From cb9df4f63e616498048bdf278be38f7d4157c80e Mon Sep 17 00:00:00 2001 From: Martin Stjernholm Date: Wed, 2 Oct 2019 20:47:12 +0100 Subject: [PATCH] Ensure all namespaces have links to /system/lib(64) for the sanitizer libs. Every namespace that have links to Bionic should also link to SANITIZER_RUNTIME_LIBRARIES, without exception. Hence a common function ctx.AddStandardSystemLinks is added to handle it. Also remove links to the runtime namespace, since all sanitizer libs, including the hwasan one, now should be loaded from /system/lib(64). Test: atest system/linkerconfig/ Test: m linkerconfig && \ out/host/linux-x86/bin/linkerconfig --root out/target/product/taimen --vndk R before and after change, check that the diffs are expected: http://gpaste/4942871205511168 Bug: 140790209 Change-Id: Ib5315b59c22703da295a5ef6d556c0a945f872af --- Android.bp | 3 +- contents/common/system_links.cc | 47 +++++++++++++++++++++++++++++++ contents/context/context.cc | 6 +++- contents/include/linkerconfig/common.h | 34 ++++++++++++++++++++++ contents/include/linkerconfig/context.h | 7 ++++- contents/namespace/art.cc | 2 +- contents/namespace/conscrypt.cc | 9 +----- contents/namespace/media.cc | 39 +++++++++---------------- contents/namespace/neuralnetworks.cc | 8 ++---- contents/namespace/resolv.cc | 15 +++++----- contents/namespace/rs.cc | 5 ++-- contents/namespace/sphal.cc | 3 +- contents/namespace/system.cc | 5 ++-- contents/namespace/systemdefault.cc | 1 - contents/namespace/unrestricteddefault.cc | 3 +- contents/namespace/vendordefault.cc | 4 +-- contents/namespace/vndk.cc | 4 +-- contents/namespace/vndkinsystem.cc | 4 +-- contents/section/legacy.cc | 5 +++- contents/section/system.cc | 5 +++- contents/section/unrestricted.cc | 5 +++- contents/section/vendor.cc | 5 +++- modules/include/linkerconfig/section.h | 8 ++++-- 23 files changed, 150 insertions(+), 77 deletions(-) create mode 100644 contents/common/system_links.cc create mode 100644 contents/include/linkerconfig/common.h diff --git a/Android.bp b/Android.bp index 3e62e89..d7ef173 100644 --- a/Android.bp +++ b/Android.bp @@ -59,6 +59,7 @@ cc_library_static { "contents/section/*.cc", "contents/configuration/*.cc", "contents/context/*.cc", + "contents/common/*.cc", ], } @@ -142,4 +143,4 @@ cc_test { "linkerconfig_modules", "linkerconfig_contents", ], -} \ No newline at end of file +} diff --git a/contents/common/system_links.cc b/contents/common/system_links.cc new file mode 100644 index 0000000..c98fbb7 --- /dev/null +++ b/contents/common/system_links.cc @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "linkerconfig/common.h" + +#include + +#include "linkerconfig/context.h" +#include "linkerconfig/section.h" + +namespace android { +namespace linkerconfig { +namespace contents { + +using android::linkerconfig::modules::Namespace; +using android::linkerconfig::modules::Section; + +void AddStandardSystemLinks(const Context& ctx, Section* section) { + std::string system_ns_name = ctx.GetSystemNamespaceName(); + Namespace* system_ns = section->GetNamespace(system_ns_name); + for (Namespace& ns : section->GetNamespaces()) { + if (&ns != system_ns) { + ns.GetLink(system_ns_name) + .AddSharedLib({"libc.so", + "libm.so", + "libdl.so", + "@{SANITIZER_RUNTIME_LIBRARIES}"}); + } + } +} + +} // namespace