diff options
author | Mike Frysinger <vapier@google.com> | 2016-02-02 14:29:30 -0500 |
---|---|---|
committer | Mike Frysinger <vapier@google.com> | 2016-02-02 14:29:30 -0500 |
commit | 746c7df47e10abad4bd1cb7f9e5bc694de2d34de (patch) | |
tree | 4725c9988e3f9e61ed1bca568fcfc7e36fabe601 | |
parent | f20e8cc6f1625b0196c0dac2dc3924cb14977ec6 (diff) | |
download | integration-746c7df47e10abad4bd1cb7f9e5bc694de2d34de.tar.gz |
toolchain: use pie/runpath by default
Bionic will reject non-PIC/PIE code now for all programs. We need to
manually add the -fpie/-pie flags to the command line in our compiler
wrapper so we get PIE programs by default. Ideally this would be in
the compiler itself, but the Android toolchain doesn't do that, and
upstream gcc support isn't available until gcc-6.
Bionic also only accepts DT_RUNPATH tags and ignores DT_RPATH tags,
so switch over to the newer tag format so ELFs can find their libs.
BUG=b:26861037
TEST=`python2.7 -c 'print("HI")'` works
Change-Id: I3d114119cd5c0920a152e9a7c136b1cf8c47a3d6
-rw-r--r-- | toolchain/3rd-party-g++.in | 10 | ||||
-rw-r--r-- | toolchain/3rd-party-gcc.in | 10 |
2 files changed, 18 insertions, 2 deletions
diff --git a/toolchain/3rd-party-g++.in b/toolchain/3rd-party-g++.in index 7c0fa78..f308016 100644 --- a/toolchain/3rd-party-g++.in +++ b/toolchain/3rd-party-g++.in @@ -4,12 +4,20 @@ if echo " $* " | grep -qE '[[:space:]]-[IL][[:space:]]*(/+usr)?/+((local|X11R6)/ echo "$0: poisoned host path detected: $*" >&2 exit 1 fi + +# Android only supports PIEs, but they don't set the default PIE behavior in +# the compiler, so we need to manually add the flags. +case " $* " in +*" -fPIC "*|*" -fpic "*|*" -fPIE "*|*" -fpie "*|*" -shared "*|*" -static "*|*" -pie "*) ;; +*) set -- -fpie -pie "$@" +esac + exec \ "${ANDROID_TOOLCHAIN}/@CXX@" \ @CXXFLAGS@ \ @LDFLAGS@ \ --sysroot "${ANDROID_PRODUCT_OUT}/@ROOT_SUBDIR@" \ - -Wl,-rpath,/system/usr/@LIBDIR@ \ + -Wl,--enable-new-dtags,-rpath,/system/usr/@LIBDIR@ \ -Wl,-lc++ \ -frtti \ "$@" diff --git a/toolchain/3rd-party-gcc.in b/toolchain/3rd-party-gcc.in index 3a03f13..e5e3af4 100644 --- a/toolchain/3rd-party-gcc.in +++ b/toolchain/3rd-party-gcc.in @@ -4,10 +4,18 @@ if echo " $* " | grep -qE '[[:space:]]-[IL][[:space:]]*(/+usr)?/+((local|X11R6)/ echo "$0: poisoned host path detected: $*" >&2 exit 1 fi + +# Android only supports PIEs, but they don't set the default PIE behavior in +# the compiler, so we need to manually add the flags. +case " $* " in +*" -fPIC "*|*" -fpic "*|*" -fPIE "*|*" -fpie "*|*" -shared "*|*" -static "*|*" -pie "*) ;; +*) set -- -fpie -pie "$@" +esac + exec \ "${ANDROID_TOOLCHAIN}/@CC@" \ @CFLAGS@ \ @LDFLAGS@ \ --sysroot "${ANDROID_PRODUCT_OUT}/@ROOT_SUBDIR@" \ - -Wl,-rpath,/system/usr/@LIBDIR@ \ + -Wl,--enable-new-dtags,-rpath,/system/usr/@LIBDIR@ \ "$@" |