From: Nick Kralevich <nnk@google.com>
Date: Wed, 9 May 2012 21:49:04 +0000 (-0700)
Subject: x86: compile everything with relro / bind_now
X-Git-Tag: android-x86-4.4-r1~1079^2~4
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=ecb1a565;p=android-x86%2Fbuild.git

x86: compile everything with relro / bind_now

Enable relro / bind_now when compiling Android applications.
This marks certain regions of memory as read-only after linking,
making memory corruption security vulnerabilities are harder
to exploit.

See:
 * http://www.akkadia.org/drepper/nonselsec.pdf (section 6)
 * http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html

relro support has been enabled for ARM since 233d460f21d372f964f8078b8b0d5fd17af7c6b6.
This change enables it for x86.

Change-Id: Ib90704f2fecffcfdc3587607112804faa0e16385
---

diff --git a/core/combo/TARGET_linux-x86.mk b/core/combo/TARGET_linux-x86.mk
index 9e1d4bd78..dc4afb87a 100644
--- a/core/combo/TARGET_linux-x86.mk
+++ b/core/combo/TARGET_linux-x86.mk
@@ -139,6 +139,7 @@ TARGET_GLOBAL_CFLAGS += -D__ANDROID__
 TARGET_GLOBAL_LDFLAGS += -m32
 
 TARGET_GLOBAL_LDFLAGS += -Wl,-z,noexecstack
+TARGET_GLOBAL_LDFLAGS += -Wl,-z,relro -Wl,-z,now
 TARGET_GLOBAL_LDFLAGS += -Wl,--gc-sections
 
 TARGET_C_INCLUDES := \