Use GrapheneOS' hardened memory allocator

+ 16.0: some other misc hardening patches from GrapheneOS - always restrict access to Build.SERIAL - don't grant location permission to system browsers - fbe: pad filenames more + 16.0: Contacts: remove Privacy Policy and Terms of Service links
2025-09-18 11:44:51 -04:00 · 2019-04-04 00:31:47 -04:00 · 2019-04-04 00:31:47 -04:00 · 25cc717ec2
commit 25cc717ec2
parent 60cf364f19
17 changed files with 713 additions and 0 deletions
--- a/Patches/LineageOS-15.1/android_bionic/0001-HM-Use_HM.patch
+++ b/Patches/LineageOS-15.1/android_bionic/0001-HM-Use_HM.patch
@ -0,0 +1,126 @@
+From 2fbd005f1c87938133f94b574b96caa5dbd8f3fd Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 5 Dec 2018 01:51:56 -0500
+Subject: [PATCH] add hardened_malloc library
+
+---
+ libc/Android.bp               | 45 ++++++++++++++++++++++++++++-------
+ libc/bionic/malloc_common.cpp |  5 ++++
+ 2 files changed, 41 insertions(+), 9 deletions(-)
+
+diff --git a/libc/Android.bp b/libc/Android.bp
+index c339b0451..6b3066e07 100644
+--- a/libc/Android.bp
+++ b/libc/Android.bp
+@@ -48,6 +48,8 @@ libc_common_flags = [
+     "-Werror=int-to-pointer-cast",
+     "-Werror=type-limits",
+     "-Werror",
+
+    "-DH_MALLOC_PREFIX",
+ ]
+ 
+ // Define some common cflags
+@@ -61,9 +63,17 @@ cc_defaults {
+     cppflags: [],
+     include_dirs: [
+         "bionic/libc/async_safe/include",
+-        "external/jemalloc/include",
+     ],
+ 
+    multilib: {
+        lib32: {
+            include_dirs: ["external/jemalloc/include"],
+        },
+        lib64: {
+            include_dirs: ["external/hardened_malloc/"],
+        },
+    },
+
+     stl: "none",
+     system_shared_libs: [],
+     sanitize: {
+@@ -1641,11 +1651,6 @@ cc_library_static {
+     name: "libc_ndk",
+     defaults: ["libc_defaults"],
+     srcs: libc_common_src_files + ["bionic/malloc_common.cpp"],
+-    multilib: {
+-        lib32: {
+-            srcs: libc_common_src_files_32,
+-        },
+-    },
+     arch: {
+         arm: {
+             srcs: [
+@@ -1676,9 +1681,18 @@ cc_library_static {
+         "libc_syscalls",
+         "libc_tzcode",
+         "libm",
+-        "libjemalloc",
+         "libstdc++",
+     ],
+
+    multilib: {
+        lib32: {
+            srcs: libc_common_src_files_32,
+            whole_static_libs: ["libjemalloc"],
+        },
+        lib64: {
+            whole_static_libs: ["libhardened_malloc"],
+        },
+    },
+ }
+ 
+ // ========================================================
+@@ -1755,7 +1769,11 @@ cc_library_static {
+ // ========================================================
+ cc_library_static {
+     defaults: ["libc_defaults"],
+-    srcs: ["bionic/jemalloc_wrapper.cpp"],
+    multilib: {
+        lib32: {
+            srcs: ["bionic/jemalloc_wrapper.cpp"],
+        },
+    },
+     cflags: ["-fvisibility=hidden"],
+ 
+     name: "libc_malloc",
+@@ -1814,7 +1832,16 @@ cc_library {
+     // you wanted!
+ 
+     shared_libs: ["libdl"],
+-    whole_static_libs: ["libc_common", "libjemalloc"],
+    whole_static_libs: ["libc_common"],
+
+    multilib: {
+        lib32: {
+            whole_static_libs: ["libjemalloc"],
+        },
+        lib64: {
+            whole_static_libs: ["libhardened_malloc"],
+        },
+    },
+ 
+     nocrt: true,
+ 
+diff --git a/libc/bionic/malloc_common.cpp b/libc/bionic/malloc_common.cpp
+index 1f201d1ca..06f85b40d 100644
+--- a/libc/bionic/malloc_common.cpp
+++ b/libc/bionic/malloc_common.cpp
+@@ -46,8 +46,13 @@
+ #include <private/bionic_globals.h>
+ #include <private/bionic_malloc_dispatch.h>
+ 
+#ifdef __LP64__
+#include "h_malloc.h"
+#define Malloc(function)  h_ ## function
+#else
+ #include "jemalloc.h"
+ #define Malloc(function)  je_ ## function
+#endif
+ 
+ static constexpr MallocDispatch __libc_malloc_default_dispatch
+   __attribute__((unused)) = {
+-- 
+2.20.1
+