android_namespace_t* GetOrCreate(JNIEnv* env, jobject class_loader,
bool is_shared,
jstring java_library_path,
jstring java_permitted_path) {
ScopedUtfChars library_path(env, java_library_path);
std::string permitted_path;
if (java_permitted_path != nullptr) {
ScopedUtfChars path(env, java_permitted_path);
permitted_path = path.c_str();
}
if (!initialized_ && !InitPublicNamespace(library_path.c_str())) {
return nullptr;
}
std::lock_guard<std::mutex> guard(mutex_);
auto it = FindNamespaceByClassLoader(env, class_loader);
if (it != namespaces_.end()) {
return it->second;
}
uint64_t namespace_type = ANDROID_NAMESPACE_TYPE_ISOLATED;
if (is_shared) {
namespace_type |= ANDROID_NAMESPACE_TYPE_SHARED;
}
android_namespace_t* ns =
android_create_namespace("classloader-namespace",
nullptr,
library_path.c_str(),
namespace_type,
java_permitted_path != nullptr ?
permitted_path.c_str() :
nullptr);
namespaces_.push_back(std::make_pair(env->NewWeakGlobalRef(class_loader), ns));
return ns;
}
android_namespace_t* Create(JNIEnv* env,
jobject class_loader,
bool is_shared,
jstring java_library_path,
jstring java_permitted_path) {
ScopedUtfChars library_path(env, java_library_path);
std::string permitted_path;
if (java_permitted_path != nullptr) {
ScopedUtfChars path(env, java_permitted_path);
permitted_path = path.c_str();
}
if (!initialized_ && !InitPublicNamespace(library_path.c_str())) {
return nullptr;
}
android_namespace_t* ns = FindNamespaceByClassLoader(env, class_loader);
LOG_ALWAYS_FATAL_IF(ns != nullptr,
"There is already a namespace associated with this classloader");
uint64_t namespace_type = ANDROID_NAMESPACE_TYPE_ISOLATED;
if (is_shared) {
namespace_type |= ANDROID_NAMESPACE_TYPE_SHARED;
}
ns = android_create_namespace("classloader-namespace",
nullptr,
library_path.c_str(),
namespace_type,
java_permitted_path != nullptr ?
permitted_path.c_str() :
nullptr);
if (ns != nullptr) {
namespaces_.push_back(std::make_pair(env->NewWeakGlobalRef(class_loader), ns));
}
return ns;
}
TEST(dlext, ns_shared_dlclose) {
std::string path = "libc.so:libc++.so:libdl.so:libm.so";
const std::string lib_path = std::string(getenv("ANDROID_DATA")) + NATIVE_TESTS_PATH;
android_set_application_target_sdk_version(42U); // something > 23
ASSERT_TRUE(android_init_namespaces(path.c_str(), nullptr)) << dlerror();
// preload this library to the default namespace to check if it
// is shared later on.
void* handle_dlopened =
dlopen((lib_path + "/private_namespace_libs/libnstest_dlopened.so").c_str(), RTLD_NOW);
ASSERT_TRUE(handle_dlopened != nullptr) << dlerror();
android_namespace_t* ns_isolated_shared =
android_create_namespace("private_isolated_shared", nullptr,
(lib_path + "/private_namespace_libs").c_str(),
ANDROID_NAMESPACE_TYPE_ISOLATED | ANDROID_NAMESPACE_TYPE_SHARED,
nullptr);
ASSERT_TRUE(ns_isolated_shared != nullptr) << dlerror();
// Check if "libnstest_dlopened.so" is loaded (and the same)
android_dlextinfo extinfo;
extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
extinfo.library_namespace = ns_isolated_shared;
void* handle = android_dlopen_ext("libnstest_dlopened.so", RTLD_NOW | RTLD_NOLOAD, &extinfo);
ASSERT_TRUE(handle != nullptr) << dlerror();
ASSERT_TRUE(handle == handle_dlopened);
dlclose(handle);
dlclose(handle_dlopened);
// And now check that the library cannot be found by soname (and is no longer loaded)
handle = android_dlopen_ext("libnstest_dlopened.so", RTLD_NOW | RTLD_NOLOAD, &extinfo);
ASSERT_TRUE(handle == nullptr)
<< "Error: libnstest_dlopened.so is still accessible in shared namespace";
handle = android_dlopen_ext((lib_path + "/private_namespace_libs/libnstest_dlopened.so").c_str(),
RTLD_NOW | RTLD_NOLOAD, &extinfo);
ASSERT_TRUE(handle == nullptr)
<< "Error: libnstest_dlopened.so is still accessible in shared namespace";
handle = dlopen("libnstest_dlopened.so", RTLD_NOW | RTLD_NOLOAD);
ASSERT_TRUE(handle == nullptr)
<< "Error: libnstest_dlopened.so is still accessible in default namespace";
handle = dlopen((lib_path + "/private_namespace_libs/libnstest_dlopened.so").c_str(),
RTLD_NOW | RTLD_NOLOAD);
ASSERT_TRUE(handle == nullptr)
<< "Error: libnstest_dlopened.so is still accessible in default namespace";
// Now lets see if the soinfo area gets reused in the wrong way:
// load a library to default namespace.
