" to
x86 Android devices and x86 host running emulator-x86, which may
crash non-atom host in VT because "movbe" isn't supported natively.
Also revert previous fix in TARGET_linux-x86.mk which conservatively
disable "movbe" across the board
Change-Id: Ief93a3585566ffae558fcdc29741e6213a048d7d
Intruction "movbe" (move data after swapping bytes) is only available in
Intel atom. Disable it for more general x86 devices and x86 hosts which
run emulator-x86. Although emulator-x86 can support "movbe", most of
the time we want to run emulator-x86 with VT support for speed (with KVM
in Linux, or HAXM in Windows/MacOSX). The presence of "movbe" can crash
emulator-x86 in VT because non-atom host doesn't have it natively.
Change-Id: I86e037900ddcb8d544f92b8d8464c8627347e560
Added Mountain Lion to the list of versions which don't need ranlib
and don't need the pre-Lion linker flags
Change-Id: I0c785f0c66e324af9a209520c5a5b3c9bf7df0d5
Signed-off-by: Al Sutton <al@funkyandroid.com>
For Mac build, force_load the LOCAL_WHOLE_STATIC_LIBRARIES.
Mac has its custom linker. However, its linking rule for generating
shared libraries doesn’t take the LOCAL_WHOLE_STATIC_LIBRARIES
into consideration.
Change-Id: Ia6858bf6e2ebb334db8f3d0bdc71d7ecc0ef11c1
The cc and c++ compilers included in Apple's command line tools show some
unusual behaviour which causes the build to fail in several projects under
Xcode 4.3
This patch uses the gnu compatibility gcc and g++ compilers on OS X instead
to reduce problems, and generates an error when an llvm based compiler is
detected because they currently do not generate usable emulator executables
due to them not honouring global register variables.
Change-Id: I506c22dad3dcbd41df3c7672802a675d3655e262
Signed-off-by: Al Sutton <al@funkyandroid.com>
Enable relro / bind_now when compiling Android applications.
This marks certain regions of memory as read-only after linking,
making memory corruption security vulnerabilities are harder
to exploit.
See:
* http://www.akkadia.org/drepper/nonselsec.pdf (section 6)
* http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html
Stop using the custom linker script, which inhibits
relro / bind_now support.
Change-Id: Ie97ccdd2845886bbc2ba2fdd47eed0ff4b29b60b
Enable relro / bind_now when compiling Android applications.
This marks certain regions of memory as read-only after linking,
making memory corruption security vulnerabilities are harder
to exploit.
See:
* http://www.akkadia.org/drepper/nonselsec.pdf (section 6)
* http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html
Stop using the custom linker script, which inhibits
relro / bind_now support.
Change-Id: Iaebfbbb492299004f9da92b649985b6cd67d8c97
By default we build tool in 32-bit. This flag allow individual tool and its
dependencies to be built in 64-bit (eg. Emulator). Fixes to resolve 64-bit
porting issues (in other git) will be submitted seperately.
Change-Id: I486cf7ddac727d3c374ed890857d497c3a69e598
Everything that is based on ARMv7a should have a cp15 TLS register.
Enable it by default so it's not accidentally missed in newer board
configurations. In fact, this could be enabled for ARMv6 as well, but we
currently don't distinguish between ARMv5 and ARMv6 in the build system.
This can still be disabled by setting it to "false" in the board
configuration, but this shouldn't ever be needed.
Change-Id: Ic2918f32899c8bcfa482f92c98f5a192fa318470
With "-Wl,-rpath,@loader_path/../lib" the linker embeds
@loader_path/../lib as the target binary's rpath.
Here @loader_path means the path of the binary that initiates the
loading.
With "-install_name @rpath/libfoo.dylib " the linker runtime searches
libfoo.dylib in the binary's embeded rpath.
With this change you can call dlopen() without specifying the full path
of the shared library.
Change-Id: If9beb3f6f4642a377bff603bab5ba3fdb96211bf
Before this change, path of the install name is relative to the top dir.
That means you can execute dynamically-linked binaries only in the top dir.
With this change, you can execute dynamically-linked binaries anywhere.
Change-Id: I1c6441579ffb68505ea678296aceb2e66a6df1be
So we can have the same set of module names in different host arch
/ toolchain version combinations.
