[LTP] [RFC PATCH 1/6] android: cve: Disable building cve-2017-5669

enh enh@google.com
Wed Sep 13 01:58:54 CEST 2017

On Tue, Sep 12, 2017 at 2:27 PM, Petr Vorel <petr.vorel@gmail.com> wrote:
> Hi,
> > (since none of the folks actually working on this seem to be responding...)
> > no, they don't, but effectively, yes: the standalone toolchain is the
> > closest thing outside the platform build to what the platform build is
> > like. (and it's almost always the right choice any time you're trying
> > to build a non-Android linux project.)
> Right, I should have realized from the link and Android.mk that you're building
> in AOSP tree :-).
> > as for the API level, because they're part of the platform build, in
> > NDK terms they're targeting "FUTURE", which isn't available in the
> > NDK. so you'll want 26 for now and then 27 when it's available and so
> > on.
> > if you *really* care, you can litter the code with stuff like
> >   #if defined(__BIONIC__) && __ANDROID_API_LEVEL__ > 21
> >   // code that requires something that only appeared in Lollipop
> >   #endif
> Well, even I posted code like this, I realized that flood the code with many
> ifdefs isn't desired for LTP upstream especially AOSP itself doesn't care about
> old releases.

yeah, i don't think anyone would thank you for it :-)

> > but these VTS folks only care about the current platform release.
> > (because we can't suddenly go to OEMs and say "oh, that device you
> > shipped three or four years ago now has to pass this new test" for
> > obvious reasons :-) .)
> "Nice" embedded industry :-).
> > one thing that's a little slippery is that there's stuff like SysV IPC
> > where the headers and functions are available and if you're on a
> > rooted device with a custom kernel, you can use it just fine, but
> > actual shipping Android devices MUST NOT ship with kernels that
> > support SysV IPC and MUST NOT relax the selinux neverallows that would
> > prevent you from using that stuff even if it was compiled in to your
> > kernel and so on... so there's a bit of a distinction between "i want
> > to be able to build this project" and "i want all these tests to
> > pass".
> Sure, successful build for android is the first step, IMHO the easier part.
> And after fixing tests written in C there would be another challenging task:
> make all this shell scripts working on Android (IMHO impossible with toolbox,
> even with busybox would be hard).

toolbox is [mostly] long dead. current status:

(looks like i should update that to say where "O" occurred...)

if you have specific requests for missing commands/options, file them
at the toybox github or android bug tracker (or just mail me

> OT: It'd be interesting to use LTP as a part of CTS to ensure that SysV IPC
> doesn't work :-).

i think they are using LTP as part of VTS
(https://source.android.com/devices/architecture/treble), which is why
they're interested in building LTP with bionic for Android.

> Kind regards,
> Petr

Elliott Hughes - http://who/enh - http://jessies.org/~enh/
Android native code/tools questions? Mail me/drop by/add me as a reviewer.

More information about the ltp mailing list