Bionic libs are part of the runtime APEX (com.android.runtime). In order
to be able to update the runtime APEX independetly from the platform, we
have to prevent things outside of the APEX from using bionic symbols
that are not guaranteed to be stable. Otherwise, platform could break
when a symbol is removed from the libs via the APEX update.
To achive this goal, this change adds stubs variant to the bionic libs.
With this, things outside of the runtime APEX (i.e. other APEXes and the
platform) are built with the stubs variants that provide only the
symbols that are guaranteed to be stable.
The set of symbols are basically the same as the symbols available to
NDK clients. However, there are a few additional symbols that are not
available for NDK but should be made available for platform components.
They are marked with "# apex" tag. Symbols with that tag are not exposed
to apps (via NDK stubs) or vendors (via LLNDK stubs).
Note that the stubs is a build-time only artifact. It is used just to
break the build when private symbols are used outside of the runtime
APEX. At runtime, the real library in the APEX is used.
Bug: 120266448
Test: m
Test: m bionic-unit-tests
Change-Id: I7b8d75830c81d7d7d54e2fca21a85b3417531b47
This lets us do two things:
1) Make setjmp and longjmp compatible with shadow call stack.
To avoid leaking the shadow call stack address into memory, only the
lower log2(SCS_SIZE) bits of x18 are stored to jmp_buf. This requires
allocating an additional guard page so that we're guaranteed to be
able to allocate a sufficiently aligned SCS.
2) SCS overflow detection. Overflows now result in a SIGSEGV instead
of corrupting the allocation that comes after it.
Change-Id: I04d6634f96162bf625684672a87fba8b402b7fd1
Test: bionic-unit-tests
libcrt_builtins does not work with libm, which is statically linked in
bionic-unit-tests-static. Opt it out of libcrt_builtins for now.
Bug: 119207651
Bug: 117167374
Test: run bionic-unit-test-static
Change-Id: I20067c9841beb9de2b73342847aaa945dbadbff8
This reverts commit da1bc79f93.
Reason for revert: Caused OOM in media process
Bug: 112907825
Bug: 118593766
Change-Id: I545663871d75889b209b9fd2131cdaa97166478f
The executable can be inside a zip file using the same syntax used for
shared objects: path.zip!/libentry.so.
The linker currently requires an absolute path. This restriction could be
loosened, but it didn't seem important? If it allowed non-absolute paths,
we'd need to decide how to handle:
- foo/bar (relative to CWD?)
- foo (search PATH / LD_LIBRARY_PATH, or also relative to CWD?)
- foo.zip!/bar (normalize_path() requires an absolute path)
The linker adjusts the argc/argv passed to main() and to constructor
functions to hide the initial linker argument, but doesn't adjust the auxv
vector or files like /proc/self/{exe,cmdline,auxv,stat}. Those files will
report that the kernel loaded the linker as an executable.
I think the linker_logger.cpp change guarding against (g_argv == NULL)
isn't actually necessary, but it seemed like a good idea given that I'm
delaying initialization of g_argv until after C++ constructors have run.
Bug: http://b/112050209
Test: bionic unit tests
Change-Id: I846faf98b16fd34218946f6167e8b451897debe5
Use a global gtest isolation runner rather than the custom one in
bionic.
Test: Ran all unit tests and verified same behavior before and after.
Change-Id: I24a7cf17cf8e018d0f51969c64b53ce9059cc779
Allows ART JIT use membarrier to invalidate instruction
pipelines.
Bug: 66095511
Test: bionic-unit-tests
Change-Id: I8cf83929f00baf5a3c440a899d2667a992bda8e2
I don't think we want to *document* this, but since at least
external/curl/lib/select.c is relying on this, we should be careful not
to break it.
Bug: http://b/111850071
Test: ran tests
Change-Id: Ic877250d755a0cb59e77ae38ae5e3949f753dad6
Add two functions to allow objects that own a file descriptor to
enforce that only they can close their file descriptor.
Use them in FILE* and DIR*.
Bug: http://b/110100358
Test: bionic_unit_tests
Test: aosp/master boots without errors
Test: treehugger
Change-Id: Iecd6e8b26c62217271e0822dc3d2d7888b091a45
The tls_nodelete state should apply to load_group not
isolated soinfo. This actually also means that multiple
soinfos may have tls_counter on their dso_handles.
