1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <android/api-level.h>
30 #include <errno.h>
31 #include <fcntl.h>
32 #include <inttypes.h>
33 #include <pthread.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <sys/mman.h>
38 #include <sys/param.h>
39 #include <sys/vfs.h>
40 #include <unistd.h>
41
42 #include <new>
43 #include <string>
44 #include <unordered_map>
45 #include <vector>
46
47 #include <android-base/properties.h>
48 #include <android-base/scopeguard.h>
49 #include <async_safe/log.h>
50 #include <bionic/pthread_internal.h>
51
52 // Private C library headers.
53
54 #include "linker.h"
55 #include "linker_block_allocator.h"
56 #include "linker_cfi.h"
57 #include "linker_config.h"
58 #include "linker_gdb_support.h"
59 #include "linker_globals.h"
60 #include "linker_debug.h"
61 #include "linker_dlwarning.h"
62 #include "linker_main.h"
63 #include "linker_namespaces.h"
64 #include "linker_sleb128.h"
65 #include "linker_phdr.h"
66 #include "linker_relocate.h"
67 #include "linker_tls.h"
68 #include "linker_translate_path.h"
69 #include "linker_utils.h"
70
71 #include "private/bionic_call_ifunc_resolver.h"
72 #include "private/bionic_globals.h"
73 #include "android-base/macros.h"
74 #include "android-base/strings.h"
75 #include "android-base/stringprintf.h"
76 #include "ziparchive/zip_archive.h"
77
78 static std::unordered_map<void*, size_t> g_dso_handle_counters;
79
80 static bool g_anonymous_namespace_set = false;
81 static android_namespace_t* g_anonymous_namespace = &g_default_namespace;
82 static std::unordered_map<std::string, android_namespace_t*> g_exported_namespaces;
83
84 static LinkerTypeAllocator<soinfo> g_soinfo_allocator;
85 static LinkerTypeAllocator<LinkedListEntry<soinfo>> g_soinfo_links_allocator;
86
87 static LinkerTypeAllocator<android_namespace_t> g_namespace_allocator;
88 static LinkerTypeAllocator<LinkedListEntry<android_namespace_t>> g_namespace_list_allocator;
89
90 static uint64_t g_module_load_counter = 0;
91 static uint64_t g_module_unload_counter = 0;
92
93 static const char* const kLdConfigArchFilePath = "/system/etc/ld.config." ABI_STRING ".txt";
94
95 static const char* const kLdConfigFilePath = "/system/etc/ld.config.txt";
96 static const char* const kLdConfigVndkLiteFilePath = "/system/etc/ld.config.vndk_lite.txt";
97
98 static const char* const kLdGeneratedConfigFilePath = "/linkerconfig/ld.config.txt";
99
100 #if defined(__LP64__)
101 static const char* const kSystemLibDir = "/system/lib64";
102 static const char* const kOdmLibDir = "/odm/lib64";
103 static const char* const kVendorLibDir = "/vendor/lib64";
104 static const char* const kAsanSystemLibDir = "/data/asan/system/lib64";
105 static const char* const kAsanOdmLibDir = "/data/asan/odm/lib64";
106 static const char* const kAsanVendorLibDir = "/data/asan/vendor/lib64";
107 #else
108 static const char* const kSystemLibDir = "/system/lib";
109 static const char* const kOdmLibDir = "/odm/lib";
110 static const char* const kVendorLibDir = "/vendor/lib";
111 static const char* const kAsanSystemLibDir = "/data/asan/system/lib";
112 static const char* const kAsanOdmLibDir = "/data/asan/odm/lib";
113 static const char* const kAsanVendorLibDir = "/data/asan/vendor/lib";
114 #endif
115
116 static const char* const kAsanLibDirPrefix = "/data/asan";
117
118 static const char* const kDefaultLdPaths[] = {
119 kSystemLibDir,
120 kOdmLibDir,
121 kVendorLibDir,
122 nullptr
123 };
124
125 static const char* const kAsanDefaultLdPaths[] = {
126 kAsanSystemLibDir,
127 kSystemLibDir,
128 kAsanOdmLibDir,
129 kOdmLibDir,
130 kAsanVendorLibDir,
131 kVendorLibDir,
132 nullptr
133 };
134
135 // Is ASAN enabled?
136 static bool g_is_asan = false;
137
138 static CFIShadowWriter g_cfi_shadow;
139
get_cfi_shadow()140 CFIShadowWriter* get_cfi_shadow() {
141 return &g_cfi_shadow;
142 }
143
is_system_library(const std::string & realpath)144 static bool is_system_library(const std::string& realpath) {
145 for (const auto& dir : g_default_namespace.get_default_library_paths()) {
146 if (file_is_in_dir(realpath, dir)) {
147 return true;
148 }
149 }
150 return false;
151 }
152
153 // Checks if the file exists and not a directory.
file_exists(const char * path)154 static bool file_exists(const char* path) {
155 struct stat s;
156
157 if (stat(path, &s) != 0) {
158 return false;
159 }
160
161 return S_ISREG(s.st_mode);
162 }
163
resolve_soname(const std::string & name)164 static std::string resolve_soname(const std::string& name) {
165 // We assume that soname equals to basename here
166
167 // TODO(dimitry): consider having honest absolute-path -> soname resolution
168 // note that since we might end up refusing to load this library because
169 // it is not in shared libs list we need to get the soname without actually loading
170 // the library.
171 //
172 // On the other hand there are several places where we already assume that
173 // soname == basename in particular for any not-loaded library mentioned
174 // in DT_NEEDED list.
175 return basename(name.c_str());
176 }
177
maybe_accessible_via_namespace_links(android_namespace_t * ns,const char * name)178 static bool maybe_accessible_via_namespace_links(android_namespace_t* ns, const char* name) {
179 std::string soname = resolve_soname(name);
180 for (auto& ns_link : ns->linked_namespaces()) {
181 if (ns_link.is_accessible(soname.c_str())) {
182 return true;
183 }
184 }
185
186 return false;
187 }
188
189 // TODO(dimitry): The grey-list is a workaround for http://b/26394120 ---
190 // gradually remove libraries from this list until it is gone.
is_greylisted(android_namespace_t * ns,const char * name,const soinfo * needed_by)191 static bool is_greylisted(android_namespace_t* ns, const char* name, const soinfo* needed_by) {
192 static const char* const kLibraryGreyList[] = {
193 "libandroid_runtime.so",
194 "libbinder.so",
195 "libcrypto.so",
196 "libcutils.so",
197 "libexpat.so",
198 "libgui.so",
199 "libmedia.so",
200 "libnativehelper.so",
201 "libssl.so",
202 "libstagefright.so",
203 "libsqlite.so",
204 "libui.so",
205 "libutils.so",
206 nullptr
207 };
208
209 // If you're targeting N, you don't get the greylist.
210 if (g_greylist_disabled || get_application_target_sdk_version() >= 24) {
211 return false;
212 }
213
214 // if the library needed by a system library - implicitly assume it
215 // is greylisted unless it is in the list of shared libraries for one or
216 // more linked namespaces
217 if (needed_by != nullptr && is_system_library(needed_by->get_realpath())) {
218 return !maybe_accessible_via_namespace_links(ns, name);
219 }
220
221 // if this is an absolute path - make sure it points to /system/lib(64)
222 if (name[0] == '/' && dirname(name) == kSystemLibDir) {
223 // and reduce the path to basename
224 name = basename(name);
225 }
226
227 for (size_t i = 0; kLibraryGreyList[i] != nullptr; ++i) {
228 if (strcmp(name, kLibraryGreyList[i]) == 0) {
229 return true;
230 }
231 }
232
233 return false;
234 }
235 // END OF WORKAROUND
236
237 static std::vector<std::string> g_ld_preload_names;
238
notify_gdb_of_load(soinfo * info)239 static void notify_gdb_of_load(soinfo* info) {
240 if (info->is_linker() || info->is_main_executable()) {
241 // gdb already knows about the linker and the main executable.
242 return;
243 }
244
245 link_map* map = &(info->link_map_head);
246
247 map->l_addr = info->load_bias;
248 // link_map l_name field is not const.
249 map->l_name = const_cast<char*>(info->get_realpath());
250 map->l_ld = info->dynamic;
251
252 CHECK(map->l_name != nullptr);
253 CHECK(map->l_name[0] != '\0');
254
255 notify_gdb_of_load(map);
256 }
257
notify_gdb_of_unload(soinfo * info)258 static void notify_gdb_of_unload(soinfo* info) {
259 notify_gdb_of_unload(&(info->link_map_head));
260 }
261
alloc()262 LinkedListEntry<soinfo>* SoinfoListAllocator::alloc() {
263 return g_soinfo_links_allocator.alloc();
264 }
265
free(LinkedListEntry<soinfo> * entry)266 void SoinfoListAllocator::free(LinkedListEntry<soinfo>* entry) {
267 g_soinfo_links_allocator.free(entry);
268 }
269
alloc()270 LinkedListEntry<android_namespace_t>* NamespaceListAllocator::alloc() {
271 return g_namespace_list_allocator.alloc();
272 }
273
free(LinkedListEntry<android_namespace_t> * entry)274 void NamespaceListAllocator::free(LinkedListEntry<android_namespace_t>* entry) {
275 g_namespace_list_allocator.free(entry);
276 }
277
soinfo_alloc(android_namespace_t * ns,const char * name,const struct stat * file_stat,off64_t file_offset,uint32_t rtld_flags)278 soinfo* soinfo_alloc(android_namespace_t* ns, const char* name,
279 const struct stat* file_stat, off64_t file_offset,
280 uint32_t rtld_flags) {
281 if (strlen(name) >= PATH_MAX) {
282 async_safe_fatal("library name \"%s\" too long", name);
283 }
284
285 TRACE("name %s: allocating soinfo for ns=%p", name, ns);
286
287 soinfo* si = new (g_soinfo_allocator.alloc()) soinfo(ns, name, file_stat,
288 file_offset, rtld_flags);
289
290 solist_add_soinfo(si);
291
292 si->generate_handle();
293 ns->add_soinfo(si);
294
295 TRACE("name %s: allocated soinfo @ %p", name, si);
296 return si;
297 }
298
soinfo_free(soinfo * si)299 static void soinfo_free(soinfo* si) {
300 if (si == nullptr) {
301 return;
302 }
303
304 if (si->base != 0 && si->size != 0) {
305 if (!si->is_mapped_by_caller()) {
306 munmap(reinterpret_cast<void*>(si->base), si->size);
307 } else {
308 // remap the region as PROT_NONE, MAP_ANONYMOUS | MAP_NORESERVE
309 mmap(reinterpret_cast<void*>(si->base), si->size, PROT_NONE,
310 MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0);
311 }
312 }
313
314 TRACE("name %s: freeing soinfo @ %p", si->get_realpath(), si);
315
316 if (!solist_remove_soinfo(si)) {
317 async_safe_fatal("soinfo=%p is not in soinfo_list (double unload?)", si);
318 }
319
320 // clear links to/from si
321 si->remove_all_links();
322
323 si->~soinfo();
324 g_soinfo_allocator.free(si);
325 }
326
parse_path(const char * path,const char * delimiters,std::vector<std::string> * resolved_paths)327 static void parse_path(const char* path, const char* delimiters,
328 std::vector<std::string>* resolved_paths) {
329 std::vector<std::string> paths;
330 split_path(path, delimiters, &paths);
331 resolve_paths(paths, resolved_paths);
332 }
333
parse_LD_LIBRARY_PATH(const char * path)334 static void parse_LD_LIBRARY_PATH(const char* path) {
335 std::vector<std::string> ld_libary_paths;
336 parse_path(path, ":", &ld_libary_paths);
337 g_default_namespace.set_ld_library_paths(std::move(ld_libary_paths));
338 }
339
realpath_fd(int fd,std::string * realpath)340 static bool realpath_fd(int fd, std::string* realpath) {
341 // proc_self_fd needs to be large enough to hold "/proc/self/fd/" plus an
342 // integer, plus the NULL terminator.
343 char proc_self_fd[32];
344 // We want to statically allocate this large buffer so that we don't grow
345 // the stack by too much.
346 static char buf[PATH_MAX];
347
348 async_safe_format_buffer(proc_self_fd, sizeof(proc_self_fd), "/proc/self/fd/%d", fd);
349 auto length = readlink(proc_self_fd, buf, sizeof(buf));
350 if (length == -1) {
351 if (!is_first_stage_init()) {
352 PRINT("readlink(\"%s\") failed: %s [fd=%d]", proc_self_fd, strerror(errno), fd);
353 }
354 return false;
355 }
356
357 realpath->assign(buf, length);
358 return true;
359 }
360
361 // Returns the address of the current thread's copy of a TLS module. If the current thread doesn't
362 // have a copy yet, allocate one on-demand if should_alloc is true, and return nullptr otherwise.
get_tls_block_for_this_thread(const soinfo_tls * si_tls,bool should_alloc)363 static inline void* get_tls_block_for_this_thread(const soinfo_tls* si_tls, bool should_alloc) {
364 const TlsModule& tls_mod = get_tls_module(si_tls->module_id);
365 if (tls_mod.static_offset != SIZE_MAX) {
366 const StaticTlsLayout& layout = __libc_shared_globals()->static_tls_layout;
367 char* static_tls = reinterpret_cast<char*>(__get_bionic_tcb()) - layout.offset_bionic_tcb();
368 return static_tls + tls_mod.static_offset;
369 } else if (should_alloc) {
370 const TlsIndex ti { si_tls->module_id, 0 };
371 return TLS_GET_ADDR(&ti);
372 } else {
373 TlsDtv* dtv = __get_tcb_dtv(__get_bionic_tcb());
374 if (dtv->generation < tls_mod.first_generation) return nullptr;
375 return dtv->modules[__tls_module_id_to_idx(si_tls->module_id)];
376 }
377 }
378
379 #if defined(__arm__)
380
381 // For a given PC, find the .so that it belongs to.
382 // Returns the base address of the .ARM.exidx section
383 // for that .so, and the number of 8-byte entries
384 // in that section (via *pcount).
385 //
386 // Intended to be called by libc's __gnu_Unwind_Find_exidx().
do_dl_unwind_find_exidx(_Unwind_Ptr pc,int * pcount)387 _Unwind_Ptr do_dl_unwind_find_exidx(_Unwind_Ptr pc, int* pcount) {
388 if (soinfo* si = find_containing_library(reinterpret_cast<void*>(pc))) {
389 *pcount = si->ARM_exidx_count;
390 return reinterpret_cast<_Unwind_Ptr>(si->ARM_exidx);
391 }
392 *pcount = 0;
393 return 0;
394 }
395
396 #endif
397
398 // Here, we only have to provide a callback to iterate across all the
399 // loaded libraries. gcc_eh does the rest.
do_dl_iterate_phdr(int (* cb)(dl_phdr_info * info,size_t size,void * data),void * data)400 int do_dl_iterate_phdr(int (*cb)(dl_phdr_info* info, size_t size, void* data), void* data) {
401 int rv = 0;
402 for (soinfo* si = solist_get_head(); si != nullptr; si = si->next) {
403 dl_phdr_info dl_info;
404 dl_info.dlpi_addr = si->link_map_head.l_addr;
405 dl_info.dlpi_name = si->link_map_head.l_name;
406 dl_info.dlpi_phdr = si->phdr;
407 dl_info.dlpi_phnum = si->phnum;
408 dl_info.dlpi_adds = g_module_load_counter;
409 dl_info.dlpi_subs = g_module_unload_counter;
410 if (soinfo_tls* tls_module = si->get_tls()) {
411 dl_info.dlpi_tls_modid = tls_module->module_id;
412 dl_info.dlpi_tls_data = get_tls_block_for_this_thread(tls_module, /*should_alloc=*/false);
413 } else {
414 dl_info.dlpi_tls_modid = 0;
415 dl_info.dlpi_tls_data = nullptr;
416 }
417
418 rv = cb(&dl_info, sizeof(dl_phdr_info), data);
419 if (rv != 0) {
420 break;
421 }
422 }
423 return rv;
424 }
425
ProtectedDataGuard()426 ProtectedDataGuard::ProtectedDataGuard() {
427 if (ref_count_++ == 0) {
428 protect_data(PROT_READ | PROT_WRITE);
429 }
430
431 if (ref_count_ == 0) { // overflow
432 async_safe_fatal("Too many nested calls to dlopen()");
433 }
434 }
435
~ProtectedDataGuard()436 ProtectedDataGuard::~ProtectedDataGuard() {
437 if (--ref_count_ == 0) {
438 protect_data(PROT_READ);
439 }
440 }
441
protect_data(int protection)442 void ProtectedDataGuard::protect_data(int protection) {
443 g_soinfo_allocator.protect_all(protection);
444 g_soinfo_links_allocator.protect_all(protection);
445 g_namespace_allocator.protect_all(protection);
446 g_namespace_list_allocator.protect_all(protection);
447 }
448
449 size_t ProtectedDataGuard::ref_count_ = 0;
450
451 // Each size has it's own allocator.
