toolchain: reject host paths

We don't want to include or link against host paths, so throw an error
rather than letting things perhaps silently compile.

Change-Id: I3908d2df6935ad81e883535311e10c363f55d302
diff --git a/toolchain/3rd-party-g++.in b/toolchain/3rd-party-g++.in
index 17d3374..7c0fa78 100644
--- a/toolchain/3rd-party-g++.in
+++ b/toolchain/3rd-party-g++.in
@@ -1,4 +1,9 @@
 #!/bin/sh
+# Reject attempts to include or link host paths.
+if echo " $* " | grep -qE '[[:space:]]-[IL][[:space:]]*(/+usr)?/+((local|X11R6)/+)?(include|lib)'; then
+  echo "$0: poisoned host path detected: $*" >&2
+  exit 1
+fi
 exec \
 	"${ANDROID_TOOLCHAIN}/@CXX@" \
 	@CXXFLAGS@ \
diff --git a/toolchain/3rd-party-gcc.in b/toolchain/3rd-party-gcc.in
index 3d797aa..3a03f13 100644
--- a/toolchain/3rd-party-gcc.in
+++ b/toolchain/3rd-party-gcc.in
@@ -1,4 +1,9 @@
 #!/bin/sh
+# Reject attempts to include or link host paths.
+if echo " $* " | grep -qE '[[:space:]]-[IL][[:space:]]*(/+usr)?/+((local|X11R6)/+)?(include|lib)'; then
+  echo "$0: poisoned host path detected: $*" >&2
+  exit 1
+fi
 exec \
 	"${ANDROID_TOOLCHAIN}/@CC@" \
 	@CFLAGS@ \