diff options
| author | Nick Kralevich <nnk@google.com> | 2015-04-25 05:15:48 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-04-25 05:15:48 +0000 |
| commit | b126ae9e3a0b192ee49d6eed64cf71d25f51c698 (patch) | |
| tree | 892b69d45d3d294af3bae140f16efbc70104c4c5 /core/combo | |
| parent | 0be46e11a60c486a8851c878e34587bb59e21d7d (diff) | |
| parent | c98d6b35ba7e9381089b1b7c8b47f384e5772a4f (diff) | |
| download | build-b126ae9e3a0b192ee49d6eed64cf71d25f51c698.zip build-b126ae9e3a0b192ee49d6eed64cf71d25f51c698.tar.gz build-b126ae9e3a0b192ee49d6eed64cf71d25f51c698.tar.bz2 | |
am c98d6b35: am 6612d4a0: am edc3371a: am f3a6b07b: Merge "host compiler: enable compiler hardening flags"
* commit 'c98d6b35ba7e9381089b1b7c8b47f384e5772a4f':
host compiler: enable compiler hardening flags
Diffstat (limited to 'core/combo')
| -rw-r--r-- | core/combo/HOST_linux-x86.mk | 6 | ||||
| -rw-r--r-- | core/combo/HOST_linux-x86_64.mk | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/core/combo/HOST_linux-x86.mk b/core/combo/HOST_linux-x86.mk index 5f62400..8eda6c0 100644 --- a/core/combo/HOST_linux-x86.mk +++ b/core/combo/HOST_linux-x86.mk @@ -29,7 +29,7 @@ $(combo_2nd_arch_prefix)HOST_TOOLCHAIN_FOR_CLANG := prebuilts/gcc/linux-x86/host # We expect SSE3 floating point math. $(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -msse3 -mfpmath=sse -m32 -Wa,--noexecstack -march=prescott -$(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack +$(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now ifneq ($(strip $(BUILD_HOST_static)),) # Statically-linked binaries are desirable for sandboxed environment @@ -40,8 +40,8 @@ $(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -fPIC \ -no-canonical-prefixes \ -include $(call select-android-config-h,linux-x86) -# Disable new longjmp in glibc 2.11 and later. See bug 2967937. Same for 2.15? -$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 +# TODO: Set _FORTIFY_SOURCE=2. Bug 20558757. +$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fstack-protector # Workaround differences in inttypes.h between host and target. # See bug 12708004. diff --git a/core/combo/HOST_linux-x86_64.mk b/core/combo/HOST_linux-x86_64.mk index 3685712..e268e41 100644 --- a/core/combo/HOST_linux-x86_64.mk +++ b/core/combo/HOST_linux-x86_64.mk @@ -28,7 +28,7 @@ HOST_AR := $(HOST_TOOLCHAIN_PREFIX)ar HOST_TOOLCHAIN_FOR_CLANG := prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.15-4.8/ HOST_GLOBAL_CFLAGS += -m64 -Wa,--noexecstack -HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack +HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now ifneq ($(strip $(BUILD_HOST_static)),) # Statically-linked binaries are desirable for sandboxed environment @@ -40,8 +40,8 @@ HOST_GLOBAL_CFLAGS += -fPIC \ -no-canonical-prefixes \ -include $(call select-android-config-h,linux-x86) -# Disable new longjmp in glibc 2.11 and later. See bug 2967937. Same for 2.15? -HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 +# TODO: Set _FORTIFY_SOURCE=2. Bug 20558757. +HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fstack-protector # Workaround differences in inttypes.h between host and target. # See bug 12708004. |