This reverts commit 81b175747d.
Reason: 02586a2a34 fixed the bug that
prevented us from using LD_PRELOAD with multiple namespaces.
Bug: 38114603
Test: 1. ./external/compiler-rt/lib/asan/scripts/asan_device_setup --lib
prebuilts/clang/host/linux-x86/clang-stable/lib64/clang/5.0/lib/linux
2. enable talkback shortcut
3. in the home screen, hold vol-up/down together
4. device does not reboots and talkback shortcut is toggled
Test: bionic-unit-tests and linker-unit-tests successful
(cherry picked from commit 6ab40bbf53)
Merged-In: I25a05927ffbb28b9fa72303652893f43918ccec6
Change-Id: If264f0ce5d7187816d3acc790b6e31d479b628ee
In the future, target.linux will apply to all targets running a linux kernel
(android, linux_glibc, linux_bionic). So move all current users to the specific
linux_glibc.
There will be another cleanup pass later that will move some instances back to
target.linux if the properties should be shared with target.android and
target.linux_bionic, but target.linux needs to be removed first.
Test: out/soong/build.ninja identical before/after
Change-Id: I56c84d206fb1e98cd7ea0d8fb875de0ebd87ea5e
Exempt-From-Owner-Approval: build system cleanup
Also set linked flag after it is linked and
call constructors. Set RTLD_NODELETE flag to
prevent accidental unloads.
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
Test: bionic-unit-tests-glibc --gtest_filter=dl*
Change-Id: Ib2178849b918cbefd6f8fcfe6d1f78889fe0bf76
Linker resolves the paths in /system/etc/ld.config.txt to canonicalize
the paths and to ensure they exist. However, as permitted paths for the
default namespace contain directories such as /vendor/app, /mnt/expand,
and etc., the resolving causes selinux denial on some processes which do
not have access to some of the permitted paths.
In order to silence the bogus selinux denial, resolution is skipped for
permitted paths.
Note that the resolution is not strictly required especially for
Treble-ized devices where permitted paths are already canonicalized (i.e
/vendor isn't a symlink to /system/vendor).
Bug: 65843095
Test: no selinux denial on /vendor/app, /vendor/framework, etc. while
booting.
Merged-In: I1a9921e45f4c15b08cdf8f1caee64c4cb0761e1f
Change-Id: I1a9921e45f4c15b08cdf8f1caee64c4cb0761e1f
(cherry picked from commit 527757e16b)
Linker resolves the paths in /system/etc/ld.config.txt to canonicalize
the paths and to ensure they exist. However, as permitted paths for the
default namespace contain directories such as /vendor/app, /mnt/expand,
and etc., the resolving causes selinux denial on some processes which do
not have access to some of the permitted paths.
In order to silence the bogus selinux denial, resolution is skipped for
permitted paths.
Note that the resolution is not strictly required especially for
Treble-ized devices where permitted paths are already canonicalized (i.e
/vendor isn't a symlink to /system/vendor).
Bug: 65843095
Test: no selinux denial on /vendor/app, /vendor/framework, etc. while
booting.
Change-Id: I1a9921e45f4c15b08cdf8f1caee64c4cb0761e1f
The linux kernel requires that the ELF interpreter (runtime linker)
that's referenced by PT_INTERP be either an absolute path, or a relative
path from the current working directory. We'd prefer a relative path
from the binary, similarly to how we handle looking up shared libraries,
but that's not supported.
Instead, extract the LOAD segments from the runtime linker ELF binary
and embed them into each host bionic binary, omitting the PT_INTERP
declaration. The kernel will treat it as a static binary, and we'll use
a special entry point (linker_wrapper) to fix up the arguments passed by
the kernel before jumping to the embedded linker. From the linker's
point of view, it looks like the kernel loaded the linker like normal.
Bug: 31559095
Test: Enable host bionic, build and run libdemangle_test
Change-Id: I1753401ef91eecbf0ae3376faca31eec1c53842b
Don't link to it when building with bionic for the host.
Also add libasync_safe, which is used by linker_globals.h even when
debuggerd isn't used.
Bug: 31559095
Test: mma
Test: Attempt to build host bionic
Change-Id: I374e2c2c288133875da82de780b27917ca524240
(Where errno is relevant.)
Also consistently use -1 as the fd for anonymous mmaps. (It doesn't matter,
but it's more common, and potentially more intention-revealing.)
