1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <gtest/gtest.h>
18
19 #include <dlfcn.h>
20 #include <elf.h>
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <inttypes.h>
24 #include <link.h>
25 #include <stdio.h>
26 #include <string.h>
27 #include <unistd.h>
28
29 #include <android/dlext.h>
30 #include <android-base/file.h>
31 #include <android-base/strings.h>
32 #include <android-base/test_utils.h>
33
34 #include <sys/mman.h>
35 #include <sys/stat.h>
36 #include <sys/types.h>
37 #include <sys/vfs.h>
38 #include <sys/wait.h>
39
40 #include <meminfo/procmeminfo.h>
41 #include <procinfo/process_map.h>
42 #include <ziparchive/zip_archive.h>
43
44 #include "bionic/mte.h"
45 #include "bionic/page.h"
46 #include "core_shared_libs.h"
47 #include "dlext_private.h"
48 #include "dlfcn_symlink_support.h"
49 #include "gtest_globals.h"
50 #include "utils.h"
51
52 #define ASSERT_DL_NOTNULL(ptr) \
53 ASSERT_TRUE((ptr) != nullptr) << "dlerror: " << dlerror()
54
55 #define ASSERT_DL_ZERO(i) \
56 ASSERT_EQ(0, i) << "dlerror: " << dlerror()
57
58 #define ASSERT_NOERROR(i) \
59 ASSERT_NE(-1, i) << "errno: " << strerror(errno)
60
61 #define ASSERT_SUBSTR(needle, haystack) \
62 ASSERT_PRED_FORMAT2(::testing::IsSubstring, needle, haystack)
63
64
65 typedef int (*fn)(void);
66 constexpr const char* kLibName = "libdlext_test.so";
67 constexpr const char* kLibNameRecursive = "libdlext_test_recursive.so";
68 constexpr const char* kLibNameNoRelro = "libdlext_test_norelro.so";
69 constexpr const char* kLibZipSimpleZip = "libdir/libatest_simple_zip.so";
70 constexpr auto kLibSize = 1024 * 1024; // how much address space to reserve for it
71
72 class DlExtTest : public ::testing::Test {
73 protected:
SetUp()74 void SetUp() override {
75 handle_ = nullptr;
76 // verify that we don't have the library loaded already
77 void* h = dlopen(kLibName, RTLD_NOW | RTLD_NOLOAD);
78 ASSERT_TRUE(h == nullptr);
79 h = dlopen(kLibNameNoRelro, RTLD_NOW | RTLD_NOLOAD);
80 ASSERT_TRUE(h == nullptr);
81 // call dlerror() to swallow the error, and check it was the one we wanted
82 ASSERT_EQ(std::string("dlopen failed: library \"") + kLibNameNoRelro + "\" wasn't loaded and RTLD_NOLOAD prevented it", dlerror());
83 }
84
TearDown()85 void TearDown() override {
86 if (handle_ != nullptr) {
87 ASSERT_DL_ZERO(dlclose(handle_));
88 }
89 }
90
91 void* handle_;
92 const size_t kPageSize = getpagesize();
93 };
94
TEST_F(DlExtTest,ExtInfoNull)95 TEST_F(DlExtTest, ExtInfoNull) {
96 handle_ = android_dlopen_ext(kLibName, RTLD_NOW, nullptr);
97 ASSERT_DL_NOTNULL(handle_);
98 fn f = reinterpret_cast<fn>(dlsym(handle_, "getRandomNumber"));
99 ASSERT_DL_NOTNULL(f);
100 EXPECT_EQ(4, f());
101 }
102
TEST_F(DlExtTest,ExtInfoNoFlags)103 TEST_F(DlExtTest, ExtInfoNoFlags) {
104 android_dlextinfo extinfo;
105 extinfo.flags = 0;
106 handle_ = android_dlopen_ext(kLibName, RTLD_NOW, &extinfo);
107 ASSERT_DL_NOTNULL(handle_);
108 fn f = reinterpret_cast<fn>(dlsym(handle_, "getRandomNumber"));
109 ASSERT_DL_NOTNULL(f);
110 EXPECT_EQ(4, f());
111 }
112
TEST_F(DlExtTest,ExtInfoUseFd)113 TEST_F(DlExtTest, ExtInfoUseFd) {
114 const std::string lib_path = GetTestLibRoot() + "/libdlext_test_fd/libdlext_test_fd.so";
115
116 android_dlextinfo extinfo;
117 extinfo.flags = ANDROID_DLEXT_USE_LIBRARY_FD;
118 extinfo.library_fd = TEMP_FAILURE_RETRY(open(lib_path.c_str(), O_RDONLY | O_CLOEXEC));
119 ASSERT_TRUE(extinfo.library_fd != -1);
120 handle_ = android_dlopen_ext(lib_path.c_str(), RTLD_NOW, &extinfo);
121 ASSERT_DL_NOTNULL(handle_);
122 fn f = reinterpret_cast<fn>(dlsym(handle_, "getRandomNumber"));
123 ASSERT_DL_NOTNULL(f);
124 EXPECT_EQ(4, f());
125
126 uint32_t* taxicab_number = reinterpret_cast<uint32_t*>(dlsym(handle_, "dlopen_testlib_taxicab_number"));
127 ASSERT_DL_NOTNULL(taxicab_number);
128 EXPECT_EQ(1729U, *taxicab_number);
129 }
130
TEST_F(DlExtTest,ExtInfoUseFdWithOffset)131 TEST_F(DlExtTest, ExtInfoUseFdWithOffset) {
132 const std::string lib_path = GetTestLibRoot() + "/libdlext_test_zip/libdlext_test_zip_zipaligned.zip";
133
134 android_dlextinfo extinfo;
135 extinfo.flags = ANDROID_DLEXT_USE_LIBRARY_FD | ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET;
136 extinfo.library_fd = TEMP_FAILURE_RETRY(open(lib_path.c_str(), O_RDONLY | O_CLOEXEC));
137
138 // Find the offset of the shared library in the zip.
139 ZipArchiveHandle handle;
140 ASSERT_EQ(0, OpenArchive(lib_path.c_str(), &handle));
141 ZipEntry zip_entry;
142 ASSERT_EQ(0, FindEntry(handle, kLibZipSimpleZip, &zip_entry));
143 extinfo.library_fd_offset = zip_entry.offset;
144 CloseArchive(handle);
145
146 handle_ = android_dlopen_ext(lib_path.c_str(), RTLD_NOW, &extinfo);
147 ASSERT_DL_NOTNULL(handle_);
148
149 uint32_t* taxicab_number = reinterpret_cast<uint32_t*>(dlsym(handle_, "dlopen_testlib_taxicab_number"));
150 ASSERT_DL_NOTNULL(taxicab_number);
151 EXPECT_EQ(1729U, *taxicab_number);
152 }
153
TEST_F(DlExtTest,ExtInfoUseFdWithInvalidOffset)154 TEST_F(DlExtTest, ExtInfoUseFdWithInvalidOffset) {
155 const std::string lib_path = GetTestLibRoot() + "/libdlext_test_zip/libdlext_test_zip_zipaligned.zip";
156
157 android_dlextinfo extinfo;
158 extinfo.flags = ANDROID_DLEXT_USE_LIBRARY_FD | ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET;
159 extinfo.library_fd = TEMP_FAILURE_RETRY(open(lib_path.c_str(), O_RDONLY | O_CLOEXEC));
160 extinfo.library_fd_offset = 17;
161
162 handle_ = android_dlopen_ext("libname_placeholder", RTLD_NOW, &extinfo);
163 ASSERT_TRUE(handle_ == nullptr);
164 ASSERT_STREQ("dlopen failed: file offset for the library \"libname_placeholder\" is not page-aligned: 17", dlerror());
165
166 // Test an address above 2^44, for http://b/18178121 .
167 extinfo.library_fd_offset = (5LL << 48) + kPageSize;
168 handle_ = android_dlopen_ext("libname_placeholder", RTLD_NOW, &extinfo);
169 ASSERT_TRUE(handle_ == nullptr);
170 ASSERT_SUBSTR("dlopen failed: file offset for the library \"libname_placeholder\" >= file size", dlerror());
171
172 extinfo.library_fd_offset = 0LL - kPageSize;
173 handle_ = android_dlopen_ext("libname_placeholder", RTLD_NOW, &extinfo);
174 ASSERT_TRUE(handle_ == nullptr);
175 ASSERT_SUBSTR("dlopen failed: file offset for the library \"libname_placeholder\" is negative", dlerror());
176
177 extinfo.library_fd_offset = 0;
178 handle_ = android_dlopen_ext("libname_ignored", RTLD_NOW, &extinfo);
179 ASSERT_TRUE(handle_ == nullptr);
180 ASSERT_EQ("dlopen failed: \"" + lib_path + "\" has bad ELF magic: 504b0304", dlerror());
181
182 // Check if dlsym works after unsuccessful dlopen().
183 // Supply non-exiting one to make linker visit every soinfo.
184 void* sym = dlsym(RTLD_DEFAULT, "this_symbol_does_not_exist___");
185 ASSERT_TRUE(sym == nullptr);
186
187 close(extinfo.library_fd);
188 }
189
TEST_F(DlExtTest,ExtInfoUseOffsetWithoutFd)190 TEST_F(DlExtTest, ExtInfoUseOffsetWithoutFd) {
191 android_dlextinfo extinfo;
192 extinfo.flags = ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET;
193 // This offset will not be used, so it doesn't matter.
194 extinfo.library_fd_offset = 0;
195
196 handle_ = android_dlopen_ext("/some/lib/that/does_not_exist", RTLD_NOW, &extinfo);
197 ASSERT_TRUE(handle_ == nullptr);
198 ASSERT_STREQ("dlopen failed: invalid extended flag combination (ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET without ANDROID_DLEXT_USE_LIBRARY_FD): 0x20", dlerror());
199 }
200
TEST(dlext,android_dlopen_ext_force_load_smoke)201 TEST(dlext, android_dlopen_ext_force_load_smoke) {
202 DlfcnSymlink symlink("android_dlopen_ext_force_load_smoke");
203 const std::string symlink_name = basename(symlink.get_symlink_path().c_str());
204 // 1. Open actual file
205 void* handle = dlopen("libdlext_test.so", RTLD_NOW);
206 ASSERT_DL_NOTNULL(handle);
207 // 2. Open link with force_load flag set
208 android_dlextinfo extinfo;
209 extinfo.flags = ANDROID_DLEXT_FORCE_LOAD;
210 void* handle2 = android_dlopen_ext(symlink_name.c_str(), RTLD_NOW, &extinfo);
211 ASSERT_DL_NOTNULL(handle2);
212 ASSERT_TRUE(handle != handle2);
213
214 dlclose(handle2);
215 dlclose(handle);
216 }
217
TEST(dlext,android_dlopen_ext_force_load_soname_exception)218 TEST(dlext, android_dlopen_ext_force_load_soname_exception) {
219 DlfcnSymlink symlink("android_dlopen_ext_force_load_soname_exception");
220 const std::string symlink_name = basename(symlink.get_symlink_path().c_str());
221 // Check if soname lookup still returns already loaded library
222 // when ANDROID_DLEXT_FORCE_LOAD flag is specified.