const std::string lib_public_path = lib_path + "/public_namespace_libs/" + g_public_lib;
void* handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW);
ASSERT_TRUE(handle_public != nullptr) << dlerror();
// try to find it in shared namespace
handle = android_dlopen_ext(g_public_lib, RTLD_NOW | RTLD_NOLOAD, &extinfo);
ASSERT_TRUE(handle == nullptr)
<< "Error: " << g_public_lib << " is accessible in shared namespace";
}
TEST(dlext, ns_shared) {
static const char* root_lib = "libnstest_root_not_isolated.so";
static const char* root_lib_isolated = "libnstest_root.so";
std::string path = std::string("libc.so:libc++.so:libdl.so:libm.so:") + g_public_lib;
const std::string lib_path = std::string(getenv("ANDROID_DATA")) + NATIVE_TESTS_PATH;
const std::string lib_public_path = lib_path + "/public_namespace_libs/" + g_public_lib;
void* handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW);
ASSERT_TRUE(handle_public != nullptr) << dlerror();
android_set_application_target_sdk_version(42U); // something > 23
ASSERT_TRUE(android_init_namespaces(path.c_str(), nullptr)) << dlerror();
// preload this library to the default namespace to check if it
// is shared later on.
void* handle_dlopened =
dlopen((lib_path + "/private_namespace_libs/libnstest_dlopened.so").c_str(), RTLD_NOW);
ASSERT_TRUE(handle_dlopened != nullptr) << dlerror();
android_namespace_t* ns_not_isolated =
android_create_namespace("private", nullptr,
(lib_path + "/private_namespace_libs").c_str(),
ANDROID_NAMESPACE_TYPE_REGULAR, nullptr);
ASSERT_TRUE(ns_not_isolated != nullptr) << dlerror();
android_namespace_t* ns_isolated_shared =
android_create_namespace("private_isolated_shared", nullptr,
(lib_path + "/private_namespace_libs").c_str(),
ANDROID_NAMESPACE_TYPE_ISOLATED | ANDROID_NAMESPACE_TYPE_SHARED,
nullptr);
ASSERT_TRUE(ns_isolated_shared != nullptr) << dlerror();
ASSERT_TRUE(dlopen(root_lib, RTLD_NOW) == nullptr);
ASSERT_STREQ("dlopen failed: library \"libnstest_root_not_isolated.so\" not found", dlerror());
std::string lib_private_external_path =
lib_path + "/private_namespace_libs_external/libnstest_private_external.so";
// Load lib_private_external_path to default namespace
// (it should remain invisible for the isolated namespaces after this)
void* handle = dlopen(lib_private_external_path.c_str(), RTLD_NOW);
ASSERT_TRUE(handle != nullptr) << dlerror();
android_dlextinfo extinfo;
extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
extinfo.library_namespace = ns_not_isolated;
void* handle1 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
ASSERT_TRUE(handle1 != nullptr) << dlerror();
extinfo.library_namespace = ns_isolated_shared;
void* handle2 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
ASSERT_TRUE(handle2 == nullptr);
ASSERT_STREQ("dlopen failed: library \"libnstest_private_external.so\" not found", dlerror());
// Check dlopen by absolute path
handle2 = android_dlopen_ext(lib_private_external_path.c_str(), RTLD_NOW, &extinfo);
ASSERT_TRUE(handle2 == nullptr);
ASSERT_EQ("dlopen failed: library \"" + lib_private_external_path + "\" needed"
" or dlopened by \"" + get_executable_name() + "\" is not accessible"
" for the namespace \"private_isolated_shared\"", dlerror());
// load libnstest_root.so to shared namespace in order to check that everything is different
// except shared libnstest_dlopened.so
handle2 = android_dlopen_ext(root_lib_isolated, RTLD_NOW, &extinfo);
typedef const char* (*fn_t)();
fn_t ns_get_local_string = reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_local_string"));
ASSERT_TRUE(ns_get_local_string != nullptr) << dlerror();
fn_t ns_get_local_string_shared = reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_local_string"));
ASSERT_TRUE(ns_get_local_string_shared != nullptr) << dlerror();