452 template<size_t size>
453 class SizeBasedAllocator {
454 public:
alloc()455 static void* alloc() {
456 return allocator_.alloc();
457 }
458
free(void * ptr)459 static void free(void* ptr) {
460 allocator_.free(ptr);
461 }
462
purge()463 static void purge() {
464 allocator_.purge();
465 }
466
467 private:
468 static LinkerBlockAllocator allocator_;
469 };
470
471 template<size_t size>
472 LinkerBlockAllocator SizeBasedAllocator<size>::allocator_(size);
473
474 template<typename T>
475 class TypeBasedAllocator {
476 public:
alloc()477 static T* alloc() {
478 return reinterpret_cast<T*>(SizeBasedAllocator<sizeof(T)>::alloc());
479 }
480
free(T * ptr)481 static void free(T* ptr) {
482 SizeBasedAllocator<sizeof(T)>::free(ptr);
483 }
484
purge()485 static void purge() {
486 SizeBasedAllocator<sizeof(T)>::purge();
487 }
488 };
489
490 class LoadTask {
491 public:
492 struct deleter_t {
operator ()LoadTask::deleter_t493 void operator()(LoadTask* t) {
494 t->~LoadTask();
495 TypeBasedAllocator<LoadTask>::free(t);
496 }
497 };
498
499 static deleter_t deleter;
500
create(const char * name,soinfo * needed_by,android_namespace_t * start_from,std::unordered_map<const soinfo *,ElfReader> * readers_map)501 static LoadTask* create(const char* name,
502 soinfo* needed_by,
503 android_namespace_t* start_from,
504 std::unordered_map<const soinfo*, ElfReader>* readers_map) {
505 LoadTask* ptr = TypeBasedAllocator<LoadTask>::alloc();
506 return new (ptr) LoadTask(name, needed_by, start_from, readers_map);
507 }
508
get_name() const509 const char* get_name() const {
510 return name_;
511 }
512
get_needed_by() const513 soinfo* get_needed_by() const {
514 return needed_by_;
515 }
516
get_soinfo() const517 soinfo* get_soinfo() const {
518 return si_;
519 }
520
set_soinfo(soinfo * si)521 void set_soinfo(soinfo* si) {
522 si_ = si;
523 }
524
get_file_offset() const525 off64_t get_file_offset() const {
526 return file_offset_;
527 }
528
set_file_offset(off64_t offset)529 void set_file_offset(off64_t offset) {
530 file_offset_ = offset;
531 }
532
get_fd() const533 int get_fd() const {
534 return fd_;
535 }
536
set_fd(int fd,bool assume_ownership)537 void set_fd(int fd, bool assume_ownership) {
538 if (fd_ != -1 && close_fd_) {
539 close(fd_);
540 }
541 fd_ = fd;
542 close_fd_ = assume_ownership;
543 }
544
get_extinfo() const545 const android_dlextinfo* get_extinfo() const {
546 return extinfo_;
547 }
548
set_extinfo(const android_dlextinfo * extinfo)549 void set_extinfo(const android_dlextinfo* extinfo) {
550 extinfo_ = extinfo;
551 }
552
is_dt_needed() const553 bool is_dt_needed() const {
554 return is_dt_needed_;
555 }
556
set_dt_needed(bool is_dt_needed)557 void set_dt_needed(bool is_dt_needed) {
558 is_dt_needed_ = is_dt_needed;
559 }
560
561 // returns the namespace from where we need to start loading this.
get_start_from() const562 const android_namespace_t* get_start_from() const {
563 return start_from_;
564 }
565
get_elf_reader() const566 const ElfReader& get_elf_reader() const {
567 CHECK(si_ != nullptr);
568 return (*elf_readers_map_)[si_];
569 }
570
get_elf_reader()571 ElfReader& get_elf_reader() {
572 CHECK(si_ != nullptr);
573 return (*elf_readers_map_)[si_];
574 }
575
get_readers_map()576 std::unordered_map<const soinfo*, ElfReader>* get_readers_map() {
577 return elf_readers_map_;
578 }
579
read(const char * realpath,off64_t file_size)580 bool read(const char* realpath, off64_t file_size) {
581 ElfReader& elf_reader = get_elf_reader();
582 return elf_reader.Read(realpath, fd_, file_offset_, file_size);
583 }
584
load(address_space_params * address_space)585 bool load(address_space_params* address_space) {
586 ElfReader& elf_reader = get_elf_reader();
587 if (!elf_reader.Load(address_space)) {
588 return false;
589 }
590
591 si_->base = elf_reader.load_start();
592 si_->size = elf_reader.load_size();
593 si_->set_mapped_by_caller(elf_reader.is_mapped_by_caller());
594 si_->load_bias = elf_reader.load_bias();
595 si_->phnum = elf_reader.phdr_count();
596 si_->phdr = elf_reader.loaded_phdr();
597
598 return true;
599 }
600
601 private:
LoadTask(const char * name,soinfo * needed_by,android_namespace_t * start_from,std::unordered_map<const soinfo *,ElfReader> * readers_map)602 LoadTask(const char* name,
603 soinfo* needed_by,
604 android_namespace_t* start_from,
605 std::unordered_map<const soinfo*, ElfReader>* readers_map)
606 : name_(name), needed_by_(needed_by), si_(nullptr),
607 fd_(-1), close_fd_(false), file_offset_(0), elf_readers_map_(readers_map),
608 is_dt_needed_(false), start_from_(start_from) {}
609
~LoadTask()610 ~LoadTask() {
611 if (fd_ != -1 && close_fd_) {
612 close(fd_);
613 }
614 }
615
616 const char* name_;
617 soinfo* needed_by_;
618 soinfo* si_;
619 const android_dlextinfo* extinfo_;
620 int fd_;
621 bool close_fd_;
622 off64_t file_offset_;
623 std::unordered_map<const soinfo*, ElfReader>* elf_readers_map_;
624 // TODO(dimitry): needed by workaround for http://b/26394120 (the grey-list)
625 bool is_dt_needed_;
626 // END OF WORKAROUND
627 const android_namespace_t* const start_from_;
628
629 DISALLOW_IMPLICIT_CONSTRUCTORS(LoadTask);
630 };
631
632 LoadTask::deleter_t LoadTask::deleter;
633
634 template <typename T>
635 using linked_list_t = LinkedList<T, TypeBasedAllocator<LinkedListEntry<T>>>;
636
637 typedef linked_list_t<soinfo> SoinfoLinkedList;
638 typedef linked_list_t<const char> StringLinkedList;
639 typedef std::vector<LoadTask*> LoadTaskList;
640
641 enum walk_action_result_t : uint32_t {
642 kWalkStop = 0,
643 kWalkContinue = 1,
644 kWalkSkip = 2
645 };
646
647 // This function walks down the tree of soinfo dependencies
648 // in breadth-first order and
649 // * calls action(soinfo* si) for each node, and
650 // * terminates walk if action returns kWalkStop
651 // * skips children of the node if action
652 // return kWalkSkip
653 //
654 // walk_dependencies_tree returns false if walk was terminated
655 // by the action and true otherwise.
656 template<typename F>
walk_dependencies_tree(soinfo * root_soinfo,F action)657 static bool walk_dependencies_tree(soinfo* root_soinfo, F action) {
658 SoinfoLinkedList visit_list;
659 SoinfoLinkedList visited;
660
661 visit_list.push_back(root_soinfo);
662
663 soinfo* si;
664 while ((si = visit_list.pop_front()) != nullptr) {
665 if (visited.contains(si)) {
666 continue;
667 }
668
669 walk_action_result_t result = action(si);
670
671 if (result == kWalkStop) {
672 return false;
673 }
674
675 visited.push_back(si);
676
677 if (result != kWalkSkip) {
678 si->get_children().for_each([&](soinfo* child) {
679 visit_list.push_back(child);
680 });
681 }
682 }
683
684 return true;
685 }
686
687
ElfW(Sym)688 static const ElfW(Sym)* dlsym_handle_lookup_impl(android_namespace_t* ns,
689 soinfo* root,
690 soinfo* skip_until,
691 soinfo** found,
692 SymbolName& symbol_name,
693 const version_info* vi) {
694 const ElfW(Sym)* result = nullptr;
695 bool skip_lookup = skip_until != nullptr;
696
697 walk_dependencies_tree(root, [&](soinfo* current_soinfo) {
698 if (skip_lookup) {
699 skip_lookup = current_soinfo != skip_until;
700 return kWalkContinue;
701 }
702
703 if (!ns->is_accessible(current_soinfo)) {
704 return kWalkSkip;
705 }
706
707 result = current_soinfo->find_symbol_by_name(symbol_name, vi);
708 if (result != nullptr) {
709 *found = current_soinfo;
710 return kWalkStop;
711 }
712
713 return kWalkContinue;
714 });
715
716 return result;
717 }
718
719 /* This is used by dlsym(3) to performs a global symbol lookup. If the
720 start value is null (for RTLD_DEFAULT), the search starts at the
721 beginning of the global solist. Otherwise the search starts at the
722 specified soinfo (for RTLD_NEXT).
723 */
ElfW(Sym)724 static const ElfW(Sym)* dlsym_linear_lookup(android_namespace_t* ns,
725 const char* name,
726 const version_info* vi,
727 soinfo** found,
728 soinfo* caller,
729 void* handle) {
730 SymbolName symbol_name(name);
731
732 auto& soinfo_list = ns->soinfo_list();
733 auto start = soinfo_list.begin();
734
735 if (handle == RTLD_NEXT) {
736 if (caller == nullptr) {
737 return nullptr;
738 } else {
739 auto it = soinfo_list.find(caller);
740 CHECK (it != soinfo_list.end());
741 start = ++it;
742 }
743 }
744
745 const ElfW(Sym)* s = nullptr;
746 for (auto it = start, end = soinfo_list.end(); it != end; ++it) {
747 soinfo* si = *it;
748 // Do not skip RTLD_LOCAL libraries in dlsym(RTLD_DEFAULT, ...)
749 // if the library is opened by application with target api level < M.
750 // See http://b/21565766
751 if ((si->get_rtld_flags() & RTLD_GLOBAL) == 0 && si->get_target_sdk_version() >= 23) {
752 continue;
753 }
754
755 s = si->find_symbol_by_name(symbol_name, vi);
756 if (s != nullptr) {
757 *found = si;
758 break;
759 }
760 }
761
762 // If not found - use dlsym_handle_lookup_impl for caller's local_group
763 if (s == nullptr && caller != nullptr) {
764 soinfo* local_group_root = caller->get_local_group_root();
765
766 return dlsym_handle_lookup_impl(local_group_root->get_primary_namespace(),
767 local_group_root,
768 (handle == RTLD_NEXT) ? caller : nullptr,
769 found,
770 symbol_name,
771 vi);
772 }
773
774 if (s != nullptr) {
775 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p",
776 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base));
777 }
778
779 return s;
780 }
781
782 // This is used by dlsym(3). It performs symbol lookup only within the
783 // specified soinfo object and its dependencies in breadth first order.
ElfW(Sym)784 static const ElfW(Sym)* dlsym_handle_lookup(soinfo* si,
785 soinfo** found,
786 const char* name,
787 const version_info* vi) {
788 // According to man dlopen(3) and posix docs in the case when si is handle
789 // of the main executable we need to search not only in the executable and its
790 // dependencies but also in all libraries loaded with RTLD_GLOBAL.
791 //
792 // Since RTLD_GLOBAL is always set for the main executable and all dt_needed shared
793 // libraries and they are loaded in breath-first (correct) order we can just execute
794 // dlsym(RTLD_DEFAULT, ...); instead of doing two stage lookup.
795 if (si == solist_get_somain()) {
796 return dlsym_linear_lookup(&g_default_namespace, name, vi, found, nullptr, RTLD_DEFAULT);
797 }
798
799 SymbolName symbol_name(name);
800 // note that the namespace is not the namespace associated with caller_addr
801 // we use ns associated with root si intentionally here. Using caller_ns
802 // causes problems when user uses dlopen_ext to open a library in the separate
803 // namespace and then calls dlsym() on the handle.
804 return dlsym_handle_lookup_impl(si->get_primary_namespace(), si, nullptr, found, symbol_name, vi);
805 }
806
find_containing_library(const void * p)807 soinfo* find_containing_library(const void* p) {
808 // Addresses within a library may be tagged if they point to globals. Untag
809 // them so that the bounds check succeeds.
810 ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(untag_address(p));
811 for (soinfo* si = solist_get_head(); si != nullptr; si = si->next) {
812 if (address < si->base || address - si->base >= si->size) {
813 continue;
814 }
815 ElfW(Addr) vaddr = address - si->load_bias;
816 for (size_t i = 0; i != si->phnum; ++i) {
817 const ElfW(Phdr)* phdr = &si->phdr[i];
818 if (phdr->p_type != PT_LOAD) {
819 continue;
820 }
821 if (vaddr >= phdr->p_vaddr && vaddr < phdr->p_vaddr + phdr->p_memsz) {
822 return si;
823 }
824 }
825 }
826 return nullptr;
827 }
828
829 class ZipArchiveCache {
830 public:
ZipArchiveCache()831 ZipArchiveCache() {}
832 ~ZipArchiveCache();
833
834 bool get_or_open(const char* zip_path, ZipArchiveHandle* handle);
835 private:
836 DISALLOW_COPY_AND_ASSIGN(ZipArchiveCache);
837
838 std::unordered_map<std::string, ZipArchiveHandle> cache_;
839 };
840
get_or_open(const char * zip_path,ZipArchiveHandle * handle)841 bool ZipArchiveCache::get_or_open(const char* zip_path, ZipArchiveHandle* handle) {
842 std::string key(zip_path);
843
844 auto it = cache_.find(key);
845 if (it != cache_.end()) {
846 *handle = it->second;
847 return true;
848 }
849
850 int fd = TEMP_FAILURE_RETRY(open(zip_path, O_RDONLY | O_CLOEXEC));
851 if (fd == -1) {
852 return false;
853 }
854
855 if (OpenArchiveFd(fd, "", handle) != 0) {
856 // invalid zip-file (?)
857 CloseArchive(*handle);
858 return false;
859 }
860
861 cache_[key] = *handle;
862 return true;
863 }
864
~ZipArchiveCache()865 ZipArchiveCache::~ZipArchiveCache() {
866 for (const auto& it : cache_) {
867 CloseArchive(it.second);
868 }
869 }
870
open_library_in_zipfile(ZipArchiveCache * zip_archive_cache,const char * const input_path,off64_t * file_offset,std::string * realpath)871 static int open_library_in_zipfile(ZipArchiveCache* zip_archive_cache,
872 const char* const input_path,
873 off64_t* file_offset, std::string* realpath) {
874 std::string normalized_path;
875 if (!normalize_path(input_path, &normalized_path)) {
876 return -1;
877 }
878
879 const char* const path = normalized_path.c_str();
880 TRACE("Trying zip file open from path \"%s\" -> normalized \"%s\"", input_path, path);
881
882 // Treat an '!/' separator inside a path as the separator between the name
883 // of the zip file on disk and the subdirectory to search within it.
884 // For example, if path is "foo.zip!/bar/bas/x.so", then we search for
885 // "bar/bas/x.so" within "foo.zip".
886 const char* const separator = strstr(path, kZipFileSeparator);
887 if (separator == nullptr) {
888 return -1;
889 }
890
891 char buf[512];
892 if (strlcpy(buf, path, sizeof(buf)) >= sizeof(buf)) {
893 PRINT("Warning: ignoring very long library path: %s", path);
894 return -1;
895 }
896
897 buf[separator - path] = '\0';
898
899 const char* zip_path = buf;
900 const char* file_path = &buf[separator - path + 2];
901 int fd = TEMP_FAILURE_RETRY(open(zip_path, O_RDONLY | O_CLOEXEC));
902 if (fd == -1) {
903 return -1;
904 }
905
906 ZipArchiveHandle handle;
907 if (!zip_archive_cache->get_or_open(zip_path, &handle)) {
908 // invalid zip-file (?)
909 close(fd);
910 return -1;
911 }
912
913 ZipEntry entry;
914
915 if (FindEntry(handle, file_path, &entry) != 0) {
916 // Entry was not found.
917 close(fd);
918 return -1;
919 }
920
921 // Check if it is properly stored
922 if (entry.method != kCompressStored || (entry.offset % PAGE_SIZE) != 0) {
923 close(fd);
924 return -1;
925 }
926
927 *file_offset = entry.offset;
928
929 if (realpath_fd(fd, realpath)) {
930 *realpath += separator;
931 } else {
932 if (!is_first_stage_init()) {
933 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.",
934 normalized_path.c_str());
935 }
936 *realpath = normalized_path;
937 }
938
939 return fd;
940 }
941
format_path(char * buf,size_t buf_size,const char * path,const char * name)942 static bool format_path(char* buf, size_t buf_size, const char* path, const char* name) {
943 int n = async_safe_format_buffer(buf, buf_size, "%s/%s", path, name);
944 if (n < 0 || n >= static_cast<int>(buf_size)) {
945 PRINT("Warning: ignoring very long library path: %s/%s", path, name);
946 return false;
947 }
948
949 return true;
950 }
951
open_library_at_path(ZipArchiveCache * zip_archive_cache,const char * path,off64_t * file_offset,std::string * realpath)952 static int open_library_at_path(ZipArchiveCache* zip_archive_cache,
953 const char* path, off64_t* file_offset,
954 std::string* realpath) {
955 int fd = -1;
956 if (strstr(path, kZipFileSeparator) != nullptr) {
957 fd = open_library_in_zipfile(zip_archive_cache, path, file_offset, realpath);
958 }
959
960 if (fd == -1) {
961 fd = TEMP_FAILURE_RETRY(open(path, O_RDONLY | O_CLOEXEC));
962 if (fd != -1) {
963 *file_offset = 0;
964 if (!realpath_fd(fd, realpath)) {
965 if (!is_first_stage_init()) {
966 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.",
967 path);
968 }
969 *realpath = path;
970 }
971 }
972 }
973
974 return fd;
975 }
976
open_library_on_paths(ZipArchiveCache * zip_archive_cache,const char * name,off64_t * file_offset,const std::vector<std::string> & paths,std::string * realpath)977 static int open_library_on_paths(ZipArchiveCache* zip_archive_cache,
978 const char* name, off64_t* file_offset,
979 const std::vector<std::string>& paths,
980 std::string* realpath) {
981 for (const auto& path : paths) {
982 char buf[512];
983 if (!format_path(buf, sizeof(buf), path.c_str(), name)) {
984 continue;
985 }
986
987 int fd = open_library_at_path(zip_archive_cache, buf, file_offset, realpath);
988 if (fd != -1) {
989 return fd;
990 }
991 }
992
993 return -1;
994 }
995
open_library(android_namespace_t * ns,ZipArchiveCache * zip_archive_cache,const char * name,soinfo * needed_by,off64_t * file_offset,std::string * realpath)996 static int open_library(android_namespace_t* ns,
997 ZipArchiveCache* zip_archive_cache,
998 const char* name, soinfo *needed_by,
999 off64_t* file_offset, std::string* realpath) {
1000 TRACE("[ opening %s from namespace %s ]", name, ns->get_name());
1001
1002 // If the name contains a slash, we should attempt to open it directly and not search the paths.
