When the kernel executes a program which is setuid, setgid, has
file capabilities, or causes an SELinux domain transition, the
AT_SECURE flag is set. This flag instructs the dynamic linker to
prune any dangerous environment variables passed across security
boundaries.
For SELinux in particular, whether this flag is set depends on the
the "noatsecure" process permission. If that permission does not
exist, then AT_SECURE=1 whenever a domain transition occurs.
In https://android-review.googlesource.com/129971 , Android stopped
using noatsecure when executing init services. In
https://android-review.googlesource.com/130610 , init was flipped
back into SELinux enforcing mode, making ag/129971 active. The
combination of those two changes ensured that AT_SECURE=1 was
set when executing init spawned services.
In particular, AT_SECURE=1 is set when init executes zygote. Due to
the forking nature of zygote, AT_SECURE remains untouched when
executing zygote's children.
This causes problems for the code added in
https://android-review.googlesource.com/48409 . Specifically, if
AT_SECURE=1, an attempt to call android_update_LD_LIBRARY_PATH()
is silently ignored. This causes problems when art tries to adjust
the LD_LIBRARY_PATH for Android apps. Ultimately, apps are unable
to find shared libraries they depend on.
As discussed in bug 7896159, there's no security reason for
preventing an application from updating it's own LD_LIBRARY_PATH.
We only need to prune LD_LIBRARY_PATH when transitioning across
security boundaries, but not when we're entirely within a security
boundary.
Remove the AT_SECURE check within do_android_update_LD_LIBRARY_PATH().
It's unneeded and prevents an application from modifying it's own
LD_LIBRARY_PATH. This allows an application to specify a location
where it's dlopen()ed shared libraries should be loaded from.
There is no change to AT_SECURE handling in
__sanitize_environment_variables(). We continue to honor it there
to prevent using security sensitive environment variables across
an exec boundary.
Bug: 19559835
Change-Id: If4af2ee8e84265aaa0c93de8b281208b20d7942a
load_bias is the delta between a symbols address in memory and the value
contained in the symbol table.
Change-Id: I35c87b69025b64f7e4a1418ca766618f4533fb3e
If two or more threads crash at the same time, only let one talk to
debuggerd. It's possible for a race to occur that two threads send
data to debuggerd, the second one will cause errors in debuggerd since
the process will die once debuggerd lets the crashing pid start again.
Bug: 19183955
Change-Id: I17dfce46102117ab4a870f7381bd526488d37fb5
Implement refcounter based data protection guard
to avoid unnecessary calls to mprotect when dlopen/dlclose
is called from a constructor.
Bug: 19124318
Big: 7941716
Change-Id: Id221b84ce75443094f99756dc9950b0a1dc87222
Handy when looking at strace output for seeing "where does my code start?",
though you'll need to set LD_DEBUG=1 (or greater) and constructors will
already have run (but you can set LD_DEBUG to a higher value to track that).
Change-Id: I82d53a7123b39febf5b2a956de83c8a30f229651
Must build this linker as a shared object.
A statically linked module does not load during init.
BUG: 18008984
Change-Id: I5f0411129024edcb9381c473ea4e741a075e9184
Make the request structure match the new structure found in debuggerd
code.
On 64 bit systems, make sure that the 32 bit compiled linker is contacted.
Bug: https://code.google.com/p/android/issues/detail?id=97024
Change-Id: I675b8ff222fcf836b05de4e9b5976ff91ca929bf
Position Independent Executables cannot communicate with GDB using DT_MIPS_RLD_TAG.
Hence a new tag DT_MIPS_RLD_MAP2 got introduced to fix the issue.
Change-Id: I77ce3faf1ef2e121003b804ecd291abb25cfbb56
Signed-off-by: Nikola Veljkovic<Nikola.Veljkovic@imgtec.com>
1. Take into consideration that the local_group_root_
is not set for all of not linked libraries.
2. We need to check visited list earlier to avoid double
soinfo_free.
Change-Id: Iabc0a06a97c63f7e6bd4641731f50bb1466fed4f
Count references on the group level to avoid
partially unloading function that might be
referenced by other libraries in the local_group
Bonus: with this change we can correctly unload recursively
linked libraries. is_recursive check is removed.
Also dynamic executables (not .so) with 0 DT_NEEDED libraries
are now correctly linked.
Change-Id: Idfa83baef402840599b93a875f2881d9f020dbcd
Relocate symbol against DF_1_GLOBAL shared libraries
loaded before this shared library. This includes
main executable, ld_preloads and other libraries
that have DF_1_GLOBAL flag set.
Bug: 2643900
Bug: 15432753
Change-Id: Ia788748be59b739d1c7e62b978e7e255f9e65c7b
The local group is a sequence of libraries in default (breadth-first)
order. It allows RTLD_LOCALLY loaded library to correctly relocate
symbols within its group (see test-cases).
Local group lookup is performed after main executable and ld_preloads.