ASSERT_STREQ("This string is local to root library", ns_get_local_string());
ASSERT_STREQ("This string is local to root library", ns_get_local_string_shared());
ASSERT_TRUE(ns_get_local_string() != ns_get_local_string_shared());
fn_t ns_get_private_extern_string =
reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_private_extern_string"));
ASSERT_TRUE(ns_get_private_extern_string != nullptr) << dlerror();
fn_t ns_get_private_extern_string_shared =
reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_private_extern_string"));
ASSERT_TRUE(ns_get_private_extern_string_shared() != nullptr) << dlerror();
ASSERT_STREQ("This string is from private namespace", ns_get_private_extern_string());
ASSERT_STREQ("This string is from private namespace", ns_get_private_extern_string_shared());
ASSERT_TRUE(ns_get_private_extern_string() != ns_get_private_extern_string_shared());
fn_t ns_get_public_extern_string =
reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_public_extern_string"));
ASSERT_TRUE(ns_get_public_extern_string != nullptr) << dlerror();
fn_t ns_get_public_extern_string_shared =
reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_public_extern_string"));
ASSERT_TRUE(ns_get_public_extern_string_shared != nullptr) << dlerror();
ASSERT_STREQ("This string is from public namespace", ns_get_public_extern_string());
ASSERT_STREQ("This string is from public namespace", ns_get_public_extern_string_shared());
ASSERT_TRUE(ns_get_public_extern_string() == ns_get_public_extern_string_shared());
fn_t ns_get_dlopened_string = reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_dlopened_string"));
ASSERT_TRUE(ns_get_dlopened_string != nullptr) << dlerror();
fn_t ns_get_dlopened_string_shared = reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_dlopened_string"));
ASSERT_TRUE(ns_get_dlopened_string_shared != nullptr) << dlerror();
const char** ns_dlopened_string = static_cast<const char**>(dlsym(handle_dlopened, "g_private_dlopened_string"));
ASSERT_TRUE(ns_dlopened_string != nullptr) << dlerror();
ASSERT_STREQ("This string is from private namespace (dlopened library)", ns_get_dlopened_string());
ASSERT_STREQ("This string is from private namespace (dlopened library)", *ns_dlopened_string);
ASSERT_STREQ("This string is from private namespace (dlopened library)", ns_get_dlopened_string_shared());
ASSERT_TRUE(ns_get_dlopened_string() != ns_get_dlopened_string_shared());
ASSERT_TRUE(*ns_dlopened_string == ns_get_dlopened_string_shared());
dlclose(handle1);
dlclose(handle2);
}
TEST(dlext, ns_smoke) {
static const char* root_lib = "libnstest_root.so";
std::string path = std::string("libc.so:libc++.so:libdl.so:libm.so:") + g_public_lib;
ASSERT_FALSE(android_init_namespaces(path.c_str(), nullptr));
ASSERT_STREQ("android_init_namespaces failed: error initializing public namespace: "
"\"libnstest_public.so\" was not found in the default namespace", dlerror());
ASSERT_FALSE(android_init_namespaces("", nullptr));
ASSERT_STREQ("android_init_namespaces failed: error initializing public namespace: "
"the list of public libraries is empty.", dlerror());
const std::string lib_path = std::string(getenv("ANDROID_DATA")) + NATIVE_TESTS_PATH;
const std::string lib_public_path = lib_path + "/public_namespace_libs/" + g_public_lib;
void* handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW);
ASSERT_TRUE(handle_public != nullptr) << dlerror();
ASSERT_TRUE(android_init_namespaces(path.c_str(), nullptr)) << dlerror();
// Check that libraries added to public namespace are NODELETE
dlclose(handle_public);
handle_public = dlopen((lib_path + "/public_namespace_libs/" + g_public_lib).c_str(),
RTLD_NOW | RTLD_NOLOAD);
ASSERT_TRUE(handle_public != nullptr) << dlerror();