Bug: http://b/65608572
Test: ran tests
Change-Id: Ie9a207632d8242f42086ba3ca862519014c3c102
The specific case of finding a DT_RPATH entry is a pretty common harmless
warning. An alternative to this change would be to just add a case to the
switch for DT_RPATH to just silently ignore it, since it's never been
supported and is deprecated anyway.
Bug: N/A
Test: builds
Change-Id: I01986da8f1f8d411fc2ea32d492c53b9f4488c72
This change also replaces elf-hash with gnu-hash.
Test: make
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
Change-Id: Ibc4026f7abc7e8002f69c33eebaf6a193f1d22eb
Leaving these unimplemented causes linker to have 2 weak undefined
symbols which in turn results in 3 unwanted relocations for arm arch.
Implementing them removes unwanted relocations from resulted dynamic
object
Test: make && readelf --dyn-sym linker
Test: linker-unit-tests && bionic-unit-tests --gtest_filter=dl*:Dl*
Test: flash and boot angler
Change-Id: I10120271936c770659239898aaf852d31c5483c2
Prefer architecture specific ld.config.<arch>.txt if it exists;
fall back to default ld.config.txt files if arch-specific one is
not present.
Bug: http://b/64061157
Test: bionic-unit-tests && linker-unit-tests
Change-Id: I83a298a932f2e4af7acb2049a7641fb86908736c
'visible' flag was interpreted only the namespaces other than 'default'.
The flag has to be handled without exception once it is set.
Bug: 63411330
Test: Build and boot without errors.
Test: Add `namespace.default.visible = true` to [vendor] process in
'ld.config.txt' and reboot the device.
Merged-In: Ia363dfadf0200317b875e26bb4b2fae849af1384
Change-Id: Ia363dfadf0200317b875e26bb4b2fae849af1384
(cherry picked from commit 90de9f081e)
'visible' flag was interpreted only the namespaces other than 'default'.
The flag has to be handled without exception once it is set.
Bug: 63411330
Test: Build and boot without errors.
Test: Add `namespace.default.visible = true` to [vendor] process in
'ld.config.txt' and reboot the device.
Change-Id: Ia363dfadf0200317b875e26bb4b2fae849af1384
This reverts commit 81b175747d.
Reason: 02586a2a34 fixed the bug that
prevented us from using LD_PRELOAD with multiple namespaces.
Bug: 38114603
Test: 1. ./external/compiler-rt/lib/asan/scripts/asan_device_setup --lib
prebuilts/clang/host/linux-x86/clang-stable/lib64/clang/5.0/lib/linux
2. enable talkback shortcut
3. in the home screen, hold vol-up/down together
4. device does not reboots and talkback shortcut is toggled
Test: bionic-unit-tests and linker-unit-tests successful
Merged-In: I25a05927ffbb28b9fa72303652893f43918ccec6
Change-Id: Ib7568d65c2524fd2307d01eb3d50fc308feced9c
(cherry picked from commit 6ab40bbf53)
With ld.config.txt, we now have multiple built-in namespaces other than
the default namespace. Libs (and their dependents) listed in LD_PRELOAD
must be visible to those additional namespaces as well.
This also adds a debugging only feature: path to the linker config file
can be customized via LD_CONFIG_FILE environment variable. This works
only for debuggable builds.
Bug: 38114603
Bug: 62815515
Test: 1. ./external/compiler-rt/lib/asan/scripts/asan_device_setup --lib
prebuilts/clang/host/linux-x86/clang-stable/lib64/clang/5.0/lib/linux
2. enable talkback shortcut
3. in the home screen, hold vol-up/down together
4. device does not reboots and talkback shortcut is toggled
Test: bionic-unit-tests and linker-unit-tests successful
Merged-In: I9a03591053f4a9caea82f0dcb23e7a3d324bb9bd
Change-Id: I9a03591053f4a9caea82f0dcb23e7a3d324bb9bd
(cherry picked from commit 02586a2a34)
With ld.config.txt, we now have multiple built-in namespaces other than
the default namespace. Libs (and their dependents) listed in LD_PRELOAD
must be visible to those additional namespaces as well.
This also adds a debugging only feature: path to the linker config file
can be customized via LD_CONFIG_FILE environment variable. This works
only for debuggable builds.
Bug: 38114603
Bug: 62815515
Test: 1. ./external/compiler-rt/lib/asan/scripts/asan_device_setup --lib
prebuilts/clang/host/linux-x86/clang-stable/lib64/clang/5.0/lib/linux
2. enable talkback shortcut
3. in the home screen, hold vol-up/down together
4. device does not reboots and talkback shortcut is toggled
Test: bionic-unit-tests and linker-unit-tests successful
Change-Id: I9a03591053f4a9caea82f0dcb23e7a3d324bb9bd
Use __linker_cannot_link more consistently, and fix a comment.
