From e71d91e729d36dee99198a1752a945fae84e3e94 Mon Sep 17 00:00:00 2001 From: Martin Stjernholm Date: Wed, 19 Dec 2018 20:39:09 +0000 Subject: [PATCH] Revert^2 "Linker namespace configuration for the Runtime APEX." This reverts commit a0d9f2fd6c2a238c32228ebec609d36576e6c2e1. Original change: Needs to support e.g. app_process in "default" -> libnativehelper in "runtime" -> platform libs in "default" -> libc etc in "runtime". Always make sure to switch namespaces when switching library paths between /system and the APEX, so that internal library dependencies in both locations are loaded from their own directory. E.g. libc++ and libbase live in both places, and their dependents must always load the version they were compiled with. This CL also adds a temporary workaround to not break hwasan builds (b/121038155). Bug: 119867084 Bug: 113373927 Bug: 121038155 Change-Id: I58d09ed091dd82b2162c4a0b51555174d9322e0e Test: Flash and reboot device Test: Remount / read-write, then on device: rm -f system/lib{,64}/lib{c,m,dl}.so; system/bin/dex2oat -h; stop && start Test: mmma bionic/tests/ && adb root && adb shell rm -rf /data/nativetest\* && adb push out/target/product/taimen/data/nativetest* /data/ && adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests && adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests Test: cts-tradefed run commandAndExit cts-dev -m CtsJniTestCases Test: cts-tradefed run commandAndExit cts-dev -m CtsCompilationTestCases Test: cts-tradefed run commandAndExit cts-dev -m CtsBionicTestCases (8 failures remain unchanged by this CL) Test: Patch internal; lunch taimen_hwasan-userdebug && m SANITIZE_TARGET=hwaddress && vendor/google/tools/flashall -w && adb shell /vendor/bin/sh -c ls --- rootdir/etc/ld.config.txt | 101 ++++++++++++++++++++---- rootdir/etc/ld.config.vndk_lite.txt | 85 +++++++++++++++++--- rootdir/update_and_install_ld_config.mk | 2 + 3 files changed, 161 insertions(+), 27 deletions(-) diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt index e510c3c43..8f7ceba8a 100644 --- a/rootdir/etc/ld.config.txt +++ b/rootdir/etc/ld.config.txt @@ -28,7 +28,7 @@ dir.system = /data/benchmarktest64 dir.postinstall = /postinstall [system] -additional.namespaces = sphal,vndk,rs +additional.namespaces = runtime,sphal,vndk,rs ############################################################################### # "default" namespace @@ -106,6 +106,28 @@ namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/app namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/priv-app namespace.default.asan.permitted.paths += /mnt/expand +# Keep in sync with ld.config.txt in the com.android.runtime APEX. +namespace.default.links = runtime +namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so +namespace.default.link.runtime.shared_libs += libart.so:libartd.so +namespace.default.link.runtime.shared_libs += libnativebridge.so +namespace.default.link.runtime.shared_libs += libnativehelper.so +namespace.default.link.runtime.shared_libs += libnativeloader.so + +############################################################################### +# "runtime" APEX namespace +# +# This namespace exposes externally accessible libraries from the Runtime APEX. +############################################################################### +namespace.runtime.isolated = true + +# Keep in sync with ld.config.txt in the com.android.runtime APEX. +namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} +namespace.runtime.links = default +# TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library +# when it exists. +namespace.runtime.link.default.allow_all_shared_libs = true + ############################################################################### # "sphal" namespace # @@ -140,8 +162,12 @@ namespace.sphal.asan.permitted.paths += /vendor/${LIB} # Once in this namespace, access to libraries in /system/lib is restricted. Only # libs listed here can be used. -namespace.sphal.links = default,vndk,rs +namespace.sphal.links = runtime,default,vndk,rs +namespace.sphal.link.runtime.shared_libs = libc.so:libdl.so:libm.so + +# LLNDK_LIBRARIES includes the runtime libs above, but the order here ensures +# that they are loaded from the runtime namespace. namespace.sphal.link.default.shared_libs = %LLNDK_LIBRARIES% namespace.sphal.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% @@ -188,9 +214,11 @@ namespace.rs.asan.permitted.paths += /data/asan/vendor/${LIB} namespace.rs.asan.permitted.paths += /vendor/${LIB} namespace.rs.asan.permitted.paths += /data -namespace.rs.links = default,vndk +namespace.rs.links = runtime,default,vndk -namespace.rs.link.default.shared_libs = %LLNDK_LIBRARIES% +namespace.rs.link.runtime.shared_libs = libc.so:libdl.so:libm.so + +namespace.rs.link.default.shared_libs = %LLNDK_LIBRARIES% namespace.rs.