Use isolated namespaces for app native libs
Linker namespaces provide necessary level
of isolation for application native libraries.
The native libraries will no longer be able to
mistakenly depend on platform private libraries
like /system/lib/libssl.so
This change creates one namespace for each instance
of class-loader and uses it when loading native libraries.
For backwards compatibility with older apps we keep
using default namespace and LD_LIBRARY_PATH if target
sdk version is <= 23. (currently set to 0 for testing)
Bug: http://b/22548808
Change-Id: I64e97af7450fbf7e3740ccddda96bb2f7c52e03b
diff --git a/runtime/java_vm_ext.cc b/runtime/java_vm_ext.cc
index 7cc05f7..15f5122 100644
--- a/runtime/java_vm_ext.cc
+++ b/runtime/java_vm_ext.cc
@@ -17,6 +17,7 @@
#include "jni_internal.h"
#define ATRACE_TAG ATRACE_TAG_DALVIK
+
#include <cutils/trace.h>
#include <dlfcn.h>
@@ -31,6 +32,7 @@
#include "mirror/class-inl.h"
#include "mirror/class_loader.h"
#include "nativebridge/native_bridge.h"
+#include "nativeloader/native_loader.h"
#include "java_vm_ext.h"
#include "parsed_options.h"
#include "runtime-inl.h"
@@ -715,6 +717,7 @@
}
bool JavaVMExt::LoadNativeLibrary(JNIEnv* env, const std::string& path, jobject class_loader,
+ jstring library_path, jstring permitted_path,
std::string* error_msg) {
error_msg->clear();
@@ -774,7 +777,8 @@
Locks::mutator_lock_->AssertNotHeld(self);
const char* path_str = path.empty() ? nullptr : path.c_str();
- void* handle = dlopen(path_str, RTLD_NOW);
+ void* handle = android::OpenNativeLibrary(env, runtime_->GetTargetSdkVersion(),
+ path_str, class_loader, library_path, permitted_path);
bool needs_native_bridge = false;
if (handle == nullptr) {
if (android::NativeBridgeIsSupported(path_str)) {