x86: compile everything with relro / bind_now

Enable relro / bind_now when compiling Android applications.
This marks certain regions of memory as read-only after linking,
making memory corruption security vulnerabilities are harder
to exploit.

See:
 * http://www.akkadia.org/drepper/nonselsec.pdf (section 6)
 * http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html

relro support has been enabled for ARM since 233d460f21d372f964f8078b8b0d5fd17af7c6b6.
This change enables it for x86.

Change-Id: Ib90704f2fecffcfdc3587607112804faa0e16385

diff --git a/core/combo/TARGET_linux-x86.mk b/core/combo/TARGET_linux-x86.mk
index 9e1d4bd..dc4afb8 100644 (file)
--- a/core/combo/TARGET_linux-x86.mk
+++ b/core/combo/TARGET_linux-x86.mk
@@ -139,6 +139,7 @@ TARGET_GLOBAL_CFLAGS += -D__ANDROID__
 TARGET_GLOBAL_LDFLAGS += -m32
 
 TARGET_GLOBAL_LDFLAGS += -Wl,-z,noexecstack
+TARGET_GLOBAL_LDFLAGS += -Wl,-z,relro -Wl,-z,now
 TARGET_GLOBAL_LDFLAGS += -Wl,--gc-sections
 
 TARGET_C_INCLUDES := \