From f5a3099c509cf9b8a4ce9c3073a4db47e14a23bc Mon Sep 17 00:00:00 2001
From: Dmitriy Ivanov <dimitry@google.com>
Date: Wed, 11 Nov 2015 14:18:55 -0800
Subject: Use isolated namespaces for app native libs

Linker namespaces provide necessary level
of isolation for application native libraries.

The native libraries will no longer be able to
mistakenly depend on platform private libraries
like /system/lib/libssl.so

This change creates one namespace for each instance
of class-loader and uses it when loading native libraries.

For backwards compatibility with older apps we keep
using default namespace and LD_LIBRARY_PATH if target
sdk version is <= 23. (currently set to 0 for testing)

Bug: http://b/22548808
Change-Id: I64e97af7450fbf7e3740ccddda96bb2f7c52e03b
---
 runtime/java_vm_ext.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'runtime/java_vm_ext.cc')

diff --git a/runtime/java_vm_ext.cc b/runtime/java_vm_ext.cc
index 7cc05f7cd4..15f51220e4 100644
--- a/runtime/java_vm_ext.cc
+++ b/runtime/java_vm_ext.cc
@@ -17,6 +17,7 @@
 #include "jni_internal.h"
 
 #define ATRACE_TAG ATRACE_TAG_DALVIK
+
 #include <cutils/trace.h>
 #include <dlfcn.h>
 
@@ -31,6 +32,7 @@
 #include "mirror/class-inl.h"
 #include "mirror/class_loader.h"
 #include "nativebridge/native_bridge.h"
+#include "nativeloader/native_loader.h"
 #include "java_vm_ext.h"
 #include "parsed_options.h"
 #include "runtime-inl.h"
@@ -715,6 +717,7 @@ void JavaVMExt::UnloadNativeLibraries() {
 }
 
 bool JavaVMExt::LoadNativeLibrary(JNIEnv* env, const std::string& path, jobject class_loader,
+                                  jstring library_path, jstring permitted_path,
                                   std::string* error_msg) {
   error_msg->clear();
 
@@ -774,7 +777,8 @@ bool JavaVMExt::LoadNativeLibrary(JNIEnv* env, const std::string& path, jobject
 
   Locks::mutator_lock_->AssertNotHeld(self);
   const char* path_str = path.empty() ? nullptr : path.c_str();
-  void* handle = dlopen(path_str, RTLD_NOW);
+  void* handle = android::OpenNativeLibrary(env, runtime_->GetTargetSdkVersion(),
+                                            path_str, class_loader, library_path, permitted_path);
   bool needs_native_bridge = false;
   if (handle == nullptr) {
     if (android::NativeBridgeIsSupported(path_str)) {
-- 
cgit v1.2.3-59-g8ed1b