223 void* handle = dlopen(symlink_name.c_str(), RTLD_NOW);
224 ASSERT_DL_NOTNULL(handle);
225
226 android_dlextinfo extinfo;
227 extinfo.flags = ANDROID_DLEXT_FORCE_LOAD;
228
229 // Note that 'libdlext_test.so' is dt_soname for the symlink_name
230 void* handle2 = android_dlopen_ext("libdlext_test.so", RTLD_NOW, &extinfo);
231
232 ASSERT_DL_NOTNULL(handle2);
233 ASSERT_TRUE(handle == handle2);
234
235 dlclose(handle2);
236 dlclose(handle);
237 }
238
TEST(dlfcn,dlopen_from_nullptr_android_api_level_28)239 TEST(dlfcn, dlopen_from_nullptr_android_api_level_28) {
240 // Regression test for http://b/123972211. Testing dlopen(nullptr) when target sdk is P
241 android_set_application_target_sdk_version(28);
242 ASSERT_TRUE(dlopen(nullptr, RTLD_NOW) != nullptr);
243 }
244
245 // Test system path translation for backward compatibility. http://b/130219528
TEST(dlfcn,dlopen_system_libicuuc_android_api_level_28)246 TEST(dlfcn, dlopen_system_libicuuc_android_api_level_28) {
247 android_set_application_target_sdk_version(28);
248 ASSERT_TRUE(dlopen(PATH_TO_SYSTEM_LIB "libicuuc.so", RTLD_NOW) != nullptr);
249 ASSERT_TRUE(dlopen(PATH_TO_SYSTEM_LIB "libicui18n.so", RTLD_NOW) != nullptr);
250 }
251
TEST(dlfcn,dlopen_system_libicuuc_android_api_level_29)252 TEST(dlfcn, dlopen_system_libicuuc_android_api_level_29) {
253 android_set_application_target_sdk_version(29);
254 ASSERT_TRUE(dlopen(PATH_TO_SYSTEM_LIB "libicuuc.so", RTLD_NOW) == nullptr);
255 ASSERT_TRUE(dlopen(PATH_TO_SYSTEM_LIB "libicui18n.so", RTLD_NOW) == nullptr);
256 }
257
TEST(dlfcn,dlopen_system_libicuuc_android_api_level_current)258 TEST(dlfcn, dlopen_system_libicuuc_android_api_level_current) {
259 ASSERT_TRUE(dlopen(PATH_TO_SYSTEM_LIB "libicuuc.so", RTLD_NOW) == nullptr);
260 ASSERT_TRUE(dlopen(PATH_TO_SYSTEM_LIB "libicui18n.so", RTLD_NOW) == nullptr);
261 }
262
TEST(dlfcn,dlopen_from_zip_absolute_path)263 TEST(dlfcn, dlopen_from_zip_absolute_path) {
264 const std::string lib_zip_path = "/libdlext_test_zip/libdlext_test_zip_zipaligned.zip";
265 const std::string lib_path = GetTestLibRoot() + lib_zip_path;
266
267 void* handle = dlopen((lib_path + "!/libdir/libatest_simple_zip.so").c_str(), RTLD_NOW);
268 ASSERT_TRUE(handle != nullptr) << dlerror();
269
270 uint32_t* taxicab_number = reinterpret_cast<uint32_t*>(dlsym(handle, "dlopen_testlib_taxicab_number"));
271 ASSERT_DL_NOTNULL(taxicab_number);
272 EXPECT_EQ(1729U, *taxicab_number);
273
274 dlclose(handle);
275 }
276
TEST(dlfcn,dlopen_from_zip_with_dt_runpath)277 TEST(dlfcn, dlopen_from_zip_with_dt_runpath) {
278 const std::string lib_zip_path = "/libdlext_test_runpath_zip/libdlext_test_runpath_zip_zipaligned.zip";
279 const std::string lib_path = GetTestLibRoot() + lib_zip_path;
280
281 void* handle = dlopen((lib_path + "!/libdir/libtest_dt_runpath_d_zip.so").c_str(), RTLD_NOW);
282
283 ASSERT_TRUE(handle != nullptr) << dlerror();
284
285 typedef void *(* dlopen_b_fn)();
286 dlopen_b_fn fn = (dlopen_b_fn)dlsym(handle, "dlopen_b");
287 ASSERT_TRUE(fn != nullptr) << dlerror();
288
289 void *p = fn();
290 ASSERT_TRUE(p != nullptr) << dlerror();
291
292 dlclose(p);
293 dlclose(handle);
294 }
295
TEST(dlfcn,dlopen_from_zip_ld_library_path)296 TEST(dlfcn, dlopen_from_zip_ld_library_path) {
297 const std::string lib_zip_path = "/libdlext_test_zip/libdlext_test_zip_zipaligned.zip";
298 const std::string lib_path = GetTestLibRoot() + lib_zip_path + "!/libdir";
299
300 typedef void (*fn_t)(const char*);
301 fn_t android_update_LD_LIBRARY_PATH =
302 reinterpret_cast<fn_t>(dlsym(RTLD_DEFAULT, "android_update_LD_LIBRARY_PATH"));
303
304 ASSERT_TRUE(android_update_LD_LIBRARY_PATH != nullptr) << dlerror();
305
306 void* handle = dlopen("libdlext_test_zip.so", RTLD_NOW);
307 ASSERT_TRUE(handle == nullptr);
308
309 android_update_LD_LIBRARY_PATH(lib_path.c_str());
310
311 handle = dlopen("libdlext_test_zip.so", RTLD_NOW);
312 ASSERT_TRUE(handle != nullptr) << dlerror();
313
314 int (*fn)(void);
315 fn = reinterpret_cast<int (*)(void)>(dlsym(handle, "getRandomNumber"));
316 ASSERT_TRUE(fn != nullptr);
317 EXPECT_EQ(4, fn());
318
319 uint32_t* taxicab_number =
320 reinterpret_cast<uint32_t*>(dlsym(handle, "dlopen_testlib_taxicab_number"));
321 ASSERT_DL_NOTNULL(taxicab_number);
322 EXPECT_EQ(1729U, *taxicab_number);
323
324 dlclose(handle);
325 }
326
327
TEST_F(DlExtTest,Reserved)328 TEST_F(DlExtTest, Reserved) {
329 void* start = mmap(nullptr, kLibSize, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
330 ASSERT_TRUE(start != MAP_FAILED);
331 android_dlextinfo extinfo;
332 extinfo.flags = ANDROID_DLEXT_RESERVED_ADDRESS;
333 extinfo.reserved_addr = start;
334 extinfo.reserved_size = kLibSize;
335 handle_ = android_dlopen_ext(kLibName, RTLD_NOW, &extinfo);
336 ASSERT_DL_NOTNULL(handle_);
337 fn f = reinterpret_cast<fn>(dlsym(handle_, "getRandomNumber"));
338 ASSERT_DL_NOTNULL(f);
339 EXPECT_GE(reinterpret_cast<void*>(f), start);
340 EXPECT_LT(reinterpret_cast<void*>(f),
341 reinterpret_cast<char*>(start) + kLibSize);
342 EXPECT_EQ(4, f());
343
344 // Check that after dlclose reserved address space is unmapped (and can be reused)
345 dlclose(handle_);
346 handle_ = nullptr;
347
348 void* new_start = mmap(start, kPageSize, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
349 ASSERT_NE(start, new_start) << "dlclose unmapped reserved space";
350 }
351
TEST_F(DlExtTest,ReservedTooSmall)352 TEST_F(DlExtTest, ReservedTooSmall) {
353 void* start = mmap(nullptr, kPageSize, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
354 ASSERT_TRUE(start != MAP_FAILED);
355 android_dlextinfo extinfo;
356 extinfo.flags = ANDROID_DLEXT_RESERVED_ADDRESS;
357 extinfo.reserved_addr = start;
358 extinfo.reserved_size = kPageSize;
359 handle_ = android_dlopen_ext(kLibName, RTLD_NOW, &extinfo);
360 EXPECT_EQ(nullptr, handle_);
361 }
362
TEST_F(DlExtTest,ReservedRecursive)363 TEST_F(DlExtTest, ReservedRecursive) {
364 void* start = mmap(nullptr, kLibSize, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
365 ASSERT_TRUE(start != MAP_FAILED);
366 android_dlextinfo extinfo;
367 extinfo.flags = ANDROID_DLEXT_RESERVED_ADDRESS | ANDROID_DLEXT_RESERVED_ADDRESS_RECURSIVE;
368 extinfo.reserved_addr = start;
369 extinfo.reserved_size = kLibSize;
370 handle_ = android_dlopen_ext(kLibNameRecursive, RTLD_NOW, &extinfo);
371 ASSERT_DL_NOTNULL(handle_);
372
373 fn f = reinterpret_cast<fn>(dlsym(handle_, "getRandomNumber"));
374 ASSERT_DL_NOTNULL(f);
375 EXPECT_GE(reinterpret_cast<void*>(f), start);
376 EXPECT_LT(reinterpret_cast<void*>(f),
377 reinterpret_cast<char*>(start) + kLibSize);
378 EXPECT_EQ(4, f());
379
380 f = reinterpret_cast<fn>(dlsym(handle_, "getBiggerRandomNumber"));
381 ASSERT_DL_NOTNULL(f);
382 EXPECT_GE(reinterpret_cast<void*>(f), start);
383 EXPECT_LT(reinterpret_cast<void*>(f),
384 reinterpret_cast<char*>(start) + kLibSize);
385 EXPECT_EQ(8, f());
386
387 uint32_t* taxicab_number = reinterpret_cast<uint32_t*>(dlsym(handle_, "dlopen_testlib_taxicab_number"));
388 ASSERT_DL_NOTNULL(taxicab_number);
389 // Untag the pointer so that it can be compared with start, which will be untagged.
390 void* addr = reinterpret_cast<void*>(untag_address(taxicab_number));
391 EXPECT_GE(addr, start);
392 EXPECT_LT(addr, reinterpret_cast<char*>(start) + kLibSize);
393 EXPECT_EQ(1729U, *taxicab_number);
394 }
395
TEST_F(DlExtTest,ReservedRecursiveTooSmall)396 TEST_F(DlExtTest, ReservedRecursiveTooSmall) {
397 void* start = mmap(nullptr, kPageSize, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
398 ASSERT_TRUE(start != MAP_FAILED);
399 android_dlextinfo extinfo;
400 extinfo.flags = ANDROID_DLEXT_RESERVED_ADDRESS | ANDROID_DLEXT_RESERVED_ADDRESS_RECURSIVE;
401 extinfo.reserved_addr = start;
402 extinfo.reserved_size = kPageSize;
403 handle_ = android_dlopen_ext(kLibNameRecursive, RTLD_NOW, &extinfo);
404 EXPECT_EQ(nullptr, handle_);
405 }
406
TEST_F(DlExtTest,ReservedHint)407 TEST_F(DlExtTest, ReservedHint) {
408 void* start = mmap(nullptr, kLibSize, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
409 ASSERT_TRUE(start != MAP_FAILED);
410 android_dlextinfo extinfo;
411 extinfo.flags = ANDROID_DLEXT_RESERVED_ADDRESS_HINT;
412 extinfo.reserved_addr = start;
413 extinfo.reserved_size = kLibSize;
414 handle_ = android_dlopen_ext(kLibName, RTLD_NOW, &extinfo);
415 ASSERT_DL_NOTNULL(handle_);
416 fn f = reinterpret_cast<fn>(dlsym(handle_, "getRandomNumber"));
417 ASSERT_DL_NOTNULL(f);
418 EXPECT_GE(reinterpret_cast<void*>(f), start);
419 EXPECT_LT(reinterpret_cast<void*>(f),
420 reinterpret_cast<char*>(start) + kLibSize);
421 EXPECT_EQ(4, f());
422 }
423
TEST_F(DlExtTest,ReservedHintTooSmall)424 TEST_F(DlExtTest, ReservedHintTooSmall) {
425 void* start = mmap(nullptr, kPageSize, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
426 ASSERT_TRUE(start != MAP_FAILED);
427 android_dlextinfo extinfo;
428 extinfo.flags = ANDROID_DLEXT_RESERVED_ADDRESS_HINT;
429 extinfo.reserved_addr = start;
430 extinfo.reserved_size = kPageSize;
431 handle_ = android_dlopen_ext(kLibName, RTLD_NOW, &extinfo);
432 ASSERT_DL_NOTNULL(handle_);
433 fn f = reinterpret_cast<fn>(dlsym(handle_, "getRandomNumber"));
434 ASSERT_DL_NOTNULL(f);
435 EXPECT_TRUE(reinterpret_cast<void*>(f) < start ||
436 (reinterpret_cast<void*>(f) >= reinterpret_cast<char*>(start) + kPageSize));
437 EXPECT_EQ(4, f());
438 }
439
440 class DlExtRelroSharingTest : public DlExtTest {
441 protected:
SetUp()442 void SetUp() override {
443 DlExtTest::SetUp();
444 void* start = mmap(nullptr, kLibSize, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
445 ASSERT_TRUE(start != MAP_FAILED);
446 extinfo_.flags = ANDROID_DLEXT_RESERVED_ADDRESS;
447 extinfo_.reserved_addr = start;
448 extinfo_.reserved_size = kLibSize;
449 extinfo_.relro_fd = -1;
450 }
451
TearDown()452 void TearDown() override {
453 DlExtTest::TearDown();
454 }
455
CreateRelroFile(const char * lib,const char * relro_file,bool recursive)456 void CreateRelroFile(const char* lib, const char* relro_file, bool recursive) {
457 int relro_fd = open(relro_file, O_RDWR | O_TRUNC | O_CLOEXEC);
458 ASSERT_NOERROR(relro_fd);
459
460 if (recursive) {
461 extinfo_.flags |= ANDROID_DLEXT_RESERVED_ADDRESS_RECURSIVE;
462 }
463
464 pid_t pid = fork();
465 if (pid == 0) {
466 // child process
467 extinfo_.flags |= ANDROID_DLEXT_WRITE_RELRO;
468 extinfo_.relro_fd = relro_fd;
469 void* handle = android_dlopen_ext(lib, RTLD_NOW, &extinfo_);
470 if (handle == nullptr) {
471 fprintf(stderr, "in child: %s\n", dlerror());
472 exit(1);
473 }
474 fn f = reinterpret_cast<fn>(dlsym(handle, "getRandomNumber"));
475 ASSERT_DL_NOTNULL(f);
476 EXPECT_EQ(4, f());
477
478 if (recursive) {
479 fn f = reinterpret_cast<fn>(dlsym(handle, "getBiggerRandomNumber"));
480 ASSERT_DL_NOTNULL(f);
481 EXPECT_EQ(8, f());
482 }
483
484 uint32_t* taxicab_number =
485 reinterpret_cast<uint32_t*>(dlsym(handle, "dlopen_testlib_taxicab_number"));
486 ASSERT_DL_NOTNULL(taxicab_number);
487 EXPECT_EQ(1729U, *taxicab_number);
488 exit(testing::Test::HasFailure());
489 }
490
491 // continuing in parent
492 ASSERT_NOERROR(close(relro_fd));
493 ASSERT_NOERROR(pid);
494 AssertChildExited(pid, 0);
495
496 // reopen file for reading so it can be used
497 relro_fd = open(relro_file, O_RDONLY | O_CLOEXEC);
498 ASSERT_NOERROR(relro_fd);
499 extinfo_.flags |= ANDROID_DLEXT_USE_RELRO;
500 extinfo_.relro_fd = relro_fd;
501 }
502
TryUsingRelro(const char * lib,bool recursive)503 void TryUsingRelro(const char* lib, bool recursive) {
504 handle_ = android_dlopen_ext(lib, RTLD_NOW, &extinfo_);
505 ASSERT_DL_NOTNULL(handle_);
506 fn f = reinterpret_cast<fn>(dlsym(handle_, "getRandomNumber"));
507 ASSERT_DL_NOTNULL(f);
508 EXPECT_EQ(4, f());
509
510 if (recursive) {
511 fn f = reinterpret_cast<fn>(dlsym(handle_, "getBiggerRandomNumber"));
512 ASSERT_DL_NOTNULL(f);
513 EXPECT_EQ(8, f());
514 }
515
516 uint32_t* taxicab_number =
517 reinterpret_cast<uint32_t*>(dlsym(handle_, "dlopen_testlib_taxicab_number"));
518 ASSERT_DL_NOTNULL(taxicab_number);
519 EXPECT_EQ(1729U, *taxicab_number);
520 }
521
522 void SpawnChildrenAndMeasurePss(const char* lib, const char* relro_file, bool share_relro,
523 size_t* pss_out);
524
525 std::string FindMappingName(void* ptr);
526
527 android_dlextinfo extinfo_;
528 };
529
TEST_F(DlExtRelroSharingTest,ChildWritesGoodData)530 TEST_F(DlExtRelroSharingTest, ChildWritesGoodData) {
531 TemporaryFile tf; // Use tf to get an unique filename.
532 ASSERT_NOERROR(close(tf.fd));
533
534 ASSERT_NO_FATAL_FAILURE(CreateRelroFile(kLibName, tf.path, false));
535 ASSERT_NO_FATAL_FAILURE(TryUsingRelro(kLibName, false));
536 void* relro_data = dlsym(handle_, "lots_of_relro");
537 ASSERT_DL_NOTNULL(relro_data);
538 EXPECT_EQ(tf.path, FindMappingName(relro_data));
539
540 // Use destructor of tf to close and unlink the file.
