greylist is needed only for application namepaces. Since we started using
linker-namesapces for vendors and other platform apps linker should not
enable greylist workaround by default.
Bug: http://b/37731053
Bug: https://issuetracker.google.com/38146125
Test: sailfish builds and boots
Test: bionic-unit-tests and linker-unit-tests pass
Change-Id: Iee83db6fb1ae754f5ade18491321d9bca3b5ead4
(cherry picked from commit e8ffe56a9c)
This library is used by a number of different libraries in the system.
Make it easy for platform libraries to use this library and create
an actual exported include file.
Change the names of the functions to reflect the new name of the library.
Run clang_format on the async_safe_log.cpp file since the formatting is
all over the place.
Bug: 31919199
Test: Compiled for angler/bullhead, and booted.
Test: Ran bionic unit tests.
Test: Ran the malloc debug tests.
Change-Id: I8071bf690c17b0ea3bc8dc5749cdd5b6ad58478a
Make shared namespace inherit namespace links and
search/permitted paths from the parent namespace.
Bug: http://b/37854032
Test: bionic_unit_tests --gtest_filter=dl*:Dl*
Change-Id: I174661d4a1dd0cbe4a378179073719aa955f3592
(cherry picked from commit ec43dd6c36)
Depending on how ld.config.txt is configured, there can be multiple
built-in namespaces created by the linker from the beginning of a
process. android_get_exported_namespace is a platform only API for
getting a handle (android_namespace_t*) to one of the built-in namespaces
with given name. The returned namespace can then be given to
android_dlopen_ext in order to explicitly specify the target namespace
where the library is searched and loaded from.
Note that this function only returns 'exported' namespaces created via
ld.config.txt file. In order to export a namespace, the visible property
should be set to true:
namespace.<name>.visible = true
Namespaces are hidden by default. Hidden namespaces and namespaces
that are created programmatically, notably 'classloader-namespace',
aren't returned by this function.
Bug: 36851137
Test: confirmed that namespaces created with ld.config.txt is retrieved.
Test: linker-unit-tests passes
Merged-in: I714b510fa24f77e42c3dfc4c827b3befa8bb2951
Change-Id: I0d05fa7e0e116009edf8ea362ab46774bc617cbf
(cherry picked from commit d7c4832e6a)
This change adds two tests for dlopen from temporary files.
1. One Uses memfd_create() can be used to load libraries directly
from memory. This requires relaxing namespace accessibility check
in order to make this work in isolated namespaces.
2. Another checks that open with O_TMPFILE works.
Bug: http://b/37245203
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
Change-Id: I3be1d7198ca17e7f1ba022a0d86c64d59a493506
(cherry picked from commit bb8b22a087)
We know what "3" and "40" are, but most folks not on our team don't.
I don't think we need to support all the weird values, because only the
supported architectures actually occur in practice.
Bug: N/A
Test: manually overwrote aarch64 libcrypto.so with an x86-64 .so and ran "date"
Test: CANNOT LINK EXECUTABLE "date": "/system/lib64/libcrypto.so" has unexpected e_machine: 62 (EM_X86_64)
Change-Id: Ic4c6325fe7968f0c96fc0bfe15a50ed922a5ba55
We only want to know when dlerror is actually set. The previous change
to this logic moved it so that we only show actual updates to dlerror,
not every string that might end up in dlerror's output. This change
ignores cases where we're _clearing_ dlerror (which happens on every
call to dlerror).
Bug: http://b/37287938
Test: ran tests
Change-Id: I0c30ee199dc76d9aea165c1d90f694ead488518b
Skip the check for accessibility in the case soinfo
does not have primary/secondary namespaces associated
with them.
Bug: http://b/37191433
Test: start an app from http://b/37191433 make sure it does not crash on lunch
Change-Id: Id4c0bdab4dfc6bc8a33fc275d71e325518e0759f
(cherry picked from commit 97b4c5f264)
It's been years since we allowed text relocations, but I had a developer
ask me how to fix them at last week's O Developer Day. They'd never seen
our docs, so let's try to fix that for anyone else who's still confused...
Bug: N/A
Test: builds
Change-Id: I9202a7b0a3f024041b646c43c87585f4fab22d09
Useful for testing whether apps have actually stopped using greylisted
libraries even if they still have references to them in their apk to support
old Android releases but also haven't bumped their targetSdkVersion yet.
Since we already have two expensive __system_property_get calls and this
would add a third, optimize two (but leave the third since it's not
obviously amenable to optimization). None of this matters for user builds,
but I don't want userdebug/eng to have distractingly different performance.
(cherrypick of 7933bec2872aa1c3430149c7649726333c0ac9d8.)
Bug: http://b/36106661
Test: ran "can you escape 5" with and without this property
Change-Id: Id9a804695c1dca9b4be2ebd0e72f01817bb13cba
This CL changes the linker to point to the newly refactored location
of ASAN-ified libraries on disk.
This supports changes made by the following CLs -
https://android-review.googlesource.com/#/c/359087/https://android-review.googlesource.com/#/c/359389/
Which refactor the on-disk location as follows:
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*
There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.
Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*.
Change-Id: Iad8b298a66c38eb0f6327f6b51027f0728aa7a40
Currently linker reports all potential dlerrors
for example if library was not found in 'this'
namespace - it initializes linker error buffer
with not found message but when consequent
search in linked namespace succeeds this message
is droped because dlopen was successful.
