From f70a2fe4c1149ba94105b1ed64903f0d6758b2cc Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Fri, 1 Feb 2019 20:01:27 +0000 Subject: [PATCH 1/2] Remove the public libs in runtime namespace These libs are listed in public.android.txt, but not exposed in the default namespace Bug: 120786417 Bug: 121372395 Test: app can still DT_NEEDED libicuuc.so Change-Id: I03dc51f04e29c2d15679c4daf82b05a812efb2db --- libnativeloader/native_loader.cpp | 35 +++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/libnativeloader/native_loader.cpp b/libnativeloader/native_loader.cpp index a4e00bd0b..2631a8a55 100644 --- a/libnativeloader/native_loader.cpp +++ b/libnativeloader/native_loader.cpp @@ -128,6 +128,12 @@ static constexpr const char* kWhitelistedDirectories = "/data:/mnt/expand"; static constexpr const char* kApexPath = "/apex/"; +#if defined(__LP64__) +static constexpr const char* kRuntimeApexLibPath = "/apex/com.android.runtime/lib64"; +#else +static constexpr const char* kRuntimeApexLibPath = "/apex/com.android.runtime/lib"; +#endif + static bool is_debuggable() { char debuggable[PROP_VALUE_MAX]; property_get("ro.debuggable", debuggable, "0"); @@ -399,6 +405,14 @@ class LibraryNamespaces { } } + // Remove the public libs in the runtime namespace. + // These libs are listed in public.android.txt, but we don't want the rest of android + // in default namespace to dlopen the libs. + // For example, libicuuc.so is exposed to classloader namespace from runtime namespace. + // Unfortunately, it does not have stable C symbols, and default namespace should only use + // stable symbols in libandroidicu.so. http://b/120786417 + removePublicLibsIfExistsInRuntimeApex(sonames); + // android_init_namespaces() expects all the public libraries // to be loaded so that they can be found by soname alone. // @@ -493,6 +507,27 @@ class LibraryNamespaces { } } + /** + * Remove the public libs in runtime namespace + */ + void removePublicLibsIfExistsInRuntimeApex(std::vector& sonames) { + for (const std::string& lib_name : kRuntimePublicLibraries) { + std::string path(kRuntimeApexLibPath); + path.append("/").append(lib_name); + + struct stat s; + // Do nothing if the path in /apex does not exist. + // Runtime APEX must be mounted since libnativeloader is in the same APEX + if (stat(path.c_str(), &s) != 0) { + continue; + } + + auto it = std::find(sonames.begin(), sonames.end(), lib_name); + if (it != sonames.end()) { + sonames.erase(it); + } + } + } bool ReadConfig(const std::string& configFile, std::vector* sonames, const std::function Date: Tue, 15 Jan 2019 18:04:56 +0000 Subject: [PATCH 2/2] Linker namespace changes for moving ICU4C to APEX libandroidicu is used by various libraries, e.g. libxml2, minikin. Thus, expose libandroidicu to default namespace. libpac is only used by libjni_pacprocessor (part of framework). libicuuc, libicui18n are not exposed to default namespace, because everyone else, except app, should use libandroidicu. They are exposed to classloader namespace from runtime namespace via the work done in libnativeloader in http://r.android.com/887453 b/120786417 has more details about these 2 libraries. Bug: 120659668 Test: m droid Change-Id: I2cd3378f1eb94b7bb1c942738b59d7e577a5f8f0 --- rootdir/etc/ld.config.legacy.txt | 4 ++++ rootdir/etc/ld.config.txt | 4 ++++ rootdir/etc/ld.config.vndk_lite.txt | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/rootdir/etc/ld.config.legacy.txt b/rootdir/etc/ld.config.legacy.txt index 48ca99839..2b22087d2 100644 --- a/rootdir/etc/ld.config.legacy.txt +++ b/rootdir/etc/ld.config.legacy.txt @@ -54,6 +54,10 @@ namespace.default.link.runtime.shared_libs += libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so namespace.default.link.runtime.shared_libs += libnativeloader.so +namespace.default.link.runtime.shared_libs += libandroidicu.so + +# TODO(b/122876336): Remove libpac.so once it's migrated to Webview +namespace.default.link.runtime.shared_libs += libpac.so # When libnetd_resolv.so can't be found in the default namespace, search for it # in the resolv namespace. Don't allow any other libraries from the resolv namespace diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt index 7aa097dde..c2d69c97c 100644 --- a/rootdir/etc/ld.config.txt +++ b/rootdir/etc/ld.config.txt @@ -128,6 +128,10 @@ namespace.default.link.runtime.shared_libs += libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so namespace.default.link.runtime.shared_libs += libnativeloader.so +namespace.default.link.runtime.shared_libs += libandroidicu.so + +# TODO(b/122876336): Remove libpac.so once it's migrated to Webview +namespace.default.link.runtime.shared_libs += libpac.so # When libnetd_resolv.so can't be found in the default namespace, search for it # in the resolv namespace. Don't allow any other libraries from the resolv namespace diff --git a/rootdir/etc/ld.config.vndk_lite.txt b/rootdir/etc/ld.config.vndk_lite.txt index 190444592..db946b4e2 100644 --- a/rootdir/etc/ld.config.vndk_lite.txt +++ b/rootdir/etc/ld.config.vndk_lite.txt @@ -72,6 +72,10 @@ namespace.default.link.runtime.shared_libs += libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so namespace.default.link.runtime.shared_libs += libnativeloader.so +namespace.default.link.runtime.shared_libs += libandroidicu.so + +# TODO(b/122876336): Remove libpac.so once it's migrated to Webview +namespace.default.link.runtime.shared_libs += libpac.so # When libnetd_resolv.so can't be found in the default namespace, search for it # in the resolv namespace. Don't allow any other libraries from the resolv namespace