541 tf.fd = extinfo_.relro_fd;
542 }
543
TEST_F(DlExtRelroSharingTest,ChildWritesGoodDataRecursive)544 TEST_F(DlExtRelroSharingTest, ChildWritesGoodDataRecursive) {
545 TemporaryFile tf; // Use tf to get an unique filename.
546 ASSERT_NOERROR(close(tf.fd));
547
548 ASSERT_NO_FATAL_FAILURE(CreateRelroFile(kLibNameRecursive, tf.path, true));
549 ASSERT_NO_FATAL_FAILURE(TryUsingRelro(kLibNameRecursive, true));
550 void* relro_data = dlsym(handle_, "lots_of_relro");
551 ASSERT_DL_NOTNULL(relro_data);
552 EXPECT_EQ(tf.path, FindMappingName(relro_data));
553 void* recursive_relro_data = dlsym(handle_, "lots_more_relro");
554 ASSERT_DL_NOTNULL(recursive_relro_data);
555 EXPECT_EQ(tf.path, FindMappingName(recursive_relro_data));
556
557
558 // Use destructor of tf to close and unlink the file.
559 tf.fd = extinfo_.relro_fd;
560 }
561
TEST_F(DlExtRelroSharingTest,CheckRelroSizes)562 TEST_F(DlExtRelroSharingTest, CheckRelroSizes) {
563 TemporaryFile tf1, tf2;
564 ASSERT_NOERROR(close(tf1.fd));
565 ASSERT_NOERROR(close(tf2.fd));
566
567 ASSERT_NO_FATAL_FAILURE(CreateRelroFile(kLibNameRecursive, tf1.path, false));
568 struct stat no_recursive;
569 ASSERT_NOERROR(fstat(extinfo_.relro_fd, &no_recursive));
570 tf1.fd = extinfo_.relro_fd;
571
572 ASSERT_NO_FATAL_FAILURE(CreateRelroFile(kLibNameRecursive, tf2.path, true));
573 struct stat with_recursive;
574 ASSERT_NOERROR(fstat(extinfo_.relro_fd, &with_recursive));
575 tf2.fd = extinfo_.relro_fd;
576
577 // RELRO file should end up bigger when we use the recursive flag, since it
578 // includes data for more than one library.
579 ASSERT_GT(with_recursive.st_size, no_recursive.st_size);
580 }
581
TEST_F(DlExtRelroSharingTest,ChildWritesNoRelro)582 TEST_F(DlExtRelroSharingTest, ChildWritesNoRelro) {
583 TemporaryFile tf; // // Use tf to get an unique filename.
584 ASSERT_NOERROR(close(tf.fd));
585
586 ASSERT_NO_FATAL_FAILURE(CreateRelroFile(kLibNameNoRelro, tf.path, false));
587 ASSERT_NO_FATAL_FAILURE(TryUsingRelro(kLibNameNoRelro, false));
588
589 // Use destructor of tf to close and unlink the file.
590 tf.fd = extinfo_.relro_fd;
591 }
592
TEST_F(DlExtRelroSharingTest,RelroFileEmpty)593 TEST_F(DlExtRelroSharingTest, RelroFileEmpty) {
594 ASSERT_NO_FATAL_FAILURE(TryUsingRelro(kLibName, false));
595 }
596
TEST_F(DlExtRelroSharingTest,VerifyMemorySaving)597 TEST_F(DlExtRelroSharingTest, VerifyMemorySaving) {
598 if (geteuid() != 0) GTEST_SKIP() << "This test must be run as root";
599
600 TemporaryFile tf; // Use tf to get an unique filename.
601 ASSERT_NOERROR(close(tf.fd));
602
603 ASSERT_NO_FATAL_FAILURE(CreateRelroFile(kLibName, tf.path, false));
604
605 int pipefd[2];
606 ASSERT_NOERROR(pipe(pipefd));
607
608 size_t without_sharing, with_sharing;
609 ASSERT_NO_FATAL_FAILURE(SpawnChildrenAndMeasurePss(kLibName, tf.path, false, &without_sharing));
610 ASSERT_NO_FATAL_FAILURE(SpawnChildrenAndMeasurePss(kLibName, tf.path, true, &with_sharing));
611 ASSERT_LT(with_sharing, without_sharing);
612
613 // We expect the sharing to save at least 50% of the library's total PSS.
614 // In practice it saves 80%+ for this library in the test.
615 size_t pss_saved = without_sharing - with_sharing;
616 size_t expected_min_saved = without_sharing / 2;
617
618 EXPECT_LT(expected_min_saved, pss_saved);
619
620 // Use destructor of tf to close and unlink the file.
621 tf.fd = extinfo_.relro_fd;
622 }
623
GetPss(bool shared_relro,const char * lib,const char * relro_file,pid_t pid,size_t * total_pss)624 void GetPss(bool shared_relro, const char* lib, const char* relro_file, pid_t pid,
625 size_t* total_pss) {
626 android::meminfo::ProcMemInfo proc_mem(pid);
627 const std::vector<android::meminfo::Vma>& maps = proc_mem.MapsWithoutUsageStats();
628 ASSERT_GT(maps.size(), 0UL);
629
630 // Calculate total PSS of the library.
631 *total_pss = 0;
632 bool saw_relro_file = false;
633 for (auto& vma : maps) {
634 if (android::base::EndsWith(vma.name, lib) || (vma.name == relro_file)) {
635 if (vma.name == relro_file) {
636 saw_relro_file = true;
637 }
638
639 android::meminfo::Vma update_vma(vma);
640 ASSERT_TRUE(proc_mem.FillInVmaStats(update_vma));
641 *total_pss += update_vma.usage.pss;
642 }
643 }
644
645 if (shared_relro) ASSERT_TRUE(saw_relro_file);
646 }
647
SpawnChildrenAndMeasurePss(const char * lib,const char * relro_file,bool share_relro,size_t * pss_out)648 void DlExtRelroSharingTest::SpawnChildrenAndMeasurePss(const char* lib, const char* relro_file,
649 bool share_relro, size_t* pss_out) {
650 const int CHILDREN = 20;
651
652 // Create children
653 pid_t child_pids[CHILDREN];
654 int childpipe[CHILDREN];
655 for (int i=0; i<CHILDREN; ++i) {
656 char read_buf;
657 int child_done_pipe[2], parent_done_pipe[2];
658 ASSERT_NOERROR(pipe(child_done_pipe));
659 ASSERT_NOERROR(pipe(parent_done_pipe));
660
661 pid_t child = fork();
662 if (child == 0) {
663 // close the 'wrong' ends of the pipes in the child
664 close(child_done_pipe[0]);
665 close(parent_done_pipe[1]);
666
667 // open the library
668 void* handle;
669 if (share_relro) {
670 handle = android_dlopen_ext(lib, RTLD_NOW, &extinfo_);
671 } else {
672 handle = dlopen(lib, RTLD_NOW);
673 }
674 if (handle == nullptr) {
675 fprintf(stderr, "in child: %s\n", dlerror());
676 exit(1);
677 }
678
679 // close write end of child_done_pipe to signal the parent that we're done.
680 close(child_done_pipe[1]);
681
682 // wait for the parent to close parent_done_pipe, then exit
683 read(parent_done_pipe[0], &read_buf, 1);
684 exit(0);
685 }
686
687 ASSERT_NOERROR(child);
688
689 // close the 'wrong' ends of the pipes in the parent
690 close(child_done_pipe[1]);
691 close(parent_done_pipe[0]);
692
693 // wait for the child to be done
694 read(child_done_pipe[0], &read_buf, 1);
695 close(child_done_pipe[0]);
696
697 // save the child's pid and the parent_done_pipe
698 child_pids[i] = child;
699 childpipe[i] = parent_done_pipe[1];
700 }
701
702 // Sum the PSS of tested library of all the children
703 size_t total_pss = 0;
704 for (int i=0; i<CHILDREN; ++i) {
705 size_t child_pss;
706 ASSERT_NO_FATAL_FAILURE(GetPss(share_relro, lib, relro_file, child_pids[i], &child_pss));
707 total_pss += child_pss;
708 }
709 *pss_out = total_pss;
710
711 // Close pipes and wait for children to exit
712 for (int i=0; i<CHILDREN; ++i) {
713 ASSERT_NOERROR(close(childpipe[i]));
714 }
715 for (int i = 0; i < CHILDREN; ++i) {
716 AssertChildExited(child_pids[i], 0);
717 }
718 }
719
FindMappingName(void * ptr)720 std::string DlExtRelroSharingTest::FindMappingName(void* ptr) {
721 uint64_t addr = reinterpret_cast<uint64_t>(untag_address(ptr));
722 std::string found_name = "<not found>";
723
724 EXPECT_TRUE(android::procinfo::ReadMapFile("/proc/self/maps",
725 [&](const android::procinfo::MapInfo& mapinfo) {
726 if (addr >= mapinfo.start && addr < mapinfo.end) {
727 found_name = mapinfo.name;
728 }
729 }));
730
731 return found_name;
732 }
733
734 // Testing namespaces
735 static const char* g_public_lib = "libnstest_public.so";
736
737 // These are libs shared with default namespace
738 static const std::string g_core_shared_libs = kCoreSharedLibs;
739
TEST(dlext,ns_smoke)740 TEST(dlext, ns_smoke) {
741 static const char* root_lib = "libnstest_root.so";
742 std::string shared_libs = g_core_shared_libs + ":" + g_public_lib;
743
744 ASSERT_FALSE(android_init_anonymous_namespace("", nullptr));
745 ASSERT_STREQ("android_init_anonymous_namespace failed: error linking namespaces"
746 " \"(anonymous)\"->\"(default)\": the list of shared libraries is empty.",
747 dlerror());
748
749 const std::string lib_public_path = GetTestLibRoot() + "/public_namespace_libs/" + g_public_lib;
750 void* handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW);
751 ASSERT_TRUE(handle_public != nullptr) << dlerror();
752
753 ASSERT_TRUE(android_init_anonymous_namespace(shared_libs.c_str(), nullptr)) << dlerror();
754
755 // Check that libraries added to public namespace are not NODELETE
756 dlclose(handle_public);
757 handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW | RTLD_NOLOAD);
758 ASSERT_TRUE(handle_public == nullptr);
759 ASSERT_EQ(std::string("dlopen failed: library \"") + lib_public_path +
760 "\" wasn't loaded and RTLD_NOLOAD prevented it", dlerror());
761
762 handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW);
763
764 // create "public namespace", share limited set of public libraries with
765
766 android_namespace_t* ns1 =
767 android_create_namespace("private",
768 nullptr,
769 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
770 ANDROID_NAMESPACE_TYPE_REGULAR,
771 nullptr,
772 nullptr);
773 ASSERT_TRUE(ns1 != nullptr) << dlerror();
774 ASSERT_TRUE(android_link_namespaces(ns1, nullptr, shared_libs.c_str())) << dlerror();
775
776 android_namespace_t* ns2 =
777 android_create_namespace("private_isolated",
778 nullptr,
779 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
780 ANDROID_NAMESPACE_TYPE_ISOLATED,
781 nullptr,
782 nullptr);
783 ASSERT_TRUE(ns2 != nullptr) << dlerror();
784 ASSERT_TRUE(android_link_namespaces(ns2, nullptr, shared_libs.c_str())) << dlerror();
785
786 // This should not have affect search path for default namespace:
787 ASSERT_TRUE(dlopen(root_lib, RTLD_NOW) == nullptr);
788 void* handle = dlopen(g_public_lib, RTLD_NOW);
789 ASSERT_TRUE(handle != nullptr) << dlerror();
790 dlclose(handle);
791
792 // dlopen for a public library using an absolute path should work
793 // 1. For isolated namespaces
794 android_dlextinfo extinfo;
795 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
796 extinfo.library_namespace = ns2;
797 handle = android_dlopen_ext(lib_public_path.c_str(), RTLD_NOW, &extinfo);
798 ASSERT_TRUE(handle != nullptr) << dlerror();
799 ASSERT_TRUE(handle == handle_public);
800
801 dlclose(handle);
802
803 // 1.1 even if it wasn't loaded before
804 dlclose(handle_public);
805
806 handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW | RTLD_NOLOAD);
807 ASSERT_TRUE(handle_public == nullptr);
808 ASSERT_EQ(std::string("dlopen failed: library \"") + lib_public_path +
809 "\" wasn't loaded and RTLD_NOLOAD prevented it", dlerror());
810
811 handle = android_dlopen_ext(lib_public_path.c_str(), RTLD_NOW, &extinfo);
812 ASSERT_TRUE(handle != nullptr) << dlerror();
813
814 handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW);
815 ASSERT_TRUE(handle == handle_public);
816
817 dlclose(handle);
818
819 // 2. And for regular namespaces (make sure it does not load second copy of the library)
820 extinfo.library_namespace = ns1;
821 handle = android_dlopen_ext(lib_public_path.c_str(), RTLD_NOW, &extinfo);
822 ASSERT_TRUE(handle != nullptr) << dlerror();
823 ASSERT_TRUE(handle == handle_public);
824
825 dlclose(handle);
826
827 // 2.1 Unless it was not loaded before - in which case it will load a duplicate.