Bug: http://b/22798163
Test: ran tests
Change-Id: Id6d868f459997eaa67b8cbbf85b0b0f2749bf43d
An ASan binary may load a non-ASan library from /system if /data is not mounted yet.
A dlopen() call for the same library later, when /data/ is available, will translate the path and attempt to load
an ASan copy of the library from /data/asan/system. This way we may end up loading both ASan and non-ASan copies of
the library in the same process, which is a very bad thing.
This change adds a check for a loaded library with the non-translated real path before applying path translation.
Bug: 63622872
Test: hide/rename a library in /data/asan; dlopen; restore the library; dlopen; check that the library from /data/asan is NOT loaded.
Change-Id: I17060837f08dc3c665cab803dd89979d88f0a019
Warnings:
bionic/libc/bionic/fts.c:722:5: warning: Null passed to a callee that
requires a non-null 1st parameter
bionic/libc/bionic/sched_cpualloc.c:34:25: warning: Result of 'malloc'
is converted to a pointer of type 'cpu_set_t', which is incompatible
with sizeof operand type 'unsigned long'
bionic/linker/linker_main.cpp:315:7: warning: Access to field 'e_type'
results in a dereference of a null pointer (loaded from variable
'elf_hdr')
bionic/linker/linker_main.cpp:493:66: warning: Access to field 'e_phoff'
results in a dereference of a null pointer (loaded from variable
'elf_hdr')
bionic/linker/linker_main.cpp:90:14: warning: Access to field 'next'
results in a dereference of a null pointer (loaded from variable 'prev')
Bug: None
Test: mma; analyzer warnings are gone. CtsBionicTestCases pass.
Change-Id: I699a60c2c6f64c50b9ea06848a680c98a8abb44a
linker_config#smoke and linker_config.asan_smoke are trying to find
paths under the /vendor directory. If there is no vendor partition,
the real path of them is started with /system/vendor.
This CL allows those paths in the tests by getting the resolved paths
for systems without a vendor partition.
Bug: http://b/62562515
Test: linker_config_test passes without a vendor partition.
Change-Id: Id6d16ef623efd81ab9083c3e819da2ad22a28bf8
Currently, multiple namespaces does not support ASAN mode where some
symbols should be intercepted via LD_PRELOAD; LD_PRELOADed libs are not
preloaded into the linked namespaces other than the default namespace.
Until we fix the problem, we temporarily disable ld.config.txt in ASAN
mode.
Bug: 38114603
Test: 1. ./external/compiler-rt/lib/asan/scripts/asan_device_setup --lib
prebuilts/clang/host/linux-x86/clang-stable/lib64/clang/3.8/lib/linux
2. enable talkback shortcut
3. in the home screen, hold vol-up/down together
4. device does not reboots and talkback shortcut is toggled
Test: bionic-unit-tests and linker-unit-tests successful
Change-Id: I091874dd36b36f56dff2ad899d76ff86931909ed
This reverts commit b37d10cc80.
Was merged from nyc-dev to master and oc-dev by mistake.
Bug: http://b/38384727
Test: bionic-unit-tests
Change-Id: I7cd352baceb3180342abb6ffec1dfa96a217961f
When unloading library make sure the soinfo_link to parent
from linked external libraries is removed as well.
Bug: 36104177
Bug: http://b/37433850
Test: manual
Change-Id: I601b54144acecac54744805b38313c46045c54cb
(cherry picked from commit ee398f820700de30941fd82e38bd917e1513cbc6)
greylist is needed only for application namepaces. Since we started using
linker-namesapces for vendors and other platform apps linker should not
enable greylist workaround by default.
Bug: http://b/37731053
Bug: https://issuetracker.google.com/38146125
Test: sailfish builds and boots
Test: bionic-unit-tests and linker-unit-tests pass
Change-Id: Iee83db6fb1ae754f5ade18491321d9bca3b5ead4
(cherry picked from commit e8ffe56a9c)
greylist is needed only for application namepaces. Since we started using
linker-namesapces for vendors and other platform apps linker should not
enable greylist workaround by default.