Change-Id: Iec66584bf3de92aedd71a59f9dbe74b6ed025b2e
This is the result of a recent conversation around the x86 ABI
and its relationship with how we build platform images. Briefly:
- We want to use feature-based macros like ARCH_X86_HAVE_$FEATURE
instead of relying on explicit compiler macros like -DUSE_$FEATURE
- We want to allow for other x86-based arch variants, e.g. if
someone wants to build Android for a CPU that doesn't support
the NDK x86 ABI. However, we need to ensure these are not
tagged compatible by mistake (see check at the end of TARGET_linux-x86.mk)
- There are several flags which use is dubious now that we have
a dedicated toolchain to build all the x86 stuff. Comment them
as 'to be considered for removal'. We'll do the proper checks
later.
Change-Id: I7768d7c34d73e274cbf4c09ae831b55280d6bb58
While building Android with latest host gcc, it causes the following
build error:
Install: out/host/linux-x86/bin/mkbootimg
host C++: obbtool <= frameworks/base/tools/obbtool/Main.cpp
<command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
<built-in>:0:0: note: this is the location of the previous definition
cc1plus: all warnings being treated as errors
In order to make build system happy, this patch does unset macro
_FORTIFY_SOURCE and then define it in host cflags.
Change-Id: Ic37a90f05081a2c3650b3335bc87e9e895900fb2
Compile all x86 programs on Android with -fPIE and -pie. This enables
PIE (Position Independent Executables), which helps protect Android
applications from exploitation due to memory management bugs.
Note 1: PIE *static* executables are not supported at this time and
require additional linker changes.
Note 2: This change compliments 026a85b129,
which was the exact same change, except for ARM.
Testing: Rebuilt the tree completely from scratch, and verified
that the system boots and basic functionality works in the emulator.
Change-Id: I990064c37da3d857e663b27f31fee05f689a2824
Compile all programs on Android with -fPIE and -pie. This enables
PIE (Position Independent Executables), which helps protect Android
applications from exploitation due to memory management bugs.
Stop using the armelf.x linker script. This script hard codes the
load address of the executable, defeating the position independence
PIE requires.
Note: PIE *static* executables are not supported at this time and
require additional linker changes.
Bug: 5323301
Change-Id: Ieafcc9c4f142495847e163881889d371a59d0878
While building Android with latest host gcc, it causes the following
build error:
Install: out/host/linux-x86/bin/mkbootimg
host C++: obbtool <= frameworks/base/tools/obbtool/Main.cpp
<command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
<built-in>:0:0: note: this is the location of the previous definition
cc1plus: all warnings being treated as errors
In order to make build system happy, this patch does unset macro
_FORTIFY_SOURCE and then define it in host cflags.
Change-Id: Ic37a90f05081a2c3650b3335bc87e9e895900fb2
We used to do that unconditionally but that caused lots of spurious
warnings in gcc-4.4.x about an unrecognized gcc option.
Change-Id: Idb5118b069871859e07a7efa04914ab6ed0b1372
This is used by debug tools to find symbols for the stripped binary.
Adds ~70 bytes to each DSO, ~25000 bytes total, which is about 0.01% of the
system image.
This change only affects -eng and -userdebug builds, and does not affect -user.
Change-Id: I0c92a9e09fbc97184dea66813923568cbcc2a3fe
"lunch sdk-eng" on cygwin tries to use a gcc.exe from the
prebuild arm toolchain, but it doesn't exist. This prevents
from setting variables to point on a gcc toolchain if there
is none for the given arch.
Change-Id: I3b72220663687f9fdaacc050899aef00632f2c3c
Review and clean-up of both compiler and linker flags
to ensure proper usage and consistency for images, toolchain,
SDK, and NDK.
Change-Id: Ife75c32cd49b32345712dee28fa5f2283069a90e
Signed-off-by: Mark D Horn <mark.d.horn@intel.com>
Author: Bruce Beare <bruce.j.beare@intel.com>
Set LOCAL_GROUP_STATIC_LIBRARIES := true to group the static libraries,
in case we need gcc flags "-Wl,--start-group" and "-Wl,--end-group" to
fix circular references.
Change-Id: I03c4901670112fcdd2bb0fe660b6924e5776fcf8
Option --strip-all will remove the static symbol section in addition to debug
symbols. We do not need the static symbol table in libraries installed on the
target.
Change-Id: I7a52d22f5b45aa727f31bfd9af796b289528caef
Signed-off-by: Iliyan Malchev <malchev@google.com>
This patch allows the Window sdk build (lunch sdk-eng; make win_sdk)
to work properly when USE_CCACHE is defined in the environment.