1003 if (strchr(name, '/') != nullptr) {
1004 int fd = -1;
1005
1006 if (strstr(name, kZipFileSeparator) != nullptr) {
1007 fd = open_library_in_zipfile(zip_archive_cache, name, file_offset, realpath);
1008 }
1009
1010 if (fd == -1) {
1011 fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC));
1012 if (fd != -1) {
1013 *file_offset = 0;
1014 if (!realpath_fd(fd, realpath)) {
1015 if (!is_first_stage_init()) {
1016 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.",
1017 name);
1018 }
1019 *realpath = name;
1020 }
1021 }
1022 }
1023
1024 return fd;
1025 }
1026
1027 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the default library path
1028 int fd = open_library_on_paths(zip_archive_cache, name, file_offset, ns->get_ld_library_paths(), realpath);
1029 if (fd == -1 && needed_by != nullptr) {
1030 fd = open_library_on_paths(zip_archive_cache, name, file_offset, needed_by->get_dt_runpath(), realpath);
1031 // Check if the library is accessible
1032 if (fd != -1 && !ns->is_accessible(*realpath)) {
1033 close(fd);
1034 fd = -1;
1035 }
1036 }
1037
1038 #if !defined(__ANDROID_APEX__)
1039 if (fd == -1) {
1040 std::vector<std::string> bootstrap_paths = { std::string(kSystemLibDir) + "/bootstrap" };
1041 fd = open_library_on_paths(zip_archive_cache, name, file_offset, bootstrap_paths, realpath);
1042 }
1043 #endif
1044
1045 if (fd == -1) {
1046 fd = open_library_on_paths(zip_archive_cache, name, file_offset, ns->get_default_library_paths(), realpath);
1047 }
1048
1049 return fd;
1050 }
1051
open_executable(const char * path,off64_t * file_offset,std::string * realpath)1052 int open_executable(const char* path, off64_t* file_offset, std::string* realpath) {
1053 ZipArchiveCache zip_archive_cache;
1054 return open_library_at_path(&zip_archive_cache, path, file_offset, realpath);
1055 }
1056
fix_dt_needed(const char * dt_needed,const char * sopath __unused)1057 const char* fix_dt_needed(const char* dt_needed, const char* sopath __unused) {
1058 #if !defined(__LP64__)
1059 // Work around incorrect DT_NEEDED entries for old apps: http://b/21364029
1060 int app_target_api_level = get_application_target_sdk_version();
1061 if (app_target_api_level < 23) {
1062 const char* bname = basename(dt_needed);
1063 if (bname != dt_needed) {
1064 DL_WARN_documented_change(23,
1065 "invalid-dt_needed-entries-enforced-for-api-level-23",
1066 "library \"%s\" has invalid DT_NEEDED entry \"%s\"",
1067 sopath, dt_needed, app_target_api_level);
1068 add_dlwarning(sopath, "invalid DT_NEEDED entry", dt_needed);
1069 }
1070
1071 return bname;
1072 }
1073 #endif
1074 return dt_needed;
1075 }
1076
1077 template<typename F>
for_each_dt_needed(const ElfReader & elf_reader,F action)1078 static void for_each_dt_needed(const ElfReader& elf_reader, F action) {
1079 for (const ElfW(Dyn)* d = elf_reader.dynamic(); d->d_tag != DT_NULL; ++d) {
1080 if (d->d_tag == DT_NEEDED) {
1081 action(fix_dt_needed(elf_reader.get_string(d->d_un.d_val), elf_reader.name()));
1082 }
1083 }
1084 }
1085
find_loaded_library_by_inode(android_namespace_t * ns,const struct stat & file_stat,off64_t file_offset,bool search_linked_namespaces,soinfo ** candidate)1086 static bool find_loaded_library_by_inode(android_namespace_t* ns,
1087 const struct stat& file_stat,
1088 off64_t file_offset,
1089 bool search_linked_namespaces,
1090 soinfo** candidate) {
1091 if (file_stat.st_dev == 0 || file_stat.st_ino == 0) {
1092 *candidate = nullptr;
1093 return false;
1094 }
1095
1096 auto predicate = [&](soinfo* si) {
1097 return si->get_st_ino() == file_stat.st_ino &&
1098 si->get_st_dev() == file_stat.st_dev &&
1099 si->get_file_offset() == file_offset;
1100 };
1101
1102 *candidate = ns->soinfo_list().find_if(predicate);
1103
1104 if (*candidate == nullptr && search_linked_namespaces) {
1105 for (auto& link : ns->linked_namespaces()) {
1106 android_namespace_t* linked_ns = link.linked_namespace();
1107 soinfo* si = linked_ns->soinfo_list().find_if(predicate);
1108
1109 if (si != nullptr && link.is_accessible(si->get_soname())) {
1110 *candidate = si;
1111 return true;
1112 }
1113 }
1114 }
1115
1116 return *candidate != nullptr;
1117 }
1118
find_loaded_library_by_realpath(android_namespace_t * ns,const char * realpath,bool search_linked_namespaces,soinfo ** candidate)1119 static bool find_loaded_library_by_realpath(android_namespace_t* ns, const char* realpath,
1120 bool search_linked_namespaces, soinfo** candidate) {
1121 auto predicate = [&](soinfo* si) { return strcmp(realpath, si->get_realpath()) == 0; };
1122
1123 *candidate = ns->soinfo_list().find_if(predicate);
1124
1125 if (*candidate == nullptr && search_linked_namespaces) {
1126 for (auto& link : ns->linked_namespaces()) {
1127 android_namespace_t* linked_ns = link.linked_namespace();
1128 soinfo* si = linked_ns->soinfo_list().find_if(predicate);
1129
1130 if (si != nullptr && link.is_accessible(si->get_soname())) {
1131 *candidate = si;
1132 return true;
1133 }
1134 }
1135 }
1136
1137 return *candidate != nullptr;
1138 }
1139
load_library(android_namespace_t * ns,LoadTask * task,LoadTaskList * load_tasks,int rtld_flags,const std::string & realpath,bool search_linked_namespaces)1140 static bool load_library(android_namespace_t* ns,
1141 LoadTask* task,
1142 LoadTaskList* load_tasks,
1143 int rtld_flags,
1144 const std::string& realpath,
1145 bool search_linked_namespaces) {
1146 off64_t file_offset = task->get_file_offset();
1147 const char* name = task->get_name();
1148 const android_dlextinfo* extinfo = task->get_extinfo();
1149
1150 LD_LOG(kLogDlopen,
1151 "load_library(ns=%s, task=%s, flags=0x%x, realpath=%s, search_linked_namespaces=%d)",
1152 ns->get_name(), name, rtld_flags, realpath.c_str(), search_linked_namespaces);
1153
1154 if ((file_offset % PAGE_SIZE) != 0) {
1155 DL_OPEN_ERR("file offset for the library \"%s\" is not page-aligned: %" PRId64, name, file_offset);
1156 return false;
1157 }
1158 if (file_offset < 0) {
1159 DL_OPEN_ERR("file offset for the library \"%s\" is negative: %" PRId64, name, file_offset);
1160 return false;
1161 }
1162
1163 struct stat file_stat;
1164 if (TEMP_FAILURE_RETRY(fstat(task->get_fd(), &file_stat)) != 0) {
1165 DL_OPEN_ERR("unable to stat file for the library \"%s\": %s", name, strerror(errno));
1166 return false;
1167 }
1168 if (file_offset >= file_stat.st_size) {
1169 DL_OPEN_ERR("file offset for the library \"%s\" >= file size: %" PRId64 " >= %" PRId64,
1170 name, file_offset, file_stat.st_size);
1171 return false;
1172 }
1173
1174 // Check for symlink and other situations where
1175 // file can have different names, unless ANDROID_DLEXT_FORCE_LOAD is set
1176 if (extinfo == nullptr || (extinfo->flags & ANDROID_DLEXT_FORCE_LOAD) == 0) {
1177 soinfo* si = nullptr;
1178 if (find_loaded_library_by_inode(ns, file_stat, file_offset, search_linked_namespaces, &si)) {
1179 LD_LOG(kLogDlopen,
1180 "load_library(ns=%s, task=%s): Already loaded under different name/path \"%s\" - "
1181 "will return existing soinfo",
1182 ns->get_name(), name, si->get_realpath());
1183 task->set_soinfo(si);
1184 return true;
1185 }
1186 }
1187
1188 if ((rtld_flags & RTLD_NOLOAD) != 0) {
1189 DL_OPEN_ERR("library \"%s\" wasn't loaded and RTLD_NOLOAD prevented it", name);
1190 return false;
1191 }
1192
1193 struct statfs fs_stat;
1194 if (TEMP_FAILURE_RETRY(fstatfs(task->get_fd(), &fs_stat)) != 0) {
1195 DL_OPEN_ERR("unable to fstatfs file for the library \"%s\": %s", name, strerror(errno));
1196 return false;
1197 }
1198
1199 // do not check accessibility using realpath if fd is located on tmpfs
1200 // this enables use of memfd_create() for apps
1201 if ((fs_stat.f_type != TMPFS_MAGIC) && (!ns->is_accessible(realpath))) {
1202 // TODO(dimitry): workaround for http://b/26394120 - the grey-list
1203
1204 // TODO(dimitry) before O release: add a namespace attribute to have this enabled
1205 // only for classloader-namespaces
1206 const soinfo* needed_by = task->is_dt_needed() ? task->get_needed_by() : nullptr;
1207 if (is_greylisted(ns, name, needed_by)) {
1208 // print warning only if needed by non-system library
1209 if (needed_by == nullptr || !is_system_library(needed_by->get_realpath())) {
1210 const soinfo* needed_or_dlopened_by = task->get_needed_by();
1211 const char* sopath = needed_or_dlopened_by == nullptr ? "(unknown)" :
1212 needed_or_dlopened_by->get_realpath();
1213 DL_WARN_documented_change(24,
1214 "private-api-enforced-for-api-level-24",
1215 "library \"%s\" (\"%s\") needed or dlopened by \"%s\" "
1216 "is not accessible by namespace \"%s\"",
1217 name, realpath.c_str(), sopath, ns->get_name());
1218 add_dlwarning(sopath, "unauthorized access to", name);
1219 }
1220 } else {
1221 // do not load libraries if they are not accessible for the specified namespace.
1222 const char* needed_or_dlopened_by = task->get_needed_by() == nullptr ?
1223 "(unknown)" :
1224 task->get_needed_by()->get_realpath();
1225
1226 DL_OPEN_ERR("library \"%s\" needed or dlopened by \"%s\" is not accessible for the namespace \"%s\"",
1227 name, needed_or_dlopened_by, ns->get_name());
1228
1229 // do not print this if a library is in the list of shared libraries for linked namespaces
1230 if (!maybe_accessible_via_namespace_links(ns, name)) {
1231 PRINT("library \"%s\" (\"%s\") needed or dlopened by \"%s\" is not accessible for the"
1232 " namespace: [name=\"%s\", ld_library_paths=\"%s\", default_library_paths=\"%s\","
1233 " permitted_paths=\"%s\"]",
1234 name, realpath.c_str(),
1235 needed_or_dlopened_by,
1236 ns->get_name(),
1237 android::base::Join(ns->get_ld_library_paths(), ':').c_str(),
1238 android::base::Join(ns->get_default_library_paths(), ':').c_str(),
1239 android::base::Join(ns->get_permitted_paths(), ':').c_str());
1240 }
1241 return false;
1242 }
1243 }
1244
1245 soinfo* si = soinfo_alloc(ns, realpath.c_str(), &file_stat, file_offset, rtld_flags);
1246 if (si == nullptr) {
1247 return false;
1248 }
1249
1250 task->set_soinfo(si);
1251
1252 // Read the ELF header and some of the segments.
1253 if (!task->read(realpath.c_str(), file_stat.st_size)) {
1254 soinfo_free(si);
1255 task->set_soinfo(nullptr);
1256 return false;
1257 }
1258
1259 // find and set DT_RUNPATH and dt_soname
1260 // Note that these field values are temporary and are
1261 // going to be overwritten on soinfo::prelink_image
1262 // with values from PT_LOAD segments.
1263 const ElfReader& elf_reader = task->get_elf_reader();
1264 for (const ElfW(Dyn)* d = elf_reader.dynamic(); d->d_tag != DT_NULL; ++d) {
1265 if (d->d_tag == DT_RUNPATH) {
1266 si->set_dt_runpath(elf_reader.get_string(d->d_un.d_val));
1267 }
1268 if (d->d_tag == DT_SONAME) {
1269 si->set_soname(elf_reader.get_string(d->d_un.d_val));
1270 }
1271 }
1272
1273 #if !defined(__ANDROID__)
1274 // Bionic on the host currently uses some Android prebuilts, which don't set
1275 // DT_RUNPATH with any relative paths, so they can't find their dependencies.
1276 // b/118058804
1277 if (si->get_dt_runpath().empty()) {
1278 si->set_dt_runpath("$ORIGIN/../lib64:$ORIGIN/lib64");
1279 }
1280 #endif
1281
1282 for_each_dt_needed(task->get_elf_reader(), [&](const char* name) {
1283 LD_LOG(kLogDlopen, "load_library(ns=%s, task=%s): Adding DT_NEEDED task: %s",
1284 ns->get_name(), task->get_name(), name);
1285 load_tasks->push_back(LoadTask::create(name, si, ns, task->get_readers_map()));
1286 });
1287
1288 return true;
1289 }
1290
load_library(android_namespace_t * ns,LoadTask * task,ZipArchiveCache * zip_archive_cache,LoadTaskList * load_tasks,int rtld_flags,bool search_linked_namespaces)1291 static bool load_library(android_namespace_t* ns,
1292 LoadTask* task,
1293 ZipArchiveCache* zip_archive_cache,
1294 LoadTaskList* load_tasks,
1295 int rtld_flags,
1296 bool search_linked_namespaces) {
1297 const char* name = task->get_name();
1298 soinfo* needed_by = task->get_needed_by();
1299 const android_dlextinfo* extinfo = task->get_extinfo();
1300
1301 off64_t file_offset;
1302 std::string realpath;
1303 if (extinfo != nullptr && (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) != 0) {
1304 file_offset = 0;
1305 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) {
1306 file_offset = extinfo->library_fd_offset;
1307 }
1308
1309 if (!realpath_fd(extinfo->library_fd, &realpath)) {
1310 if (!is_first_stage_init()) {
1311 PRINT(
1312 "warning: unable to get realpath for the library \"%s\" by extinfo->library_fd. "
1313 "Will use given name.",
1314 name);
1315 }
1316 realpath = name;
1317 }
1318
1319 task->set_fd(extinfo->library_fd, false);
1320 task->set_file_offset(file_offset);
1321 return load_library(ns, task, load_tasks, rtld_flags, realpath, search_linked_namespaces);
1322 }
1323
1324 LD_LOG(kLogDlopen,
1325 "load_library(ns=%s, task=%s, flags=0x%x, search_linked_namespaces=%d): calling "
1326 "open_library with realpath=%s",
1327 ns->get_name(), name, rtld_flags, search_linked_namespaces, realpath.c_str());
1328
1329 // Open the file.
1330 int fd = open_library(ns, zip_archive_cache, name, needed_by, &file_offset, &realpath);
1331 if (fd == -1) {
1332 if (task->is_dt_needed()) {
1333 if (needed_by->is_main_executable()) {
1334 DL_OPEN_ERR("library \"%s\" not found: needed by main executable", name);
1335 } else {
1336 DL_OPEN_ERR("library \"%s\" not found: needed by %s in namespace %s", name,
1337 needed_by->get_realpath(), task->get_start_from()->get_name());
1338 }
1339 } else {
1340 DL_OPEN_ERR("library \"%s\" not found", name);
1341 }
1342 return false;
1343 }
1344
1345 task->set_fd(fd, true);
1346 task->set_file_offset(file_offset);
1347
1348 return load_library(ns, task, load_tasks, rtld_flags, realpath, search_linked_namespaces);
1349 }
1350
find_loaded_library_by_soname(android_namespace_t * ns,const char * name,soinfo ** candidate)1351 static bool find_loaded_library_by_soname(android_namespace_t* ns,
1352 const char* name,
1353 soinfo** candidate) {
1354 return !ns->soinfo_list().visit([&](soinfo* si) {
1355 const char* soname = si->get_soname();
1356 if (soname != nullptr && (strcmp(name, soname) == 0)) {
1357 *candidate = si;
1358 return false;
1359 }
1360
1361 return true;
1362 });
1363 }
1364
1365 // Returns true if library was found and false otherwise
find_loaded_library_by_soname(android_namespace_t * ns,const char * name,bool search_linked_namespaces,soinfo ** candidate)1366 static bool find_loaded_library_by_soname(android_namespace_t* ns,
1367 const char* name,
1368 bool search_linked_namespaces,
1369 soinfo** candidate) {
1370 *candidate = nullptr;
1371
1372 // Ignore filename with path.