Bug: 2643900
Bug: 15432753
Change-Id: I9bb013b46d17dbb5cbdfb8fef26f552748385541
replace lseek() and use pread() instead
add test for library_fd_offset > file_size case
Bug: 17762003
Change-Id: I4555f0be635124efe849c1f226985bcba72ffcbd
DT_STRSZ Implement strtab boundary checks
DT_FLAGS_1 Warn if flags other than DF_1_NOW|DF_1_GLOBAL are set
Bug: 17552334
Change-Id: Iaad29cd52f5b2d7d2f785fb351697906dc1617d9
This reverts commit 8f61d99183
Despite the fact that static linker does all the work while linking
-Bsymbolic executables, according to the SCO doc following DT_SYMBOLIC
and DF_SYMBOLIC flags is still a requirement for the dynamic linker
as well.
(see http://www.sco.com/developers/gabi/2012-12-31/ch5.dynamic.html)
Change-Id: I23f6a5e9b662e40cdbc462b64feff912431e800c
Get dynamic flags from phdr table's correct entry rather the first
entry, so that the following DT_DEBUG entry can be set.
Also fix the undefined reference to LoadTask::deleter issue under gcc
-O0 option.
Bug: 17524778
Change-Id: I9c679af197b034761fb739d6c980e628ff2ab84c
This is needed when building the linker against a libc that was built
with coverage information.
Bug: 17553780
Change-Id: If131002e067dd7768fc657c30e62c42a45c05ace
The debuggerd case can probably never happen, because you're crashing at this
point anyway. The system property one seems possible though.
Change-Id: Idba6a4f1d68587ec5b320d1e25f0b6a987ea32a0
From the elf-spec: "Symbolically bound shared objects are
identified by the .dynamic entry DT_SYMBOLIC. This tag is
informational only; the runtime linker processes symbol
lookups from these objects in the same manner as any
other object."
Change-Id: I4aae0e502ed9fac096fbf076f4d6b2e055d784f6
Symbols from libraries opened with RTLD_LOCAL (default)
should not be visible via dlsym(RLTD_DEFAULT/RTLD_NEXT, .)
Bug: 17512583
Change-Id: I1758943081a67cf3d49ba5808e061b8251a91964
Expanded test for recursive libs. Fixed bug with unnecessary
soinfo_free of already loaded library.
Change-Id: I2cc19f2650c8b12a35feeac127ef608ebba44d88
There are number of changes in the way IFUNC related relocations are done:
1. IRELATIVE relocations are now supported for x86/x86_64 and arm64.
2. IFUNC relocations are now relying on static linker to generate
them in correct order - this removes necessety of additional
relocation pass for ifuncs.
3. Related to 2: rela?.dyn relocations are preformed before .plt ones.
4. Ifunc are resolved on symbol lookup this approach allowed to avoid
mprotect(PROT_WRITE) call on r-x program segments.
Bug: 17399706
Bug: 17177284
Change-Id: I414dd3e82bd47cc03442c5dfc7c279949aec51ed
Enable the -std=gnu++11 flag for libstdc++ static and
dynamic libs.
ScopeGuard uses DISABLE_ macros instead of '= delete';
Change-Id: I07e21b306f95fffd49345f7fa136cfdac61e0225
This patch fixes the problem with symbol search order
for dlsym(RTLD_DEFAULT/RTLD_NEXT, .) by loading libraries
and ld_preloads in correct order.
Bug: https://code.google.com/p/android/issues/detail?id=74255
Change-Id: If1ba5c807322409faa914e27ecb675e2c4541f0d
Attempt: 2
Previously we duplicated code in build/core/executable.mk and it's hard
to maintain. LOCAL_POST_LINK_CMD is a clean solution for this.
Bug: 17403674
Change-Id: I8c054bf782af68cf1f88b8d787a78ca74a7968b5
Clang is still disabled for x86 and x86_64 long double code,
for x86_64 special assembly instruction, and the linker module.
BUG: 17163651
BUG: 17302991
BUG: 17403674
Change-Id: I43c5f5f0ddc0c2a31918f00b57150dadd8f3f26b
This patch fixes the problem with symbol search order
for dlsym(RTLD_DEFAULT/RTLD_NEXT, .) by loading libraries
and ld_preloads in correct order.
Bug: https://code.google.com/p/android/issues/detail?id=74255
Change-Id: I4cf84c70dbaabe99310230dfda12385ae5401859
Change lookup order during relocation so that
ld_preloads always precede caller (unless caller
is main executable).
Asan needs this change in order to intercept libc->libc
calls.
Bug: 15432753
(cherry picked from commit 05e190c093)
Change-Id: I5bfb58e18015b1ec5b77842dbb37fb122fa1fd1a
When enabling debug malloc, the snprintf calls in the linker fails to
update the buffer.
The problem is that snprintf makes a call to pthread_getspecific that
returns a valid pointer, but the data it points to is zero. This should
never happen and causes the snprintf to stop and do nothing.
Temporarily replace snprintf with a different implementation to work
around this issue.
Bug: 16874447
Bug: 17302493
(cherry pick from commit 172955a4e3)
Change-Id: Idca9d417978403d61debfd0434aaa82fd770f33b
This includes:
1. Placing has_ifunc after fields with version = 0
2. Switch to has_min_version(v) function.
3. Minor soinfo initialization refactoring (placement new + ctor)
Change-Id: I1bf5fde4d930914012ce5f3ad5acb48217da9b2d
