Set noexecstack for host build of libdvm

libdvm.so gets built for both 'host' and 'target'.  The
'host' version of libdvm.so was erroneously getting built
with "execstack" marked as required as evidenced by:

for file in $(find out -name libdvm.so) ; do
  echo $file
  readelf -l $file | grep STACK
done

 | out/target/product/mfld_dv10/system/lib/libdvm.so
 |   GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4
 | out/target/product/mfld_dv10/symbols/system/lib/libdvm.so
 |   GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4
 | out/target/product/mfld_dv10/obj/lib/libdvm.so
 |   GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4
 | out/target/product/mfld_dv10/obj/SHARED_LIBRARIES/libdvm_intermediates/LINKED/libdvm.so
 |   GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4
 | out/host/linux-x86/lib/libdvm.so
 |   GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
 | out/host/linux-x86/obj/lib/libdvm.so
 |   GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4

The "RWE" entries for the host versions indicate that these versions
are marked as "execstack" required.

Some of the files involved in libdvm.so are assembly files,
and by default the assembler leaves their outputs marked as
needing execstack.

When the build was done on a system with SELinux enforcing,
when dexpreopt attempted to load the libdvm.so file, the
following error occurred during the build:

 | host/linux-x86/bin/dexopt:  error while loading shared
 | libraries:  libdvm.so:  cannot enable executable stack as
 | shared object requires:  Permission denied make:  ***
 | [out/target/product/mfld_dv10/dex_bootjars/system/framework/core.odex]
 | Error 127

This change adds the "-Wa,--noexecstack" c-flags in the
'host' build of libdvm.so to make sure the shared library is
NOT marked as execstack required, thus fixing the build
error.

Background information on this topic can be found at:

http://www.crypt.gen.nz/selinux/faq.html#CP.19

Change-Id: I0e77c779d62fe59c38cc06b2d40b2856490c10e3
Original-Issue: ANDROID-1894
Original-Change-Id: I9f006958b5fbad4e069e684807879cbe69d1e2c8
Signed-off-by: Paul Drews <paul.drews@intel.com>

diff --git a/vm/Android.mk b/vm/Android.mk
index c9b510b..5a9f3aa 100644 (file)
--- a/vm/Android.mk
+++ b/vm/Android.mk
@@ -135,6 +135,7 @@ ifeq ($(WITH_HOST_DALVIK),true)
     endif
 
     LOCAL_CFLAGS += $(host_smp_flag)
+    LOCAL_CFLAGS += -Wa,--noexecstack
     # TODO: split out the asflags.
     LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
     LOCAL_MODULE_TAGS := optional