Merge "Remove options for disabling required features."
diff --git a/build/cmake/android.toolchain.cmake b/build/cmake/android.toolchain.cmake
index ce30591..ca3c717 100644
--- a/build/cmake/android.toolchain.cmake
+++ b/build/cmake/android.toolchain.cmake
@@ -32,8 +32,6 @@
# ANDROID_ALLOW_UNDEFINED_SYMBOLS
# ANDROID_ARM_MODE
# ANDROID_ARM_NEON
-# ANDROID_DISABLE_NO_EXECUTE
-# ANDROID_DISABLE_RELRO
# ANDROID_DISABLE_FORMAT_STRING_CHECKS
# ANDROID_CCACHE
@@ -160,20 +158,6 @@
set(ANDROID_ARM_MODE thumb)
endif()
endif()
-if(DEFINED ANDROID_NOEXECSTACK AND NOT DEFINED ANDROID_DISABLE_NO_EXECUTE)
- if(ANDROID_NOEXECSTACK)
- set(ANDROID_DISABLE_NO_EXECUTE FALSE)
- else()
- set(ANDROID_DISABLE_NO_EXECUTE TRUE)
- endif()
-endif()
-if(DEFINED ANDROID_RELRO AND NOT DEFINED ANDROID_DISABLE_RELRO)
- if(ANDROID_RELRO)
- set(ANDROID_DISABLE_RELRO FALSE)
- else()
- set(ANDROID_DISABLE_RELRO TRUE)
- endif()
-endif()
if(NDK_CCACHE AND NOT ANDROID_CCACHE)
set(ANDROID_CCACHE "${NDK_CCACHE}")
endif()
@@ -290,8 +274,6 @@
ANDROID_ALLOW_UNDEFINED_SYMBOLS
ANDROID_ARM_MODE
ANDROID_ARM_NEON
- ANDROID_DISABLE_NO_EXECUTE
- ANDROID_DISABLE_RELRO
ANDROID_DISABLE_FORMAT_STRING_CHECKS
ANDROID_CCACHE)
@@ -530,32 +512,16 @@
-mfpu=neon)
endif()
endif()
-if(ANDROID_DISABLE_NO_EXECUTE)
- list(APPEND ANDROID_COMPILER_FLAGS
- -Wa,--execstack)
- list(APPEND ANDROID_LINKER_FLAGS
- -Wl,-z,execstack)
-else()
- list(APPEND ANDROID_COMPILER_FLAGS
- -Wa,--noexecstack)
- list(APPEND ANDROID_LINKER_FLAGS
- -Wl,-z,noexecstack)
-endif()
-if(ANDROID_TOOLCHAIN STREQUAL clang)
- # CMake automatically forwards all compiler flags to the linker,
- # and clang doesn't like having -Wa flags being used for linking.
- # To prevent CMake from doing this would require meddling with
- # the CMAKE_<LANG>_COMPILE_OBJECT rules, which would get quite messy.
- list(APPEND ANDROID_LINKER_FLAGS
- -Qunused-arguments)
-endif()
-if(ANDROID_DISABLE_RELRO)
- list(APPEND ANDROID_LINKER_FLAGS
- -Wl,-z,norelro -Wl,-z,lazy)
-else()
- list(APPEND ANDROID_LINKER_FLAGS
- -Wl,-z,relro -Wl,-z,now)
-endif()
+
+# CMake automatically forwards all compiler flags to the linker, and clang
+# doesn't like having -Wa flags being used for linking. To prevent CMake from
+# doing this would require meddling with the CMAKE_<LANG>_COMPILE_OBJECT rules,
+# which would get quite messy.
+list(APPEND ANDROID_LINKER_FLAGS -Qunused-arguments)
+
+list(APPEND ANDROID_COMPILER_FLAGS -Wa,--noexecstack)
+list(APPEND ANDROID_LINKER_FLAGS -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now)
+
if(ANDROID_DISABLE_FORMAT_STRING_CHECKS)
list(APPEND ANDROID_COMPILER_FLAGS
-Wno-error=format-security)
@@ -644,12 +610,8 @@
endif()
set(ANDROID_FUNCTION_LEVEL_LINKING TRUE)
set(ANDROID_GOLD_LINKER TRUE)
-if(NOT ANDROID_DISABLE_NO_EXECUTE)
- set(ANDROID_NOEXECSTACK TRUE)
-endif()
-if(NOT ANDROID_DISABLE_RELRO)
- set(ANDROID_RELRO TRUE)
-endif()
+set(ANDROID_NOEXECSTACK TRUE)
+set(ANDROID_RELRO TRUE)
if(ANDROID_ARM_MODE STREQUAL arm)
set(ANDROID_FORCE_ARM_BUILD TRUE)
endif()
diff --git a/build/core/build-binary.mk b/build/core/build-binary.mk
index 74d41f6..209c001 100644
--- a/build/core/build-binary.mk
+++ b/build/core/build-binary.mk
@@ -195,29 +195,34 @@
LOCAL_LDFLAGS += $(TARGET_NO_UNDEFINED_LDFLAGS)
endif
-# Toolchain by default disallows generated code running from the heap and stack.
