diff options
| author | Nick Kralevich <nnk@google.com> | 2015-04-25 05:04:39 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-04-25 05:04:39 +0000 |
| commit | c98d6b35ba7e9381089b1b7c8b47f384e5772a4f (patch) | |
| tree | e99c54322b3bb45433dbe5da817279f2278fc568 | |
| parent | 804219841d7f581cf78f3f68e13381b6631513a0 (diff) | |
| parent | 6612d4a0888bce32ff987e9897dede9829b5a822 (diff) | |
| download | build-c98d6b35ba7e9381089b1b7c8b47f384e5772a4f.zip build-c98d6b35ba7e9381089b1b7c8b47f384e5772a4f.tar.gz build-c98d6b35ba7e9381089b1b7c8b47f384e5772a4f.tar.bz2 | |
am 6612d4a0: am edc3371a: am f3a6b07b: Merge "host compiler: enable compiler hardening flags"
* commit '6612d4a0888bce32ff987e9897dede9829b5a822':
host compiler: enable compiler hardening flags
| -rw-r--r-- | core/combo/HOST_linux-x86.mk | 6 | ||||
| -rw-r--r-- | core/combo/HOST_linux-x86_64.mk | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/core/combo/HOST_linux-x86.mk b/core/combo/HOST_linux-x86.mk index 5f62400..8eda6c0 100644 --- a/core/combo/HOST_linux-x86.mk +++ b/core/combo/HOST_linux-x86.mk @@ -29,7 +29,7 @@ $(combo_2nd_arch_prefix)HOST_TOOLCHAIN_FOR_CLANG := prebuilts/gcc/linux-x86/host # We expect SSE3 floating point math. $(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -msse3 -mfpmath=sse -m32 -Wa,--noexecstack -march=prescott -$(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack +$(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now ifneq ($(strip $(BUILD_HOST_static)),) # Statically-linked binaries are desirable for sandboxed environment @@ -40,8 +40,8 @@ $(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -fPIC \ -no-canonical-prefixes \ -include $(call select-android-config-h,linux-x86) -# Disable new longjmp in glibc 2.11 and later. See bug 2967937. Same for 2.15? -$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 +# TODO: Set _FORTIFY_SOURCE=2. Bug 20558757. +$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fstack-protector # Workaround differences in inttypes.h between host and target. # See bug 12708004. diff --git a/core/combo/HOST_linux-x86_64.mk b/core/combo/HOST_linux-x86_64.mk index 3685712..e268e41 100644 --- a/core/combo/HOST_linux-x86_64.mk +++ b/core/combo/HOST_linux-x86_64.mk @@ -28,7 +28,7 @@ HOST_AR := $(HOST_TOOLCHAIN_PREFIX)ar HOST_TOOLCHAIN_FOR_CLANG := prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.15-4.8/ HOST_GLOBAL_CFLAGS += -m64 -Wa,--noexecstack -HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack +HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now ifneq ($(strip $(BUILD_HOST_static)),) # Statically-linked binaries are desirable for sandboxed environment @@ -40,8 +40,8 @@ HOST_GLOBAL_CFLAGS += -fPIC \ -no-canonical-prefixes \ -include $(call select-android-config-h,linux-x86) -# Disable new longjmp in glibc 2.11 and later. See bug 2967937. Same for 2.15? -HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 +# TODO: Set _FORTIFY_SOURCE=2. Bug 20558757. +HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fstack-protector # Workaround differences in inttypes.h between host and target. # See bug 12708004. |