828 // TODO(dimitry): This is broken. Maybe we need to deprecate non-isolated namespaces?
829 dlclose(handle_public);
830
831 handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW | RTLD_NOLOAD);
832 ASSERT_TRUE(handle_public == nullptr);
833 ASSERT_EQ(std::string("dlopen failed: library \"") + lib_public_path +
834 "\" wasn't loaded and RTLD_NOLOAD prevented it", dlerror());
835
836 handle = android_dlopen_ext(lib_public_path.c_str(), RTLD_NOW, &extinfo);
837 ASSERT_TRUE(handle != nullptr) << dlerror();
838
839 handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW);
840
841 ASSERT_TRUE(handle != handle_public);
842
843 dlclose(handle);
844
845 extinfo.library_namespace = ns1;
846
847 void* handle1 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
848 ASSERT_TRUE(handle1 != nullptr) << dlerror();
849
850 extinfo.library_namespace = ns2;
851 void* handle2 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
852 ASSERT_TRUE(handle2 != nullptr) << dlerror();
853
854 ASSERT_TRUE(handle1 != handle2);
855
856 typedef const char* (*fn_t)();
857
858 fn_t ns_get_local_string1 = reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_local_string"));
859 ASSERT_TRUE(ns_get_local_string1 != nullptr) << dlerror();
860 fn_t ns_get_local_string2 = reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_local_string"));
861 ASSERT_TRUE(ns_get_local_string2 != nullptr) << dlerror();
862
863 EXPECT_STREQ("This string is local to root library", ns_get_local_string1());
864 EXPECT_STREQ("This string is local to root library", ns_get_local_string2());
865
866 ASSERT_TRUE(ns_get_local_string1() != ns_get_local_string2());
867
868 fn_t ns_get_private_extern_string1 =
869 reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_private_extern_string"));
870 ASSERT_TRUE(ns_get_private_extern_string1 != nullptr) << dlerror();
871 fn_t ns_get_private_extern_string2 =
872 reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_private_extern_string"));
873 ASSERT_TRUE(ns_get_private_extern_string2 != nullptr) << dlerror();
874
875 EXPECT_STREQ("This string is from private namespace", ns_get_private_extern_string1());
876 EXPECT_STREQ("This string is from private namespace", ns_get_private_extern_string2());
877
878 ASSERT_TRUE(ns_get_private_extern_string1() != ns_get_private_extern_string2());
879
880 fn_t ns_get_public_extern_string1 =
881 reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_public_extern_string"));
882 ASSERT_TRUE(ns_get_public_extern_string1 != nullptr) << dlerror();
883 fn_t ns_get_public_extern_string2 =
884 reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_public_extern_string"));
885 ASSERT_TRUE(ns_get_public_extern_string2 != nullptr) << dlerror();
886
887 EXPECT_STREQ("This string is from public namespace", ns_get_public_extern_string1());
888 ASSERT_TRUE(ns_get_public_extern_string1() == ns_get_public_extern_string2());
889
890 // and now check that dlopen() does the right thing in terms of preserving namespace
891 fn_t ns_get_dlopened_string1 = reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_dlopened_string"));
892 ASSERT_TRUE(ns_get_dlopened_string1 != nullptr) << dlerror();
893 fn_t ns_get_dlopened_string2 = reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_dlopened_string"));
894 ASSERT_TRUE(ns_get_dlopened_string2 != nullptr) << dlerror();
895
896 EXPECT_STREQ("This string is from private namespace (dlopened library)", ns_get_dlopened_string1());
897 EXPECT_STREQ("This string is from private namespace (dlopened library)", ns_get_dlopened_string2());
898
899 ASSERT_TRUE(ns_get_dlopened_string1() != ns_get_dlopened_string2());
900
901 // Check that symbols from non-shared libraries a shared library depends on are not visible
902 // from original namespace.
903
904 fn_t ns_get_internal_extern_string =
905 reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_internal_extern_string"));
906 ASSERT_TRUE(ns_get_internal_extern_string != nullptr) << dlerror();
907 ASSERT_TRUE(ns_get_internal_extern_string() == nullptr) <<
908 "ns_get_internal_extern_string() expected to return null but returns \"" <<
909 ns_get_internal_extern_string() << "\"";
910
911 dlclose(handle1);
912
913 // Check if handle2 is still alive (and well)
914 ASSERT_STREQ("This string is local to root library", ns_get_local_string2());
915 ASSERT_STREQ("This string is from private namespace", ns_get_private_extern_string2());
916 ASSERT_STREQ("This string is from public namespace", ns_get_public_extern_string2());
917 ASSERT_STREQ("This string is from private namespace (dlopened library)", ns_get_dlopened_string2());
918
919 dlclose(handle2);
920 }
921
TEST(dlext,dlopen_ext_use_o_tmpfile_fd)922 TEST(dlext, dlopen_ext_use_o_tmpfile_fd) {
923 const std::string lib_path = GetTestLibRoot() + "/libtest_simple.so";
924
925 int tmpfd = TEMP_FAILURE_RETRY(
926 open(GetTestLibRoot().c_str(), O_TMPFILE | O_CLOEXEC | O_RDWR | O_EXCL, 0));
927
928 // Ignore kernels without O_TMPFILE flag support
929 if (tmpfd == -1 && (errno == EISDIR || errno == EINVAL || errno == EOPNOTSUPP)) {
930 return;
931 }
932
933 ASSERT_TRUE(tmpfd != -1) << strerror(errno);
934
935 android_namespace_t* ns =
936 android_create_namespace("testing-o_tmpfile",
937 nullptr,
938 GetTestLibRoot().c_str(),
939 ANDROID_NAMESPACE_TYPE_ISOLATED,
940 nullptr,
941 nullptr);
942
943 ASSERT_DL_NOTNULL(ns);
944
945 ASSERT_TRUE(android_link_namespaces(ns, nullptr, g_core_shared_libs.c_str())) << dlerror();
946
947 std::string content;
948 ASSERT_TRUE(android::base::ReadFileToString(lib_path, &content)) << strerror(errno);
949 ASSERT_TRUE(android::base::WriteStringToFd(content, tmpfd)) << strerror(errno);
950
951 android_dlextinfo extinfo;
952 extinfo.flags = ANDROID_DLEXT_USE_LIBRARY_FD | ANDROID_DLEXT_USE_NAMESPACE;
953 extinfo.library_fd = tmpfd;
954 extinfo.library_namespace = ns;
955
956 void* handle = android_dlopen_ext("foobar", RTLD_NOW, &extinfo);
957
958 ASSERT_DL_NOTNULL(handle);
959
960 uint32_t* taxicab_number = reinterpret_cast<uint32_t*>(dlsym(handle, "dlopen_testlib_taxicab_number"));
961 ASSERT_DL_NOTNULL(taxicab_number);
962 EXPECT_EQ(1729U, *taxicab_number);
963 dlclose(handle);
964 }
965
TEST(dlext,dlopen_ext_use_memfd)966 TEST(dlext, dlopen_ext_use_memfd) {
967 const std::string lib_path = GetTestLibRoot() + "/libtest_simple.so";
968
969 // create memfd
970 int memfd = memfd_create("foobar", MFD_CLOEXEC);
971 if (memfd == -1 && errno == ENOSYS) GTEST_SKIP() << "no memfd_create() in this kernel";
972 ASSERT_TRUE(memfd != -1) << strerror(errno);
973
974 // Check st.f_type is TMPFS_MAGIC for memfd
975 struct statfs st;
976 ASSERT_TRUE(TEMP_FAILURE_RETRY(fstatfs(memfd, &st)) == 0) << strerror(errno);
977 ASSERT_EQ(static_cast<decltype(st.f_type)>(TMPFS_MAGIC), st.f_type);
978
979 android_namespace_t* ns =
980 android_create_namespace("testing-memfd",
981 nullptr,
982 GetTestLibRoot().c_str(),
983 ANDROID_NAMESPACE_TYPE_ISOLATED,
984 nullptr,
985 nullptr);
986
987 ASSERT_DL_NOTNULL(ns);
988
989 ASSERT_TRUE(android_link_namespaces(ns, nullptr, g_core_shared_libs.c_str())) << dlerror();
990
991 // read file into memfd backed one.
992 std::string content;
993 ASSERT_TRUE(android::base::ReadFileToString(lib_path, &content)) << strerror(errno);
994 ASSERT_TRUE(android::base::WriteStringToFd(content, memfd)) << strerror(errno);
995
996 android_dlextinfo extinfo;
997 extinfo.flags = ANDROID_DLEXT_USE_LIBRARY_FD | ANDROID_DLEXT_USE_NAMESPACE;
998 extinfo.library_fd = memfd;
999 extinfo.library_namespace = ns;
1000
1001 void* handle = android_dlopen_ext("foobar", RTLD_NOW, &extinfo);
1002
1003 ASSERT_DL_NOTNULL(handle);
1004
1005 uint32_t* taxicab_number = reinterpret_cast<uint32_t*>(dlsym(handle, "dlopen_testlib_taxicab_number"));
1006 ASSERT_DL_NOTNULL(taxicab_number);
1007 EXPECT_EQ(1729U, *taxicab_number);
1008 dlclose(handle);
1009 }
1010
TEST(dlext,ns_symbol_visibilty_one_namespace)1011 TEST(dlext, ns_symbol_visibilty_one_namespace) {
1012 static const char* root_lib = "libnstest_root.so";
1013 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1014
1015 const std::string ns_search_path = GetTestLibRoot() + "/public_namespace_libs:" +
1016 GetTestLibRoot() + "/private_namespace_libs";
1017
1018 android_namespace_t* ns =
1019 android_create_namespace("one",
1020 nullptr,
1021 ns_search_path.c_str(),
1022 ANDROID_NAMESPACE_TYPE_ISOLATED,
1023 nullptr,
1024 nullptr);
1025
1026 ASSERT_TRUE(android_link_namespaces(ns, nullptr, g_core_shared_libs.c_str())) << dlerror();
1027
1028 android_dlextinfo extinfo;
1029 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1030 extinfo.library_namespace = ns;
1031
1032 void* handle = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
1033 ASSERT_TRUE(handle != nullptr) << dlerror();
1034
1035 typedef const char* (*fn_t)();
1036
1037 // Check that relocation worked correctly
1038 fn_t ns_get_internal_extern_string =
1039 reinterpret_cast<fn_t>(dlsym(handle, "ns_get_internal_extern_string"));
1040 ASSERT_TRUE(ns_get_internal_extern_string != nullptr) << dlerror();
1041 ASSERT_STREQ("This string is from a library a shared library depends on", ns_get_internal_extern_string());
1042
1043 fn_t internal_extern_string_fn =
1044 reinterpret_cast<fn_t>(dlsym(handle, "internal_extern_string"));
1045 ASSERT_TRUE(internal_extern_string_fn != nullptr) << dlerror();
1046 ASSERT_STREQ("This string is from a library a shared library depends on", internal_extern_string_fn());
1047 }
1048
TEST(dlext,ns_symbol_visibilty_between_namespaces)1049 TEST(dlext, ns_symbol_visibilty_between_namespaces) {
1050 static const char* root_lib = "libnstest_root.so";
1051 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1052
1053 const std::string public_ns_search_path = GetTestLibRoot() + "/public_namespace_libs";
1054 const std::string private_ns_search_path = GetTestLibRoot() + "/private_namespace_libs";
1055
1056 android_namespace_t* ns_public =
1057 android_create_namespace("public",
1058 nullptr,
1059 public_ns_search_path.c_str(),
1060 ANDROID_NAMESPACE_TYPE_ISOLATED,
1061 nullptr,
1062 nullptr);
1063
1064 ASSERT_TRUE(android_link_namespaces(ns_public, nullptr, g_core_shared_libs.c_str())) << dlerror();
1065
1066 android_namespace_t* ns_private =
1067 android_create_namespace("private",
1068 nullptr,
1069 private_ns_search_path.c_str(),
1070 ANDROID_NAMESPACE_TYPE_ISOLATED,
1071 nullptr,
1072 nullptr);
1073
1074 ASSERT_TRUE(android_link_namespaces(ns_private, ns_public, g_public_lib)) << dlerror();
1075 ASSERT_TRUE(android_link_namespaces(ns_private, nullptr, g_core_shared_libs.c_str())) << dlerror();
1076
1077 android_dlextinfo extinfo;
1078 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1079 extinfo.library_namespace = ns_private;
1080
1081 void* handle = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
1082 ASSERT_TRUE(handle != nullptr) << dlerror();
1083
1084 typedef const char* (*fn_t)();
1085
1086 // Check that relocation worked correctly
1087 fn_t ns_get_internal_extern_string =
1088 reinterpret_cast<fn_t>(dlsym(handle, "ns_get_internal_extern_string"));
1089 ASSERT_TRUE(ns_get_internal_extern_string != nullptr) << dlerror();
1090 ASSERT_TRUE(ns_get_internal_extern_string() == nullptr) <<
1091 "ns_get_internal_extern_string() expected to return null but returns \"" <<
1092 ns_get_internal_extern_string() << "\"";
1093
1094 fn_t internal_extern_string_fn =
1095 reinterpret_cast<fn_t>(dlsym(handle, "internal_extern_string"));
1096 ASSERT_TRUE(internal_extern_string_fn == nullptr);
1097 ASSERT_STREQ("undefined symbol: internal_extern_string", dlerror());
1098 }
1099
TEST(dlext,ns_unload_between_namespaces)1100 TEST(dlext, ns_unload_between_namespaces) {