There is no Windows ccache prebuilt, but since we're cross-compiling
from Linux, detect it and use the linux prebuilt binary instead.
Note: Depends on https://review.source.android.com//#change,21755
for a complete solution to the problem.
Change-Id: I0b1b59efae86ee7114225258c9ecf9f257913347
This patch removes support for prelinking from the build system. By now, the
prelinker has outlived its usefulness for several reasons. Firstly, the
speedup that it afforded in the early days of Android is now nullified by the
speed of hardware, as well as by the presence of Zygote. Secondly, the space
savings that come with prelinking (measued at 17MB on a recent honeycomb
stingray build) are no longer important either. Thirdly, prelinking reduces
the effectiveness of Address-Space-Layout Randomization. Finally, since it is
not part of the gcc suite, the prelinker needs to be maintained separately.
The patch deletes apriori, soslim, lsd, isprelinked, and iself from the source
tree. It also removes the prelink map.
LOCAL_PRELINK_MODULE becomes a no-op. Individual Android.mk will get cleaned
separately. Support for prelinking will have to be removed from the recovery
code and from the dynamic loader as well.
Change-Id: I5839c9c25f7772d5183eedfe20ab924f2a7cd411
Added LOCAL_NO_CRT to enable building executables that do not link
to the C runtime library.
Removed support for LOCAL_MODULE_SUBDIR since it was broken
and unused. (Was going to use it but ended up using LOCAL_MODULE_PATH
instead.)
Change-Id: Ifed4ffe17003d90370c711ea6606e2b75e841dee
Added LOCAL_NO_CRT to enable building executables that do not link
to the C runtime library.
Removed support for LOCAL_MODULE_SUBDIR since it was broken
and unused. (Was going to use it but ended up using LOCAL_MODULE_PATH
instead.)
Change-Id: I3b6f5ab7e5ae6aaa7119899adccece2b4ab1cbb3
This is needed in order to build Linux SDK binaries that can run
properly on Ubuntu 8.04 (Hardy). By default, the host toolchain
on 10.04 (Lucid) generates machine code that won't run on Hardy
due to GLibc ABI mistmatches.
Note that nothing happens if the new toolchain is not in the
prebuilt tree.
Change-Id: I914f5a303f16b6871759ce5a7178585ed3060870
The purpose of removing global inline options is to give
compiler the opportunity to do inline optimizations and inline
tunings for Android native codes.
By removing these global inline options now, the size of
almost all native libraries are reduced. And there is no
noticable performance degradation on webkit, gcstone and
skia benchmarks.
Change-Id: I31e71f51e4f29fa6286fddb89e9eab227581c7b3
This is needed in order to build Linux SDK binaries that can run
properly on Ubuntu 8.04 (Hardy). By default, the host toolchain
on 10.04 (Lucid) generates machine code that won't run on Hardy
due to GLibc ABI mistmatches.
Note that nothing happens if the new toolchain is not in the
prebuilt tree.
Change-Id: I45c1f68e37e15a0032f885df1c5c0f297b3d8642
Merge commit '83f69eb5f905d47581bed141b7f5103362390339' into gingerbread-plus-aosp
* commit '83f69eb5f905d47581bed141b7f5103362390339':
Prepend ccache to CC/CXX if necessary.
In case TARGET_CC is assigned with HOST_CC (eg, simulator build),
ccache will be prepended twice before this CL.
Bug: 3069576
Change-Id: I2ee44faea3a2795cf389ad6f80e4066a02b43be9
Merge commit '2e1347c6a010c51c9ec80fd312465c1c23666ab2'
* commit '2e1347c6a010c51c9ec80fd312465c1c23666ab2':
Disable new longjmp in glibc 2.11 and later.
Merge commit 'fb644881b6083aa0d9d15e7aad8bfa5a429b1c37' into gingerbread-plus-aosp
* commit 'fb644881b6083aa0d9d15e7aad8bfa5a429b1c37':
Disable new longjmp in glibc 2.11 and later.
Merge commit 'f3a142b8d5b4db7299b706653f4fd2952f4e5d8c'
* commit 'f3a142b8d5b4db7299b706653f4fd2952f4e5d8c':
Link against Mac OSX 10.5 SDK if building on 10.6.