android_namespace_t* ns1 =
android_create_namespace("private", nullptr,
(lib_path + "/private_namespace_libs").c_str(),
ANDROID_NAMESPACE_TYPE_REGULAR, nullptr);
ASSERT_TRUE(ns1 != nullptr) << dlerror();
android_namespace_t* ns2 =
android_create_namespace("private_isolated", nullptr,
(lib_path + "/private_namespace_libs").c_str(),
ANDROID_NAMESPACE_TYPE_ISOLATED, nullptr);
ASSERT_TRUE(ns2 != nullptr) << dlerror();
// This should not have affect search path for default namespace:
ASSERT_TRUE(dlopen(root_lib, RTLD_NOW) == nullptr);
void* handle = dlopen(g_public_lib, RTLD_NOW);
ASSERT_TRUE(handle != nullptr) << dlerror();
dlclose(handle);
android_dlextinfo extinfo;
extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
extinfo.library_namespace = ns1;
void* handle1 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
ASSERT_TRUE(handle1 != nullptr) << dlerror();
extinfo.library_namespace = ns2;
void* handle2 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
ASSERT_TRUE(handle2 != nullptr) << dlerror();
ASSERT_TRUE(handle1 != handle2);
// dlopen for a public library using an absolute path should work for isolated namespaces
extinfo.library_namespace = ns2;
handle = android_dlopen_ext(lib_public_path.c_str(), RTLD_NOW, &extinfo);
ASSERT_TRUE(handle != nullptr) << dlerror();
ASSERT_TRUE(handle == handle_public);
dlclose(handle);
typedef const char* (*fn_t)();
fn_t ns_get_local_string1 = reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_local_string"));
ASSERT_TRUE(ns_get_local_string1 != nullptr) << dlerror();
fn_t ns_get_local_string2 = reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_local_string"));
ASSERT_TRUE(ns_get_local_string2 != nullptr) << dlerror();
EXPECT_STREQ("This string is local to root library", ns_get_local_string1());
EXPECT_STREQ("This string is local to root library", ns_get_local_string2());
ASSERT_TRUE(ns_get_local_string1() != ns_get_local_string2());
fn_t ns_get_private_extern_string1 =
reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_private_extern_string"));
ASSERT_TRUE(ns_get_private_extern_string1 != nullptr) << dlerror();
fn_t ns_get_private_extern_string2 =
reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_private_extern_string"));
ASSERT_TRUE(ns_get_private_extern_string2 != nullptr) << dlerror();
EXPECT_STREQ("This string is from private namespace", ns_get_private_extern_string1());
EXPECT_STREQ("This string is from private namespace", ns_get_private_extern_string2());
ASSERT_TRUE(ns_get_private_extern_string1() != ns_get_private_extern_string2());
fn_t ns_get_public_extern_string1 =
reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_public_extern_string"));
ASSERT_TRUE(ns_get_public_extern_string1 != nullptr) << dlerror();
fn_t ns_get_public_extern_string2 =
reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_public_extern_string"));
ASSERT_TRUE(ns_get_public_extern_string2 != nullptr) << dlerror();
EXPECT_STREQ("This string is from public namespace", ns_get_public_extern_string1());
ASSERT_TRUE(ns_get_public_extern_string1() == ns_get_public_extern_string2());
// and now check that dlopen() does the right thing in terms of preserving namespace
fn_t ns_get_dlopened_string1 = reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_dlopened_string"));
ASSERT_TRUE(ns_get_dlopened_string1 != nullptr) << dlerror();
fn_t ns_get_dlopened_string2 = reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_dlopened_string"));
ASSERT_TRUE(ns_get_dlopened_string2 != nullptr) << dlerror();
EXPECT_STREQ("This string is from private namespace (dlopened library)", ns_get_dlopened_string1());
EXPECT_STREQ("This string is from private namespace (dlopened library)", ns_get_dlopened_string2());
ASSERT_TRUE(ns_get_dlopened_string1() != ns_get_dlopened_string2());