1101 static const char* root_lib = "libnstest_root.so";
1102 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1103
1104 const std::string public_ns_search_path = GetTestLibRoot() + "/public_namespace_libs";
1105 const std::string private_ns_search_path = GetTestLibRoot() + "/private_namespace_libs";
1106
1107 android_namespace_t* ns_public =
1108 android_create_namespace("public",
1109 nullptr,
1110 public_ns_search_path.c_str(),
1111 ANDROID_NAMESPACE_TYPE_ISOLATED,
1112 nullptr,
1113 nullptr);
1114
1115 ASSERT_TRUE(android_link_namespaces(ns_public, nullptr, g_core_shared_libs.c_str())) << dlerror();
1116
1117 android_namespace_t* ns_private =
1118 android_create_namespace("private",
1119 nullptr,
1120 private_ns_search_path.c_str(),
1121 ANDROID_NAMESPACE_TYPE_ISOLATED,
1122 nullptr,
1123 nullptr);
1124
1125 ASSERT_TRUE(android_link_namespaces(ns_private, ns_public, g_public_lib)) << dlerror();
1126 ASSERT_TRUE(android_link_namespaces(ns_private, nullptr, g_core_shared_libs.c_str())) << dlerror();
1127
1128 android_dlextinfo extinfo;
1129 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1130 extinfo.library_namespace = ns_private;
1131
1132 void* handle = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
1133 ASSERT_TRUE(handle != nullptr) << dlerror();
1134
1135 dlclose(handle);
1136 // Check that root_lib was unloaded
1137 handle = android_dlopen_ext(root_lib, RTLD_NOW | RTLD_NOLOAD, &extinfo);
1138 ASSERT_TRUE(handle == nullptr);
1139 ASSERT_EQ(std::string("dlopen failed: library \"") + root_lib +
1140 "\" wasn't loaded and RTLD_NOLOAD prevented it", dlerror());
1141
1142 // Check that shared library was unloaded in public ns
1143 extinfo.library_namespace = ns_public;
1144 handle = android_dlopen_ext(g_public_lib, RTLD_NOW | RTLD_NOLOAD, &extinfo);
1145 ASSERT_TRUE(handle == nullptr);
1146 ASSERT_EQ(std::string("dlopen failed: library \"") + g_public_lib +
1147 "\" wasn't loaded and RTLD_NOLOAD prevented it", dlerror());
1148 }
1149
TEST(dlext,ns_unload_between_namespaces_missing_symbol_direct)1150 TEST(dlext, ns_unload_between_namespaces_missing_symbol_direct) {
1151 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1152
1153 const std::string public_ns_search_path = GetTestLibRoot() + "/public_namespace_libs";
1154 const std::string private_ns_search_path = GetTestLibRoot() + "/private_namespace_libs";
1155
1156 android_namespace_t* ns_public =
1157 android_create_namespace("public",
1158 nullptr,
1159 public_ns_search_path.c_str(),
1160 ANDROID_NAMESPACE_TYPE_ISOLATED,
1161 nullptr,
1162 nullptr);
1163
1164 ASSERT_TRUE(android_link_namespaces(ns_public, nullptr, g_core_shared_libs.c_str())) << dlerror();
1165
1166 android_namespace_t* ns_private =
1167 android_create_namespace("private",
1168 nullptr,
1169 private_ns_search_path.c_str(),
1170 ANDROID_NAMESPACE_TYPE_ISOLATED,
1171 nullptr,
1172 nullptr);
1173
1174 ASSERT_TRUE(android_link_namespaces(ns_private, ns_public, "libtest_missing_symbol.so")) << dlerror();
1175 ASSERT_TRUE(android_link_namespaces(ns_private, nullptr, g_core_shared_libs.c_str())) << dlerror();
1176
1177 android_dlextinfo extinfo;
1178 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1179 extinfo.library_namespace = ns_private;
1180
1181 void* handle = android_dlopen_ext((public_ns_search_path + "/libtest_missing_symbol.so").c_str(),
1182 RTLD_NOW,
1183 &extinfo);
1184 ASSERT_TRUE(handle == nullptr);
1185 ASSERT_EQ(std::string("dlopen failed: cannot locate symbol \"dlopen_testlib_missing_symbol\" referenced by \"") +
1186 public_ns_search_path + "/libtest_missing_symbol.so\"...",
1187 dlerror());
1188 }
1189
TEST(dlext,ns_unload_between_namespaces_missing_symbol_indirect)1190 TEST(dlext, ns_unload_between_namespaces_missing_symbol_indirect) {
1191 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1192
1193 const std::string public_ns_search_path = GetTestLibRoot() + "/public_namespace_libs";
1194 const std::string private_ns_search_path = GetTestLibRoot() + "/private_namespace_libs";
1195
1196 android_namespace_t* ns_public =
1197 android_create_namespace("public",
1198 nullptr,
1199 public_ns_search_path.c_str(),
1200 ANDROID_NAMESPACE_TYPE_ISOLATED,
1201 nullptr,
1202 nullptr);
1203
1204 ASSERT_TRUE(android_link_namespaces(ns_public, nullptr, g_core_shared_libs.c_str())) << dlerror();
1205
1206 android_namespace_t* ns_private =
1207 android_create_namespace("private",
1208 nullptr,
1209 private_ns_search_path.c_str(),
1210 ANDROID_NAMESPACE_TYPE_ISOLATED,
1211 nullptr,
1212 nullptr);
1213
1214 ASSERT_TRUE(android_link_namespaces(ns_private,
1215 ns_public,
1216 "libnstest_public.so:libtest_missing_symbol_child_public.so")
1217 ) << dlerror();
1218 ASSERT_TRUE(android_link_namespaces(ns_private, nullptr, g_core_shared_libs.c_str())) << dlerror();
1219
1220 android_dlextinfo extinfo;
1221 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1222 extinfo.library_namespace = ns_private;
1223
1224 void* handle = android_dlopen_ext("libtest_missing_symbol_root.so", RTLD_NOW, &extinfo);
1225 ASSERT_TRUE(handle == nullptr);
1226 ASSERT_EQ(std::string("dlopen failed: cannot locate symbol \"dlopen_testlib_missing_symbol\" referenced by \"") +
1227 private_ns_search_path + "/libtest_missing_symbol_root.so\"...",
1228 dlerror());
1229 }
1230
TEST(dlext,ns_exempt_list_enabled)1231 TEST(dlext, ns_exempt_list_enabled) {
1232 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1233
1234 const std::string ns_search_path = GetTestLibRoot() + "/private_namespace_libs";
1235
1236 android_namespace_t* ns =
1237 android_create_namespace("namespace",
1238 nullptr,
1239 ns_search_path.c_str(),
1240 ANDROID_NAMESPACE_TYPE_ISOLATED | ANDROID_NAMESPACE_TYPE_EXEMPT_LIST_ENABLED,
1241 nullptr,
1242 nullptr);
1243
1244 ASSERT_TRUE(android_link_namespaces(ns, nullptr, g_core_shared_libs.c_str())) << dlerror();
1245
1246 android_dlextinfo extinfo;
1247 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1248 extinfo.library_namespace = ns;
1249
1250 // An app targeting M can open libnativehelper.so because it's on the exempt-list.
1251 android_set_application_target_sdk_version(23);
1252 void* handle = android_dlopen_ext("libnativehelper.so", RTLD_NOW, &extinfo);
1253 ASSERT_TRUE(handle != nullptr) << dlerror();
1254
1255 // Check that loader did not load another copy of libdl.so while loading exempted library.
1256 void* dlsym_ptr = dlsym(handle, "dlsym");
1257 ASSERT_TRUE(dlsym_ptr != nullptr) << dlerror();
1258 ASSERT_EQ(&dlsym, dlsym_ptr);
1259
1260 dlclose(handle);
1261
1262 // An app targeting N no longer has the exempt-list.
1263 android_set_application_target_sdk_version(24);
1264 handle = android_dlopen_ext("libnativehelper.so", RTLD_NOW, &extinfo);
1265 ASSERT_TRUE(handle == nullptr);
1266 ASSERT_STREQ("dlopen failed: library \"libnativehelper.so\" not found", dlerror());
1267 }
1268
TEST(dlext,ns_exempt_list_disabled_by_default)1269 TEST(dlext, ns_exempt_list_disabled_by_default) {
1270 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1271
1272 const std::string ns_search_path = GetTestLibRoot() + "/private_namespace_libs";
1273
1274 android_namespace_t* ns =
1275 android_create_namespace("namespace",
1276 nullptr,
1277 ns_search_path.c_str(),
1278 ANDROID_NAMESPACE_TYPE_ISOLATED,
1279 nullptr,
1280 nullptr);
1281
1282 ASSERT_TRUE(android_link_namespaces(ns, nullptr, g_core_shared_libs.c_str())) << dlerror();
1283
1284 android_dlextinfo extinfo;
1285 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1286 extinfo.library_namespace = ns;
1287
1288 android_set_application_target_sdk_version(23);
1289 void* handle = android_dlopen_ext("libnativehelper.so", RTLD_NOW, &extinfo);
1290 ASSERT_TRUE(handle == nullptr);
1291 ASSERT_STREQ("dlopen failed: library \"libnativehelper.so\" not found", dlerror());
1292 }
1293
TEST(dlext,ns_cyclic_namespaces)1294 TEST(dlext, ns_cyclic_namespaces) {
1295 // Test that ns1->ns2->ns1 link does not break the loader
1296 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1297 std::string shared_libs = g_core_shared_libs + ":libthatdoesnotexist.so";
1298
1299 const std::string ns_search_path = GetTestLibRoot() + "/public_namespace_libs";
1300
1301 android_namespace_t* ns1 =
1302 android_create_namespace("ns1",
1303 nullptr,
1304 ns_search_path.c_str(),
1305 ANDROID_NAMESPACE_TYPE_ISOLATED,
1306 nullptr,
1307 nullptr);
1308
1309 ASSERT_TRUE(android_link_namespaces(ns1, nullptr, g_core_shared_libs.c_str())) << dlerror();
1310
1311 android_namespace_t* ns2 =
1312 android_create_namespace("ns1",
1313 nullptr,
1314 ns_search_path.c_str(),
1315 ANDROID_NAMESPACE_TYPE_ISOLATED,
1316 nullptr,
1317 nullptr);
1318
1319 ASSERT_TRUE(android_link_namespaces(ns2, nullptr, g_core_shared_libs.c_str())) << dlerror();
1320
1321 ASSERT_TRUE(android_link_namespaces(ns2, ns1, shared_libs.c_str())) << dlerror();
1322 ASSERT_TRUE(android_link_namespaces(ns1, ns2, shared_libs.c_str())) << dlerror();
1323
1324 android_dlextinfo extinfo;
1325 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1326 extinfo.library_namespace = ns1;
1327
1328 void* handle = android_dlopen_ext("libthatdoesnotexist.so", RTLD_NOW, &extinfo);
1329 ASSERT_TRUE(handle == nullptr);
1330 ASSERT_STREQ("dlopen failed: library \"libthatdoesnotexist.so\" not found", dlerror());
1331 }
1332
TEST(dlext,ns_isolated)1333 TEST(dlext, ns_isolated) {
1334 static const char* root_lib = "libnstest_root_not_isolated.so";
1335 std::string shared_libs = g_core_shared_libs + ":" + g_public_lib;
1336
1337 const std::string lib_public_path = GetTestLibRoot() + "/public_namespace_libs/" + g_public_lib;
1338 void* handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW);
1339 ASSERT_TRUE(handle_public != nullptr) << dlerror();
1340
1341 android_set_application_target_sdk_version(42U); // something > 23
1342
1343 ASSERT_TRUE(android_init_anonymous_namespace(shared_libs.c_str(), nullptr)) << dlerror();
1344
1345 android_namespace_t* ns_not_isolated =
1346 android_create_namespace("private",
1347 nullptr,
1348 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1349 ANDROID_NAMESPACE_TYPE_REGULAR,
1350 nullptr,
1351 nullptr);
1352 ASSERT_TRUE(ns_not_isolated != nullptr) << dlerror();
1353 ASSERT_TRUE(android_link_namespaces(ns_not_isolated, nullptr, shared_libs.c_str())) << dlerror();
1354
1355 android_namespace_t* ns_isolated =
1356 android_create_namespace("private_isolated1",
1357 nullptr,
1358 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1359 ANDROID_NAMESPACE_TYPE_ISOLATED,
1360 nullptr,
1361 nullptr);
1362 ASSERT_TRUE(ns_isolated != nullptr) << dlerror();
1363 ASSERT_TRUE(android_link_namespaces(ns_isolated, nullptr, shared_libs.c_str())) << dlerror();
1364
1365 android_namespace_t* ns_isolated2 =
1366 android_create_namespace("private_isolated2",
1367 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1368 nullptr,
1369 ANDROID_NAMESPACE_TYPE_ISOLATED,
1370 GetTestLibRoot().c_str(),
1371 nullptr);
1372 ASSERT_TRUE(ns_isolated2 != nullptr) << dlerror();
1373 ASSERT_TRUE(android_link_namespaces(ns_isolated2, nullptr, shared_libs.c_str())) << dlerror();
1374
1375 ASSERT_TRUE(dlopen(root_lib, RTLD_NOW) == nullptr);
1376 ASSERT_STREQ("dlopen failed: library \"libnstest_root_not_isolated.so\" not found", dlerror());
1377
1378 std::string lib_private_external_path =
1379 GetTestLibRoot() + "/private_namespace_libs_external/libnstest_private_external.so";
1380
1381 // Load lib_private_external_path to default namespace
1382 // (it should remain invisible for the isolated namespaces after this)
1383 void* handle = dlopen(lib_private_external_path.c_str(), RTLD_NOW);