1373 if (strchr(name, '/') != nullptr) {
1374 return false;
1375 }
1376
1377 bool found = find_loaded_library_by_soname(ns, name, candidate);
1378
1379 if (!found && search_linked_namespaces) {
1380 // if a library was not found - look into linked namespaces
1381 for (auto& link : ns->linked_namespaces()) {
1382 if (!link.is_accessible(name)) {
1383 continue;
1384 }
1385
1386 android_namespace_t* linked_ns = link.linked_namespace();
1387
1388 if (find_loaded_library_by_soname(linked_ns, name, candidate)) {
1389 return true;
1390 }
1391 }
1392 }
1393
1394 return found;
1395 }
1396
find_library_in_linked_namespace(const android_namespace_link_t & namespace_link,LoadTask * task)1397 static bool find_library_in_linked_namespace(const android_namespace_link_t& namespace_link,
1398 LoadTask* task) {
1399 android_namespace_t* ns = namespace_link.linked_namespace();
1400
1401 soinfo* candidate;
1402 bool loaded = false;
1403
1404 std::string soname;
1405 if (find_loaded_library_by_soname(ns, task->get_name(), false, &candidate)) {
1406 loaded = true;
1407 soname = candidate->get_soname();
1408 } else {
1409 soname = resolve_soname(task->get_name());
1410 }
1411
1412 if (!namespace_link.is_accessible(soname.c_str())) {
1413 // the library is not accessible via namespace_link
1414 LD_LOG(kLogDlopen,
1415 "find_library_in_linked_namespace(ns=%s, task=%s): Not accessible (soname=%s)",
1416 ns->get_name(), task->get_name(), soname.c_str());
1417 return false;
1418 }
1419
1420 // if library is already loaded - return it
1421 if (loaded) {
1422 LD_LOG(kLogDlopen, "find_library_in_linked_namespace(ns=%s, task=%s): Already loaded",
1423 ns->get_name(), task->get_name());
1424 task->set_soinfo(candidate);
1425 return true;
1426 }
1427
1428 // returning true with empty soinfo means that the library is okay to be
1429 // loaded in the namespace but has not yet been loaded there before.
1430 LD_LOG(kLogDlopen, "find_library_in_linked_namespace(ns=%s, task=%s): Ok to load", ns->get_name(),
1431 task->get_name());
1432 task->set_soinfo(nullptr);
1433 return true;
1434 }
1435
find_library_internal(android_namespace_t * ns,LoadTask * task,ZipArchiveCache * zip_archive_cache,LoadTaskList * load_tasks,int rtld_flags,bool search_linked_namespaces)1436 static bool find_library_internal(android_namespace_t* ns,
1437 LoadTask* task,
1438 ZipArchiveCache* zip_archive_cache,
1439 LoadTaskList* load_tasks,
1440 int rtld_flags,
1441 bool search_linked_namespaces) {
1442 soinfo* candidate;
1443
1444 if (find_loaded_library_by_soname(ns, task->get_name(), search_linked_namespaces, &candidate)) {
1445 LD_LOG(kLogDlopen,
1446 "find_library_internal(ns=%s, task=%s): Already loaded (by soname): %s",
1447 ns->get_name(), task->get_name(), candidate->get_realpath());
1448 task->set_soinfo(candidate);
1449 return true;
1450 }
1451
1452 // Library might still be loaded, the accurate detection
1453 // of this fact is done by load_library.
1454 TRACE("[ \"%s\" find_loaded_library_by_soname failed (*candidate=%s@%p). Trying harder... ]",
1455 task->get_name(), candidate == nullptr ? "n/a" : candidate->get_realpath(), candidate);
1456
1457 if (load_library(ns, task, zip_archive_cache, load_tasks, rtld_flags, search_linked_namespaces)) {
1458 return true;
1459 }
1460
1461 // TODO(dimitry): workaround for http://b/26394120 (the grey-list)
1462 if (ns->is_greylist_enabled() && is_greylisted(ns, task->get_name(), task->get_needed_by())) {
1463 // For the libs in the greylist, switch to the default namespace and then
1464 // try the load again from there. The library could be loaded from the
1465 // default namespace or from another namespace (e.g. runtime) that is linked
1466 // from the default namespace.
1467 LD_LOG(kLogDlopen,
1468 "find_library_internal(ns=%s, task=%s): Greylisted library - trying namespace %s",
1469 ns->get_name(), task->get_name(), g_default_namespace.get_name());
1470 ns = &g_default_namespace;
1471 if (load_library(ns, task, zip_archive_cache, load_tasks, rtld_flags,
1472 search_linked_namespaces)) {
1473 return true;
1474 }
1475 }
1476 // END OF WORKAROUND
1477
1478 if (search_linked_namespaces) {
1479 // if a library was not found - look into linked namespaces
1480 // preserve current dlerror in the case it fails.
1481 DlErrorRestorer dlerror_restorer;
1482 LD_LOG(kLogDlopen, "find_library_internal(ns=%s, task=%s): Trying %zu linked namespaces",
1483 ns->get_name(), task->get_name(), ns->linked_namespaces().size());
1484 for (auto& linked_namespace : ns->linked_namespaces()) {
1485 if (find_library_in_linked_namespace(linked_namespace, task)) {
1486 if (task->get_soinfo() == nullptr) {
1487 // try to load the library - once namespace boundary is crossed
1488 // we need to load a library within separate load_group
1489 // to avoid using symbols from foreign namespace while.
1490 //
1491 // However, actual linking is deferred until when the global group
1492 // is fully identified and is applied to all namespaces.
1493 // Otherwise, the libs in the linked namespace won't get symbols from
1494 // the global group.
1495 if (load_library(linked_namespace.linked_namespace(), task, zip_archive_cache, load_tasks, rtld_flags, false)) {
1496 LD_LOG(
1497 kLogDlopen, "find_library_internal(ns=%s, task=%s): Found in linked namespace %s",
1498 ns->get_name(), task->get_name(), linked_namespace.linked_namespace()->get_name());
1499 return true;
1500 }
1501 } else {
1502 // lib is already loaded
1503 return true;
1504 }
1505 }
1506 }
1507 }
1508
1509 return false;
1510 }
1511
1512 static void soinfo_unload(soinfo* si);
1513
shuffle(std::vector<LoadTask * > * v)1514 static void shuffle(std::vector<LoadTask*>* v) {
1515 if (is_first_stage_init()) {
1516 // arc4random* is not available in first stage init because /dev/random
1517 // hasn't yet been created.
1518 return;
1519 }
1520 for (size_t i = 0, size = v->size(); i < size; ++i) {
1521 size_t n = size - i;
1522 size_t r = arc4random_uniform(n);
1523 std::swap((*v)[n-1], (*v)[r]);
1524 }
1525 }
1526
1527 // add_as_children - add first-level loaded libraries (i.e. library_names[], but
1528 // not their transitive dependencies) as children of the start_with library.
1529 // This is false when find_libraries is called for dlopen(), when newly loaded
1530 // libraries must form a disjoint tree.
find_libraries(android_namespace_t * ns,soinfo * start_with,const char * const library_names[],size_t library_names_count,soinfo * soinfos[],std::vector<soinfo * > * ld_preloads,size_t ld_preloads_count,int rtld_flags,const android_dlextinfo * extinfo,bool add_as_children,bool search_linked_namespaces,std::vector<android_namespace_t * > * namespaces)1531 bool find_libraries(android_namespace_t* ns,
1532 soinfo* start_with,
1533 const char* const library_names[],
1534 size_t library_names_count,
1535 soinfo* soinfos[],
1536 std::vector<soinfo*>* ld_preloads,
1537 size_t ld_preloads_count,
1538 int rtld_flags,
1539 const android_dlextinfo* extinfo,
1540 bool add_as_children,
1541 bool search_linked_namespaces,
1542 std::vector<android_namespace_t*>* namespaces) {
1543 // Step 0: prepare.
1544 std::unordered_map<const soinfo*, ElfReader> readers_map;
1545 LoadTaskList load_tasks;
1546
1547 for (size_t i = 0; i < library_names_count; ++i) {
1548 const char* name = library_names[i];
1549 load_tasks.push_back(LoadTask::create(name, start_with, ns, &readers_map));
1550 }
1551
1552 // If soinfos array is null allocate one on stack.
1553 // The array is needed in case of failure; for example
1554 // when library_names[] = {libone.so, libtwo.so} and libone.so
1555 // is loaded correctly but libtwo.so failed for some reason.
1556 // In this case libone.so should be unloaded on return.
1557 // See also implementation of failure_guard below.
1558
1559 if (soinfos == nullptr) {
1560 size_t soinfos_size = sizeof(soinfo*)*library_names_count;
1561 soinfos = reinterpret_cast<soinfo**>(alloca(soinfos_size));
1562 memset(soinfos, 0, soinfos_size);
1563 }
1564
1565 // list of libraries to link - see step 2.
1566 size_t soinfos_count = 0;
1567
1568 auto scope_guard = android::base::make_scope_guard([&]() {
1569 for (LoadTask* t : load_tasks) {
1570 LoadTask::deleter(t);
1571 }
1572 });
1573
1574 ZipArchiveCache zip_archive_cache;
1575
1576 // Step 1: expand the list of load_tasks to include
1577 // all DT_NEEDED libraries (do not load them just yet)
1578 for (size_t i = 0; i<load_tasks.size(); ++i) {
1579 LoadTask* task = load_tasks[i];
1580 soinfo* needed_by = task->get_needed_by();
1581
1582 bool is_dt_needed = needed_by != nullptr && (needed_by != start_with || add_as_children);
1583 task->set_extinfo(is_dt_needed ? nullptr : extinfo);
1584 task->set_dt_needed(is_dt_needed);
1585
1586 LD_LOG(kLogDlopen, "find_libraries(ns=%s): task=%s, is_dt_needed=%d", ns->get_name(),
1587 task->get_name(), is_dt_needed);
1588
1589 // Note: start from the namespace that is stored in the LoadTask. This namespace
1590 // is different from the current namespace when the LoadTask is for a transitive
1591 // dependency and the lib that created the LoadTask is not found in the
1592 // current namespace but in one of the linked namespace.
1593 if (!find_library_internal(const_cast<android_namespace_t*>(task->get_start_from()),
1594 task,
1595 &zip_archive_cache,
1596 &load_tasks,
1597 rtld_flags,
1598 search_linked_namespaces || is_dt_needed)) {
1599 return false;
1600 }
1601
1602 soinfo* si = task->get_soinfo();
1603
1604 if (is_dt_needed) {
1605 needed_by->add_child(si);
1606 }
1607
1608 // When ld_preloads is not null, the first
1609 // ld_preloads_count libs are in fact ld_preloads.
1610 if (ld_preloads != nullptr && soinfos_count < ld_preloads_count) {
1611 ld_preloads->push_back(si);
1612 }
1613
1614 if (soinfos_count < library_names_count) {
1615 soinfos[soinfos_count++] = si;
1616 }
1617 }
1618
1619 // Step 2: Load libraries in random order (see b/24047022)
1620 LoadTaskList load_list;
1621 for (auto&& task : load_tasks) {
1622 soinfo* si = task->get_soinfo();
1623 auto pred = [&](const LoadTask* t) {
1624 return t->get_soinfo() == si;
1625 };
1626
1627 if (!si->is_linked() &&
1628 std::find_if(load_list.begin(), load_list.end(), pred) == load_list.end() ) {
1629 load_list.push_back(task);
1630 }
1631 }
1632 bool reserved_address_recursive = false;
1633 if (extinfo) {
1634 reserved_address_recursive = extinfo->flags & ANDROID_DLEXT_RESERVED_ADDRESS_RECURSIVE;
1635 }
1636 if (!reserved_address_recursive) {
1637 // Shuffle the load order in the normal case, but not if we are loading all
1638 // the libraries to a reserved address range.
1639 shuffle(&load_list);
1640 }
1641
1642 // Set up address space parameters.
1643 address_space_params extinfo_params, default_params;
1644 size_t relro_fd_offset = 0;
1645 if (extinfo) {
1646 if (extinfo->flags & ANDROID_DLEXT_RESERVED_ADDRESS) {
1647 extinfo_params.start_addr = extinfo->reserved_addr;
1648 extinfo_params.reserved_size = extinfo->reserved_size;
1649 extinfo_params.must_use_address = true;
1650 } else if (extinfo->flags & ANDROID_DLEXT_RESERVED_ADDRESS_HINT) {
1651 extinfo_params.start_addr = extinfo->reserved_addr;
1652 extinfo_params.reserved_size = extinfo->reserved_size;
1653 }
1654 }
1655
1656 for (auto&& task : load_list) {
1657 address_space_params* address_space =
1658 (reserved_address_recursive || !task->is_dt_needed()) ? &extinfo_params : &default_params;
1659 if (!task->load(address_space)) {
1660 return false;
1661 }
1662 }
1663
1664 // Step 3: pre-link all DT_NEEDED libraries in breadth first order.
1665 for (auto&& task : load_tasks) {
1666 soinfo* si = task->get_soinfo();
1667 if (!si->is_linked() && !si->prelink_image()) {
1668 return false;
1669 }
1670 register_soinfo_tls(si);
1671 }
1672
1673 // Step 4: Construct the global group. Note: DF_1_GLOBAL bit of a library is
1674 // determined at step 3.
1675
1676 // Step 4-1: DF_1_GLOBAL bit is force set for LD_PRELOADed libs because they
1677 // must be added to the global group
1678 if (ld_preloads != nullptr) {
1679 for (auto&& si : *ld_preloads) {
1680 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL);
1681 }
1682 }
1683
1684 // Step 4-2: Gather all DF_1_GLOBAL libs which were newly loaded during this
1685 // run. These will be the new member of the global group
1686 soinfo_list_t new_global_group_members;
1687 for (auto&& task : load_tasks) {
1688 soinfo* si = task->get_soinfo();
1689 if (!si->is_linked() && (si->get_dt_flags_1() & DF_1_GLOBAL) != 0) {
1690 new_global_group_members.push_back(si);
1691 }
1692 }
1693
1694 // Step 4-3: Add the new global group members to all the linked namespaces
1695 if (namespaces != nullptr) {
1696 for (auto linked_ns : *namespaces) {
1697 for (auto si : new_global_group_members) {
1698 if (si->get_primary_namespace() != linked_ns) {
1699 linked_ns->add_soinfo(si);
1700 si->add_secondary_namespace(linked_ns);
1701 }
1702 }
1703 }
1704 }
1705
1706 // Step 5: Collect roots of local_groups.
1707 // Whenever needed_by->si link crosses a namespace boundary it forms its own local_group.
1708 // Here we collect new roots to link them separately later on. Note that we need to avoid
1709 // collecting duplicates. Also the order is important. They need to be linked in the same
1710 // BFS order we link individual libraries.
1711 std::vector<soinfo*> local_group_roots;
1712 if (start_with != nullptr && add_as_children) {
1713 local_group_roots.push_back(start_with);
1714 } else {
1715 CHECK(soinfos_count == 1);
1716 local_group_roots.push_back(soinfos[0]);
1717 }
1718
1719 for (auto&& task : load_tasks) {
1720 soinfo* si = task->get_soinfo();
1721 soinfo* needed_by = task->get_needed_by();
1722 bool is_dt_needed = needed_by != nullptr && (needed_by != start_with || add_as_children);
1723 android_namespace_t* needed_by_ns =
1724 is_dt_needed ? needed_by->get_primary_namespace() : ns;
1725
1726 if (!si->is_linked() && si->get_primary_namespace() != needed_by_ns) {
1727 auto it = std::find(local_group_roots.begin(), local_group_roots.end(), si);
1728 LD_LOG(kLogDlopen,
1729 "Crossing namespace boundary (si=%s@%p, si_ns=%s@%p, needed_by=%s@%p, ns=%s@%p, needed_by_ns=%s@%p) adding to local_group_roots: %s",
1730 si->get_realpath(),
1731 si,
1732 si->get_primary_namespace()->get_name(),
1733 si->get_primary_namespace(),
1734 needed_by == nullptr ? "(nullptr)" : needed_by->get_realpath(),
1735 needed_by,
1736 ns->get_name(),
1737 ns,
1738 needed_by_ns->get_name(),
1739 needed_by_ns,
1740 it == local_group_roots.end() ? "yes" : "no");
1741
1742 if (it == local_group_roots.end()) {
1743 local_group_roots.push_back(si);
1744 }
1745 }
1746 }
1747
1748 // Step 6: Link all local groups
1749 for (auto root : local_group_roots) {
1750 soinfo_list_t local_group;
1751 android_namespace_t* local_group_ns = root->get_primary_namespace();
1752
1753 walk_dependencies_tree(root,
1754 [&] (soinfo* si) {
1755 if (local_group_ns->is_accessible(si)) {
1756 local_group.push_back(si);
1757 return kWalkContinue;
1758 } else {
1759 return kWalkSkip;
1760 }
1761 });
1762
1763 soinfo_list_t global_group = local_group_ns->get_global_group();
1764 SymbolLookupList lookup_list(global_group, local_group);
1765 soinfo* local_group_root = local_group.front();
1766
1767 bool linked = local_group.visit([&](soinfo* si) {
1768 // Even though local group may contain accessible soinfos from other namespaces
1769 // we should avoid linking them (because if they are not linked -> they
1770 // are in the local_group_roots and will be linked later).
1771 if (!si->is_linked() && si->get_primary_namespace() == local_group_ns) {
1772 const android_dlextinfo* link_extinfo = nullptr;
1773 if (si == soinfos[0] || reserved_address_recursive) {
1774 // Only forward extinfo for the first library unless the recursive
1775 // flag is set.
