mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-18 12:24:21 -05:00
25cc717ec2
+ 16.0: some other misc hardening patches from GrapheneOS - always restrict access to Build.SERIAL - don't grant location permission to system browsers - fbe: pad filenames more + 16.0: Contacts: remove Privacy Policy and Terms of Service links
130 lines
3.4 KiB
Diff
130 lines
3.4 KiB
Diff
From f6ce62a62d47d3f8469ef6aa4749e07e644de5d0 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Micay <danielmicay@gmail.com>
|
|
Date: Wed, 5 Dec 2018 01:51:56 -0500
|
|
Subject: [PATCH] add hardened_malloc library
|
|
|
|
---
|
|
libc/Android.bp | 48 ++++++++++++++++++++++++++++-------
|
|
libc/bionic/malloc_common.cpp | 5 ++++
|
|
2 files changed, 44 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/libc/Android.bp b/libc/Android.bp
|
|
index c92acf70b..877ff7f4f 100644
|
|
--- a/libc/Android.bp
|
|
+++ b/libc/Android.bp
|
|
@@ -83,6 +83,8 @@ cc_defaults {
|
|
"-Werror=int-to-pointer-cast",
|
|
"-Werror=type-limits",
|
|
"-Werror",
|
|
+
|
|
+ "-DH_MALLOC_PREFIX",
|
|
],
|
|
// TODO: split out the asflags.
|
|
asflags: [
|
|
@@ -96,10 +98,21 @@ cc_defaults {
|
|
"-Werror=int-to-pointer-cast",
|
|
"-Werror=type-limits",
|
|
"-Werror",
|
|
+
|
|
+ "-DH_MALLOC_PREFIX",
|
|
],
|
|
conlyflags: ["-std=gnu99"],
|
|
cppflags: [],
|
|
- include_dirs: ["external/jemalloc/include"],
|
|
+ include_dirs: [],
|
|
+
|
|
+ multilib: {
|
|
+ lib32: {
|
|
+ include_dirs: ["external/jemalloc/include"],
|
|
+ },
|
|
+ lib64: {
|
|
+ include_dirs: ["external/hardened_malloc/"],
|
|
+ },
|
|
+ },
|
|
|
|
arch: {
|
|
// Clang/llvm has incompatible long double (fp128) for x86_64.
|
|
@@ -1601,11 +1614,6 @@ cc_library_static {
|
|
name: "libc_ndk",
|
|
defaults: ["libc_defaults"],
|
|
srcs: libc_common_src_files + ["bionic/malloc_common.cpp"],
|
|
- multilib: {
|
|
- lib32: {
|
|
- srcs: libc_common_src_files_32,
|
|
- },
|
|
- },
|
|
arch: {
|
|
arm: {
|
|
srcs: [
|
|
@@ -1635,8 +1643,17 @@ cc_library_static {
|
|
"libc_syscalls",
|
|
"libc_tzcode",
|
|
"libm",
|
|
- "libjemalloc",
|
|
],
|
|
+
|
|
+ multilib: {
|
|
+ lib32: {
|
|
+ srcs: libc_common_src_files_32,
|
|
+ whole_static_libs: ["libjemalloc"],
|
|
+ },
|
|
+ lib64: {
|
|
+ whole_static_libs: ["libhardened_malloc"],
|
|
+ },
|
|
+ },
|
|
}
|
|
|
|
// ========================================================
|
|
@@ -1714,7 +1731,11 @@ cc_library_static {
|
|
// ========================================================
|
|
cc_library_static {
|
|
defaults: ["libc_defaults"],
|
|
- srcs: ["bionic/jemalloc_wrapper.cpp"],
|
|
+ multilib: {
|
|
+ lib32: {
|
|
+ srcs: ["bionic/jemalloc_wrapper.cpp"],
|
|
+ },
|
|
+ },
|
|
cflags: ["-fvisibility=hidden"],
|
|
|
|
name: "libc_malloc",
|
|
@@ -1765,7 +1786,16 @@ cc_library {
|
|
// you wanted!
|
|
|
|
shared_libs: ["libdl"],
|
|
- whole_static_libs: ["libc_common", "libjemalloc"],
|
|
+ whole_static_libs: ["libc_common"],
|
|
+
|
|
+ multilib: {
|
|
+ lib32: {
|
|
+ whole_static_libs: ["libjemalloc"],
|
|
+ },
|
|
+ lib64: {
|
|
+ whole_static_libs: ["libhardened_malloc"],
|
|
+ },
|
|
+ },
|
|
|
|
// We'd really like to do this for all architectures, but since this wasn't done
|
|
// before, these symbols must continue to be exported on LP32 for binary
|
|
diff --git a/libc/bionic/malloc_common.cpp b/libc/bionic/malloc_common.cpp
|
|
index e05061917..af544f3e1 100644
|
|
--- a/libc/bionic/malloc_common.cpp
|
|
+++ b/libc/bionic/malloc_common.cpp
|
|
@@ -46,8 +46,13 @@
|
|
#include <private/bionic_globals.h>
|
|
#include <private/bionic_malloc_dispatch.h>
|
|
|
|
+#ifdef __LP64__
|
|
+#include "h_malloc.h"
|
|
+#define Malloc(function) h_ ## function
|
|
+#else
|
|
#include "jemalloc.h"
|
|
#define Malloc(function) je_ ## function
|
|
+#endif
|
|
|
|
static constexpr MallocDispatch __libc_malloc_default_dispatch
|
|
__attribute__((unused)) = {
|
|
--
|
|
2.20.1
|
|
|