Enable the following compiler hardening flags:
* -Wl,-z,relro
* -Wl,-z,now
* -fstack-protector
relro / bind_now make the relro region read-only after linking,
preventing certain attacks against ELF data structures.
stack-protector adds stack canaries, which can detect exploits
which overwrite parts of the stack.
Explicitly not added in this change is FORTIFY_SOURCE=2. Adding that
option turns on glibc's warn_unused_result attributes. This generates
a huge number of new compile time warnings, and for the multiple
makefiles which have -Werror in them, turns those warnings into errors.
I'm not able to fix all the errors right away.
Bug: 20558757
Change-Id: I86791177c6695f5325233d9dd9a5dd3ccc2b1a2f
This patch ensures the build system uses the prebuilt gcc-4.8 toolchain
when building host Linux binaries, instead of the gcc-4.6 one.
Change-Id: I7b449650714ba4314a780827e0243f2af40ec82c
Set up TARGET_IS_64_BIT and HOST_IS_64_BIT early so we don't need 2
mechanisms to judge if it's 64-bit build;
Remove the unnecessary 32-bit host variables.
Change-Id: I08d6d4d9ea70f91135fe2ee05463fb9a0d1cee42
This change basically ported our target multilib to the host side.
It supports 2 host build modes: x86 and x86_64 multilib build.
For now you need to set "BUILD_HOST_64bit=true" to switch to x86_64
multilib build. Later we'll default to x86_64 build and have a flag
to force 32-bit only build, which may be needed by SDK build.
In host module definition, like in target ones, you can use the
following
LOCAL variables to set up multilib configuration:
LOCAL_MULTILIB: can be "both", "first", "32" or "64".
It also supports the same set of arch or 32-vs-64 specific LOCAL
variables.
By default, it builds only for the first arch.
To keep path compatibility, in x86_64 build files are still output to
out/host/linux-x86; Both 32-bit and 64-bit executables are in
out/host/linux-86/bin;
In x86_64 build 32-bit shared libraries are installed to
out/host/linux-x86/lib32
and 64-bit shared libraries are installed to out/host/linux-x86/lib;
32-bit object files are output to out/host/linux-x86/obj32 and 64-bit
object files
are output to out/host/linux-x86/obj.
Bug: 13751317
Change-Id: I6044f83b7db369a33e05209e8c588eb6dc83409f
Elliott Hughes
Nick Kralevich
Chih-Hung Hsieh
David 'Digit' Turner
Ying Wang