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # Private LLNDK libs (e.g. libft2.so) are exceptionally allowed to this # namespace because RS framework libs are using them. @@ -236,10 +264,13 @@ namespace.vndk.asan.permitted.paths += /vendor/${LIB}/egl namespace.vndk.asan.permitted.paths += /data/asan/system/${LIB}/vndk-sp%VNDK_VER%/hw namespace.vndk.asan.permitted.paths += /system/${LIB}/vndk-sp%VNDK_VER%/hw -# The "vndk" namespace links to "default" namespace for LLNDK libs and links to -# "sphal" namespace for vendor libs. The ordering matters. The "default" -# namespace has higher priority than the "sphal" namespace. -namespace.vndk.links = default,sphal +# The "vndk" namespace links to "runtime" for Bionic libs, "default" namespace +# for LLNDK libs, and links to "sphal" namespace for vendor libs. The ordering +# matters. The "default" namespace has higher priority than the "sphal" +# namespace. +namespace.vndk.links = runtime,default,sphal + +namespace.vndk.link.runtime.shared_libs = libc.so:libdl.so:libm.so # When these NDK libs are required inside this namespace, then it is redirected # to the default namespace. This is possible since their ABI is stable across @@ -250,6 +281,7 @@ namespace.vndk.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # Allow VNDK-SP extensions to use vendor libraries namespace.vndk.link.sphal.allow_all_shared_libs = true + ############################################################################### # Namespace config for vendor processes. In O, no restriction is enforced for # them. However, in O-MR1, access to /system/${LIB} will not be allowed to @@ -257,7 +289,7 @@ namespace.vndk.link.sphal.allow_all_shared_libs = true # (LL-NDK only) access. ############################################################################### [vendor] -additional.namespaces = system,vndk +additional.namespaces = runtime,system,vndk ############################################################################### # "default" namespace @@ -288,11 +320,25 @@ namespace.default.asan.permitted.paths += /odm namespace.default.asan.permitted.paths += /data/asan/vendor namespace.default.asan.permitted.paths += /vendor -namespace.default.links = system,vndk +namespace.default.links = runtime,system,vndk +namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so namespace.default.link.system.shared_libs = %LLNDK_LIBRARIES% namespace.default.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES% namespace.default.link.vndk.shared_libs += %VNDK_CORE_LIBRARIES% +############################################################################### +# "runtime" APEX namespace +# +# This namespace pulls in externally accessible libs from the Runtime APEX. +############################################################################### +namespace.runtime.isolated = true +namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} +namespace.runtime.links = system,default +namespace.runtime.link.system.shared_libs = %LLNDK_LIBRARIES% +namespace.runtime.link.system.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% +# TODO(b/119867084): Restrict to Bionic dlopen dependencies. +namespace.runtime.link.default.allow_all_shared_libs = true + ############################################################################### # "vndk" namespace # @@ -324,7 +370,10 @@ namespace.vndk.asan.search.paths += /system/${LIB}/vndk%VNDK_VER% # When these NDK libs are required inside this namespace, then it is redirected # to the system namespace. This is possible since their ABI is stable across # Android releases. -namespace.vndk.links = system,default +namespace.vndk.links = runtime,system,default + +namespace.vndk.link.runtime.shared_libs = libc.so:libdl.so:libm.so + namespace.vndk.link.system.shared_libs = %LLNDK_LIBRARIES% namespace.vndk.link.system.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% @@ -349,16 +398,36 @@ namespace.system.asan.search.paths += /%PRODUCT%/${LIB} namespace.system.asan.search.paths += /data/asan/product_services/${LIB} namespace.system.asan.search.paths += /%PRODUCT_SERVICES%/${LIB} +namespace.system.links = runtime +namespace.system.link.runtime.shared_libs = libc.so:libdl.so:libm.so + + ############################################################################### # Namespace config for binaries under /postinstall. -# Only one default namespace is defined and it has no directories other than -# /system/lib in the search paths. This is because linker calls realpath on the -# search paths and this causes selinux