This change replaces TLS_NODELETE flag with secondary counter.
Note that access to the secondary counter (located inside soinfo)
is pretty expensive because it requires soinfo lookup by dso_handle
whereas dso_handle counter is much faster. This is why it is updated
only when dso_handle counter starts or hits 0.
Bug: http://b/80278285
Test: bionic-unit-tests --gtest_filter=dl*
Change-Id: I535583f6714e45fa2a7eaf7bb3126da20ee7cba9
Bug: 77236525
Test: 'make tests dist' and verify that these libraries are in the
*-continuous_native_tests-*.zip
Change-Id: I9cbb6a7e4230208f7563d8f7bfc3c5e7a1e89c9b
Test: 'make tests dist' and verify that these libraries are in the
*-continuous_native_tests-*.zip
Change-Id: I2bd2ba9b44400804a125a8bc8ec49d84270d6361
This also tweaks cdefs to make __overloadable usable outside of
FORTIFY. It had to be FORTIFY-only before we had unmarked overload
support in clang+Bionic.
Bug: https://github.com/android-ndk/ndk/issues/402
Test: Internal master builds + `mma`. `mma` in Bionic fails if the
change to ioctl is undone.
Change-Id: Ib386b1786e1dca625e6d5a18682005adc734d9c1
Add the capability to read /etc/passwd and /etc/group for getpw* and
getgr* functions.
Bug: 27999086
Test: pwd, grp, grp_pwd_file unit tests
Test: Read in custom users/groups from /etc/{passwd,group}
Change-Id: Idc1f054af8a7ca34743a90493495f0ccc775a0d8
This doesn't address `struct sigaction` and `sigaction`. That will
come later.
Bug: http://b/72493232
Test: ran tests
Change-Id: I4134346757ce3a4dac6feae413361cec16223386
This commit allows users to create a link without soname filters between
two linker namespaces.
The motivation is to establish one-way shared library isolation. For
example, assume that there are two linker namespaces `default` and
`vndk`. We would like to limit the shared libraries that can be used by
the `default` namespace. In the meanwhile, we would like to allow the
`vndk` namespace to use shared libs from the `default` namespace if the
soname cannot be find in the search path or loaded sonames of the `vndk`
namespace.
shared_libs = %VNDK_CORE_LIBRARIES%
shared_libs += %VNDK_SAMEPROCESS_LIBRARIES%
vndk <-------------------------------------------- default
\_______________________________________________/^
allow_all_shared_libs = true
android_link_namespaces_all_libs() is added to libdl, but it is
versioned as LIBC_PRIVATE. android_link_namespaces_all_libs() is only
for unit tests.
Bug: 69824336
Test: adb shell /data/nativetest/linker-unit-tests/linker-unit-tests32
Test: adb shell /data/nativetest64/linker-unit-tests/linker-unit-tests64
Test: adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests
Test: Update /system/etc/ld.config*.txt and check whether the vndk
linker namespace of the vendor process can access the shared libs from
the default linker namespace.
Change-Id: I2879f0c5f5af60c7e56f8f743ebd2872e552286b
Reinitializing system properties can result in crashes later in the
program, and is generally not recommended or even supported. This
change moves the actual logic for system properties into a class that
can be tested in isolation, without reinitializing the actual system
property area used in libc.
Bug: 62197783
Test: boot devices, ensure properties work
Test: system property unit tests and benchmarks
Change-Id: I9ae6e1b56c62f51a4d3fdb5b62b8926cef545649
...and fix the bugs.
Also explain why we can't support separate input and output speeds
without an ABI change. Luckily no-one is likely to need that anyway,
and they can always work around it by using `struct termios2` directly
themselves.
Bug: http://b/69816452
Test: ran tests
Change-Id: Ie08499a198bb6a20d7e5e2f5ff74a60bd53e97e1
And fix one thing that this found: apparently <stdlib.h> should also
make the various *WAIT* macros available.
Bug: N/A
Test: builds
Change-Id: Id879bf3c1bddd1170261a809e7280150a74d6b3d
Trivial tests for <alloca.h> and <byteswap.h>, plus slightly improved
test coverage for <inttypes.h> and <stdlib.h>.