contents +} // namespace linkerconfig +} // namespace android diff --git a/contents/context/context.cc b/contents/context/context.cc index d8e54b8..da7f719 100644 --- a/contents/context/context.cc +++ b/contents/context/context.cc @@ -30,6 +30,10 @@ bool Context::IsVendorSection() const { void Context::SetCurrentSection(SectionType section_type) { current_section = section_type; } + +std::string Context::GetSystemNamespaceName() const { + return IsVendorSection() ? "system" : "default"; +} } // namespace contents } // namespace linkerconfig -} // namespace android \ No newline at end of file +} // namespace android diff --git a/contents/include/linkerconfig/common.h b/contents/include/linkerconfig/common.h new file mode 100644 index 0000000..9c75d19 --- /dev/null +++ b/contents/include/linkerconfig/common.h @@ -0,0 +1,34 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#pragma once + +#include "linkerconfig/context.h" +#include "linkerconfig/section.h" + +namespace android { +namespace linkerconfig { +namespace contents { + +using android::linkerconfig::modules::Section; + +// Adds links from all namespaces in the given section to the namespace for +// /system/${LIB} for standard libraries like Bionic (libc.so, libm.so, +// libdl.so) and applicable libclang_rt.*. +void AddStandardSystemLinks(const Context& ctx, Section* section); + +} // namespace contents +} // namespace linkerconfig +} // namespace android diff --git a/contents/include/linkerconfig/context.h b/contents/include/linkerconfig/context.h index f6c17e8..0460870 100644 --- a/contents/include/linkerconfig/context.h +++ b/contents/include/linkerconfig/context.h @@ -15,6 +15,8 @@ */ #pragma once +#include + namespace android { namespace linkerconfig { namespace contents { @@ -34,9 +36,12 @@ class Context { void SetCurrentSection(SectionType value); + // Returns the namespace that covers /system/${LIB}. + std::string GetSystemNamespaceName() const; + private: SectionType current_section; }; } // namespace contents } // namespace linkerconfig -} // namespace android \ No newline at end of file +} // namespace android diff --git a/contents/namespace/art.cc b/contents/namespace/art.cc index d2f60c3..559ac0c 100644 --- a/contents/namespace/art.cc +++ b/contents/namespace/art.cc @@ -37,7 +37,7 @@ Namespace BuildArtNamespace([[maybe_unused]] const Context& ctx) { // /system/framework and /data. // TODO(b/130340935): Use a dynamically created linker namespace similar to // classloader-namespace for oat files, and tighten this up. - ns.GetLink(ctx.IsVendorSection() ? "system" : "default").AllowAllSharedLibs(); + ns.GetLink(ctx.GetSystemNamespaceName()).AllowAllSharedLibs(); ns.GetLink("neuralnetworks").AddSharedLib("libneuralnetworks.so"); diff --git a/contents/namespace/conscrypt.cc b/contents/namespace/conscrypt.cc index 61d6c14..c28a1f0 100644 --- a/contents/namespace/conscrypt.cc +++ b/contents/namespace/conscrypt.cc @@ -22,13 +22,6 @@ using android::linkerconfig::modules::AsanPath; using android::linkerconfig::modules::Namespace; -namespace { -const std::vector kLibsFromDefault = {"libc.so", - "libm.so", - "libdl.so", - "liblog.so"}; -} // namespace - namespace android { namespace linkerconfig { namespace contents { @@ -38,7 +31,7 @@ Namespace BuildConscryptNamespace([[maybe_unused]] const Context& ctx) { ns.AddSearchPath("/apex/com.android.conscrypt/${LIB}", AsanPath::SAME_PATH); ns.GetLink("art").AddSharedLib("libandroidio.so"); - ns.GetLink("default").AddSharedLib(kLibsFromDefault); + ns.GetLink(ctx.GetSystemNamespaceName()).AddSharedLib("liblog.so"); return ns; } diff --git a/contents/namespace/media.cc b/contents/namespace/media.cc index 2f90493..afecca2 100644 --- a/contents/namespace/media.cc +++ b/contents/namespace/media.cc @@ -26,28 +26,17 @@ using android::linkerconfig::modules::Link; using android::linkerconfig::modules::Namespace; namespace { -const std::vector kLibsFromDefaultLegacy = { - "libandroid.so", - "libbinder_ndk.so", - "libc.so", - "libcgrouprc.so", - "libdl.so", - "liblog.so", - "libmediametrics.so", - "libmediandk.so", - "libm.so", - "libvndksupport.so", - "libclang_rt.asan-aarch64-android.so", - "libclang_rt.asan-arm-android.so", - "libclang_rt.asan-i686-android.so", - "libclang_rt.asan-x86_64-android.so", - "libclang_rt.hwasan-aarch64-android.so"}; +const std::vector kLibsFromDefaultLegacy = {"libandroid.so", + "libbinder_ndk.so", + "libcgrouprc.so", + "liblog.so", + "libmediametrics.so", + "libmediandk.so", + "libvndksupport.so"}; -const std::vector kLibsFromDefault = { - "@{LLNDK_LIBRARIES}", - "libbinder_ndk.so", - "libmediametrics.so", - "@{SANITIZER_RUNTIME_LIBRARIES}"}; +const std::vector kLibsFromDefault = {"@{LLNDK_LIBRARIES}", + "libbinder_ndk.so", + "libmediametrics.so"}; const std::vector kLibsFromDefaultSystem = {"libcgrouprc.so"}; } // namespace @@ -64,13 +53,13 @@ Namespace BuildMediaNamespace([[maybe_unused]] const Context& ctx) { ns.AddPermittedPath("/apex/com.android.media/${LIB}/extractors", AsanPath::SAME_PATH); - Link& link_to_default = ns.GetLink("default"); + Link& system_link = ns.GetLink(ctx.GetSystemNamespaceName()); if (is_legacy) { - link_to_default.AddSharedLib(kLibsFromDefaultLegacy); + system_link.AddSharedLib(kLibsFromDefaultLegacy); } else { - link_to_default.AddSharedLib(kLibsFromDefault); + system_link.AddSharedLib(kLibsFromDefault); if (is_system_section) { - link_to_default.AddSharedLib(kLibsFromDefaultSystem); + system_link.AddSharedLib(kLibsFromDefaultSystem); } } diff --git a/contents/namespace/neuralnetworks.cc b/contents/namespace/neuralnetworks.cc index c11e224..49add82 100644 --- a/contents/namespace/neuralnetworks.cc +++ b/contents/namespace/neuralnetworks.cc @@ -29,13 +29,9 @@ Namespace BuildNeuralNetworksNamespace([[maybe_unused]] const Context& ctx) { ns.AddSearchPath("/apex/com.android.neuralnetworks/${LIB}", AsanPath::SAME_PATH); - std::string link_target = ctx.IsVendorSection() ? "system" : "default"; - ns.GetLink(link_target) - .AddSharedLib({"libc.so", - "libcgrouprc.so", - "libdl.so", + ns.GetLink(ctx.GetSystemNamespaceName()) + .AddSharedLib({"libcgrouprc.so", "liblog.so", - "libm.so", "libnativewindow.so", "libneuralnetworks_packageinfo.so", "libsync.so", diff --git a/contents/namespace/resolv.cc b/contents/namespace/resolv.cc index 623069e..1a279ed 100644 --- a/contents/namespace/resolv.cc +++ b/contents/namespace/resolv.cc @@ -23,16 +23,14 @@ using android::linkerconfig::modules::AsanPath; using android::linkerconfig::modules::Namespace; namespace { -const std::vector kLibsFromDefault = {"libc.so", - "libcgrouprc.so", - "libm.so", - "libdl.so", +const std::vector kLibsFromDefault = {"libcgrouprc.so", "libbinder_ndk.so", "liblog.so", "libvndksupport.so"}; -const std::vector kLibsFromUnrestrictedDefault = - {"libc.so", "libm.so", "libdl.so", "libbinder_ndk.so", "liblog.so"}; +const std::vector kLibsFromUnrestrictedDefault = { + "libbinder_ndk.so", + "liblog.so"}; } // namespace namespace android { @@ -41,8 +39,9 @@ namespace contents { Namespace BuildResolvNamespace([[maybe_unused]] const Context& ctx) { Namespace ns("resolv", /*is_isolated=*/true, /*is_visible=*/true); ns.AddSearchPath("/apex/com.android.resolv/${LIB}", AsanPath::SAME_PATH); - ns.GetLink("default").AddSharedLib( - ctx.IsSystemSection() ? kLibsFromDefault : kLibsFromUnrestrictedDefault); + ns.GetLink(ctx.GetSystemNamespaceName()) + .AddSharedLib(ctx.IsSystemSection() ? kLibsFromDefault + : kLibsFromUnrestrictedDefault); return ns; } diff --git a/contents/namespace/rs.cc b/contents/namespace/rs.cc index ba11c5d..e843876 100644 --- a/contents/namespace/rs.cc +++ b/contents/namespace/rs.cc @@ -37,9 +37,8 @@ Namespace BuildRsNamespace([[maybe_unused]] const Context& ctx) { ns.AddPermittedPath("/system/vendor/${LIB}", AsanPath::NONE); ns.AddPermittedPath("/data", AsanPath::SAME_PATH); - ns.GetLink("default").AddSharedLib({"@{LLNDK_LIBRARIES}", - "@{SANITIZER_RUNTIME_LIBRARIES}", - "@{PRIVATE_LLNDK_LIBRARIES:}"}); + ns.GetLink(ctx.GetSystemNamespaceName()) + .AddSharedLib({"@{LLNDK_LIBRARIES}", "@{PRIVATE_LLNDK_LIBRARIES:}"}); ns.GetLink("neuralnetworks").AddSharedLib("libneuralnetworks.so"); return ns; diff --git a/contents/namespace/sphal.cc b/contents/namespace/sphal.cc index 5378920..7a605f9 100644 --- a/contents/namespace/sphal.cc +++ b/contents/namespace/sphal.cc @@ -33,8 +33,7 @@ Namespace BuildSphalNamespace([[maybe_unused]] const Context& ctx) { ns.AddPermittedPath("/system/vendor/${LIB}", AsanPath::NONE); ns.GetLink("rs").AddSharedLib("libRS_internal.so"); - ns.GetLink("default").AddSharedLib( - {"@{LLNDK_LIBRARIES:}", "@{SANITIZER_RUNTIME_LIBRARIES:}"}); + ns.GetLink(ctx.GetSystemNamespaceName()).AddSharedLib("@{LLNDK_LIBRARIES:}"); ns.GetLink("vndk").AddSharedLib("@{VNDK_SAMEPROCESS_LIBRARIES:}"); ns.GetLink("neuralnetworks").AddSharedLib("libneuralnetworks.so"); diff --git a/contents/namespace/system.cc b/contents/namespace/system.cc index 44b4b97..841abbb 100644 --- a/contents/namespace/system.cc +++ b/contents/namespace/system.cc @@ -30,7 +30,7 @@ Namespace BuildSystemNamespace([[maybe_unused]] const Context& ctx) { ns.GetLink("art").AddSharedLib( {"libdexfile_external.so", - "libdexfile_external.so", + "libdexfiled_external.so", "libnativebridge.so", "libnativehelper.so", "libnativeloader.so", @@ -38,8 +38,7 @@ Namespace BuildSystemNamespace([[maybe_unused]] const Context& ctx) { // TODO(b/120786417 or b/134659294): libicuuc.so // and libicui18n.so are kept for app compat. "libicui18n.so", - "libicuuc.so", - "@{SANITIZER_RUNTIME_LIBRARIES}"}); + "libicuuc.so"}); return ns; } diff --git a/contents/namespace/systemdefault.cc b/contents/namespace/systemdefault.cc index 4ad2910..2915cd4 100644 --- a/contents/namespace/systemdefault.cc +++ b/contents/namespace/systemdefault.cc @@ -41,7 +41,6 @@ const std::vector kLibsFromArt = { "libnativeloader.so", "libandroidicu.so", "libpac.so", - "@{SANITIZER_RUNTIME_LIBRARIES}", // TODO(b/120786417 or b/134659294): libicuuc.so and libicui18n.so are kept // for app compat. "libicui18n.so", diff --git a/contents/namespace/unrestricteddefault.cc b/contents/namespace/unrestricteddefault.cc index 9c7899d..11408a4 100644 --- a/contents/namespace/unrestricteddefault.cc +++ b/contents/namespace/unrestricteddefault.cc @@ -34,8 +34,7 @@ const std::vector kLibsFromArt = { // TODO(b/120786417 or b/134659294): libicuuc.so and libicui18n.so are kept // for app compat. "libicui18n.so", - "libicuuc.so", - "@{SANITIZER_RUNTIME_LIBRARIES}"}; + "libicuuc.so"}; } // namespace namespace android { diff --git a/contents/namespace/vendordefault.cc b/contents/namespace/vendordefault.cc index 6e92ae7..9322cee 100644 --- a/contents/namespace/vendordefault.cc +++ b/contents/namespace/vendordefault.cc @@ -40,9 +40,7 @@ Namespace BuildVendorDefaultNamespace([[maybe_unused]] const Context& ctx) { ns.AddPermittedPath("/vendor", AsanPath::WITH_DATA_ASAN); ns.AddPermittedPath("/system/vendor", AsanPath::NONE); - ns.GetLink("art").AddSharedLib("@{SANITIZER_RUNTIME_LIBRARIES}"); - ns.GetLink("system").AddSharedLib( - {"@{LLNDK_LIBRARIES}", "@{SANITIZER_RUNTIME_LIBRARIES}"}); + ns.GetLink(ctx.GetSystemNamespaceName()).AddSharedLib("@{LLNDK_LIBRARIES}"); ns.GetLink("vndk").AddSharedLib( {"@{VNDK_SAMEPROCESS_LIBRARIES}", "@{VNDK_CORE_LIBRARIES}"}); if (android::linkerconfig::modules::IsVndkInSystemNamespace()) { diff --git a/contents/namespace/vndk.cc b/contents/namespace/vndk.cc index f43409e..65e7ef9 100644 --- a/contents/namespace/vndk.cc +++ b/contents/namespace/vndk.cc @@ -53,9 +53,7 @@ Namespace BuildVndkNamespace([[maybe_unused]] const Context& ctx) { AsanPath::WITH_DATA_ASAN); } - ns.GetLink(is_system_section ? "default" : "system") - .AddSharedLib({"@{LLNDK_LIBRARIES}", "@{SANITIZER_RUNTIME_LIBRARIES}"}); - ns.GetLink("art").AddSharedLib("@{SANITIZER_RUNTIME_LIBRARIES}"); + ns.GetLink(ctx.GetSystemNamespaceName()).AddSharedLib({"@{LLNDK_LIBRARIES}"}); if (is_system_section) { ns.GetLink("sphal").AllowAllSharedLibs(); diff --git a/contents/namespace/vndkinsystem.cc b/contents/namespace/vndkinsystem.cc index b8c5ae6..87beb8b 100644 --- a/contents/namespace/vndkinsystem.cc +++ b/contents/namespace/vndkinsystem.cc @@ -36,10 +36,8 @@ Namespace BuildVndkInSystemNamespace([[maybe_unused]] const Context& ctx) { ns.AddWhitelisted("@{VNDK_USING_CORE_VARIANT_LIBRARIES}"); } - ns.GetLink("system").AddSharedLib( - {"@{LLNDK_LIBRARIES}", "@{SANITIZER_RUNTIME_LIBRARIES}"}); + ns.GetLink(ctx.GetSystemNamespaceName()).AddSharedLib("@{LLNDK_LIBRARIES}"); ns.GetLink("vndk").AllowAllSharedLibs(); - ns.GetLink("art").AddSharedLib("@{SANITIZER_RUNTIME_LIBRARIES}"); ns.GetLink("neuralnetworks").AddSharedLib("libneuralnetworks.so"); return ns; diff --git a/contents/section/legacy.cc b/contents/section/legacy.cc index feb3e1c..cd448f6 100644 --- a/contents/section/legacy.cc +++ b/contents/section/legacy.cc @@ -16,6 +16,7 @@ #include "linkerconfig/sectionbuilder.h" +#include "linkerconfig/common.h" #include "linkerconfig/namespacebuilder.h" #include "linkerconfig/section.h" @@ -37,7 +38,9 @@ Section