commit c48bdc4336bd250cae5b2f86ba586dfa02d75948
author Dimitry Ivanov <dimitry@google.com> Mon May 08 22:24:24 2017 -0700
committer Dimitry Ivanov <dimitry@google.com> Mon May 08 22:44:07 2017 -0700
tree 950a970145c83b7073462303b1f793d1d8e24996
parent dcb30ba83951e7966d21c89377fbe88348191fc6

Explicitly enable greylist for classloader-namespaces

The linker no longer enables greylist by default, it
needs to be explicitly enabled by specifying corresponding
flag.

Bug: https://issuetracker.google.com/38146125
Test: builds
Change-Id: Ib593f2d9a35dbadffb436f5fbc9a2a7a8f64ada0

libnativeloader/include/nativeloader/dlext_namespaces.h

diff --git a/libnativeloader/include/nativeloader/dlext_namespaces.h b/libnativeloader/include/nativeloader/dlext_namespaces.h
index ac64f71..9121277 100644
--- a/libnativeloader/include/nativeloader/dlext_namespaces.h
+++ b/libnativeloader/include/nativeloader/dlext_namespaces.h
@@ -55,6 +55,12 @@
    * permitted_path from the caller's namespace.
    */
   ANDROID_NAMESPACE_TYPE_SHARED = 2,
+
+  /* This flag instructs linker to enable grey-list workaround for the namespace.
+   * See http://b/26394120 for details.
+   */
+  ANDROID_NAMESPACE_TYPE_GREYLIST_ENABLED = 0x08000000,
+
   ANDROID_NAMESPACE_TYPE_SHARED_ISOLATED = ANDROID_NAMESPACE_TYPE_SHARED |
                                            ANDROID_NAMESPACE_TYPE_ISOLATED,
 };

libnativeloader/native_loader.cpp

diff --git a/libnativeloader/native_loader.cpp b/libnativeloader/native_loader.cpp
index ebd6d4b..100c31d 100644
--- a/libnativeloader/native_loader.cpp
+++ b/libnativeloader/native_loader.cpp
@@ -99,6 +99,7 @@
   LibraryNamespaces() : initialized_(false) { }
 
   bool Create(JNIEnv* env,
+              uint32_t target_sdk_version,
               jobject class_loader,
               bool is_shared,
               jstring java_library_path,
@@ -141,6 +142,10 @@
       namespace_type |= ANDROID_NAMESPACE_TYPE_SHARED;
     }
 
+    if (target_sdk_version < 24) {
+      namespace_type |= ANDROID_NAMESPACE_TYPE_GREYLIST_ENABLED;
+    }
+
     NativeLoaderNamespace parent_ns;
     bool found_parent_namespace = FindParentNamespaceByClassLoader(env, class_loader, &parent_ns);
 
@@ -397,12 +402,12 @@
                                    jstring library_path,
                                    jstring permitted_path) {
 #if defined(__ANDROID__)
-  UNUSED(target_sdk_version);
   std::lock_guard<std::mutex> guard(g_namespaces_mutex);
 
   std::string error_msg;
   NativeLoaderNamespace ns;
   bool success = g_namespaces->Create(env,
+                                      target_sdk_version,
                                       class_loader,
                                       is_shared,
                                       library_path,
@@ -439,7 +444,14 @@
   if (!g_namespaces->FindNamespaceByClassLoader(env, class_loader, &ns)) {
     // This is the case where the classloader was not created by ApplicationLoaders
     // In this case we create an isolated not-shared namespace for it.
-    if (!g_namespaces->Create(env, class_loader, false, library_path, nullptr, &ns, error_msg)) {
+    if (!g_namespaces->Create(env,
+                              target_sdk_version,
+                              class_loader,
+                              false,
+                              library_path,
+                              nullptr,
+                              &ns,
+                              error_msg)) {
       return nullptr;
     }
   }