1776 link_extinfo = extinfo;
1777 }
1778 if (__libc_shared_globals()->load_hook) {
1779 __libc_shared_globals()->load_hook(si->load_bias, si->phdr, si->phnum);
1780 }
1781 lookup_list.set_dt_symbolic_lib(si->has_DT_SYMBOLIC ? si : nullptr);
1782 if (!si->link_image(lookup_list, local_group_root, link_extinfo, &relro_fd_offset) ||
1783 !get_cfi_shadow()->AfterLoad(si, solist_get_head())) {
1784 return false;
1785 }
1786 }
1787
1788 return true;
1789 });
1790
1791 if (!linked) {
1792 return false;
1793 }
1794 }
1795
1796 // Step 7: Mark all load_tasks as linked and increment refcounts
1797 // for references between load_groups (at this point it does not matter if
1798 // referenced load_groups were loaded by previous dlopen or as part of this
1799 // one on step 6)
1800 if (start_with != nullptr && add_as_children) {
1801 start_with->set_linked();
1802 }
1803
1804 for (auto&& task : load_tasks) {
1805 soinfo* si = task->get_soinfo();
1806 si->set_linked();
1807 }
1808
1809 for (auto&& task : load_tasks) {
1810 soinfo* si = task->get_soinfo();
1811 soinfo* needed_by = task->get_needed_by();
1812 if (needed_by != nullptr &&
1813 needed_by != start_with &&
1814 needed_by->get_local_group_root() != si->get_local_group_root()) {
1815 si->increment_ref_count();
1816 }
1817 }
1818
1819
1820 return true;
1821 }
1822
find_library(android_namespace_t * ns,const char * name,int rtld_flags,const android_dlextinfo * extinfo,soinfo * needed_by)1823 static soinfo* find_library(android_namespace_t* ns,
1824 const char* name, int rtld_flags,
1825 const android_dlextinfo* extinfo,
1826 soinfo* needed_by) {
1827 soinfo* si = nullptr;
1828
1829 if (name == nullptr) {
1830 si = solist_get_somain();
1831 } else if (!find_libraries(ns,
1832 needed_by,
1833 &name,
1834 1,
1835 &si,
1836 nullptr,
1837 0,
1838 rtld_flags,
1839 extinfo,
1840 false /* add_as_children */,
1841 true /* search_linked_namespaces */)) {
1842 if (si != nullptr) {
1843 soinfo_unload(si);
1844 }
1845 return nullptr;
1846 }
1847
1848 si->increment_ref_count();
1849
1850 return si;
1851 }
1852
soinfo_unload_impl(soinfo * root)1853 static void soinfo_unload_impl(soinfo* root) {
1854 ScopedTrace trace((std::string("unload ") + root->get_realpath()).c_str());
1855 bool is_linked = root->is_linked();
1856
1857 if (!root->can_unload()) {
1858 LD_LOG(kLogDlopen,
1859 "... dlclose(root=\"%s\"@%p) ... not unloading - the load group is flagged with NODELETE",
1860 root->get_realpath(),
1861 root);
1862 return;
1863 }
1864
1865
1866 soinfo_list_t unload_list;
1867 unload_list.push_back(root);
1868
1869 soinfo_list_t local_unload_list;
1870 soinfo_list_t external_unload_list;
1871 soinfo* si = nullptr;
1872
1873 while ((si = unload_list.pop_front()) != nullptr) {
1874 if (local_unload_list.contains(si)) {
1875 continue;
1876 }
1877
1878 local_unload_list.push_back(si);
1879
1880 if (si->has_min_version(0)) {
1881 soinfo* child = nullptr;
1882 while ((child = si->get_children().pop_front()) != nullptr) {
1883 TRACE("%s@%p needs to unload %s@%p", si->get_realpath(), si,
1884 child->get_realpath(), child);
1885
1886 child->get_parents().remove(si);
1887
1888 if (local_unload_list.contains(child)) {
1889 continue;
1890 } else if (child->is_linked() && child->get_local_group_root() != root) {
1891 external_unload_list.push_back(child);
1892 } else if (child->get_parents().empty()) {
1893 unload_list.push_back(child);
1894 }
1895 }
1896 } else {
1897 async_safe_fatal("soinfo for \"%s\"@%p has no version", si->get_realpath(), si);
1898 }
1899 }
1900
1901 local_unload_list.for_each([](soinfo* si) {
1902 LD_LOG(kLogDlopen,
1903 "... dlclose: calling destructors for \"%s\"@%p ... ",
1904 si->get_realpath(),
1905 si);
1906 si->call_destructors();
1907 LD_LOG(kLogDlopen,
1908 "... dlclose: calling destructors for \"%s\"@%p ... done",
1909 si->get_realpath(),
1910 si);
1911 });
1912
1913 while ((si = local_unload_list.pop_front()) != nullptr) {
1914 LD_LOG(kLogDlopen,
1915 "... dlclose: unloading \"%s\"@%p ...",
1916 si->get_realpath(),
1917 si);
1918 ++g_module_unload_counter;
1919 notify_gdb_of_unload(si);
1920 unregister_soinfo_tls(si);
1921 if (__libc_shared_globals()->unload_hook) {
1922 __libc_shared_globals()->unload_hook(si->load_bias, si->phdr, si->phnum);
1923 }
1924 get_cfi_shadow()->BeforeUnload(si);
1925 soinfo_free(si);
1926 }
1927
1928 if (is_linked) {
1929 while ((si = external_unload_list.pop_front()) != nullptr) {
1930 LD_LOG(kLogDlopen,
1931 "... dlclose: unloading external reference \"%s\"@%p ...",
1932 si->get_realpath(),
1933 si);
1934 soinfo_unload(si);
1935 }
1936 } else {
1937 LD_LOG(kLogDlopen,
1938 "... dlclose: unload_si was not linked - not unloading external references ...");
1939 }
1940 }
1941
soinfo_unload(soinfo * unload_si)1942 static void soinfo_unload(soinfo* unload_si) {
1943 // Note that the library can be loaded but not linked;
1944 // in which case there is no root but we still need
1945 // to walk the tree and unload soinfos involved.
1946 //
1947 // This happens on unsuccessful dlopen, when one of
1948 // the DT_NEEDED libraries could not be linked/found.
1949 bool is_linked = unload_si->is_linked();
1950 soinfo* root = is_linked ? unload_si->get_local_group_root() : unload_si;
1951
1952 LD_LOG(kLogDlopen,
1953 "... dlclose(realpath=\"%s\"@%p) ... load group root is \"%s\"@%p",
1954 unload_si->get_realpath(),
1955 unload_si,
1956 root->get_realpath(),
1957 root);
1958
1959
1960 size_t ref_count = is_linked ? root->decrement_ref_count() : 0;
1961 if (ref_count > 0) {
1962 LD_LOG(kLogDlopen,
1963 "... dlclose(root=\"%s\"@%p) ... not unloading - decrementing ref_count to %zd",
1964 root->get_realpath(),
1965 root,
1966 ref_count);
1967 return;
1968 }
1969
1970 soinfo_unload_impl(root);
1971 }
1972
increment_dso_handle_reference_counter(void * dso_handle)1973 void increment_dso_handle_reference_counter(void* dso_handle) {
1974 if (dso_handle == nullptr) {
1975 return;
1976 }
1977
1978 auto it = g_dso_handle_counters.find(dso_handle);
1979 if (it != g_dso_handle_counters.end()) {
1980 CHECK(++it->second != 0);
1981 } else {
1982 soinfo* si = find_containing_library(dso_handle);
1983 if (si != nullptr) {
1984 ProtectedDataGuard guard;
1985 si->increment_ref_count();
1986 } else {
1987 async_safe_fatal(
1988 "increment_dso_handle_reference_counter: Couldn't find soinfo by dso_handle=%p",
1989 dso_handle);
1990 }
1991 g_dso_handle_counters[dso_handle] = 1U;
1992 }
1993 }
1994
decrement_dso_handle_reference_counter(void * dso_handle)1995 void decrement_dso_handle_reference_counter(void* dso_handle) {
1996 if (dso_handle == nullptr) {
1997 return;
1998 }
1999
2000 auto it = g_dso_handle_counters.find(dso_handle);
2001 CHECK(it != g_dso_handle_counters.end());
2002 CHECK(it->second != 0);
2003
2004 if (--it->second == 0) {
2005 soinfo* si = find_containing_library(dso_handle);
2006 if (si != nullptr) {
2007 ProtectedDataGuard guard;
2008 soinfo_unload(si);
2009 } else {
2010 async_safe_fatal(
2011 "decrement_dso_handle_reference_counter: Couldn't find soinfo by dso_handle=%p",
2012 dso_handle);
2013 }
2014 g_dso_handle_counters.erase(it);
2015 }
2016 }
2017
symbol_display_name(const char * sym_name,const char * sym_ver)2018 static std::string symbol_display_name(const char* sym_name, const char* sym_ver) {
2019 if (sym_ver == nullptr) {
2020 return sym_name;
2021 }
2022
2023 return std::string(sym_name) + ", version " + sym_ver;
2024 }
2025
get_caller_namespace(soinfo * caller)2026 static android_namespace_t* get_caller_namespace(soinfo* caller) {
2027 return caller != nullptr ? caller->get_primary_namespace() : g_anonymous_namespace;
2028 }
2029
do_android_get_LD_LIBRARY_PATH(char * buffer,size_t buffer_size)2030 void do_android_get_LD_LIBRARY_PATH(char* buffer, size_t buffer_size) {
2031 // Use basic string manipulation calls to avoid snprintf.
2032 // snprintf indirectly calls pthread_getspecific to get the size of a buffer.
2033 // When debug malloc is enabled, this call returns 0. This in turn causes
2034 // snprintf to do nothing, which causes libraries to fail to load.
2035 // See b/17302493 for further details.
2036 // Once the above bug is fixed, this code can be modified to use
2037 // snprintf again.
2038 const auto& default_ld_paths = g_default_namespace.get_default_library_paths();
2039
2040 size_t required_size = 0;
2041 for (const auto& path : default_ld_paths) {
2042 required_size += path.size() + 1;
2043 }
2044
2045 if (buffer_size < required_size) {
2046 async_safe_fatal("android_get_LD_LIBRARY_PATH failed, buffer too small: "
2047 "buffer len %zu, required len %zu", buffer_size, required_size);
2048 }
2049
2050 char* end = buffer;
2051 for (size_t i = 0; i < default_ld_paths.size(); ++i) {
2052 if (i > 0) *end++ = ':';
2053 end = stpcpy(end, default_ld_paths[i].c_str());
2054 }
2055 }
2056
do_android_update_LD_LIBRARY_PATH(const char * ld_library_path)2057 void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) {
2058 parse_LD_LIBRARY_PATH(ld_library_path);
2059 }
2060
android_dlextinfo_to_string(const android_dlextinfo * info)2061 static std::string android_dlextinfo_to_string(const android_dlextinfo* info) {
2062 if (info == nullptr) {
2063 return "(null)";
2064 }
2065
2066 return android::base::StringPrintf("[flags=0x%" PRIx64 ","
2067 " reserved_addr=%p,"
2068 " reserved_size=0x%zx,"
2069 " relro_fd=%d,"
2070 " library_fd=%d,"
2071 " library_fd_offset=0x%" PRIx64 ","
2072 " library_namespace=%s@%p]",
2073 info->flags,
2074 info->reserved_addr,
2075 info->reserved_size,
2076 info->relro_fd,
2077 info->library_fd,
2078 info->library_fd_offset,
2079 (info->flags & ANDROID_DLEXT_USE_NAMESPACE) != 0 ?
2080 (info->library_namespace != nullptr ?
2081 info->library_namespace->get_name() : "(null)") : "(n/a)",
2082 (info->flags & ANDROID_DLEXT_USE_NAMESPACE) != 0 ?
2083 info->library_namespace : nullptr);
2084 }
2085
do_dlopen(const char * name,int flags,const android_dlextinfo * extinfo,const void * caller_addr)2086 void* do_dlopen(const char* name, int flags,
2087 const android_dlextinfo* extinfo,
2088 const void* caller_addr) {
2089 std::string trace_prefix = std::string("dlopen: ") + (name == nullptr ? "(nullptr)" : name);
2090 ScopedTrace trace(trace_prefix.c_str());
2091 ScopedTrace loading_trace((trace_prefix + " - loading and linking").c_str());
2092 soinfo* const caller = find_containing_library(caller_addr);
2093 android_namespace_t* ns = get_caller_namespace(caller);
2094
2095 LD_LOG(kLogDlopen,
2096 "dlopen(name=\"%s\", flags=0x%x, extinfo=%s, caller=\"%s\", caller_ns=%s@%p, targetSdkVersion=%i) ...",
2097 name,
2098 flags,
2099 android_dlextinfo_to_string(extinfo).c_str(),
2100 caller == nullptr ? "(null)" : caller->get_realpath(),
2101 ns == nullptr ? "(null)" : ns->get_name(),
2102 ns,
2103 get_application_target_sdk_version());
2104
2105 auto purge_guard = android::base::make_scope_guard([&]() { purge_unused_memory(); });
2106
2107 auto failure_guard = android::base::make_scope_guard(
2108 [&]() { LD_LOG(kLogDlopen, "... dlopen failed: %s", linker_get_error_buffer()); });
2109
2110 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL|RTLD_NODELETE|RTLD_NOLOAD)) != 0) {
2111 DL_OPEN_ERR("invalid flags to dlopen: %x", flags);
2112 return nullptr;
2113 }
2114
2115 if (extinfo != nullptr) {
2116 if ((extinfo->flags & ~(ANDROID_DLEXT_VALID_FLAG_BITS)) != 0) {
2117 DL_OPEN_ERR("invalid extended flags to android_dlopen_ext: 0x%" PRIx64, extinfo->flags);
2118 return nullptr;
2119 }
2120
2121 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) == 0 &&
2122 (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) {
2123 DL_OPEN_ERR("invalid extended flag combination (ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET without "
2124 "ANDROID_DLEXT_USE_LIBRARY_FD): 0x%" PRIx64, extinfo->flags);
2125 return nullptr;
2126 }
2127
2128 if ((extinfo->flags & ANDROID_DLEXT_USE_NAMESPACE) != 0) {
2129 if (extinfo->library_namespace == nullptr) {
2130 DL_OPEN_ERR("ANDROID_DLEXT_USE_NAMESPACE is set but extinfo->library_namespace is null");
2131 return nullptr;
2132 }
2133 ns = extinfo->library_namespace;
2134 }
2135 }
2136
2137 // Workaround for dlopen(/system/lib/<soname>) when .so is in /apex. http://b/121248172
2138 // The workaround works only when targetSdkVersion < Q.
2139 std::string name_to_apex;
2140 if (translateSystemPathToApexPath(name, &name_to_apex)) {
2141 const char* new_name = name_to_apex.c_str();
2142 LD_LOG(kLogDlopen, "dlopen considering translation from %s to APEX path %s",
2143 name,
2144 new_name);
2145 // Some APEXs could be optionally disabled. Only translate the path
2146 // when the old file is absent and the new file exists.
2147 // TODO(b/124218500): Re-enable it once app compat issue is resolved
2148 /*
2149 if (file_exists(name)) {
2150 LD_LOG(kLogDlopen, "dlopen %s exists, not translating", name);
2151 } else
2152 */
2153 if (!file_exists(new_name)) {
2154 LD_LOG(kLogDlopen, "dlopen %s does not exist, not translating",
2155 new_name);
2156 } else {
2157 LD_LOG(kLogDlopen, "dlopen translation accepted: using %s", new_name);
2158 name = new_name;
2159 }
2160 }
2161 // End Workaround for dlopen(/system/lib/<soname>) when .so is in /apex.
2162
2163 std::string asan_name_holder;
2164
2165 const char* translated_name = name;
2166 if (g_is_asan && translated_name != nullptr && translated_name[0] == '/') {
2167 char original_path[PATH_MAX];
2168 if (realpath(name, original_path) != nullptr) {
2169 asan_name_holder = std::string(kAsanLibDirPrefix) + original_path;
2170 if (file_exists(asan_name_holder.c_str())) {
2171 soinfo* si = nullptr;
2172 if (find_loaded_library_by_realpath(ns, original_path, true, &si)) {
2173 PRINT("linker_asan dlopen NOT translating \"%s\" -> \"%s\": library already loaded", name,
2174 asan_name_holder.c_str());
2175 } else {
2176 PRINT("linker_asan dlopen translating \"%s\" -> \"%s\"", name, translated_name);
2177 translated_name = asan_name_holder.c_str();
2178 }
2179 }
2180 }
2181 }
2182
2183 ProtectedDataGuard guard;
2184 soinfo* si = find_library(ns, translated_name, flags, extinfo, caller);
2185 loading_trace.End();
2186
2187 if (si != nullptr) {
2188 void* handle = si->to_handle();
2189 LD_LOG(kLogDlopen,
2190 "... dlopen calling constructors: realpath=\"%s\", soname=\"%s\", handle=%p",
2191 si->get_realpath(), si->get_soname(), handle);
2192 si->call_constructors();
2193 failure_guard.Disable();
2194 LD_LOG(kLogDlopen,
2195 "... dlopen successful: realpath=\"%s\", soname=\"%s\", handle=%p",
2196 si->get_realpath(), si->get_soname(), handle);
2197 return handle;
2198 }
2199
2200 return nullptr;
2201 }
2202
do_dladdr(const void * addr,Dl_info * info)2203 int do_dladdr(const void* addr, Dl_info* info) {
2204 // Determine if this address can be found in any library currently mapped.
2205 soinfo* si = find_containing_library(addr);
2206 if (si == nullptr) {
2207 return 0;
2208 }
2209
2210 memset(info, 0, sizeof(Dl_info));
2211
2212 info->dli_fname = si->get_realpath();
2213 // Address at which the shared object is loaded.
2214 info->dli_fbase = reinterpret_cast<void*>(si->base);
2215
2216 // Determine if any symbol in the library contains the specified address.