Merge commit '7eaa4dc2fbc3d7b3d8a0a2576a6fc14507e176a8' into gingerbread-plus-aosp
* commit '7eaa4dc2fbc3d7b3d8a0a2576a6fc14507e176a8':
Link against Mac OSX 10.5 SDK if building on 10.6.
androideabi target is already in upstream GCC. The arm-linux-
androideabi toolchain can be built directly from upstream GCC.
Switching from old special tailored arm-eabi toolchain to the new
arm-linux-androideabi toolchain make us closer to the opensource
community and friendly to all toolchain developers.
kernel still uses arm-eabi toolchain. So we add arm-eabi toolchain
path to PATH.
The arm-linux-androideabi-4.4.x toolchain is built with the same
source as the latest arm-eabi-4.4.3 toolchain except for the
target change patches.
Change-Id: I1e5f2fe2faeee08f913f37e0ba93e84d2654a8ff
between libc, libc_nomalloc and libgcc. When building with upcoming
arm-linux-androideabi toolchain, Symbol raise is needed by libgcc.a
and defined by libc.a or libc_nomalloc.a.which.
This patch groups libgc.a, libc_nomalloc.a and libgcc.a together, which is
a minimal group to solve this problem.
Change-Id: I27ed78c495dc53c1db7b302da8704f5e478ad893
Merge commit '4a1addef83d6458ba41b498648a36046a27a01b8'
* commit '4a1addef83d6458ba41b498648a36046a27a01b8':
Keep the crt start/end var name of sh consistent with other archs
Merge commit '90b1d3dcfece8eef53277cbcf0326deda9f16f09' into gingerbread-plus-aosp
* commit '90b1d3dcfece8eef53277cbcf0326deda9f16f09':
Keep the crt start/end var name of sh consistent with other archs
Merge commit 'b6a1c1802961f40fe4736e80402f849968cd2563' into gingerbread
* commit 'b6a1c1802961f40fe4736e80402f849968cd2563':
Keep the crt start/end var name of sh consistent with other archs
Merge commit '90cf34c72e204eb1d23f43d1fccbf2076e8ff67b'
* commit '90cf34c72e204eb1d23f43d1fccbf2076e8ff67b':
Support to build native libraries with prebuilt NDK
Merge commit 'f0f60cdd8f4f74b2480774887606afdebec8d891' into gingerbread-plus-aosp
* commit 'f0f60cdd8f4f74b2480774887606afdebec8d891':
Support to build native libraries with prebuilt NDK
Merge commit '87f500004acc7b68745bd939a473dd92e77b5c9c'
* commit '87f500004acc7b68745bd939a473dd92e77b5c9c':
Define __ANDROID__ for x86 to be on par with ARM build requirements
Merge commit '0fd96df49ccecbf3628c95dabf3b94dfc27323e5'
* commit '0fd96df49ccecbf3628c95dabf3b94dfc27323e5':
Refactor Stripper. Allow a stripper other than SOSLIM to be specified
Merge commit '5cd0870e6215ab8c2be01a8e7b36600db323b77a'
* commit '5cd0870e6215ab8c2be01a8e7b36600db323b77a':
Enable shared libraries to use crtbegin_so.S and crtend_so.S
This is necessary to ensure that dlclose() will properly call C++
destructors for the static objects within the shared library.
Change-Id: Ieb056042f9cda7ab120eb770b21f365cd6d64a66
gcc-4.4.3 toolchain is based on fsf GCC-4.4.3 with numerous patches.
It reduces 3.65% code size than the prebuilt gcc-4.4.0 toolchain,
and improves 3.4% performance on Android benchmarks.
The toolchain uses gold as default linker. With gold, the toolchain
further reduces 1MB system image.
Change-Id: I55eb4df185f2932e71498fcc28428e4d1b175393
Merge commit 'b6bee6f17187a9eb3645e9519cca4a126d9aca21'
* commit 'b6bee6f17187a9eb3645e9519cca4a126d9aca21':
Remove irritating warnings about 'va_list' mangling when building C++ sources.
Security hardening: don't allow code to compile which
uses format strings in an inappropriate way. Make format
string compiler warnings into errors.
Change-Id: I1461dad589a2416420fd84ccf765983e859eea8a
Add -Wa,--noexecstack and -Wl,-z,noexecstack as default
flags when compiling applications. This enables NX
protections, which prevent code from executing on the
stack or heap. NX protections can block a large number
of buffer overflow attacks, and is an important security
feature.
Change-Id: Iad4bab9f8664584ba6ce832a5318d07680d7a908
A package can define a LOCAL_LDFLAGS. If a LOCAL_LDFLAGS
exists, it should come after the global LDFLAGS, to allow
the local flags to override the global flags.