-# If LOCAL_DISABLE_NO_EXECUTE is true, we allow that
+# These flags are used to enforce the NX (no execute) security feature in the
+# generated machine code. This adds a special section to the generated shared
+# libraries that instruct the Linux kernel to disable code execution from the
+# stack and the heap.
#
-ifeq ($(LOCAL_DISABLE_NO_EXECUTE),true)
- LOCAL_CFLAGS += $(TARGET_DISABLE_NO_EXECUTE_CFLAGS)
- LOCAL_LDFLAGS += $(TARGET_DISABLE_NO_EXECUTE_LDFLAGS)
-else
- LOCAL_CFLAGS += $(TARGET_NO_EXECUTE_CFLAGS)
- LOCAL_LDFLAGS += $(TARGET_NO_EXECUTE_LDFLAGS)
-endif
+# TODO: Should be a Clang default: https://github.com/android-ndk/ndk/issues/812
+LOCAL_CFLAGS += -Wa,--noexecstack
+LOCAL_LDFLAGS += -Wl,-z,noexecstack
-# Toolchain by default provides relro and GOT protections.
-# If LOCAL_DISABLE_RELRO is true, we disable the protections.
+# This flag is used to mark certain regions of the resulting executable or
+# shared library as being read-only after the dynamic linker has run. This makes
+# GOT overwrite security attacks harder to exploit.
#
-ifeq ($(LOCAL_DISABLE_RELRO),true)
- LOCAL_LDFLAGS += $(TARGET_DISABLE_RELRO_LDFLAGS)
-else
- LOCAL_LDFLAGS += $(TARGET_RELRO_LDFLAGS)
-endif
+# TODO: Should be a Clang default: https://github.com/android-ndk/ndk/issues/812
+LOCAL_LDFLAGS += -Wl,-z,relro
+
+# This flag instructs the loader to resolve relocations immediately. For Android
+# the loader always does this, but we should pass this flag in case the lazy
+# behavior is ever added.
+#
+# TODO: Should be a Clang default: https://github.com/android-ndk/ndk/issues/812
+LOCAL_LDFLAGS += -Wl,-z,now
# We enable shared text relocation warnings by default. These are not allowed in
# current versions of Android (android-21 for LP64 ABIs, android-23 for LP32
# ABIs).
+#
+# TODO: Should be a Clang default: https://github.com/android-ndk/ndk/issues/812
LOCAL_LDFLAGS += -Wl,--warn-shared-textrel
# We enable fatal linker warnings by default.
diff --git a/build/core/default-build-commands.mk b/build/core/default-build-commands.mk
index 0cb2152..c10807e 100644
--- a/build/core/default-build-commands.mk
+++ b/build/core/default-build-commands.mk
@@ -35,27 +35,6 @@
$(PRIVATE_LIBATOMIC) \
$(call host-path, $4) \
-
-# These flags are used to enforce the NX (no execute) security feature in the
-# generated machine code. This adds a special section to the generated shared
-# libraries that instruct the Linux kernel to disable code execution from
-# the stack and the heap.
-TARGET_NO_EXECUTE_CFLAGS := -Wa,--noexecstack
-TARGET_NO_EXECUTE_LDFLAGS := -Wl,-z,noexecstack
-
-# These flags disable the above security feature
-TARGET_DISABLE_NO_EXECUTE_CFLAGS := -Wa,--execstack
-TARGET_DISABLE_NO_EXECUTE_LDFLAGS := -Wl,-z,execstack
-
-# These flags are used to mark certain regions of the resulting
-# executable or shared library as being read-only after the dynamic
-# linker has run. This makes GOT overwrite security attacks harder to
-# exploit.
-TARGET_RELRO_LDFLAGS := -Wl,-z,relro -Wl,-z,now
-
-# These flags disable the above security feature
-TARGET_DISABLE_RELRO_LDFLAGS := -Wl,-z,norelro -Wl,-z,lazy
-
# This flag are used to provide compiler protection against format
# string vulnerabilities.
TARGET_FORMAT_STRING_CFLAGS := -Wformat -Werror=format-security
diff --git a/build/core/definitions.mk b/build/core/definitions.mk
index d5d2a6d..ec6c2eb 100644
--- a/build/core/definitions.mk
+++ b/build/core/definitions.mk
@@ -260,8 +260,6 @@
C_INCLUDES \
DISABLE_FATAL_LINKER_WARNINGS \
DISABLE_FORMAT_STRING_CHECKS \
- DISABLE_NO_EXECUTE \
- DISABLE_RELRO \
EXPORT_ASMFLAGS \
EXPORT_CFLAGS \
EXPORT_CONLYFLAGS \