Bug: http://b/37731053
Bug: https://issuetracker.google.com/38146125
Test: sailfish builds and boots
Test: bionic-unit-tests and linker-unit-tests pass
Change-Id: Iee83db6fb1ae754f5ade18491321d9bca3b5ead4
This library is used by a number of different libraries in the system.
Make it easy for platform libraries to use this library and create
an actual exported include file.
Change the names of the functions to reflect the new name of the library.
Run clang_format on the async_safe_log.cpp file since the formatting is
all over the place.
Bug: 31919199
Test: Compiled for angler/bullhead, and booted.
Test: Ran bionic unit tests.
Test: Ran the malloc debug tests.
Change-Id: I8071bf690c17b0ea3bc8dc5749cdd5b6ad58478a
Make shared namespace inherit namespace links and
search/permitted paths from the parent namespace.
Bug: http://b/37854032
Test: bionic_unit_tests --gtest_filter=dl*:Dl*
Change-Id: I174661d4a1dd0cbe4a378179073719aa955f3592
(cherry picked from commit ec43dd6c36)
Make shared namespace inherit namespace links and
search/permitted paths from the parent namespace.
Bug: http://b/37854032
Test: bionic_unit_tests --gtest_filter=dl*:Dl*
Change-Id: I174661d4a1dd0cbe4a378179073719aa955f3592
Depending on how ld.config.txt is configured, there can be multiple
built-in namespaces created by the linker from the beginning of a
process. android_get_exported_namespace is a platform only API for
getting a handle (android_namespace_t*) to one of the built-in namespaces
with given name. The returned namespace can then be given to
android_dlopen_ext in order to explicitly specify the target namespace
where the library is searched and loaded from.
Note that this function only returns 'exported' namespaces created via
ld.config.txt file. In order to export a namespace, the visible property
should be set to true:
namespace.<name>.visible = true
Namespaces are hidden by default. Hidden namespaces and namespaces
that are created programmatically, notably 'classloader-namespace',
aren't returned by this function.
Bug: 36851137
Test: confirmed that namespaces created with ld.config.txt is retrieved.
Test: linker-unit-tests passes
Merged-in: I714b510fa24f77e42c3dfc4c827b3befa8bb2951
Change-Id: I0d05fa7e0e116009edf8ea362ab46774bc617cbf
(cherry picked from commit d7c4832e6a)
This reverts commit 6d59318d78.
Bug: http://b/37245203
Bug: http://b/37590327
Test: bionic-unit-tests on angler and marlin
Test: boot an angler and make sure mediacodec does not crash
This change adds two tests for dlopen from temporary files.
1. One Uses memfd_create() can be used to load libraries directly
from memory. This requires relaxing namespace accessibility check
in order to make this work in isolated namespaces.
2. Another checks that open with O_TMPFILE works.
Bug: http://b/37245203
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
Change-Id: I3be1d7198ca17e7f1ba022a0d86c64d59a493506
(cherry picked from commit bb8b22a087)
This change adds two tests for dlopen from temporary files.
1. One Uses memfd_create() can be used to load libraries directly
from memory. This requires relaxing namespace accessibility check
in order to make this work in isolated namespaces.
2. Another checks that open with O_TMPFILE works.
Bug: http://b/37245203
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
Change-Id: I3be1d7198ca17e7f1ba022a0d86c64d59a493506
We know what "3" and "40" are, but most folks not on our team don't.
I don't think we need to support all the weird values, because only the
supported architectures actually occur in practice.
Bug: N/A
Test: manually overwrote aarch64 libcrypto.so with an x86-64 .so and ran "date"
Test: CANNOT LINK EXECUTABLE "date": "/system/lib64/libcrypto.so" has unexpected e_machine: 62 (EM_X86_64)
Change-Id: Ic4c6325fe7968f0c96fc0bfe15a50ed922a5ba55
We only want to know when dlerror is actually set. The previous change
to this logic moved it so that we only show actual updates to dlerror,
not every string that might end up in dlerror's output. This change
ignores cases where we're _clearing_ dlerror (which happens on every
call to dlerror).
Bug: http://b/37287938
Test: ran tests
Change-Id: I0c30ee199dc76d9aea165c1d90f694ead488518b
Skip the check for accessibility in the case soinfo
does not have primary/secondary namespaces associated
with them.
Bug: http://b/37191433
Test: start an app from http://b/37191433 make sure it does not crash on lunch
Change-Id: Id4c0bdab4dfc6bc8a33fc275d71e325518e0759f
(cherry picked from commit 97b4c5f264)
Skip the check for accessibility in the case soinfo
does not have primary/secondary namespaces associated
with them.