2217 ElfW(Sym)* sym = si->find_symbol_by_address(addr);
2218 if (sym != nullptr) {
2219 info->dli_sname = si->get_string(sym->st_name);
2220 info->dli_saddr = reinterpret_cast<void*>(si->resolve_symbol_address(sym));
2221 }
2222
2223 return 1;
2224 }
2225
soinfo_from_handle(void * handle)2226 static soinfo* soinfo_from_handle(void* handle) {
2227 if ((reinterpret_cast<uintptr_t>(handle) & 1) != 0) {
2228 auto it = g_soinfo_handles_map.find(reinterpret_cast<uintptr_t>(handle));
2229 if (it == g_soinfo_handles_map.end()) {
2230 return nullptr;
2231 } else {
2232 return it->second;
2233 }
2234 }
2235
2236 return static_cast<soinfo*>(handle);
2237 }
2238
do_dlsym(void * handle,const char * sym_name,const char * sym_ver,const void * caller_addr,void ** symbol)2239 bool do_dlsym(void* handle,
2240 const char* sym_name,
2241 const char* sym_ver,
2242 const void* caller_addr,
2243 void** symbol) {
2244 ScopedTrace trace("dlsym");
2245 #if !defined(__LP64__)
2246 if (handle == nullptr) {
2247 DL_SYM_ERR("dlsym failed: library handle is null");
2248 return false;
2249 }
2250 #endif
2251
2252 soinfo* found = nullptr;
2253 const ElfW(Sym)* sym = nullptr;
2254 soinfo* caller = find_containing_library(caller_addr);
2255 android_namespace_t* ns = get_caller_namespace(caller);
2256 soinfo* si = nullptr;
2257 if (handle != RTLD_DEFAULT && handle != RTLD_NEXT) {
2258 si = soinfo_from_handle(handle);
2259 }
2260
2261 LD_LOG(kLogDlsym,
2262 "dlsym(handle=%p(\"%s\"), sym_name=\"%s\", sym_ver=\"%s\", caller=\"%s\", caller_ns=%s@%p) ...",
2263 handle,
2264 si != nullptr ? si->get_realpath() : "n/a",
2265 sym_name,
2266 sym_ver,
2267 caller == nullptr ? "(null)" : caller->get_realpath(),
2268 ns == nullptr ? "(null)" : ns->get_name(),
2269 ns);
2270
2271 auto failure_guard = android::base::make_scope_guard(
2272 [&]() { LD_LOG(kLogDlsym, "... dlsym failed: %s", linker_get_error_buffer()); });
2273
2274 if (sym_name == nullptr) {
2275 DL_SYM_ERR("dlsym failed: symbol name is null");
2276 return false;
2277 }
2278
2279 version_info vi_instance;
2280 version_info* vi = nullptr;
2281
2282 if (sym_ver != nullptr) {
2283 vi_instance.name = sym_ver;
2284 vi_instance.elf_hash = calculate_elf_hash(sym_ver);
2285 vi = &vi_instance;
2286 }
2287
2288 if (handle == RTLD_DEFAULT || handle == RTLD_NEXT) {
2289 sym = dlsym_linear_lookup(ns, sym_name, vi, &found, caller, handle);
2290 } else {
2291 if (si == nullptr) {
2292 DL_SYM_ERR("dlsym failed: invalid handle: %p", handle);
2293 return false;
2294 }
2295 sym = dlsym_handle_lookup(si, &found, sym_name, vi);
2296 }
2297
2298 if (sym != nullptr) {
2299 uint32_t bind = ELF_ST_BIND(sym->st_info);
2300 uint32_t type = ELF_ST_TYPE(sym->st_info);
2301
2302 if ((bind == STB_GLOBAL || bind == STB_WEAK) && sym->st_shndx != 0) {
2303 if (type == STT_TLS) {
2304 // For a TLS symbol, dlsym returns the address of the current thread's
2305 // copy of the symbol.
2306 const soinfo_tls* tls_module = found->get_tls();
2307 if (tls_module == nullptr) {
2308 DL_SYM_ERR("TLS symbol \"%s\" in solib \"%s\" with no TLS segment",
2309 sym_name, found->get_realpath());
2310 return false;
2311 }
2312 void* tls_block = get_tls_block_for_this_thread(tls_module, /*should_alloc=*/true);
2313 *symbol = static_cast<char*>(tls_block) + sym->st_value;
2314 } else {
2315 *symbol = reinterpret_cast<void*>(found->resolve_symbol_address(sym));
2316 }
2317 failure_guard.Disable();
2318 LD_LOG(kLogDlsym,
2319 "... dlsym successful: sym_name=\"%s\", sym_ver=\"%s\", found in=\"%s\", address=%p",
2320 sym_name, sym_ver, found->get_soname(), *symbol);
2321 return true;
2322 }
2323
2324 DL_SYM_ERR("symbol \"%s\" found but not global", symbol_display_name(sym_name, sym_ver).c_str());
2325 return false;
2326 }
2327
2328 DL_SYM_ERR("undefined symbol: %s", symbol_display_name(sym_name, sym_ver).c_str());
2329 return false;
2330 }
2331
do_dlclose(void * handle)2332 int do_dlclose(void* handle) {
2333 ScopedTrace trace("dlclose");
2334 ProtectedDataGuard guard;
2335 soinfo* si = soinfo_from_handle(handle);
2336 if (si == nullptr) {
2337 DL_OPEN_ERR("invalid handle: %p", handle);
2338 return -1;
2339 }
2340
2341 LD_LOG(kLogDlopen,
2342 "dlclose(handle=%p, realpath=\"%s\"@%p) ...",
2343 handle,
2344 si->get_realpath(),
2345 si);
2346 soinfo_unload(si);
2347 LD_LOG(kLogDlopen,
2348 "dlclose(handle=%p) ... done",
2349 handle);
2350 return 0;
2351 }
2352
2353 // Make ns as the anonymous namespace that is a namespace used when
2354 // we fail to determine the caller address (e.g., call from mono-jited code)
2355 // Since there can be multiple anonymous namespace in a process, subsequent
2356 // call to this function causes an error.
set_anonymous_namespace(android_namespace_t * ns)2357 static bool set_anonymous_namespace(android_namespace_t* ns) {
2358 if (!g_anonymous_namespace_set && ns != nullptr) {
2359 CHECK(ns->is_also_used_as_anonymous());
2360 g_anonymous_namespace = ns;
2361 g_anonymous_namespace_set = true;
2362 return true;
2363 }
2364 return false;
2365 }
2366
2367 // TODO(b/130388701) remove this. Currently, this is used only for testing
2368 // where we don't have classloader namespace.
init_anonymous_namespace(const char * shared_lib_sonames,const char * library_search_path)2369 bool init_anonymous_namespace(const char* shared_lib_sonames, const char* library_search_path) {
2370 ProtectedDataGuard guard;
2371
2372 // Test-only feature: we need to change the anonymous namespace multiple times
2373 // while the test is running.
2374 g_anonymous_namespace_set = false;
2375
2376 // create anonymous namespace
2377 // When the caller is nullptr - create_namespace will take global group
2378 // from the anonymous namespace, which is fine because anonymous namespace
2379 // is still pointing to the default one.
2380 android_namespace_t* anon_ns =
2381 create_namespace(nullptr,
2382 "(anonymous)",
2383 nullptr,
2384 library_search_path,
2385 ANDROID_NAMESPACE_TYPE_ISOLATED |
2386 ANDROID_NAMESPACE_TYPE_ALSO_USED_AS_ANONYMOUS,
2387 nullptr,
2388 &g_default_namespace);
2389
2390 CHECK(anon_ns != nullptr);
2391
2392 if (!link_namespaces(anon_ns, &g_default_namespace, shared_lib_sonames)) {
2393 // TODO: delete anon_ns
2394 return false;
2395 }
2396
2397 return true;
2398 }
2399
add_soinfos_to_namespace(const soinfo_list_t & soinfos,android_namespace_t * ns)2400 static void add_soinfos_to_namespace(const soinfo_list_t& soinfos, android_namespace_t* ns) {
2401 ns->add_soinfos(soinfos);
2402 for (auto si : soinfos) {
2403 si->add_secondary_namespace(ns);
2404 }
2405 }
2406
create_namespace(const void * caller_addr,const char * name,const char * ld_library_path,const char * default_library_path,uint64_t type,const char * permitted_when_isolated_path,android_namespace_t * parent_namespace)2407 android_namespace_t* create_namespace(const void* caller_addr,
2408 const char* name,
2409 const char* ld_library_path,
2410 const char* default_library_path,
2411 uint64_t type,
2412 const char* permitted_when_isolated_path,
2413 android_namespace_t* parent_namespace) {
2414 if (parent_namespace == nullptr) {
2415 // if parent_namespace is nullptr -> set it to the caller namespace
2416 soinfo* caller_soinfo = find_containing_library(caller_addr);
2417
2418 parent_namespace = caller_soinfo != nullptr ?
2419 caller_soinfo->get_primary_namespace() :
2420 g_anonymous_namespace;
2421 }
2422
2423 ProtectedDataGuard guard;
2424 std::vector<std::string> ld_library_paths;
2425 std::vector<std::string> default_library_paths;
2426 std::vector<std::string> permitted_paths;
2427
2428 parse_path(ld_library_path, ":", &ld_library_paths);
2429 parse_path(default_library_path, ":", &default_library_paths);
2430 parse_path(permitted_when_isolated_path, ":", &permitted_paths);
2431
2432 android_namespace_t* ns = new (g_namespace_allocator.alloc()) android_namespace_t();
2433 ns->set_name(name);
2434 ns->set_isolated((type & ANDROID_NAMESPACE_TYPE_ISOLATED) != 0);
2435 ns->set_greylist_enabled((type & ANDROID_NAMESPACE_TYPE_GREYLIST_ENABLED) != 0);
2436 ns->set_also_used_as_anonymous((type & ANDROID_NAMESPACE_TYPE_ALSO_USED_AS_ANONYMOUS) != 0);
2437
2438 if ((type & ANDROID_NAMESPACE_TYPE_SHARED) != 0) {
2439 // append parent namespace paths.
2440 std::copy(parent_namespace->get_ld_library_paths().begin(),
2441 parent_namespace->get_ld_library_paths().end(),
2442 back_inserter(ld_library_paths));
2443
2444 std::copy(parent_namespace->get_default_library_paths().begin(),
2445 parent_namespace->get_default_library_paths().end(),
2446 back_inserter(default_library_paths));
2447
2448 std::copy(parent_namespace->get_permitted_paths().begin(),
2449 parent_namespace->get_permitted_paths().end(),
2450 back_inserter(permitted_paths));
2451
2452 // If shared - clone the parent namespace
2453 add_soinfos_to_namespace(parent_namespace->soinfo_list(), ns);
2454 // and copy parent namespace links
2455 for (auto& link : parent_namespace->linked_namespaces()) {
2456 ns->add_linked_namespace(link.linked_namespace(), link.shared_lib_sonames(),
2457 link.allow_all_shared_libs());
2458 }
2459 } else {
2460 // If not shared - copy only the shared group
2461 add_soinfos_to_namespace(parent_namespace->get_shared_group(), ns);
2462 }
2463
2464 ns->set_ld_library_paths(std::move(ld_library_paths));
2465 ns->set_default_library_paths(std::move(default_library_paths));
2466 ns->set_permitted_paths(std::move(permitted_paths));
2467
2468 if (ns->is_also_used_as_anonymous() && !set_anonymous_namespace(ns)) {
2469 DL_ERR("failed to set namespace: [name=\"%s\", ld_library_path=\"%s\", default_library_paths=\"%s\""
2470 " permitted_paths=\"%s\"] as the anonymous namespace",
2471 ns->get_name(),
2472 android::base::Join(ns->get_ld_library_paths(), ':').c_str(),
2473 android::base::Join(ns->get_default_library_paths(), ':').c_str(),
2474 android::base::Join(ns->get_permitted_paths(), ':').c_str());
2475 return nullptr;
2476 }
2477
2478 return ns;
2479 }
2480
link_namespaces(android_namespace_t * namespace_from,android_namespace_t * namespace_to,const char * shared_lib_sonames)2481 bool link_namespaces(android_namespace_t* namespace_from,
2482 android_namespace_t* namespace_to,
2483 const char* shared_lib_sonames) {
2484 if (namespace_to == nullptr) {
2485 namespace_to = &g_default_namespace;
2486 }
2487
2488 if (namespace_from == nullptr) {
2489 DL_ERR("error linking namespaces: namespace_from is null.");
2490 return false;
2491 }
2492
2493 if (shared_lib_sonames == nullptr || shared_lib_sonames[0] == '\0') {
2494 DL_ERR("error linking namespaces \"%s\"->\"%s\": the list of shared libraries is empty.",
2495 namespace_from->get_name(), namespace_to->get_name());
2496 return false;
2497 }
2498
2499 auto sonames = android::base::Split(shared_lib_sonames, ":");
2500 std::unordered_set<std::string> sonames_set(sonames.begin(), sonames.end());
2501
2502 ProtectedDataGuard guard;
2503 namespace_from->add_linked_namespace(namespace_to, sonames_set, false);
2504
2505 return true;
2506 }
2507
link_namespaces_all_libs(android_namespace_t * namespace_from,android_namespace_t * namespace_to)2508 bool link_namespaces_all_libs(android_namespace_t* namespace_from,
2509 android_namespace_t* namespace_to) {
2510 if (namespace_from == nullptr) {
2511 DL_ERR("error linking namespaces: namespace_from is null.");
2512 return false;
2513 }
2514
2515 if (namespace_to == nullptr) {
2516 DL_ERR("error linking namespaces: namespace_to is null.");
2517 return false;
2518 }
2519
2520 ProtectedDataGuard guard;
2521 namespace_from->add_linked_namespace(namespace_to, std::unordered_set<std::string>(), true);
2522
2523 return true;
2524 }
2525
call_ifunc_resolver(ElfW (Addr)resolver_addr)2526 ElfW(Addr) call_ifunc_resolver(ElfW(Addr) resolver_addr) {
2527 if (g_is_ldd) return 0;
2528
2529 ElfW(Addr) ifunc_addr = __bionic_call_ifunc_resolver(resolver_addr);
2530 TRACE_TYPE(RELO, "Called ifunc_resolver@%p. The result is %p",
2531 reinterpret_cast<void *>(resolver_addr), reinterpret_cast<void*>(ifunc_addr));
2532
2533 return ifunc_addr;
2534 }
2535
get_version_info(ElfW (Versym)source_symver) const2536 const version_info* VersionTracker::get_version_info(ElfW(Versym) source_symver) const {
2537 if (source_symver < 2 ||
2538 source_symver >= version_infos.size() ||
2539 version_infos[source_symver].name == nullptr) {
2540 return nullptr;
2541 }
2542
2543 return &version_infos[source_symver];
2544 }
2545
add_version_info(size_t source_index,ElfW (Word)elf_hash,const char * ver_name,const soinfo * target_si)2546 void VersionTracker::add_version_info(size_t source_index,
2547 ElfW(Word) elf_hash,
2548 const char* ver_name,
2549 const soinfo* target_si) {
2550 if (source_index >= version_infos.size()) {
2551 version_infos.resize(source_index+1);
2552 }
2553
2554 version_infos[source_index].elf_hash = elf_hash;
2555 version_infos[source_index].name = ver_name;
2556 version_infos[source_index].target_si = target_si;
2557 }
2558
init_verneed(const soinfo * si_from)2559 bool VersionTracker::init_verneed(const soinfo* si_from) {
2560 uintptr_t verneed_ptr = si_from->get_verneed_ptr();
2561
2562 if (verneed_ptr == 0) {
2563 return true;
2564 }
2565
2566 size_t verneed_cnt = si_from->get_verneed_cnt();
2567
2568 for (size_t i = 0, offset = 0; i<verneed_cnt; ++i) {
2569 const ElfW(Verneed)* verneed = reinterpret_cast<ElfW(Verneed)*>(verneed_ptr + offset);
2570 size_t vernaux_offset = offset + verneed->vn_aux;
2571 offset += verneed->vn_next;
2572
2573 if (verneed->vn_version != 1) {
2574 DL_ERR("unsupported verneed[%zd] vn_version: %d (expected 1)", i, verneed->vn_version);
2575 return false;
2576 }
2577
2578 const char* target_soname = si_from->get_string(verneed->vn_file);
2579 // find it in dependencies
2580 soinfo* target_si = si_from->get_children().find_if([&](const soinfo* si) {
2581 return si->get_soname() != nullptr && strcmp(si->get_soname(), target_soname) == 0;
2582 });
2583
2584 if (target_si == nullptr) {
2585 DL_ERR("cannot find \"%s\" from verneed[%zd] in DT_NEEDED list for \"%s\"",
2586 target_soname, i, si_from->get_realpath());
2587 return false;
2588 }
2589
2590 for (size_t j = 0; j<verneed->vn_cnt; ++j) {
2591 const ElfW(Vernaux)* vernaux = reinterpret_cast<ElfW(Vernaux)*>(verneed_ptr + vernaux_offset);
2592 vernaux_offset += vernaux->vna_next;
2593
2594 const ElfW(Word) elf_hash = vernaux->vna_hash;
2595 const char* ver_name = si_from->get_string(vernaux->vna_name);
2596 ElfW(Half) source_index = vernaux->vna_other;
2597
2598 add_version_info(source_index, elf_hash, ver_name, target_si);
2599 }
2600 }
2601
2602 return true;
2603 }
2604
2605 template <typename F>
for_each_verdef(const soinfo * si,F functor)2606 static bool for_each_verdef(const soinfo* si, F functor) {
2607 if (!si->has_min_version(2)) {
2608 return true;
2609 }
2610
2611 uintptr_t verdef_ptr = si->get_verdef_ptr();
2612 if (verdef_ptr == 0) {
2613 return true;
2614 }
2615
2616 size_t offset = 0;
2617
2618 size_t verdef_cnt = si->get_verdef_cnt();
2619 for (size_t i = 0; i<verdef_cnt; ++i) {
2620 const ElfW(Verdef)* verdef = reinterpret_cast<ElfW(Verdef)*>(verdef_ptr + offset);
2621 size_t verdaux_offset = offset + verdef->vd_aux;
2622 offset += verdef->vd_next;
2623
2624 if (verdef->vd_version != 1) {
2625 DL_ERR("unsupported verdef[%zd] vd_version: %d (expected 1) library: %s",
2626 i, verdef->vd_version, si->get_realpath());
2627 return false;
2628 }
2629
2630 if ((verdef->vd_flags & VER_FLG_BASE) != 0) {
2631 // "this is the version of the file itself. It must not be used for
2632 // matching a symbol. It can be used to match references."