This commit avoids logging false positive error
messages when debug.ld.* set to dlerror.
Test: manual
Change-Id: I480694a1b1bbacd6bd1d8505cd2ee491710964cc
This addresses outstanding todo for anonymous namespace
and fixes an app compatibility bug.
Bug: http://b/36008422
Test: start app from http://b/36008422 and make sure it runs
Change-Id: Ie148418b944379ee1000e7274f2f6c1eca511d6c
This change allows customization of default namespace
configuration for different executables. It also enables
target_sdk_version setup for binaries (note that this
option should explicitly be enabled in ld.config.txt).
Bug: http://b/30706810
Bug: http://b/30435785
Test: run linker-unit-tests/bionic-unit-tests, boot angler
Change-Id: Ibbe87209acf1538fc9cec04944f3d22a190c38f1
android loader should not rely on the fact
that AT_BASE is set because kernel currently
does not set it when linker is run standalone
(The linker does not have PT_INTERP set)
This commit replaces AT_BASE with calculated value.
Bug: http://b/30739481
Bug: http://b/35890756
Test: run bionic-unit-tests --gtest_filter=dl*
Change-Id: Ic2eb73e4452624b1f2e05f46e99e4c17df0bbc3f
This reverts commit 1daa18e737.
To be replaced with customized linker-namespaces for different kind of binaries.
Bug: http://b/34407260
Change-Id: Ib4e480669bbdf44ee4f59bf05f07d3e082c348c9
Test: m
Specifically, this change would translate /system/lib/hw/foo.so to /data/lib/hw/foo.so.
Bug: 30320104
Test: in SANITIZE_TARGET=address build, /proc/$PID/maps for
system_server show libraries from /data/lib64/hw and not from
/system/lib64/hw.
Change-Id: Ia1fa22fa1ca088fe76e41308762efe037541fc74
Due to b/33681361, libraries are now installed to different paths than
before. In order for linker to load libraries from the new paths, the
default lib paths are updated.
However, this patch is temporary; different paths must be used depending
on whether the process is executing vendor executable or framework
executable. For example, vendor executable should not be able to access
/system/lib/, which is for framework-internal libs. Similarly,
framework executables should not be able to access /vendor/lib.
We have several solutions (linker namespace and DT_RUNPATH) to support
the scenario, but haven't concluded which is better. Furthermore, if we
restrict the search path right now, it will break many parts of Android
that are not yet prepared for the restriction. So, until then, we
temporarily use the single search path for both framework/vendor
executables.
Test: build & run
Change-Id: I806e9b4379bce96653b1dd3354b9f4801abb0411
Let the fallback allocator be used on multiple threads (as long as only
one thread is using it at once).
Bug: http://b/35858739
Change-Id: Id3e2fc6b7c093c6e56870524ffda28946de09e29
Remove dependencies that are now linked directly into
libdebuggerd_handler_fallback via whole_static_libraries.
Test: m
Change-Id: I00e2edb2778c2986c533f97708252aa0996d0498
Anonymous namesapce is zygote-specific workaround and
is not really required for other binaries.
This change allows creating namespaces without initializing
anonymous namespace.
Test: bionic-unit-tests
Change-Id: I62adc39ad69ce56b3760d36f45e3c0487c438598
Do not load second copy of libraries that are supposed to
be provided by linked namespaces. Also do not print
error in the log if caller tries to open shared library
using absolute path for apps targeting N+.
Bug: http://b/35454141
Bug: http://b/26833548
Bug: http://b/35338922
Test: run bionic-unit-tests --gtest_filter=dl*
Change-Id: Icf3aeedff18d287d2ba0b3df3808b100f3ef5f7a
Some versions of kernel set AT_BASE to 0
if dynamic loader does not have PT_INTERP
set.
Bug: http://b/30739481
Test: run /system/bin/linker64 and /system/bin/linker
Change-Id: I1b67777166fe917d3ee1a97277045ca6f5db0084
__system_property_set sometimes produces broken_pipe error
when trying to write a property.
This change improves error messages and uses writev() instead
of sequence of send() calls.
Bug: http://b/35381074
Test: bionic-unit-tests --gtest_filter=prop*
Change-Id: I7a5b169c015db4e6b720370e58662de8206d1086
Somewhat unsurprisingly, very few commands are happy to be run like this,
in particular multiplexed commands like toybox. But that's no reason for
the linker to get in the way too.
Bug: http://b/33276926
Test: new test
Change-Id: I6dd71ea0183f4da83571039c2198ebb6ed38520e
Thread local buffers were using pthread_setspecific for storage with
lazy initialization. pthread_setspecific shares TLS slots between the
linker and libc.so, so thread local buffers being initialized in a
different order between libc.so and the linker meant that bad things
would happen (manifesting as snprintf not working because the
locale was mangled)
Bug: http://b/20464031
Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests
everything passes
Test: /data/nativetest/bionic-unit-tests/bionic-unit-tests
thread_local tests are failing both before and after (KUSER_HELPERS?)
Test: /data/nativetest64/bionic-unit-tests-static/bionic-unit-tests-static
no additional failures
Change-Id: I9f445a77c6e86979f3fa49c4a5feecf6ec2b0c3f
Dimitry Ivanov
Elliott Hughes
Jiyong Park
Christopher Ferris
Treehugger Robot
Tom Cherry
Josh Gao
Vishwath Mohan
Evgenii Stepanov