Bug: http://b/37191433
Test: start an app from http://b/37191433 make sure it does not crash on lunch
Change-Id: Id4c0bdab4dfc6bc8a33fc275d71e325518e0759f
It's been years since we allowed text relocations, but I had a developer
ask me how to fix them at last week's O Developer Day. They'd never seen
our docs, so let's try to fix that for anyone else who's still confused...
Bug: N/A
Test: builds
Change-Id: I9202a7b0a3f024041b646c43c87585f4fab22d09
Depending on how ld.config.txt is configured, there can be multiple
built-in namespaces created by the linker from the beginning of a
process. android_get_exported_namespace is a platform only API for
getting a handle (android_namespace_t*) to one of the built-in namespaces
with given name. The returned namespace can then be given to
android_dlopen_ext in order to explicitly specify the target namespace
where the library is searched and loaded from.
Note that this function only returns 'exported' namespaces created via
ld.config.txt file. In order to export a namespace, the visible property
should be set to true:
namespace.<name>.visible = true
Namespaces are hidden by default. Hidden namespaces and namespaces
that are created programmatically, notably 'classloader-namespace',
aren't returned by this function.
Bug: 36851137
Test: confirmed that namespaces created with ld.config.txt is retrieved.
Test: linker-unit-tests passes
Change-Id: I0d05fa7e0e116009edf8ea362ab46774bc617cbf
Useful for testing whether apps have actually stopped using greylisted
libraries even if they still have references to them in their apk to support
old Android releases but also haven't bumped their targetSdkVersion yet.
Since we already have two expensive __system_property_get calls and this
would add a third, optimize two (but leave the third since it's not
obviously amenable to optimization). None of this matters for user builds,
but I don't want userdebug/eng to have distractingly different performance.
(cherrypick of 7933bec2872aa1c3430149c7649726333c0ac9d8.)
Bug: http://b/36106661
Test: ran "can you escape 5" with and without this property
Change-Id: Id9a804695c1dca9b4be2ebd0e72f01817bb13cba
Useful for testing whether apps have actually stopped using greylisted
libraries even if they still have references to them in their apk to support
old Android releases but also haven't bumped their targetSdkVersion yet.
Since we already have two expensive __system_property_get calls and this
would add a third, optimize two (but leave the third since it's not
obviously amenable to optimization). None of this matters for user builds,
but I don't want userdebug/eng to have distractingly different performance.
Bug: http://b/36106661
Test: ran "can you escape 5" with and without this property
Change-Id: Id9a804695c1dca9b4be2ebd0e72f01817bb13cba
This CL changes the linker to point to the newly refactored location
of ASAN-ified libraries on disk.
This supports changes made by the following CLs -
https://android-review.googlesource.com/#/c/359087/https://android-review.googlesource.com/#/c/359389/
Which refactor the on-disk location as follows:
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*
There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.
(cherry picked from commit 4113def4fa)
Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*.
Change-Id: Iad8b298a66c38eb0f6327f6b51027f0728aa7a40
This CL changes the linker to point to the newly refactored location
of ASAN-ified libraries on disk.
This supports changes made by the following CLs -
https://android-review.googlesource.com/#/c/359087/https://android-review.googlesource.com/#/c/359389/
Which refactor the on-disk location as follows:
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*
There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.
Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*.
Change-Id: Iad8b298a66c38eb0f6327f6b51027f0728aa7a40
Currently linker reports all potential dlerrors
for example if library was not found in 'this'
namespace - it initializes linker error buffer
with not found message but when consequent
search in linked namespace succeeds this message
is droped because dlopen was successful.
This commit avoids logging false positive error
messages when debug.ld.* set to dlerror.
Test: manual
Change-Id: I480694a1b1bbacd6bd1d8505cd2ee491710964cc
(cherry picked from commit 11968b80af)
Currently linker reports all potential dlerrors
for example if library was not found in 'this'
namespace - it initializes linker error buffer
with not found message but when consequent
search in linked namespace succeeds this message
is droped because dlopen was successful.
This commit avoids logging false positive error
messages when debug.ld.* set to dlerror.
Test: manual
Change-Id: I480694a1b1bbacd6bd1d8505cd2ee491710964cc
This addresses outstanding todo for anonymous namespace
and fixes an app compatibility bug.
Bug: http://b/36008422
Test: start app from http://b/36008422 and make sure it runs
Change-Id: Ie148418b944379ee1000e7274f2f6c1eca511d6c