2633 //
2634 // http://www.akkadia.org/drepper/symbol-versioning
2635 continue;
2636 }
2637
2638 if (verdef->vd_cnt == 0) {
2639 DL_ERR("invalid verdef[%zd] vd_cnt == 0 (version without a name)", i);
2640 return false;
2641 }
2642
2643 const ElfW(Verdaux)* verdaux = reinterpret_cast<ElfW(Verdaux)*>(verdef_ptr + verdaux_offset);
2644
2645 if (functor(i, verdef, verdaux) == true) {
2646 break;
2647 }
2648 }
2649
2650 return true;
2651 }
2652
find_verdef_version_index(const soinfo * si,const version_info * vi)2653 ElfW(Versym) find_verdef_version_index(const soinfo* si, const version_info* vi) {
2654 if (vi == nullptr) {
2655 return kVersymNotNeeded;
2656 }
2657
2658 ElfW(Versym) result = kVersymGlobal;
2659
2660 if (!for_each_verdef(si,
2661 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) {
2662 if (verdef->vd_hash == vi->elf_hash &&
2663 strcmp(vi->name, si->get_string(verdaux->vda_name)) == 0) {
2664 result = verdef->vd_ndx;
2665 return true;
2666 }
2667
2668 return false;
2669 }
2670 )) {
2671 // verdef should have already been validated in prelink_image.
2672 async_safe_fatal("invalid verdef after prelinking: %s, %s",
2673 si->get_realpath(), linker_get_error_buffer());
2674 }
2675
2676 return result;
2677 }
2678
2679 // Validate the library's verdef section. On error, returns false and invokes DL_ERR.
validate_verdef_section(const soinfo * si)2680 bool validate_verdef_section(const soinfo* si) {
2681 return for_each_verdef(si,
2682 [&](size_t, const ElfW(Verdef)*, const ElfW(Verdaux)*) {
2683 return false;
2684 });
2685 }
2686
init_verdef(const soinfo * si_from)2687 bool VersionTracker::init_verdef(const soinfo* si_from) {
2688 return for_each_verdef(si_from,
2689 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) {
2690 add_version_info(verdef->vd_ndx, verdef->vd_hash,
2691 si_from->get_string(verdaux->vda_name), si_from);
2692 return false;
2693 }
2694 );
2695 }
2696
init(const soinfo * si_from)2697 bool VersionTracker::init(const soinfo* si_from) {
2698 if (!si_from->has_min_version(2)) {
2699 return true;
2700 }
2701
2702 return init_verneed(si_from) && init_verdef(si_from);
2703 }
2704
2705 // TODO (dimitry): Methods below need to be moved out of soinfo
2706 // and in more isolated file in order minimize dependencies on
2707 // unnecessary object in the linker binary. Consider making them
2708 // independent from soinfo (?).
lookup_version_info(const VersionTracker & version_tracker,ElfW (Word)sym,const char * sym_name,const version_info ** vi)2709 bool soinfo::lookup_version_info(const VersionTracker& version_tracker, ElfW(Word) sym,
2710 const char* sym_name, const version_info** vi) {
2711 const ElfW(Versym)* sym_ver_ptr = get_versym(sym);
2712 ElfW(Versym) sym_ver = sym_ver_ptr == nullptr ? 0 : *sym_ver_ptr;
2713
2714 if (sym_ver != VER_NDX_LOCAL && sym_ver != VER_NDX_GLOBAL) {
2715 *vi = version_tracker.get_version_info(sym_ver);
2716
2717 if (*vi == nullptr) {
2718 DL_ERR("cannot find verneed/verdef for version index=%d "
2719 "referenced by symbol \"%s\" at \"%s\"", sym_ver, sym_name, get_realpath());
2720 return false;
2721 }
2722 } else {
2723 // there is no version info
2724 *vi = nullptr;
2725 }
2726
2727 return true;
2728 }
2729
apply_relr_reloc(ElfW (Addr)offset)2730 void soinfo::apply_relr_reloc(ElfW(Addr) offset) {
2731 ElfW(Addr) address = offset + load_bias;
2732 *reinterpret_cast<ElfW(Addr)*>(address) += load_bias;
2733 }
2734
2735 // Process relocations in SHT_RELR section (experimental).
2736 // Details of the encoding are described in this post:
2737 // https://groups.google.com/d/msg/generic-abi/bX460iggiKg/Pi9aSwwABgAJ
relocate_relr()2738 bool soinfo::relocate_relr() {
2739 ElfW(Relr)* begin = relr_;
2740 ElfW(Relr)* end = relr_ + relr_count_;
2741 constexpr size_t wordsize = sizeof(ElfW(Addr));
2742
2743 ElfW(Addr) base = 0;
2744 for (ElfW(Relr)* current = begin; current < end; ++current) {
2745 ElfW(Relr) entry = *current;
2746 ElfW(Addr) offset;
2747
2748 if ((entry&1) == 0) {
2749 // Even entry: encodes the offset for next relocation.
2750 offset = static_cast<ElfW(Addr)>(entry);
2751 apply_relr_reloc(offset);
2752 // Set base offset for subsequent bitmap entries.
2753 base = offset + wordsize;
2754 continue;
2755 }
2756
2757 // Odd entry: encodes bitmap for relocations starting at base.
2758 offset = base;
2759 while (entry != 0) {
2760 entry >>= 1;
2761 if ((entry&1) != 0) {
2762 apply_relr_reloc(offset);
2763 }
2764 offset += wordsize;
2765 }
2766
2767 // Advance base offset by 63 words for 64-bit platforms,
2768 // or 31 words for 32-bit platforms.
2769 base += (8*wordsize - 1) * wordsize;
2770 }
2771 return true;
2772 }
2773
2774 // An empty list of soinfos
2775 static soinfo_list_t g_empty_list;
2776
prelink_image()2777 bool soinfo::prelink_image() {
2778 if (flags_ & FLAG_PRELINKED) return true;
2779 /* Extract dynamic section */
2780 ElfW(Word) dynamic_flags = 0;
2781 phdr_table_get_dynamic_section(phdr, phnum, load_bias, &dynamic, &dynamic_flags);
2782
2783 /* We can't log anything until the linker is relocated */
2784 bool relocating_linker = (flags_ & FLAG_LINKER) != 0;
2785 if (!relocating_linker) {
2786 INFO("[ Linking \"%s\" ]", get_realpath());
2787 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(base), flags_);
2788 }
2789
2790 if (dynamic == nullptr) {
2791 if (!relocating_linker) {
2792 DL_ERR("missing PT_DYNAMIC in \"%s\"", get_realpath());
2793 }
2794 return false;
2795 } else {
2796 if (!relocating_linker) {
2797 DEBUG("dynamic = %p", dynamic);
2798 }
2799 }
2800
2801 #if defined(__arm__)
2802 (void) phdr_table_get_arm_exidx(phdr, phnum, load_bias,
2803 &ARM_exidx, &ARM_exidx_count);
2804 #endif
2805
2806 TlsSegment tls_segment;
2807 if (__bionic_get_tls_segment(phdr, phnum, load_bias, &tls_segment)) {
2808 if (!__bionic_check_tls_alignment(&tls_segment.alignment)) {
2809 if (!relocating_linker) {
2810 DL_ERR("TLS segment alignment in \"%s\" is not a power of 2: %zu",
2811 get_realpath(), tls_segment.alignment);
2812 }
2813 return false;
2814 }
2815 tls_ = std::make_unique<soinfo_tls>();
2816 tls_->segment = tls_segment;
2817 }
2818
2819 // Extract useful information from dynamic section.
2820 // Note that: "Except for the DT_NULL element at the end of the array,
2821 // and the relative order of DT_NEEDED elements, entries may appear in any order."
2822 //
2823 // source: http://www.sco.com/developers/gabi/1998-04-29/ch5.dynamic.html
2824 uint32_t needed_count = 0;
2825 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) {
2826 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p",
2827 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val));
2828 switch (d->d_tag) {
2829 case DT_SONAME:
2830 // this is parsed after we have strtab initialized (see below).
2831 break;
2832
2833 case DT_HASH:
2834 nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0];
2835 nchain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1];
2836 bucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8);
2837 chain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8 + nbucket_ * 4);
2838 break;
2839
2840 case DT_GNU_HASH:
2841 gnu_nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0];
2842 // skip symndx
2843 gnu_maskwords_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[2];
2844 gnu_shift2_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[3];
2845
2846 gnu_bloom_filter_ = reinterpret_cast<ElfW(Addr)*>(load_bias + d->d_un.d_ptr + 16);
2847 gnu_bucket_ = reinterpret_cast<uint32_t*>(gnu_bloom_filter_ + gnu_maskwords_);
2848 // amend chain for symndx = header[1]
2849 gnu_chain_ = gnu_bucket_ + gnu_nbucket_ -
2850 reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1];
2851
2852 if (!powerof2(gnu_maskwords_)) {
2853 DL_ERR("invalid maskwords for gnu_hash = 0x%x, in \"%s\" expecting power to two",
2854 gnu_maskwords_, get_realpath());
2855 return false;
2856 }
2857 --gnu_maskwords_;
2858
2859 flags_ |= FLAG_GNU_HASH;
2860 break;
2861
2862 case DT_STRTAB:
2863 strtab_ = reinterpret_cast<const char*>(load_bias + d->d_un.d_ptr);
2864 break;
2865
2866 case DT_STRSZ:
2867 strtab_size_ = d->d_un.d_val;
2868 break;
2869
2870 case DT_SYMTAB:
2871 symtab_ = reinterpret_cast<ElfW(Sym)*>(load_bias + d->d_un.d_ptr);
2872 break;
2873
2874 case DT_SYMENT:
2875 if (d->d_un.d_val != sizeof(ElfW(Sym))) {
2876 DL_ERR("invalid DT_SYMENT: %zd in \"%s\"",
2877 static_cast<size_t>(d->d_un.d_val), get_realpath());
2878 return false;
2879 }
2880 break;
2881
2882 case DT_PLTREL:
2883 #if defined(USE_RELA)
2884 if (d->d_un.d_val != DT_RELA) {
2885 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_RELA", get_realpath());
2886 return false;
2887 }
2888 #else
2889 if (d->d_un.d_val != DT_REL) {
2890 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_REL", get_realpath());
2891 return false;
2892 }
2893 #endif
2894 break;
2895
2896 case DT_JMPREL:
2897 #if defined(USE_RELA)
2898 plt_rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr);
2899 #else
2900 plt_rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr);
2901 #endif
2902 break;
2903
2904 case DT_PLTRELSZ:
2905 #if defined(USE_RELA)
2906 plt_rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela));
2907 #else
2908 plt_rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel));
2909 #endif
2910 break;
2911
2912 case DT_PLTGOT:
2913 // Ignored (because RTLD_LAZY is not supported).
2914 break;
2915
2916 case DT_DEBUG:
2917 // Set the DT_DEBUG entry to the address of _r_debug for GDB
2918 // if the dynamic table is writable
2919 if ((dynamic_flags & PF_W) != 0) {
2920 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug);
2921 }
2922 break;
2923 #if defined(USE_RELA)
2924 case DT_RELA:
2925 rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr);
2926 break;
2927
2928 case DT_RELASZ:
2929 rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela));
2930 break;
2931
2932 case DT_ANDROID_RELA:
2933 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr);
2934 break;
2935
2936 case DT_ANDROID_RELASZ:
2937 android_relocs_size_ = d->d_un.d_val;
2938 break;
2939
2940 case DT_ANDROID_REL:
2941 DL_ERR("unsupported DT_ANDROID_REL in \"%s\"", get_realpath());
2942 return false;
2943
2944 case DT_ANDROID_RELSZ:
2945 DL_ERR("unsupported DT_ANDROID_RELSZ in \"%s\"", get_realpath());
2946 return false;
2947
2948 case DT_RELAENT:
2949 if (d->d_un.d_val != sizeof(ElfW(Rela))) {
2950 DL_ERR("invalid DT_RELAENT: %zd", static_cast<size_t>(d->d_un.d_val));
2951 return false;
2952 }
2953 break;
2954
2955 // Ignored (see DT_RELCOUNT comments for details).
2956 case DT_RELACOUNT:
2957 break;
2958
2959 case DT_REL:
2960 DL_ERR("unsupported DT_REL in \"%s\"", get_realpath());
2961 return false;
2962
2963 case DT_RELSZ:
2964 DL_ERR("unsupported DT_RELSZ in \"%s\"", get_realpath());
2965 return false;
2966
2967 #else
2968 case DT_REL:
2969 rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr);
2970 break;
2971
2972 case DT_RELSZ:
2973 rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel));
2974 break;
2975
2976 case DT_RELENT:
2977 if (d->d_un.d_val != sizeof(ElfW(Rel))) {
2978 DL_ERR("invalid DT_RELENT: %zd", static_cast<size_t>(d->d_un.d_val));
2979 return false;
2980 }
2981 break;
2982
2983 case DT_ANDROID_REL:
2984 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr);
2985 break;
2986
2987 case DT_ANDROID_RELSZ:
2988 android_relocs_size_ = d->d_un.d_val;
2989 break;
2990
2991 case DT_ANDROID_RELA:
2992 DL_ERR("unsupported DT_ANDROID_RELA in \"%s\"", get_realpath());
2993 return false;
2994
2995 case DT_ANDROID_RELASZ:
2996 DL_ERR("unsupported DT_ANDROID_RELASZ in \"%s\"", get_realpath());
2997 return false;
2998
2999 // "Indicates that all RELATIVE relocations have been concatenated together,
3000 // and specifies the RELATIVE relocation count."
3001 //
3002 // TODO: Spec also mentions that this can be used to optimize relocation process;
3003 // Not currently used by bionic linker - ignored.
3004 case DT_RELCOUNT:
3005 break;
3006
3007 case DT_RELA:
3008 DL_ERR("unsupported DT_RELA in \"%s\"", get_realpath());
3009 return false;
3010
3011 case DT_RELASZ:
3012 DL_ERR("unsupported DT_RELASZ in \"%s\"", get_realpath());
3013 return false;
3014
3015 #endif
3016 case DT_RELR:
3017 case DT_ANDROID_RELR:
3018 relr_ = reinterpret_cast<ElfW(Relr)*>(load_bias + d->d_un.d_ptr);
3019 break;
3020
3021 case DT_RELRSZ:
3022 case DT_ANDROID_RELRSZ:
3023 relr_count_ = d->d_un.d_val / sizeof(ElfW(Relr));
3024 break;
3025
3026 case DT_RELRENT:
3027 case DT_ANDROID_RELRENT:
3028 if (d->d_un.d_val != sizeof(ElfW(Relr))) {
3029 DL_ERR("invalid DT_RELRENT: %zd", static_cast<size_t>(d->d_un.d_val));
3030 return false;
3031 }
3032 break;
3033
3034 // Ignored (see DT_RELCOUNT comments for details).
3035 // There is no DT_RELRCOUNT specifically because it would only be ignored.
3036 case DT_ANDROID_RELRCOUNT:
3037 break;
3038
3039 case DT_INIT:
3040 init_func_ = reinterpret_cast<linker_ctor_function_t>(load_bias + d->d_un.d_ptr);
3041 DEBUG("%s constructors (DT_INIT) found at %p", get_realpath(), init_func_);
3042 break;
3043
3044 case DT_FINI:
3045 fini_func_ = reinterpret_cast<linker_dtor_function_t>(load_bias + d->d_un.d_ptr);
3046 DEBUG("%s destructors (DT_FINI) found at %p", get_realpath(), fini_func_);
3047 break;
3048
3049 case DT_INIT_ARRAY:
3050 init_array_ = reinterpret_cast<linker_ctor_function_t*>(load_bias + d->d_un.d_ptr);
3051 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", get_realpath(), init_array_);
3052 break;
3053
3054 case DT_INIT_ARRAYSZ:
3055 init_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr));
3056 break;
3057
3058 case DT_FINI_ARRAY:
3059 fini_array_ = reinterpret_cast<linker_dtor_function_t*>(load_bias + d->d_un.d_ptr);
3060 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", get_realpath(), fini_array_);
3061 break;
3062
3063 case DT_FINI_ARRAYSZ:
3064 fini_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr));
3065 break;
3066
3067 case DT_PREINIT_ARRAY:
3068 preinit_array_ = reinterpret_cast<linker_ctor_function_t*>(load_bias + d->d_un.d_ptr);
3069 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", get_realpath(), preinit_array_);
3070 break;
3071
3072 case DT_PREINIT_ARRAYSZ:
3073 preinit_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr));
3074 break;
3075
3076 case DT_TEXTREL:
3077 #if defined(__LP64__)
3078 DL_ERR("\"%s\" has text relocations", get_realpath());
3079 return false;
3080 #else
3081 has_text_relocations = true;
3082 break;
3083 #endif
3084
3085 case DT_SYMBOLIC:
3086 has_DT_SYMBOLIC = true;
3087 break;
3088
3089 case DT_NEEDED:
3090 ++needed_count;
3091 break;
3092
3093 case DT_FLAGS:
3094 if (d->d_un.d_val & DF_TEXTREL) {
3095 #if defined(__LP64__)
3096 DL_ERR("\"%s\" has text relocations", get_realpath());
3097 return false;
3098 #else
3099 has_text_relocations = true;
3100 #endif
3101 }
3102 if (d->d_un.d_val & DF_SYMBOLIC) {
3103 has_DT_SYMBOLIC = true;
3104 }
3105 break;
3106
3107 case DT_FLAGS_1:
3108 set_dt_flags_1(d->d_un.d_val);
3109
3110 if ((d->d_un.d_val & ~SUPPORTED_DT_FLAGS_1) != 0) {
3111 DL_WARN("Warning: \"%s\" has unsupported flags DT_FLAGS_1=%p "
3112 "(ignoring unsupported flags)",
3113 get_realpath(), reinterpret_cast<void*>(d->d_un.d_val));
3114 }
3115 break;
3116
3117 // Ignored: "Its use has been superseded by the DF_BIND_NOW flag"
3118 case DT_BIND_NOW:
3119 break;
3120
3121 case DT_VERSYM:
3122 versym_ = reinterpret_cast<ElfW(Versym)*>(load_bias + d->d_un.d_ptr);
3123 break;
3124
3125 case DT_VERDEF:
3126 verdef_ptr_ = load_bias + d->d_un.d_ptr;
3127 break;
3128 case DT_VERDEFNUM:
3129 verdef_cnt_ = d->d_un.d_val;
3130 break;
3131
3132 case DT_VERNEED:
3133 verneed_ptr_ = load_bias + d->d_un.d_ptr;
3134 break;
3135
3136 case DT_VERNEEDNUM:
3137 verneed_cnt_ = d->d_un.d_val;
3138 break;
3139
3140 case DT_RUNPATH:
3141 // this is parsed after we have strtab initialized (see below).