Bug: N/A
Test: ran tests
Change-Id: Idac4141ffc760c4f7756332477ce5112950d61a5
Signed-off-by: Aleksandra Tsvetkova <aleksandra.tsvetkova@intel.com>
Use posix_spawn rather than popen, to remove a surprising extra shell.
Bug: http://b/68949647
Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests --gtest_filter=stdio.swprintf_1$ju_UINTMAX_MAX
Change-Id: Id90afab04ee799932de9f5ca7e580e61ecfde7a4
Following up on comments from I40c66ff9e638b306878ada006bc2c98f2346e77a.
My best attempt at a name that conveys "a test that fails to compile in
N different ways with FORTIFY enabled, and is intended to be used with
either FileCheck, or as a cheap way to check that FORTIFY is getting
properly disabled given some set of flags."
Bug: None
Test: mma.
Change-Id: I6d62875bd1cabc5d01b10ae0f03accd5ee5c8c0a
Having FORTIFY enabled for clang-tidy adds no value, and breaks some
heuristics for recognizing standard library functions (see the bug).
This also disables FORTIFY for the static analyzer (which we use
through clang-tidy), because it presumably tries to recognize standard
library functions through similar heuristics.
Bug: 36664104
Test: mma with and without the patch to cdefs. New test breaks without.
Change-Id: I40c66ff9e638b306878ada006bc2c98f2346e77a
Adds a necessary library, and disables the glibc host tests when
building for bionic host.
Bug: 31559095
Test: mmma bionic
Change-Id: Ie825db59a21bf8e9b4dbdadc63ff14bf8da23087
The tests that use LD_CONFIG_FILE environment variable shouldn't be run
on non-production devices because LD_CONFIG_FILE is only for debuggable
builds. We have used the build-time flag USE_LD_CONFIG_FILE, which is
set for the debuggable builds, to conditionally include or exclude the
tests. However, this can be a problem when 1) the device is not
debuggable but 2) the CTS itself is built with debuggable target. So,
instead of relying on the build-time flag USE_LD_CONFIG_FILE, the tests
now check the debuggability of the device and skip the tests when it
isn't debuggable.
Bug: 65842135
Test: 1) flash user build image to a 2017 pixel device.
2) build cts with 'userdebug' build target
3) CtsBionicTestCases pass on the device
(cherrypick of 5e3d44100be32fd5efffd0c309bd90c04cc9620c.)
Change-Id: Ib88e3b26d093e5479d52cd87db47dee5e108cac2
iOS 10 has <sys/random.h> with getentropy, glibc >= 2.25 has
<sys/random.h> with getentropy and getrandom. (glibc also pollutes
<unistd.h>, but that seems like a bad idea.)
Also, all supported devices now have kernels with the getrandom system
call.
We've had these available internally for a while, but it seems like the
time is ripe to expose them.
Bug: http://b/67014255
Test: ran tests
Change-Id: I76dde1e3a2d0bc82777eea437ac193f96964f138
libdl is part of system_shared_libs now. -ldl -lpthread -lm are now defaults
for host_ldlibs on Linux and Darwin. -lrt is a default for host_ldlibs on
Linux.
Test: m host
Test: mmma bionic
Change-Id: I966e2f88c24fba5e412bee6b6382045a2026a8e4
This is the FreeBSD implementation, plus some tests. The FreeBSD
implementation includes the GNU extensions and seems to be what
iOS is using too, which should provide bug compatibility for app
developers.
The code unfortunately uses a lot of stack, and uses FreeBSD locale
implementation that we don't have, but it does seem better maintained
than the other BSDs.
Bug: http://b/29251134
Test: ran tests
Change-Id: Ie477b45e42a6df1319b25712098519d2b33adf67
We can cut a lot of stuff out of the NDK's libandroid_support with this,
and reduce unnecessary relocations for all LP32 code. LP64 code should
be unaffected.
Bug: https://issuetracker.google.com/64450768
Bug: https://github.com/android-ndk/ndk/issues/507
Test: ran tests, plus manual readelf on the _test.o files
Change-Id: I3de6015921195304ea9c829ef31665cd34664066
clang is the default compiler since Android nougat
Test: mma & verified it´s still build with clang
Change-Id: Id8b5361d18c1b2febb2dc6cc44502feaa08f605c
Signed-off-by: Lennart Wieboldt <lennart.1997@gmx.de>