1384 ASSERT_TRUE(handle != nullptr) << dlerror();
1385
1386 android_dlextinfo extinfo;
1387 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1388 extinfo.library_namespace = ns_not_isolated;
1389
1390 void* handle1 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
1391 ASSERT_TRUE(handle1 != nullptr) << dlerror();
1392
1393 extinfo.library_namespace = ns_isolated;
1394
1395 void* handle2 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
1396 ASSERT_TRUE(handle2 == nullptr);
1397 const char* error = dlerror();
1398 ASSERT_MATCH(error,
1399 R"(dlopen failed: library "libnstest_private_external.so" not found: needed by )"
1400 R"(\S+libnstest_root_not_isolated.so in namespace private_isolated1)");
1401
1402 // Check dlopen by absolute path
1403 handle2 = android_dlopen_ext(lib_private_external_path.c_str(), RTLD_NOW, &extinfo);
1404 ASSERT_TRUE(handle2 == nullptr);
1405 ASSERT_EQ("dlopen failed: library \"" + lib_private_external_path + "\" needed"
1406 " or dlopened by \"" + android::base::GetExecutablePath() + "\" is not accessible"
1407 " for the namespace \"private_isolated1\"", dlerror());
1408
1409 extinfo.library_namespace = ns_isolated2;
1410
1411 // this should work because isolation_path for private_isolated2 includes GetTestLibRoot()
1412 handle2 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
1413 ASSERT_TRUE(handle2 != nullptr) << dlerror();
1414 dlclose(handle2);
1415
1416 // Check dlopen by absolute path
1417 handle2 = android_dlopen_ext(lib_private_external_path.c_str(), RTLD_NOW, &extinfo);
1418 ASSERT_TRUE(handle2 != nullptr) << dlerror();
1419 dlclose(handle2);
1420
1421 typedef const char* (*fn_t)();
1422 fn_t ns_get_local_string = reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_local_string"));
1423 ASSERT_TRUE(ns_get_local_string != nullptr) << dlerror();
1424
1425 ASSERT_STREQ("This string is local to root library", ns_get_local_string());
1426
1427 fn_t ns_get_private_extern_string =
1428 reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_private_extern_string"));
1429 ASSERT_TRUE(ns_get_private_extern_string != nullptr) << dlerror();
1430
1431 ASSERT_STREQ("This string is from private namespace", ns_get_private_extern_string());
1432
1433 fn_t ns_get_public_extern_string =
1434 reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_public_extern_string"));
1435 ASSERT_TRUE(ns_get_public_extern_string != nullptr) << dlerror();
1436
1437 ASSERT_STREQ("This string is from public namespace", ns_get_public_extern_string());
1438
1439 fn_t ns_get_dlopened_string = reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_dlopened_string"));
1440 ASSERT_TRUE(ns_get_dlopened_string != nullptr) << dlerror();
1441
1442 ASSERT_STREQ("This string is from private namespace (dlopened library)", ns_get_dlopened_string());
1443
1444 dlclose(handle1);
1445 }
1446
TEST(dlext,ns_shared)1447 TEST(dlext, ns_shared) {
1448 static const char* root_lib = "libnstest_root_not_isolated.so";
1449 static const char* root_lib_isolated = "libnstest_root.so";
1450
1451 std::string shared_libs = g_core_shared_libs + ":" + g_public_lib;
1452
1453 // create a parent namespace to use instead of the default namespace. This is
1454 // to make this test be independent from the configuration of the default
1455 // namespace.
1456 android_namespace_t* ns_parent =
1457 android_create_namespace("parent",
1458 nullptr,
1459 nullptr,
1460 ANDROID_NAMESPACE_TYPE_REGULAR,
1461 nullptr,
1462 nullptr);
1463 ASSERT_TRUE(ns_parent != nullptr) << dlerror();
1464 ASSERT_TRUE(android_link_namespaces(ns_parent, nullptr, g_core_shared_libs.c_str())) << dlerror();
1465
1466 android_dlextinfo extinfo;
1467 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1468 extinfo.library_namespace = ns_parent;
1469
1470 const std::string lib_public_path = GetTestLibRoot() + "/public_namespace_libs/" + g_public_lib;
1471 void* handle_public = android_dlopen_ext(lib_public_path.c_str(), RTLD_NOW, &extinfo);
1472 ASSERT_TRUE(handle_public != nullptr) << dlerror();
1473
1474 android_set_application_target_sdk_version(42U); // something > 23
1475
1476 ASSERT_TRUE(android_init_anonymous_namespace(shared_libs.c_str(), nullptr)) << dlerror();
1477
1478 // preload this library to the parent namespace to check if it
1479 // is shared later on.
1480 void* handle_dlopened =
1481 android_dlopen_ext((GetTestLibRoot() + "/private_namespace_libs/libnstest_dlopened.so").c_str(), RTLD_NOW, &extinfo);
1482 ASSERT_TRUE(handle_dlopened != nullptr) << dlerror();
1483
1484 // create two child namespaces of 'ns_parent'. One with regular, the other
1485 // with isolated & shared.
1486 android_namespace_t* ns_not_isolated =
1487 android_create_namespace("private",
1488 nullptr,
1489 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1490 ANDROID_NAMESPACE_TYPE_REGULAR,
1491 nullptr,
1492 ns_parent);
1493 ASSERT_TRUE(ns_not_isolated != nullptr) << dlerror();
1494 ASSERT_TRUE(android_link_namespaces(ns_not_isolated, ns_parent, g_public_lib)) << dlerror();
1495 ASSERT_TRUE(android_link_namespaces(ns_not_isolated, nullptr, g_core_shared_libs.c_str())) << dlerror();
1496
1497 android_namespace_t* ns_isolated_shared =
1498 android_create_namespace("private_isolated_shared",
1499 nullptr,
1500 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1501 ANDROID_NAMESPACE_TYPE_ISOLATED | ANDROID_NAMESPACE_TYPE_SHARED,
1502 nullptr,
1503 ns_parent);
1504 ASSERT_TRUE(ns_isolated_shared != nullptr) << dlerror();
1505 ASSERT_TRUE(android_link_namespaces(ns_isolated_shared, ns_parent, g_public_lib)) << dlerror();
1506 ASSERT_TRUE(android_link_namespaces(ns_isolated_shared, nullptr, g_core_shared_libs.c_str())) << dlerror();
1507
1508 ASSERT_TRUE(android_dlopen_ext(root_lib, RTLD_NOW, &extinfo) == nullptr);
1509 ASSERT_STREQ("dlopen failed: library \"libnstest_root_not_isolated.so\" not found", dlerror());
1510
1511 std::string lib_private_external_path =
1512 GetTestLibRoot() + "/private_namespace_libs_external/libnstest_private_external.so";
1513
1514 // Load lib_private_external_path to the parent namespace
1515 // (it should remain invisible for the isolated namespaces after this)
1516 void* handle = android_dlopen_ext(lib_private_external_path.c_str(), RTLD_NOW, &extinfo);
1517 ASSERT_TRUE(handle != nullptr) << dlerror();
1518
1519 extinfo.library_namespace = ns_not_isolated;
1520
1521 void* handle1 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
1522 ASSERT_TRUE(handle1 != nullptr) << dlerror();
1523
1524 extinfo.library_namespace = ns_isolated_shared;
1525
1526 void* handle2 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
1527 ASSERT_TRUE(handle2 == nullptr);
1528 ASSERT_MATCH(dlerror(),
1529 R"(dlopen failed: library "libnstest_private_external.so" not found: needed by )"
1530 R"(\S+libnstest_root_not_isolated.so in namespace private_isolated_shared)");
1531
1532 // Check dlopen by absolute path
1533 handle2 = android_dlopen_ext(lib_private_external_path.c_str(), RTLD_NOW, &extinfo);
1534 ASSERT_TRUE(handle2 == nullptr);
1535 ASSERT_EQ("dlopen failed: library \"" + lib_private_external_path + "\" needed"
1536 " or dlopened by \"" + android::base::GetExecutablePath() + "\" is not accessible"
1537 " for the namespace \"private_isolated_shared\"", dlerror());
1538
1539 // load libnstest_root.so to shared namespace in order to check that everything is different
1540 // except shared libnstest_dlopened.so
1541
1542 handle2 = android_dlopen_ext(root_lib_isolated, RTLD_NOW, &extinfo);
1543
1544 typedef const char* (*fn_t)();
1545 fn_t ns_get_local_string = reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_local_string"));
1546 ASSERT_TRUE(ns_get_local_string != nullptr) << dlerror();
1547 fn_t ns_get_local_string_shared = reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_local_string"));
1548 ASSERT_TRUE(ns_get_local_string_shared != nullptr) << dlerror();
1549
1550 ASSERT_STREQ("This string is local to root library", ns_get_local_string());
1551 ASSERT_STREQ("This string is local to root library", ns_get_local_string_shared());
1552 ASSERT_TRUE(ns_get_local_string() != ns_get_local_string_shared());
1553
1554 fn_t ns_get_private_extern_string =
1555 reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_private_extern_string"));
1556 ASSERT_TRUE(ns_get_private_extern_string != nullptr) << dlerror();
1557 fn_t ns_get_private_extern_string_shared =
1558 reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_private_extern_string"));
1559 ASSERT_TRUE(ns_get_private_extern_string_shared() != nullptr) << dlerror();
1560
1561 ASSERT_STREQ("This string is from private namespace", ns_get_private_extern_string());
1562 ASSERT_STREQ("This string is from private namespace", ns_get_private_extern_string_shared());
1563 ASSERT_TRUE(ns_get_private_extern_string() != ns_get_private_extern_string_shared());
1564
1565 fn_t ns_get_public_extern_string =
1566 reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_public_extern_string"));
1567 ASSERT_TRUE(ns_get_public_extern_string != nullptr) << dlerror();
1568 fn_t ns_get_public_extern_string_shared =
1569 reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_public_extern_string"));
1570 ASSERT_TRUE(ns_get_public_extern_string_shared != nullptr) << dlerror();
1571
1572 ASSERT_STREQ("This string is from public namespace", ns_get_public_extern_string());
1573 ASSERT_STREQ("This string is from public namespace", ns_get_public_extern_string_shared());
1574 ASSERT_TRUE(ns_get_public_extern_string() == ns_get_public_extern_string_shared());
1575
1576 fn_t ns_get_dlopened_string = reinterpret_cast<fn_t>(dlsym(handle1, "ns_get_dlopened_string"));
1577 ASSERT_TRUE(ns_get_dlopened_string != nullptr) << dlerror();
1578 fn_t ns_get_dlopened_string_shared = reinterpret_cast<fn_t>(dlsym(handle2, "ns_get_dlopened_string"));
1579 ASSERT_TRUE(ns_get_dlopened_string_shared != nullptr) << dlerror();
1580 const char** ns_dlopened_string = static_cast<const char**>(dlsym(handle_dlopened, "g_private_dlopened_string"));
1581 ASSERT_TRUE(ns_dlopened_string != nullptr) << dlerror();
1582
1583 ASSERT_STREQ("This string is from private namespace (dlopened library)", ns_get_dlopened_string());
1584 ASSERT_STREQ("This string is from private namespace (dlopened library)", *ns_dlopened_string);
1585 ASSERT_STREQ("This string is from private namespace (dlopened library)", ns_get_dlopened_string_shared());
1586 ASSERT_TRUE(ns_get_dlopened_string() != ns_get_dlopened_string_shared());
1587 ASSERT_TRUE(*ns_dlopened_string == ns_get_dlopened_string_shared());
1588
1589 dlclose(handle1);
1590 dlclose(handle2);
1591 }
1592
TEST(dlext,ns_shared_links_and_paths)1593 TEST(dlext, ns_shared_links_and_paths) {
1594 // Create parent namespace (isolated, not shared)
1595 android_namespace_t* ns_isolated =
1596 android_create_namespace("private_isolated",
1597 nullptr,
1598 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1599 ANDROID_NAMESPACE_TYPE_ISOLATED,
1600 (GetTestLibRoot() + "/public_namespace_libs").c_str(),
1601 nullptr);
1602 ASSERT_TRUE(ns_isolated != nullptr) << dlerror();
1603 ASSERT_TRUE(android_link_namespaces(ns_isolated, nullptr, g_core_shared_libs.c_str())) << dlerror();
1604
1605 // Create shared namespace with ns_isolated parent
1606 android_namespace_t* ns_shared =
1607 android_create_namespace("private_shared",
1608 nullptr,
1609 nullptr,
1610 ANDROID_NAMESPACE_TYPE_SHARED | ANDROID_NAMESPACE_TYPE_ISOLATED,
1611 nullptr,
1612 ns_isolated);
1613 ASSERT_TRUE(ns_shared != nullptr) << dlerror();
1614
1615 // 1. Load a library in ns_shared to check that it has inherited
1616 // search path and the link to the default namespace.