3142 break;
3143
3144 case DT_TLSDESC_GOT:
3145 case DT_TLSDESC_PLT:
3146 // These DT entries are used for lazy TLSDESC relocations. Bionic
3147 // resolves everything eagerly, so these can be ignored.
3148 break;
3149
3150 default:
3151 if (!relocating_linker) {
3152 const char* tag_name;
3153 if (d->d_tag == DT_RPATH) {
3154 tag_name = "DT_RPATH";
3155 } else if (d->d_tag == DT_ENCODING) {
3156 tag_name = "DT_ENCODING";
3157 } else if (d->d_tag >= DT_LOOS && d->d_tag <= DT_HIOS) {
3158 tag_name = "unknown OS-specific";
3159 } else if (d->d_tag >= DT_LOPROC && d->d_tag <= DT_HIPROC) {
3160 tag_name = "unknown processor-specific";
3161 } else {
3162 tag_name = "unknown";
3163 }
3164 DL_WARN("Warning: \"%s\" unused DT entry: %s (type %p arg %p) (ignoring)",
3165 get_realpath(),
3166 tag_name,
3167 reinterpret_cast<void*>(d->d_tag),
3168 reinterpret_cast<void*>(d->d_un.d_val));
3169 }
3170 break;
3171 }
3172 }
3173
3174 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p",
3175 reinterpret_cast<void*>(base), strtab_, symtab_);
3176
3177 // Sanity checks.
3178 if (relocating_linker && needed_count != 0) {
3179 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries");
3180 return false;
3181 }
3182 if (nbucket_ == 0 && gnu_nbucket_ == 0) {
3183 DL_ERR("empty/missing DT_HASH/DT_GNU_HASH in \"%s\" "
3184 "(new hash type from the future?)", get_realpath());
3185 return false;
3186 }
3187 if (strtab_ == nullptr) {
3188 DL_ERR("empty/missing DT_STRTAB in \"%s\"", get_realpath());
3189 return false;
3190 }
3191 if (symtab_ == nullptr) {
3192 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", get_realpath());
3193 return false;
3194 }
3195
3196 // second pass - parse entries relying on strtab
3197 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) {
3198 switch (d->d_tag) {
3199 case DT_SONAME:
3200 set_soname(get_string(d->d_un.d_val));
3201 break;
3202 case DT_RUNPATH:
3203 set_dt_runpath(get_string(d->d_un.d_val));
3204 break;
3205 }
3206 }
3207
3208 // Before M release linker was using basename in place of soname.
3209 // In the case when dt_soname is absent some apps stop working
3210 // because they can't find dt_needed library by soname.
3211 // This workaround should keep them working. (Applies only
3212 // for apps targeting sdk version < M.) Make an exception for
3213 // the main executable and linker; they do not need to have dt_soname.
3214 // TODO: >= O the linker doesn't need this workaround.
3215 if (soname_ == nullptr &&
3216 this != solist_get_somain() &&
3217 (flags_ & FLAG_LINKER) == 0 &&
3218 get_application_target_sdk_version() < 23) {
3219 soname_ = basename(realpath_.c_str());
3220 DL_WARN_documented_change(23,
3221 "missing-soname-enforced-for-api-level-23",
3222 "\"%s\" has no DT_SONAME (will use %s instead)",
3223 get_realpath(), soname_);
3224
3225 // Don't call add_dlwarning because a missing DT_SONAME isn't important enough to show in the UI
3226 }
3227
3228 // Validate each library's verdef section once, so we don't have to validate
3229 // it each time we look up a symbol with a version.
3230 if (!validate_verdef_section(this)) return false;
3231
3232 flags_ |= FLAG_PRELINKED;
3233 return true;
3234 }
3235
link_image(const SymbolLookupList & lookup_list,soinfo * local_group_root,const android_dlextinfo * extinfo,size_t * relro_fd_offset)3236 bool soinfo::link_image(const SymbolLookupList& lookup_list, soinfo* local_group_root,
3237 const android_dlextinfo* extinfo, size_t* relro_fd_offset) {
3238 if (is_image_linked()) {
3239 // already linked.
3240 return true;
3241 }
3242
3243 if (g_is_ldd && !is_main_executable()) {
3244 async_safe_format_fd(STDOUT_FILENO, "\t%s => %s (%p)\n", get_soname(),
3245 get_realpath(), reinterpret_cast<void*>(base));
3246 }
3247
3248 local_group_root_ = local_group_root;
3249 if (local_group_root_ == nullptr) {
3250 local_group_root_ = this;
3251 }
3252
3253 if ((flags_ & FLAG_LINKER) == 0 && local_group_root_ == this) {
3254 target_sdk_version_ = get_application_target_sdk_version();
3255 }
3256
3257 #if !defined(__LP64__)
3258 if (has_text_relocations) {
3259 // Fail if app is targeting M or above.
3260 int app_target_api_level = get_application_target_sdk_version();
3261 if (app_target_api_level >= 23) {
3262 DL_ERR_AND_LOG("\"%s\" has text relocations (https://android.googlesource.com/platform/"
3263 "bionic/+/master/android-changes-for-ndk-developers.md#Text-Relocations-"
3264 "Enforced-for-API-level-23)", get_realpath());
3265 return false;
3266 }
3267 // Make segments writable to allow text relocations to work properly. We will later call
3268 // phdr_table_protect_segments() after all of them are applied.
3269 DL_WARN_documented_change(23,
3270 "Text-Relocations-Enforced-for-API-level-23",
3271 "\"%s\" has text relocations",
3272 get_realpath());
3273 add_dlwarning(get_realpath(), "text relocations");
3274 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) {
3275 DL_ERR("can't unprotect loadable segments for \"%s\": %s", get_realpath(), strerror(errno));
3276 return false;
3277 }
3278 }
3279 #endif
3280
3281 if (!relocate(lookup_list)) {
3282 return false;
3283 }
3284
3285 DEBUG("[ finished linking %s ]", get_realpath());
3286
3287 #if !defined(__LP64__)
3288 if (has_text_relocations) {
3289 // All relocations are done, we can protect our segments back to read-only.
3290 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) {
3291 DL_ERR("can't protect segments for \"%s\": %s",
3292 get_realpath(), strerror(errno));
3293 return false;
3294 }
3295 }
3296 #endif
3297
3298 // We can also turn on GNU RELRO protection if we're not linking the dynamic linker
3299 // itself --- it can't make system calls yet, and will have to call protect_relro later.
3300 if (!is_linker() && !protect_relro()) {
3301 return false;
3302 }
3303
3304 /* Handle serializing/sharing the RELRO segment */
3305 if (extinfo && (extinfo->flags & ANDROID_DLEXT_WRITE_RELRO)) {
3306 if (phdr_table_serialize_gnu_relro(phdr, phnum, load_bias,
3307 extinfo->relro_fd, relro_fd_offset) < 0) {
3308 DL_ERR("failed serializing GNU RELRO section for \"%s\": %s",
3309 get_realpath(), strerror(errno));
3310 return false;
3311 }
3312 } else if (extinfo && (extinfo->flags & ANDROID_DLEXT_USE_RELRO)) {
3313 if (phdr_table_map_gnu_relro(phdr, phnum, load_bias,
3314 extinfo->relro_fd, relro_fd_offset) < 0) {
3315 DL_ERR("failed mapping GNU RELRO section for \"%s\": %s",
3316 get_realpath(), strerror(errno));
3317 return false;
3318 }
3319 }
3320
3321 ++g_module_load_counter;
3322 notify_gdb_of_load(this);
3323 set_image_linked();
3324 return true;
3325 }
3326
protect_relro()3327 bool soinfo::protect_relro() {
3328 if (phdr_table_protect_gnu_relro(phdr, phnum, load_bias) < 0) {
3329 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s",
3330 get_realpath(), strerror(errno));
3331 return false;
3332 }
3333 return true;
3334 }
3335
init_default_namespace_no_config(bool is_asan)3336 static std::vector<android_namespace_t*> init_default_namespace_no_config(bool is_asan) {
3337 g_default_namespace.set_isolated(false);
3338 auto default_ld_paths = is_asan ? kAsanDefaultLdPaths : kDefaultLdPaths;
3339
3340 char real_path[PATH_MAX];
3341 std::vector<std::string> ld_default_paths;
3342 for (size_t i = 0; default_ld_paths[i] != nullptr; ++i) {
3343 if (realpath(default_ld_paths[i], real_path) != nullptr) {
3344 ld_default_paths.push_back(real_path);
3345 } else {
3346 ld_default_paths.push_back(default_ld_paths[i]);
3347 }
3348 }
3349
3350 g_default_namespace.set_default_library_paths(std::move(ld_default_paths));
3351
3352 std::vector<android_namespace_t*> namespaces;
3353 namespaces.push_back(&g_default_namespace);
3354 return namespaces;
3355 }
3356
3357 // Given an `executable_path` starting with "/apex/<name>/bin/, return
3358 // "/linkerconfig/<name>/ld.config.txt" (or "/apex/<name>/etc/ld.config.txt", if
3359 // the former does not exist).
get_ld_config_file_apex_path(const char * executable_path)3360 static std::string get_ld_config_file_apex_path(const char* executable_path) {
3361 std::vector<std::string> paths = android::base::Split(executable_path, "/");
3362 if (paths.size() >= 5 && paths[1] == "apex" && paths[3] == "bin") {
3363 // Check auto-generated ld.config.txt first
3364 std::string generated_apex_config = "/linkerconfig/" + paths[2] + "/ld.config.txt";
3365 if (file_exists(generated_apex_config.c_str())) {
3366 return generated_apex_config;
3367 }
3368
3369 return std::string("/apex/") + paths[2] + "/etc/ld.config.txt";
3370 }
3371 return "";
3372 }
3373
get_ld_config_file_vndk_path()3374 static std::string get_ld_config_file_vndk_path() {
3375 if (android::base::GetBoolProperty("ro.vndk.lite", false)) {
3376 return kLdConfigVndkLiteFilePath;
3377 }
3378
3379 std::string ld_config_file_vndk = kLdConfigFilePath;
3380 size_t insert_pos = ld_config_file_vndk.find_last_of('.');
3381 if (insert_pos == std::string::npos) {
3382 insert_pos = ld_config_file_vndk.length();
3383 }
3384 ld_config_file_vndk.insert(insert_pos, Config::get_vndk_version_string('.'));
3385 return ld_config_file_vndk;
3386 }
3387
get_ld_config_file_path(const char * executable_path)3388 static std::string get_ld_config_file_path(const char* executable_path) {
3389 #ifdef USE_LD_CONFIG_FILE
3390 // This is a debugging/testing only feature. Must not be available on
3391 // production builds.
3392 const char* ld_config_file_env = getenv("LD_CONFIG_FILE");
3393 if (ld_config_file_env != nullptr && file_exists(ld_config_file_env)) {
3394 return ld_config_file_env;
3395 }
3396 #endif
3397
3398 std::string path = get_ld_config_file_apex_path(executable_path);
3399 if (!path.empty()) {
3400 if (file_exists(path.c_str())) {
3401 return path;
3402 }
3403 DL_WARN("Warning: couldn't read config file \"%s\" for \"%s\"",
3404 path.c_str(), executable_path);
3405 }
3406
3407 path = kLdConfigArchFilePath;
3408 if (file_exists(path.c_str())) {
3409 return path;
3410 }
3411
3412 if (file_exists(kLdGeneratedConfigFilePath)) {
3413 return kLdGeneratedConfigFilePath;
3414 } else {
3415 // TODO(b/146386369) : Adjust log level and add more condition to log only when necessary
3416 INFO("Warning: failed to find generated linker configuration from \"%s\"",
3417 kLdGeneratedConfigFilePath);
3418 }
3419
3420 path = get_ld_config_file_vndk_path();
3421 if (file_exists(path.c_str())) {
3422 return path;
3423 }
3424
3425 return kLdConfigFilePath;
3426 }
3427
init_default_namespaces(const char * executable_path)3428 std::vector<android_namespace_t*> init_default_namespaces(const char* executable_path) {
3429 g_default_namespace.set_name("(default)");
3430
3431 soinfo* somain = solist_get_somain();
3432
3433 const char *interp = phdr_table_get_interpreter_name(somain->phdr, somain->phnum,
3434 somain->load_bias);
3435 const char* bname = (interp != nullptr) ? basename(interp) : nullptr;
3436
3437 g_is_asan = bname != nullptr &&
3438 (strcmp(bname, "linker_asan") == 0 ||
3439 strcmp(bname, "linker_asan64") == 0);
3440
3441 const Config* config = nullptr;
3442
3443 std::string error_msg;
3444
3445 std::string ld_config_file_path = get_ld_config_file_path(executable_path);
3446
3447 INFO("[ Reading linker config \"%s\" ]", ld_config_file_path.c_str());
3448 if (!Config::read_binary_config(ld_config_file_path.c_str(),
3449 executable_path,
3450 g_is_asan,
3451 &config,
3452 &error_msg)) {
3453 if (!error_msg.empty()) {
3454 DL_WARN("Warning: couldn't read \"%s\" for \"%s\" (using default configuration instead): %s",
3455 ld_config_file_path.c_str(),
3456 executable_path,
3457 error_msg.c_str());
3458 }
3459 config = nullptr;
3460 }
3461
3462 if (config == nullptr) {
3463 return init_default_namespace_no_config(g_is_asan);
3464 }
3465
3466 const auto& namespace_configs = config->namespace_configs();
3467 std::unordered_map<std::string, android_namespace_t*> namespaces;
3468
3469 // 1. Initialize default namespace
3470 const NamespaceConfig* default_ns_config = config->default_namespace_config();
3471
3472 g_default_namespace.set_isolated(default_ns_config->isolated());
3473 g_default_namespace.set_default_library_paths(default_ns_config->search_paths());
3474 g_default_namespace.set_permitted_paths(default_ns_config->permitted_paths());
3475
3476 namespaces[default_ns_config->name()] = &g_default_namespace;
3477 if (default_ns_config->visible()) {
3478 g_exported_namespaces[default_ns_config->name()] = &g_default_namespace;
3479 }
3480
3481 // 2. Initialize other namespaces
3482
3483 for (auto& ns_config : namespace_configs) {
3484 if (namespaces.find(ns_config->name()) != namespaces.end()) {
3485 continue;
3486 }
3487
3488 android_namespace_t* ns = new (g_namespace_allocator.alloc()) android_namespace_t();
3489 ns->set_name(ns_config->name());
3490 ns->set_isolated(ns_config->isolated());
3491 ns->set_default_library_paths(ns_config->search_paths());
3492 ns->set_permitted_paths(ns_config->permitted_paths());
3493 ns->set_whitelisted_libs(ns_config->whitelisted_libs());
3494
3495 namespaces[ns_config->name()] = ns;
3496 if (ns_config->visible()) {
3497 g_exported_namespaces[ns_config->name()] = ns;
3498 }
3499 }
3500
3501 // 3. Establish links between namespaces
3502 for (auto& ns_config : namespace_configs) {
3503 auto it_from = namespaces.find(ns_config->name());
3504 CHECK(it_from != namespaces.end());
3505 android_namespace_t* namespace_from = it_from->second;
3506 for (const NamespaceLinkConfig& ns_link : ns_config->links()) {
3507 auto it_to = namespaces.find(ns_link.ns_name());
3508 CHECK(it_to != namespaces.end());
3509 android_namespace_t* namespace_to = it_to->second;
3510 if (ns_link.allow_all_shared_libs()) {
3511 link_namespaces_all_libs(namespace_from, namespace_to);
3512 } else {
3513 link_namespaces(namespace_from, namespace_to, ns_link.shared_libs().c_str());
3514 }
3515 }
3516 }
3517 // we can no longer rely on the fact that libdl.so is part of default namespace
3518 // this is why we want to add ld-android.so to all namespaces from ld.config.txt
3519 soinfo* ld_android_so = solist_get_head();
3520
3521 // we also need vdso to be available for all namespaces (if present)
3522 soinfo* vdso = solist_get_vdso();
3523 for (auto it : namespaces) {
3524 if (it.second != &g_default_namespace) {
3525 it.second->add_soinfo(ld_android_so);
3526 if (vdso != nullptr) {
3527 it.second->add_soinfo(vdso);
3528 }
3529 // somain and ld_preloads are added to these namespaces after LD_PRELOAD libs are linked
3530 }
3531 }
3532
3533 set_application_target_sdk_version(config->target_sdk_version());
3534
3535 std::vector<android_namespace_t*> created_namespaces;
3536 created_namespaces.reserve(namespaces.size());
3537 for (const auto& kv : namespaces) {
3538 created_namespaces.push_back(kv.second);
3539 }
3540 return created_namespaces;
3541 }
3542
3543 // This function finds a namespace exported in ld.config.txt by its name.
3544 // A namespace can be exported by setting .visible property to true.
get_exported_namespace(const char * name)3545 android_namespace_t* get_exported_namespace(const char* name) {
3546 if (name == nullptr) {
3547 return nullptr;
3548 }
3549 auto it = g_exported_namespaces.find(std::string(name));
3550 if (it == g_exported_namespaces.end()) {
3551 return nullptr;
3552 }
3553 return it->second;
3554 }
3555
purge_unused_memory()3556 void purge_unused_memory() {
3557 // For now, we only purge the memory used by LoadTask because we know those
3558 // are temporary objects.
3559 //
3560 // Purging other LinkerBlockAllocator hardly yields much because they hold
3561 // information about namespaces and opened libraries, which are not freed
3562 // when the control leaves the linker.
3563 //
3564 // Purging BionicAllocator may give us a few dirty pages back, but those pages
3565 // would be already zeroed out, so they compress easily in ZRAM. Therefore,
3566 // it is not worth munmap()'ing those pages.
3567 TypeBasedAllocator<LoadTask>::purge();
3568 }
3569