Change-Id: I6e44c17949c1f11c808d0ed3f327d63fb51a1468
This adds "-lpthread" to TARGET_GLOBAL_LDFLAGS when TARGET_SIMULATOR
is true. This is much easier than inserting it into individual
makefiles as needed. Has no effect on other builds.
Should fix the sim-eng build breakage in libcameraservice.
Change-Id: I4dcd7d54b93d1be1622b8ce78a1662d28ca9f9f2
This detail got lost in my previous cleanup change 9b4a812.
Also add a comment explaining why the host side of the
simulator needs to be built in 64-bit (wxWidgets).
Change-Id: I2a867f7f80b43d53e73348b19f6ae834600295f9
The only OS-ARCH combo that would have benefited from it
is linux-x86, but it explicitly used separate configurations
for the HOST_ and TARGET_ side of things.
This makes is clear which files are related to the HOST_
configuration and which ones are related to the TARGET_
configuration, and expands $(combo_target) to the only
possible/reasonable value that it could have had in every
file.
This also cleans up the simulator, by moving it in a single
place in TARGET_linux_x86 (since the only part that's special
is to use HOST_ settings even when building TARGET_ modules).
Change-Id: I2420eeb8cfe539f5807ec99cb3177ffb9f2476d5
The "set default variant to armv5te if none defined" in the ARM config
was applying to all architectures, but as it turns out only ARM builds
actually cared. When I made a copy of the "set default" code to the x86
config, one or the other would win for builds that didn't specify a
variant. Turns out x86 won, so sim and voles worked, but opal didn't.
Merge commit 'ebed06a259eb1c00112a4e3a9d6d721700bbaedb'
* commit 'ebed06a259eb1c00112a4e3a9d6d721700bbaedb':
remove reference to SK_RELEASE, since that is automatically set based on NDEBUG (or its absence)
Merge commit '65a731b737bd6e8afa0b18176064dcc130dbb4ce' into eclair-mr2-plus-aosp
* commit '65a731b737bd6e8afa0b18176064dcc130dbb4ce':
remove reference to SK_RELEASE, since that is automatically set based on NDEBUG (or its absence)
The build servers have GNU coreutils 5.93, where stat does not output
a newline. Ubuntu hardy has GNU coreutils 6.10, where it does.
Lacking a newline messes up the summing of the sizes. Fix
get-file-size to remove the newline if present, and make the total
calculation in assert-max-file-size more robust.
Also, if the image was too big, it was not actually making the build
fail (because /bin/false was not the last thing called). Fix that so
it does.
This allows TARGET_ARCH_VARIANT to be set by the vendor before we choose the
architecture in core/combo/select.mk.
Also add a primitive armv7-a.mk for turning on hardware floating point.
This is currently a copy & paste of the armv5te parameters. I don't
know if there's a better way to encode this, or to what extent we will
need to specialize it vs. armv5te in a future build (e.g. to enable fp
instruction use in code gen).
Currently the only effect is to select the VFP-enabled mterp sources in
Dalvik.
armv4 was only implemented on StrongArm and Arm8 (See http://en.wikipedia.org/wiki/ARM_architecture)
and will be more difficult to support since it does not support the bx instruction.
armv4t on the other hand is used in a wide range of cpu:s.
armv4 is also not supported by bionic or dalvik, but armv4t is.
Thumb-mode is not yet enabled since there are some unresolved abi-issues.
architecture versions other than ARMv5TE.
The general approach is to provide TARGET_ARCH_VERSION, to complement
TARGET_ARCH. This defaults to the current armv5te. The variable
values should match the architectures as defined by gcc.
There is a block of defines for each supported architecture version
(currently ARMv5TE and ARMv4). Each block defines a set of features
using ARCH_ARM_HAVE_<x> variables. It also specifies a set of c
preprocessor defines to pass to the compiler. Finally it defines a
default CPU. (As for architecture versions, the default CPU should
match a CPU that gcc knows about.)
Support is added for architectures that do not support THUMB. Specifically
we change the 'thumb compile' target to simply compile as ARM code
instead, and we change the interworking flag passed to the compiler.
Finally, we ensure that the system/core/include/arch/linux-arm directory
is added to the default include path, which allows the use of asm/macros.h
header file described in review #1626. The way in which this done is
considerably unclean/hacky, if someone can suggest a better way please
let me know.