diff options
| author | slan <slan@chromium.org> | 2016-01-27 14:10:23 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-01-27 22:11:34 +0000 |
| commit | 875b6f2a243ffbfb5bc3cd86f8ae97c3659c010d (patch) | |
| tree | 1eb50866f12ad8eb45e6d0a1a58b61b441d8e1a9 /build | |
| parent | d6621e42c3c3ffcc89d5c73ee1e41c42a64361b1 (diff) | |
| download | chromium_src-875b6f2a243ffbfb5bc3cd86f8ae97c3659c010d.zip chromium_src-875b6f2a243ffbfb5bc3cd86f8ae97c3659c010d.tar.gz chromium_src-875b6f2a243ffbfb5bc3cd86f8ae97c3659c010d.tar.bz2 | |
[GN][Chromecast] Add "-Wl,-rpath=\$ORIGIN" to executable and shlib defaults.
Chromecast executables depend on several shared libraries in $ORIGIN for
platform and OEM abstraction. The rpath for executables should be
updated so that these libraries can be found at runtime. This logic is
added here, instead of //build/config/gcc:executable_ldconfig, to keep
Chromecast-specific configs as concentrated as possible.
A note about security concerns: Chrome only enables this by default for
component and sanitizer builds, never shipped builds. This is to protect
users from arbitrary binaries being run in the shared lib directory.
Chromecast does not share these concerns, as it only runs trusted web
applications in practice.
BUG=516899
Review URL: https://codereview.chromium.org/1639343002
Cr-Commit-Position: refs/heads/master@{#371886}
Diffstat (limited to 'build')
| -rw-r--r-- | build/config/chromecast/BUILD.gn | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/build/config/chromecast/BUILD.gn b/build/config/chromecast/BUILD.gn index f7a1f50..4280e9c 100644 --- a/build/config/chromecast/BUILD.gn +++ b/build/config/chromecast/BUILD.gn @@ -19,7 +19,19 @@ config("static_config") { ] } +config("ldconfig") { + visibility = [ ":*" ] + + # Chromecast executables depend on several shared libraries in $ORIGIN. Add + # $ORIGIN to the rpath of these executables. This is not inherited by default + # when depending on these targets for security reasons (see comments in + # //build/config/gcc/BUILD.gn) + configs = [ "//build/config/gcc:rpath_for_built_shared_libraries" ] +} + config("executable_config") { + configs = [ ":ldconfig" ] + if (current_cpu == "arm") { ldflags = [ # Export stdlibc++ and libgcc symbols to force shlibs to refer to these @@ -40,12 +52,13 @@ config("executable_config") { # Despite including libstdc++/libgcc archives, we still need to specify # static linking for them in order to prevent the executable from having a # dynamic dependency on them. - configs = [ ":static_config" ] + configs += [ ":static_config" ] } } config("shared_library_config") { + configs = [ ":ldconfig" ] if (current_cpu == "arm") { - configs = [ ":static_config" ] + configs += [ ":static_config" ] } } |