From 24c57c33ea720de04c5e374c34480c751b43d9fc Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Wed, 10 Nov 2021 21:57:46 +0900 Subject: Framework and system_server classes can access public vendor libraries This CL fixes a regression caused by [1] which introduced tag [2]. With the change, public vendor libraries [3] became accessible only when they are listed in the caller's AndroidManifest.xml using the new tag. However, this caused a problem to the places where AndroidManifest.xml doesn't exist: framework and system_server classes. For those cases, [1] incorrectly used a null list as the requested native libraries, and as a result, no public vendor libraries were accessible. This CL fixes the issue by not doing the filtering for the class loaders created for non-app contexts like zygote or system_server. Specifically, it uses the magic keyword "ALL" which let libnativeloader.so accept all public vendor libraries. [1] https://android.googlesource.com/platform/frameworks/base/+/6a5b8b1f6db172b5aaadcec0c3868e54e214b675 [2] https://developer.android.com/guide/topics/manifest/uses-native-library-element [3] https://source.android.com/devices/tech/config/namespaces_libraries#adding-additional-native-libraries Bug: 205164833 Test: libcuttlefish_fs.so is loaded when built with the other CLs in the same topic Change-Id: Id92c59642773851d70d05a05f43eb5873e9de86b --- .../com/android/internal/os/ClassLoaderFactory.java | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/core/java/com/android/internal/os/ClassLoaderFactory.java b/core/java/com/android/internal/os/ClassLoaderFactory.java index 8b0411de5477..8f5e97d40530 100644 --- a/core/java/com/android/internal/os/ClassLoaderFactory.java +++ b/core/java/com/android/internal/os/ClassLoaderFactory.java @@ -24,6 +24,7 @@ import dalvik.system.DelegateLastClassLoader; import dalvik.system.DexClassLoader; import dalvik.system.PathClassLoader; +import java.util.ArrayList; import java.util.List; /** @@ -100,14 +101,25 @@ public class ClassLoaderFactory { } /** - * Same as {@code createClassLoader} below, but passes a null list of shared - * libraries. + * Same as {@code createClassLoader} below, but passes a null list of shared libraries. This + * method is used only to load platform classes (i.e. those in framework.jar or services.jar), + * and MUST NOT be used for loading untrusted classes, especially the app classes. For the + * latter case, use the below method which accepts list of shared libraries so that the classes + * don't have unlimited access to all shared libraries. */ public static ClassLoader createClassLoader(String dexPath, String librarySearchPath, String libraryPermittedPath, ClassLoader parent, int targetSdkVersion, boolean isNamespaceShared, String classLoaderName) { + // b/205164833: allow framework classes to have access to all public vendor libraries. + // This is because those classes are part of the platform and don't have an app manifest + // where required libraries can be specified using the tag. + // Note that this still does not give access to "private" vendor libraries. + List nativeSharedLibraries = new ArrayList<>(); + nativeSharedLibraries.add("ALL"); + return createClassLoader(dexPath, librarySearchPath, libraryPermittedPath, - parent, targetSdkVersion, isNamespaceShared, classLoaderName, null, null, null); + parent, targetSdkVersion, isNamespaceShared, classLoaderName, null, + nativeSharedLibraries, null); } /** -- cgit v1.2.3-59-g8ed1b