1617 android_dlextinfo extinfo;
1618 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1619 extinfo.library_namespace = ns_shared;
1620
1621 {
1622 void* handle = android_dlopen_ext("libnstest_private.so", RTLD_NOW, &extinfo);
1623 ASSERT_TRUE(handle != nullptr) << dlerror();
1624 const char** ns_private_extern_string = static_cast<const char**>(dlsym(handle, "g_private_extern_string"));
1625 ASSERT_TRUE(ns_private_extern_string != nullptr) << dlerror();
1626 ASSERT_STREQ("This string is from private namespace", *ns_private_extern_string);
1627
1628 dlclose(handle);
1629 }
1630 // 2. Load another test library by absolute path to check that
1631 // it has inherited permitted_when_isolated_path
1632 {
1633 void* handle = android_dlopen_ext(
1634 (GetTestLibRoot() + "/public_namespace_libs/libnstest_public.so").c_str(),
1635 RTLD_NOW,
1636 &extinfo);
1637
1638 ASSERT_TRUE(handle != nullptr) << dlerror();
1639 const char** ns_public_extern_string = static_cast<const char**>(dlsym(handle, "g_public_extern_string"));
1640 ASSERT_TRUE(ns_public_extern_string != nullptr) << dlerror();
1641 ASSERT_STREQ("This string is from public namespace", *ns_public_extern_string);
1642
1643 dlclose(handle);
1644 }
1645
1646 // 3. Check that it is still isolated.
1647 {
1648 void* handle = android_dlopen_ext(
1649 (GetTestLibRoot() + "/libtest_empty.so").c_str(),
1650 RTLD_NOW,
1651 &extinfo);
1652
1653 ASSERT_TRUE(handle == nullptr);
1654 }
1655 }
1656
TEST(dlext,ns_shared_dlclose)1657 TEST(dlext, ns_shared_dlclose) {
1658 android_set_application_target_sdk_version(42U); // something > 23
1659
1660 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr)) << dlerror();
1661
1662 // preload this library to the default namespace to check if it
1663 // is shared later on.
1664 void* handle_dlopened =
1665 dlopen((GetTestLibRoot() + "/private_namespace_libs/libnstest_dlopened.so").c_str(), RTLD_NOW);
1666 ASSERT_TRUE(handle_dlopened != nullptr) << dlerror();
1667
1668 android_namespace_t* ns_isolated_shared =
1669 android_create_namespace("private_isolated_shared",
1670 nullptr,
1671 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1672 ANDROID_NAMESPACE_TYPE_ISOLATED | ANDROID_NAMESPACE_TYPE_SHARED,
1673 nullptr,
1674 nullptr);
1675 ASSERT_TRUE(ns_isolated_shared != nullptr) << dlerror();
1676 ASSERT_TRUE(android_link_namespaces(ns_isolated_shared, nullptr, g_core_shared_libs.c_str())) << dlerror();
1677
1678 // Check if "libnstest_dlopened.so" is loaded (and the same)
1679 android_dlextinfo extinfo;
1680 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1681 extinfo.library_namespace = ns_isolated_shared;
1682
1683 void* handle = android_dlopen_ext("libnstest_dlopened.so", RTLD_NOW | RTLD_NOLOAD, &extinfo);
1684 ASSERT_TRUE(handle != nullptr) << dlerror();
1685 ASSERT_TRUE(handle == handle_dlopened);
1686 dlclose(handle);
1687 dlclose(handle_dlopened);
1688
1689 // And now check that the library cannot be found by soname (and is no longer loaded)
1690 handle = android_dlopen_ext("libnstest_dlopened.so", RTLD_NOW | RTLD_NOLOAD, &extinfo);
1691 ASSERT_TRUE(handle == nullptr)
1692 << "Error: libnstest_dlopened.so is still accessible in shared namespace";
1693
1694 handle = android_dlopen_ext((GetTestLibRoot() + "/private_namespace_libs/libnstest_dlopened.so").c_str(),
1695 RTLD_NOW | RTLD_NOLOAD, &extinfo);
1696 ASSERT_TRUE(handle == nullptr)
1697 << "Error: libnstest_dlopened.so is still accessible in shared namespace";
1698
1699 handle = dlopen("libnstest_dlopened.so", RTLD_NOW | RTLD_NOLOAD);
1700 ASSERT_TRUE(handle == nullptr)
1701 << "Error: libnstest_dlopened.so is still accessible in default namespace";
1702
1703 handle = dlopen((GetTestLibRoot() + "/private_namespace_libs/libnstest_dlopened.so").c_str(),
1704 RTLD_NOW | RTLD_NOLOAD);
1705 ASSERT_TRUE(handle == nullptr)
1706 << "Error: libnstest_dlopened.so is still accessible in default namespace";
1707
1708 // Now lets see if the soinfo area gets reused in the wrong way:
1709 // load a library to default namespace.
1710 const std::string lib_public_path = GetTestLibRoot() + "/public_namespace_libs/" + g_public_lib;
1711 void* handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW);
1712 ASSERT_TRUE(handle_public != nullptr) << dlerror();
1713
1714 // try to find it in shared namespace
1715 handle = android_dlopen_ext(g_public_lib, RTLD_NOW | RTLD_NOLOAD, &extinfo);
1716 ASSERT_TRUE(handle == nullptr)
1717 << "Error: " << g_public_lib << " is accessible in shared namespace";
1718 }
1719
TEST(dlext,ns_isolated_rtld_global)1720 TEST(dlext, ns_isolated_rtld_global) {
1721 static const char* root_lib = "libnstest_root.so";
1722 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1723
1724 const std::string lib_public_path = GetTestLibRoot() + "/public_namespace_libs";
1725
1726 android_namespace_t* ns1 =
1727 android_create_namespace("isolated1",
1728 nullptr,
1729 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1730 ANDROID_NAMESPACE_TYPE_ISOLATED,
1731 lib_public_path.c_str(),
1732 nullptr);
1733 ASSERT_TRUE(ns1 != nullptr) << dlerror();
1734 ASSERT_TRUE(android_link_namespaces(ns1, nullptr, g_core_shared_libs.c_str())) << dlerror();
1735
1736 android_namespace_t* ns2 =
1737 android_create_namespace("isolated2",
1738 nullptr,
1739 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1740 ANDROID_NAMESPACE_TYPE_ISOLATED,
1741 lib_public_path.c_str(),
1742 nullptr);
1743 ASSERT_TRUE(ns2 != nullptr) << dlerror();
1744 ASSERT_TRUE(android_link_namespaces(ns2, nullptr, g_core_shared_libs.c_str())) << dlerror();
1745
1746 android_dlextinfo extinfo;
1747 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1748 extinfo.library_namespace = ns1;
1749
1750 void* handle_global = android_dlopen_ext((lib_public_path + "/" + g_public_lib).c_str(),
1751 RTLD_GLOBAL,
1752 &extinfo);
1753
1754 ASSERT_TRUE(handle_global != nullptr) << dlerror();
1755
1756 android_namespace_t* ns1_child =
1757 android_create_namespace("isolated1_child",
1758 nullptr,
1759 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1760 ANDROID_NAMESPACE_TYPE_ISOLATED,
1761 nullptr,
1762 ns1);
1763
1764 ASSERT_TRUE(ns1_child != nullptr) << dlerror();
1765 ASSERT_TRUE(android_link_namespaces(ns1_child, nullptr, g_core_shared_libs.c_str())) << dlerror();
1766
1767 // Now - only ns1 and ns1 child should be able to dlopen root_lib
1768 // attempt to use ns2 should result in dlerror()
1769
1770 // Check ns1_child first.
1771 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1772 extinfo.library_namespace = ns1_child;
1773
1774 void* handle1 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
1775 ASSERT_TRUE(handle1 != nullptr) << dlerror();
1776
1777 // now ns1
1778 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1779 extinfo.library_namespace = ns1;
1780
1781 handle1 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
1782 ASSERT_TRUE(handle1 != nullptr) << dlerror();
1783
1784 // and ns2 should fail
1785 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1786 extinfo.library_namespace = ns2;
1787
1788 handle1 = android_dlopen_ext(root_lib, RTLD_NOW, &extinfo);
1789 ASSERT_TRUE(handle1 == nullptr);
1790 ASSERT_MATCH(
1791 dlerror(),
1792 R"(dlopen failed: library "libnstest_public.so" not found: needed by \S+libnstest_root.so)"
1793 R"( in namespace isolated2)");
1794 }
1795
TEST(dlext,ns_inaccessible_error_message)1796 TEST(dlext, ns_inaccessible_error_message) {
1797 // We set up 2 namespaces (a and b) and link a->b with a shared library
1798 // libtestshared.so. Then try to dlopen different library with the same
1799 // name from in namespace a. Note that library should not be accessible
1800 // in either namespace but since it's soname is in the list of shared libs
1801 // the linker will attempt to find it in linked namespace.
1802 //
1803 // Check the error message and make sure it mentions correct namespace name.
1804 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1805
1806 android_namespace_t* ns_a =
1807 android_create_namespace("ns_a",
1808 nullptr,
1809 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1810 ANDROID_NAMESPACE_TYPE_ISOLATED,
1811 nullptr,
1812 nullptr);
1813 ASSERT_TRUE(ns_a != nullptr) << dlerror();
1814 ASSERT_TRUE(android_link_namespaces(ns_a, nullptr, g_core_shared_libs.c_str())) << dlerror();
1815
1816 android_namespace_t* ns_b =
1817 android_create_namespace("ns_b",
1818 nullptr,
1819 GetTestLibRoot().c_str(),
1820 ANDROID_NAMESPACE_TYPE_ISOLATED,
1821 nullptr,
1822 nullptr);
1823 ASSERT_TRUE(ns_b != nullptr) << dlerror();
1824 ASSERT_TRUE(android_link_namespaces(ns_b, nullptr, g_core_shared_libs.c_str())) << dlerror();
1825
1826 ASSERT_TRUE(android_link_namespaces(ns_a, ns_b, "libtestshared.so")) << dlerror();
1827
1828 android_dlextinfo extinfo;
1829 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1830 extinfo.library_namespace = ns_a;
1831
1832 std::string library_path = GetTestLibRoot() + "/inaccessible_libs/libtestshared.so";
1833
1834 void* handle = android_dlopen_ext(library_path.c_str(), RTLD_NOW, &extinfo);
1835 ASSERT_TRUE(handle == nullptr);
1836 std::string expected_dlerror =
1837 android::base::StringPrintf("dlopen failed: library \"%s\" needed or dlopened by \"%s\""
1838 " is not accessible for the namespace \"ns_a\"",
1839 library_path.c_str(),
1840 android::base::GetExecutablePath().c_str());
1841 ASSERT_EQ(expected_dlerror, dlerror());
1842 }
1843
1844 extern "C" bool __loader_android_link_namespaces_all_libs(android_namespace_t* namespace_from,
1845 android_namespace_t* namespace_to);
1846
TEST(dlext,ns_link_namespaces_invalid_arguments)1847 TEST(dlext, ns_link_namespaces_invalid_arguments) {
1848 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1849
1850 android_namespace_t* ns =
1851 android_create_namespace("private",
1852 nullptr,
1853 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1854 ANDROID_NAMESPACE_TYPE_REGULAR,
1855 nullptr,
1856 nullptr);
1857 ASSERT_TRUE(ns != nullptr) << dlerror();
1858
1859 // Test android_link_namespaces()
1860 ASSERT_FALSE(android_link_namespaces(nullptr, nullptr, "libc.so"));
1861 ASSERT_STREQ("android_link_namespaces failed: error linking namespaces: namespace_from is null.",
1862 dlerror());
1863
1864 ASSERT_FALSE(android_link_namespaces(ns, nullptr, nullptr));
1865 ASSERT_STREQ("android_link_namespaces failed: "
1866 "error linking namespaces \"private\"->\"(default)\": "
1867 "the list of shared libraries is empty.", dlerror());
1868
1869 ASSERT_FALSE(android_link_namespaces(ns, nullptr, ""));
1870 ASSERT_STREQ("android_link_namespaces failed: "
1871 "error linking namespaces \"private\"->\"(default)\": "
1872 "the list of shared libraries is empty.", dlerror());
1873
1874 // Test __loader_android_link_namespaces_all_libs()
1875 ASSERT_FALSE(__loader_android_link_namespaces_all_libs(nullptr, nullptr));
1876 ASSERT_STREQ("android_link_namespaces_all_libs failed: "
1877 "error linking namespaces: namespace_from is null.", dlerror());
1878
1879 ASSERT_FALSE(__loader_android_link_namespaces_all_libs(nullptr, ns));
1880 ASSERT_STREQ("android_link_namespaces_all_libs failed: "
1881 "error linking namespaces: namespace_from is null.", dlerror());
1882
1883 ASSERT_FALSE(__loader_android_link_namespaces_all_libs(ns, nullptr));