denial if the paths (/vendor, /odm) are -# not allowed to the poinstall binaries. There is no reason to allow the -# binaries to access the paths. +# Only default and runtime namespaces are defined and default has no directories +# other than /system/lib in the search paths. This is because linker calls +# realpath on the search paths and this causes selinux denial if the paths +# (/vendor, /odm) are not allowed to the postinstall binaries. There is no +# reason to allow the binaries to access the paths. ############################################################################### [postinstall] +additional.namespaces = runtime + namespace.default.isolated = false namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /%PRODUCT%/${LIB} namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB} + +namespace.default.links = runtime +namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so + +############################################################################### +# "runtime" APEX namespace +# +# This namespace pulls in externally accessible libs from the Runtime APEX. +############################################################################### +namespace.runtime.isolated = true +namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} +namespace.runtime.links = default +# TODO(b/119867084): Restrict to Bionic dlopen dependencies. +namespace.runtime.link.default.allow_all_shared_libs = true diff --git a/rootdir/etc/ld.config.vndk_lite.txt b/rootdir/etc/ld.config.vndk_lite.txt index 7e354aca6..7ca45ff99 100644 --- a/rootdir/etc/ld.config.vndk_lite.txt +++ b/rootdir/etc/ld.config.vndk_lite.txt @@ -28,7 +28,7 @@ dir.system = /data/benchmarktest64 dir.postinstall = /postinstall [system] -additional.namespaces = sphal,vndk,rs +additional.namespaces = runtime,sphal,vndk,rs ############################################################################### # "default" namespace @@ -55,6 +55,27 @@ namespace.default.asan.search.paths += /%PRODUCT%/${LIB} namespace.default.asan.search.paths += /data/asan/product_services/${LIB} namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB} +# Keep in sync with ld.config.txt in the com.android.runtime APEX. +namespace.default.links = runtime +namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so +namespace.default.link.runtime.shared_libs += libart.so:libartd.so +namespace.default.link.runtime.shared_libs += libnativehelper.so +namespace.default.link.runtime.shared_libs += libnativeloader.so + +############################################################################### +# "runtime" APEX namespace +# +# This namespace pulls in externally accessible libs from the Runtime APEX. +############################################################################### +namespace.runtime.isolated = true + +# Keep in sync with ld.config.txt in the com.android.runtime APEX. +namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} +namespace.runtime.links = default +# TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library +# when it exists. +namespace.runtime.link.default.allow_all_shared_libs = true + ############################################################################### # "sphal" namespace # @@ -89,8 +110,12 @@ namespace.sphal.asan.permitted.paths += /vendor/${LIB} # Once in this namespace, access to libraries in /system/lib is restricted. Only # libs listed here can be used. -namespace.sphal.links = default,vndk,rs +namespace.sphal.links = runtime,default,vndk,rs +namespace.sphal.link.runtime.shared_libs = libc.so:libdl.so:libm.so + +# LLNDK_LIBRARIES includes the runtime libs above, but the order here ensures +# that they are loaded from the runtime namespace. namespace.sphal.link.default.shared_libs = %LLNDK_LIBRARIES% namespace.sphal.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% @@ -137,9 +162,11 @@ namespace.rs.asan.permitted.paths += /data/asan/vendor/${LIB} namespace.rs.asan.permitted.paths += /vendor/${LIB} namespace.rs.asan.permitted.paths += /data -namespace.rs.links = default,vndk +namespace.rs.links = runtime,default,vndk -namespace.rs.link.default.shared_libs = %LLNDK_LIBRARIES% +namespace.rs.link.runtime.shared_libs = libc.so:libdl.so:libm.so + +namespace.rs.link.default.shared_libs = %LLNDK_LIBRARIES% namespace.rs.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # Private LLNDK libs (e.g. libft2.so) are exceptionally allowed to this # namespace because RS framework libs are using them. @@ -188,10 +215,14 @@ namespace.vndk.asan.permitted.paths += /system/${LIB}/vndk-sp%VNDK_VER # When these NDK libs are required inside this namespace, then it is redirected # to the default namespace. This is possible since their ABI is stable across # Android releases. -namespace.vndk.links = default +namespace.vndk.links = runtime,default + +namespace.vndk.link.runtime.shared_libs = libc.so:libdl.so:libm.so + namespace.vndk.link.default.shared_libs = %LLNDK_LIBRARIES% namespace.vndk.