BuildLegacySection(Context& ctx) { namespaces.emplace_back(BuildResolvNamespace(ctx)); namespaces.emplace_back(BuildNeuralNetworksNamespace(ctx)); - return Section("legacy", std::move(namespaces)); + Section section("legacy", std::move(namespaces)); + AddStandardSystemLinks(ctx, §ion); + return section; } } // namespace contents } // namespace linkerconfig diff --git a/contents/section/system.cc b/contents/section/system.cc index beff0b8..da002de 100644 --- a/contents/section/system.cc +++ b/contents/section/system.cc @@ -16,6 +16,7 @@ #include "linkerconfig/sectionbuilder.h" +#include "linkerconfig/common.h" #include "linkerconfig/context.h" #include "linkerconfig/namespacebuilder.h" #include "linkerconfig/section.h" @@ -41,7 +42,9 @@ Section BuildSystemSection(Context& ctx) { namespaces.emplace_back(BuildVndkNamespace(ctx)); namespaces.emplace_back(BuildNeuralNetworksNamespace(ctx)); - return Section("system", std::move(namespaces)); + Section section("system", std::move(namespaces)); + AddStandardSystemLinks(ctx, §ion); + return section; } } // namespace contents } // namespace linkerconfig diff --git a/contents/section/unrestricted.cc b/contents/section/unrestricted.cc index 0ccf072..ae57426 100644 --- a/contents/section/unrestricted.cc +++ b/contents/section/unrestricted.cc @@ -16,6 +16,7 @@ #include "linkerconfig/sectionbuilder.h" +#include "linkerconfig/common.h" #include "linkerconfig/environment.h" #include "linkerconfig/namespacebuilder.h" #include "linkerconfig/section.h" @@ -38,7 +39,9 @@ Section BuildUnrestrictedSection(Context& ctx) { namespaces.emplace_back(BuildResolvNamespace(ctx)); namespaces.emplace_back(BuildNeuralNetworksNamespace(ctx)); - return Section("unrestricted", std::move(namespaces)); + Section section("unrestricted", std::move(namespaces)); + AddStandardSystemLinks(ctx, §ion); + return section; } } // namespace contents } // namespace linkerconfig diff --git a/contents/section/vendor.cc b/contents/section/vendor.cc index 2aafe84..0b70e22 100644 --- a/contents/section/vendor.cc +++ b/contents/section/vendor.cc @@ -16,6 +16,7 @@ #include "linkerconfig/sectionbuilder.h" +#include "linkerconfig/common.h" #include "linkerconfig/environment.h" #include "linkerconfig/namespacebuilder.h" #include "linkerconfig/section.h" @@ -41,7 +42,9 @@ Section BuildVendorSection(Context& ctx) { namespaces.emplace_back(BuildVndkInSystemNamespace(ctx)); } - return Section("vendor", std::move(namespaces)); + Section section("vendor", std::move(namespaces)); + AddStandardSystemLinks(ctx, §ion); + return section; } } // namespace contents } // namespace linkerconfig diff --git a/modules/include/linkerconfig/section.h b/modules/include/linkerconfig/section.h index 5aecbe7..0d1179f 100644 --- a/modules/include/linkerconfig/section.h +++ b/modules/include/linkerconfig/section.h @@ -40,7 +40,11 @@ class Section { std::vector GetBinaryPaths(); std::string GetName(); - // For test usage + // Use for iteration only. + std::vector& GetNamespaces() { + return namespaces_; + } + Namespace* GetNamespace(const std::string& namespace_name); private: @@ -49,4 +53,4 @@ class Section { }; } // namespace modules } // namespace linkerconfig -} // namespace android \ No newline at end of file +} // namespace android -- 2.11.0