dlclose(handle1);
// Check if handle2 is still alive (and well)
ASSERT_STREQ("This string is local to root library", ns_get_local_string2());
ASSERT_STREQ("This string is from private namespace", ns_get_private_extern_string2());
ASSERT_STREQ("This string is from public namespace", ns_get_public_extern_string2());
ASSERT_STREQ("This string is from private namespace (dlopened library)", ns_get_dlopened_string2());
dlclose(handle2);
}
TEST(dlext, ns_anonymous) {
static const char* root_lib = "libnstest_root.so";
std::string path = std::string("libc.so:libc++.so:libdl.so:libm.so:") + g_public_lib;
const std::string lib_path = std::string(getenv("ANDROID_DATA")) + NATIVE_TESTS_PATH;
const std::string lib_public_path = lib_path + "/public_namespace_libs/" + g_public_lib;
void* handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW);
ASSERT_TRUE(handle_public != nullptr) << dlerror();
ASSERT_TRUE(android_init_namespaces(path.c_str(), (lib_path + "/private_namespace_libs").c_str()))
<< dlerror();
android_namespace_t* ns = android_create_namespace(
"private", nullptr,
(lib_path + "/private_namespace_libs").c_str(),
ANDROID_NAMESPACE_TYPE_REGULAR, nullptr);
ASSERT_TRUE(ns != nullptr) << dlerror();
std::string private_library_absolute_path = lib_path + "/private_namespace_libs/" + root_lib;
android_dlextinfo extinfo;
extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
extinfo.library_namespace = ns;
// we are going to copy this library to anonymous mmap and call the copy of ns_get_dlopened_string
void* handle = android_dlopen_ext(private_library_absolute_path.c_str(), RTLD_NOW, &extinfo);
ASSERT_TRUE(handle != nullptr) << dlerror();
uintptr_t ns_get_dlopened_string_addr =
reinterpret_cast<uintptr_t>(dlsym(handle, "ns_get_dlopened_string"));
ASSERT_TRUE(ns_get_dlopened_string_addr != 0) << dlerror();
typedef const char* (*fn_t)();
fn_t ns_get_dlopened_string_private = reinterpret_cast<fn_t>(ns_get_dlopened_string_addr);
std::vector<map_record> maps;
Maps::parse_maps(&maps);
uintptr_t addr_start = 0;
uintptr_t addr_end = 0;
std::vector<map_record> maps_to_copy;
for (const auto& rec : maps) {
if (rec.pathname == private_library_absolute_path) {
if (addr_start == 0) {
addr_start = rec.addr_start;
}
addr_end = rec.addr_end;
maps_to_copy.push_back(rec);
}
}
// some sanity checks..
ASSERT_TRUE(addr_start > 0);
ASSERT_TRUE(addr_end > 0);
ASSERT_EQ(3U, maps_to_copy.size());
ASSERT_TRUE(ns_get_dlopened_string_addr > addr_start);
ASSERT_TRUE(ns_get_dlopened_string_addr < addr_end);
// copy
uintptr_t reserved_addr = reinterpret_cast<uintptr_t>(mmap(nullptr, addr_end - addr_start,
PROT_NONE, MAP_ANON | MAP_PRIVATE,
-1, 0));
ASSERT_TRUE(reinterpret_cast<void*>(reserved_addr) != MAP_FAILED);
for (const auto& rec : maps_to_copy) {
uintptr_t offset = rec.addr_start - addr_start;
size_t size = rec.addr_end - rec.addr_start;
void* addr = reinterpret_cast<void*>(reserved_addr + offset);
void* map = mmap(addr, size, PROT_READ | PROT_WRITE,
MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
ASSERT_TRUE(map != MAP_FAILED);
memcpy(map, reinterpret_cast<void*>(rec.addr_start), size);
mprotect(map, size, rec.perms);
}
// call the function copy
uintptr_t ns_get_dlopened_string_offset = ns_get_dlopened_string_addr - addr_start;
fn_t ns_get_dlopened_string_anon = reinterpret_cast<fn_t>(reserved_addr + ns_get_dlopened_string_offset);
ASSERT_STREQ("This string is from private namespace (dlopened library)",
ns_get_dlopened_string_anon());
// They should belong to different namespaces (private and anonymous)
ASSERT_STREQ("This string is from private namespace (dlopened library)",
ns_get_dlopened_string_private());
ASSERT_TRUE(ns_get_dlopened_string_anon() != ns_get_dlopened_string_private());
}