platform_ToolchainOptions: Allow read-only LOAD sections
Fixes the check for W+X LOAD sections so that it no longer falsely
rejects ELF binaries with a read-only LOAD section.
Bug: 856144
Change-Id: I9a57cff9d24453fe630f35460af2e1e830da3796
Reviewed-on: https://chromium-review.googlesource.com/1114198
Commit-Ready: Ken Rockot <rockot@chromium.org>
Tested-by: Ken Rockot <rockot@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
diff --git a/client/site_tests/platform_ToolchainOptions/platform_ToolchainOptions.py b/client/site_tests/platform_ToolchainOptions/platform_ToolchainOptions.py
index 9639d48..3798e55 100644
--- a/client/site_tests/platform_ToolchainOptions/platform_ToolchainOptions.py
+++ b/client/site_tests/platform_ToolchainOptions/platform_ToolchainOptions.py
@@ -267,9 +267,9 @@
stack_cmd,
stack_whitelist))
- # Verify all binaries have W^X LOAD program headers.
+ # Verify all binaries have no W^X LOAD program headers.
loadwx_cmd = ("%s -lW {} 2>&1 | "
- "grep \"LOAD\" | egrep -v \"(RW |R E)\" | "
+ "grep \"LOAD\" | egrep -v \"(RW |R E|R )\" | "
"wc -l | grep -q \"^0$\"" % readelf_cmd)
loadwx_whitelist = os.path.join(self.bindir, "loadwx_whitelist")
option_sets.append(self.create_and_filter("LOAD Writable and Exec",