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% + ############################################################################### # Namespace config for vendor processes. In O, no restriction is enforced for # them. However, in O-MR1, access to /system/${LIB} will not be allowed to @@ -199,6 +230,7 @@ namespace.vndk.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # (LL-NDK only) access. ############################################################################### [vendor] +additional.namespaces = runtime namespace.default.isolated = false namespace.default.search.paths = /odm/${LIB} @@ -208,7 +240,7 @@ namespace.default.search.paths += /vendor/${LIB} namespace.default.search.paths += /vendor/${LIB}/vndk namespace.default.search.paths += /vendor/${LIB}/vndk-sp -# Access to system libraries are allowed +# Access to system libraries is allowed namespace.default.search.paths += /system/${LIB}/vndk%VNDK_VER% namespace.default.search.paths += /system/${LIB}/vndk-sp%VNDK_VER% namespace.default.search.paths += /system/${LIB} @@ -238,16 +270,47 @@ namespace.default.asan.search.paths += /%PRODUCT%/${LIB} namespace.default.asan.search.paths += /data/asan/product_services/${LIB} namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB} +namespace.default.links = runtime +namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so + +############################################################################### +# "runtime" APEX namespace +# +# This namespace pulls in externally accessible libs from the Runtime APEX. +############################################################################### +namespace.runtime.isolated = true +namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} +namespace.runtime.links = default +# TODO(b/119867084): Restrict to Bionic dlopen dependencies. +namespace.runtime.link.default.allow_all_shared_libs = true + + ############################################################################### # Namespace config for binaries under /postinstall. -# Only one default namespace is defined and it has no directories other than -# /system/lib in the search paths. This is because linker calls realpath on the -# search paths and this causes selinux denial if the paths (/vendor, /odm) are -# not allowed to the poinstall binaries. There is no reason to allow the -# binaries to access the paths. +# Only default and runtime namespaces are defined and default has no directories +# other than /system/lib in the search paths. This is because linker calls +# realpath on the search paths and this causes selinux denial if the paths +# (/vendor, /odm) are not allowed to the postinstall binaries. There is no +# reason to allow the binaries to access the paths. ############################################################################### [postinstall] +additional.namespaces = runtime + namespace.default.isolated = false namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /%PRODUCT%/${LIB} namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB} + +namespace.default.links = runtime +namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so + +############################################################################### +# "runtime" APEX namespace +# +# This namespace pulls in externally accessible libs from the Runtime APEX. +############################################################################### +namespace.runtime.isolated = true +namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} +namespace.runtime.links = default +# TODO(b/119867084): Restrict to Bionic dlopen dependencies. +namespace.runtime.link.default.allow_all_shared_libs = true diff --git a/rootdir/update_and_install_ld_config.mk b/rootdir/update_and_install_ld_config.mk index 56a30b271..79bed7b5a 100644 --- a/rootdir/update_and_install_ld_config.mk +++ b/rootdir/update_and_install_ld_config.mk @@ -38,9 +38,11 @@ vndkprivate_libraries_file := $(library_lists_dir)/vndkprivate.libraries.txt sanitizer_runtime_libraries := $(call normalize-path-list,$(addsuffix .so,\ $(ADDRESS_SANITIZER_RUNTIME_LIBRARY) \ + $(HWADDRESS_SANITIZER_RUNTIME_LIBRARY) \ $(UBSAN_RUNTIME_LIBRARY) \ $(TSAN_RUNTIME_LIBRARY) \ $(2ND_ADDRESS_SANITIZER_RUNTIME_LIBRARY) \ + $(2ND_HWADDRESS_SANITIZER_RUNTIME_LIBRARY) \ $(2ND_UBSAN_RUNTIME_LIBRARY) \ $(2ND_TSAN_RUNTIME_LIBRARY))) # If BOARD_VNDK_VERSION is not defined, VNDK version suffix will not be used.