1884 ASSERT_STREQ("android_link_namespaces_all_libs failed: "
1885 "error linking namespaces: namespace_to is null.", dlerror());
1886 }
1887
TEST(dlext,ns_allow_all_shared_libs)1888 TEST(dlext, ns_allow_all_shared_libs) {
1889 ASSERT_TRUE(android_init_anonymous_namespace(g_core_shared_libs.c_str(), nullptr));
1890
1891 android_namespace_t* ns_a =
1892 android_create_namespace("ns_a",
1893 nullptr,
1894 (GetTestLibRoot() + "/ns_a").c_str(),
1895 ANDROID_NAMESPACE_TYPE_ISOLATED,
1896 nullptr,
1897 nullptr);
1898 ASSERT_TRUE(ns_a != nullptr) << dlerror();
1899 ASSERT_TRUE(android_link_namespaces(ns_a, nullptr, g_core_shared_libs.c_str())) << dlerror();
1900
1901 android_namespace_t* ns_b =
1902 android_create_namespace("ns_b",
1903 nullptr,
1904 (GetTestLibRoot() + "/ns_b").c_str(),
1905 ANDROID_NAMESPACE_TYPE_ISOLATED,
1906 nullptr,
1907 nullptr);
1908 ASSERT_TRUE(ns_b != nullptr) << dlerror();
1909 ASSERT_TRUE(android_link_namespaces(ns_b, nullptr, g_core_shared_libs.c_str())) << dlerror();
1910
1911 ASSERT_TRUE(android_link_namespaces(ns_b, ns_a, "libnstest_ns_a_public1.so")) << dlerror();
1912 ASSERT_TRUE(__loader_android_link_namespaces_all_libs(ns_a, ns_b)) << dlerror();
1913
1914 // Load libs with android_dlopen_ext() from namespace b
1915 android_dlextinfo extinfo;
1916 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
1917 extinfo.library_namespace = ns_b;
1918
1919 void* ns_b_handle1 = android_dlopen_ext("libnstest_ns_a_public1.so", RTLD_NOW, &extinfo);
1920 ASSERT_TRUE(ns_b_handle1 != nullptr) << dlerror();
1921
1922 void* ns_b_handle1_internal =
1923 android_dlopen_ext("libnstest_ns_a_public1_internal.so", RTLD_NOW, &extinfo);
1924 ASSERT_TRUE(ns_b_handle1_internal == nullptr);
1925
1926 void* ns_b_handle2 = android_dlopen_ext("libnstest_ns_b_public2.so", RTLD_NOW, &extinfo);
1927 ASSERT_TRUE(ns_b_handle2 != nullptr) << dlerror();
1928
1929 void* ns_b_handle3 = android_dlopen_ext("libnstest_ns_b_public3.so", RTLD_NOW, &extinfo);
1930 ASSERT_TRUE(ns_b_handle3 != nullptr) << dlerror();
1931
1932 // Load libs with android_dlopen_ext() from namespace a
1933 extinfo.library_namespace = ns_a;
1934
1935 void* ns_a_handle1 = android_dlopen_ext("libnstest_ns_a_public1.so", RTLD_NOW, &extinfo);
1936 ASSERT_TRUE(ns_a_handle1 != nullptr) << dlerror();
1937
1938 void* ns_a_handle1_internal =
1939 android_dlopen_ext("libnstest_ns_a_public1_internal.so", RTLD_NOW, &extinfo);
1940 ASSERT_TRUE(ns_a_handle1_internal != nullptr) << dlerror();
1941
1942 void* ns_a_handle2 = android_dlopen_ext("libnstest_ns_b_public2.so", RTLD_NOW, &extinfo);
1943 ASSERT_TRUE(ns_a_handle2 != nullptr) << dlerror();
1944
1945 void* ns_a_handle3 = android_dlopen_ext("libnstest_ns_b_public3.so", RTLD_NOW, &extinfo);
1946 ASSERT_TRUE(ns_a_handle3 != nullptr) << dlerror();
1947
1948 // Compare the dlopen handle
1949 ASSERT_EQ(ns_b_handle1, ns_a_handle1);
1950 ASSERT_EQ(ns_b_handle2, ns_a_handle2);
1951 ASSERT_EQ(ns_b_handle3, ns_a_handle3);
1952
1953 // Close libs
1954 dlclose(ns_b_handle1);
1955 dlclose(ns_b_handle2);
1956 dlclose(ns_b_handle3);
1957
1958 dlclose(ns_a_handle1);
1959 dlclose(ns_a_handle1_internal);
1960 dlclose(ns_a_handle2);
1961 dlclose(ns_a_handle3);
1962 }
1963
MapPflagsToProtFlags(uint32_t flags)1964 static inline int MapPflagsToProtFlags(uint32_t flags) {
1965 int prot_flags = 0;
1966 if (PF_X & flags) prot_flags |= PROT_EXEC;
1967 if (PF_W & flags) prot_flags |= PROT_WRITE;
1968 if (PF_R & flags) prot_flags |= PROT_READ;
1969 return prot_flags;
1970 }
1971
TEST(dlext,ns_anonymous)1972 TEST(dlext, ns_anonymous) {
1973 static const char* root_lib = "libnstest_root.so";
1974 std::string shared_libs = g_core_shared_libs + ":" + g_public_lib;
1975
1976 const std::string lib_public_path = GetTestLibRoot() + "/public_namespace_libs/" + g_public_lib;
1977 void* handle_public = dlopen(lib_public_path.c_str(), RTLD_NOW);
1978
1979 ASSERT_TRUE(handle_public != nullptr) << dlerror();
1980
1981 ASSERT_TRUE(
1982 android_init_anonymous_namespace(shared_libs.c_str(),
1983 (GetTestLibRoot() + "/private_namespace_libs").c_str())
1984 ) << dlerror();
1985
1986 android_namespace_t* ns =
1987 android_create_namespace("private",
1988 nullptr,
1989 (GetTestLibRoot() + "/private_namespace_libs").c_str(),
1990 ANDROID_NAMESPACE_TYPE_REGULAR,
1991 nullptr,
1992 nullptr);
1993
1994 ASSERT_TRUE(ns != nullptr) << dlerror();
1995 ASSERT_TRUE(android_link_namespaces(ns, nullptr, shared_libs.c_str())) << dlerror();
1996
1997 std::string private_library_absolute_path = GetTestLibRoot() + "/private_namespace_libs/" + root_lib;
1998
1999 android_dlextinfo extinfo;
2000 extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
2001 extinfo.library_namespace = ns;
2002
2003 // we are going to copy this library to anonymous mmap and call the copy of ns_get_dlopened_string
2004 void* handle = android_dlopen_ext(private_library_absolute_path.c_str(), RTLD_NOW, &extinfo);
2005 ASSERT_TRUE(handle != nullptr) << dlerror();
2006
2007 uintptr_t ns_get_dlopened_string_addr =
2008 reinterpret_cast<uintptr_t>(dlsym(handle, "ns_get_dlopened_string"));
2009 ASSERT_TRUE(ns_get_dlopened_string_addr != 0) << dlerror();
2010 typedef const char* (*fn_t)();
2011 fn_t ns_get_dlopened_string_private = reinterpret_cast<fn_t>(ns_get_dlopened_string_addr);
2012
2013 Dl_info private_library_info;
2014 ASSERT_NE(dladdr(reinterpret_cast<void*>(ns_get_dlopened_string_addr), &private_library_info), 0)
2015 << dlerror();
2016 std::vector<map_record> maps_to_copy;
2017 bool has_executable_segment = false;
2018 uintptr_t addr_start = 0;
2019 uintptr_t addr_end = 0;
2020 std::tuple dl_iterate_arg = {&private_library_info, &maps_to_copy, &has_executable_segment,
2021 &addr_start, &addr_end};
2022 ASSERT_EQ(
2023 1, dl_iterate_phdr(
2024 [](dl_phdr_info* info, size_t /*size*/, void* data) -> int {
2025 auto [private_library_info, maps_to_copy, has_executable_segment, addr_start,
2026 addr_end] = *reinterpret_cast<decltype(dl_iterate_arg)*>(data);
2027 if (info->dlpi_addr != reinterpret_cast<ElfW(Addr)>(private_library_info->dli_fbase))
2028 return 0;
2029
2030 for (size_t i = 0; i < info->dlpi_phnum; ++i) {
2031 const ElfW(Phdr)* phdr = info->dlpi_phdr + i;
2032 if (phdr->p_type != PT_LOAD) continue;
2033 *has_executable_segment |= phdr->p_flags & PF_X;
2034 uintptr_t mapping_start = page_start(info->dlpi_addr + phdr->p_vaddr);
2035 uintptr_t mapping_end = page_end(info->dlpi_addr + phdr->p_vaddr + phdr->p_memsz);
2036 if (*addr_start == 0 || mapping_start < *addr_start) *addr_start = mapping_start;
2037 if (*addr_end == 0 || mapping_end > *addr_end) *addr_end = mapping_end;
2038 maps_to_copy->push_back({
2039 .addr_start = mapping_start,
2040 .addr_end = mapping_end,
2041 .perms = MapPflagsToProtFlags(phdr->p_flags),
2042 });
2043 }
2044 return 1;
2045 },
2046 &dl_iterate_arg));
2047
2048 // Some validity checks.
2049 ASSERT_NE(maps_to_copy.size(), 0u);
2050 ASSERT_TRUE(addr_start > 0);
2051 ASSERT_TRUE(addr_end > 0);
2052 ASSERT_TRUE(ns_get_dlopened_string_addr > addr_start);
2053 ASSERT_TRUE(ns_get_dlopened_string_addr < addr_end);
2054
2055 if (!has_executable_segment) {
2056 // For some natively bridged environments this code might be missing
2057 // the executable flag. This is because the guest code is not supposed
2058 // to be executed directly and making it non-executable is more secure.
2059 // In this case we assume the segment with the function is executable.
2060 for (auto& rec : maps_to_copy) {
2061 if (ns_get_dlopened_string_addr >= rec.addr_start &&
2062 ns_get_dlopened_string_addr < rec.addr_end) {
2063 ASSERT_TRUE((rec.perms & PROT_WRITE) == 0);
2064 rec.perms |= PROT_EXEC;
2065 break;
2066 }
2067 }
2068 }
2069
2070 // copy
2071 uintptr_t reserved_addr = reinterpret_cast<uintptr_t>(mmap(nullptr, addr_end - addr_start,
2072 PROT_NONE, MAP_ANON | MAP_PRIVATE,
2073 -1, 0));
2074 ASSERT_TRUE(reinterpret_cast<void*>(reserved_addr) != MAP_FAILED);
2075
2076 struct stat file_stat;
2077 int ret = TEMP_FAILURE_RETRY(stat(private_library_absolute_path.c_str(), &file_stat));
2078 ASSERT_EQ(ret, 0) << "Failed to stat library";
2079 size_t file_size = file_stat.st_size;
2080
2081 {
2082 // Disable MTE while copying the PROT_MTE-protected global variables from
2083 // the existing mappings. We don't really care about turning on PROT_MTE for
2084 // the new copy of the mappings, as this isn't the behaviour under test and
2085 // tags will be ignored. This only applies for MTE-enabled devices.
2086 ScopedDisableMTE disable_mte_for_copying_global_variables;
2087 for (const auto& rec : maps_to_copy) {
2088 uintptr_t offset = rec.addr_start - addr_start;
2089 size_t size = rec.addr_end - rec.addr_start;
2090 void* addr = reinterpret_cast<void*>(reserved_addr + offset);
2091 void* map =
2092 mmap(addr, size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
2093 ASSERT_TRUE(map != MAP_FAILED);
2094 // Attempting the below memcpy from a portion of the map that is off the end of
2095 // the backing file will cause the kernel to throw a SIGBUS
2096 size_t _size =
2097 ::android::procinfo::MappedFileSize(rec.addr_start, rec.addr_end, rec.offset, file_size);
2098 memcpy(map, reinterpret_cast<void*>(rec.addr_start), _size);
2099 mprotect(map, size, rec.perms);
2100 }
2101 }
2102
2103 // call the function copy
2104 uintptr_t ns_get_dlopened_string_offset = ns_get_dlopened_string_addr - addr_start;
2105 fn_t ns_get_dlopened_string_anon = reinterpret_cast<fn_t>(reserved_addr + ns_get_dlopened_string_offset);
2106 ASSERT_STREQ("This string is from private namespace (dlopened library)",
2107 ns_get_dlopened_string_anon());
2108
2109 // They should belong to different namespaces (private and anonymous)
2110 ASSERT_STREQ("This string is from private namespace (dlopened library)",
2111 ns_get_dlopened_string_private());
2112
2113 ASSERT_TRUE(ns_get_dlopened_string_anon() != ns_get_dlopened_string_private());
2114 }
2115
TEST(dlext,ns_hidden_child)2116 TEST(dlext, ns_hidden_child) {
2117 ExecTestHelper eth;
2118
2119 std::string helper = GetTestLibRoot() + "/ns_hidden_child_helper";
2120 std::string app_ns_dir = GetTestLibRoot() + "/ns_hidden_child_app";
2121 eth.SetArgs({ helper.c_str(), app_ns_dir.c_str(), nullptr });
2122
2123 // Add the main libns_hidden_child_*.so libraries to the search path of the default namespace.
2124 std::string env = "LD_LIBRARY_PATH=" + GetTestLibRoot();
2125 eth.SetEnv({ env.c_str(), nullptr });
2126
2127 eth.Run([&]() { execve(helper.c_str(), eth.GetArgs(), eth.GetEnv()); }, 0,
2128 "public_function is non-null\n"
2129 "internal_function is null\n");
2130 }
2131
TEST(dlext,dlopen_handle_value_platform)2132 TEST(dlext, dlopen_handle_value_platform) {
2133 void* handle = dlopen("libtest_dlsym_from_this.so", RTLD_NOW | RTLD_LOCAL);
2134 ASSERT_TRUE((reinterpret_cast<uintptr_t>(handle) & 1) != 0)
2135 << "dlopen should return odd value for the handle";
2136 dlclose(handle);
2137 }
2138
TEST(dlext,dlopen_handle_value_app_compat)2139 TEST(dlext, dlopen_handle_value_app_compat) {
2140 android_set_application_target_sdk_version(23);
2141 void* handle = dlopen("libtest_dlsym_from_this.so", RTLD_NOW | RTLD_LOCAL);
2142 ASSERT_TRUE(reinterpret_cast<uintptr_t>(handle) % sizeof(uintptr_t) == 0)
2143 << "dlopen should return valid pointer";
2144 dlclose(handle);
2145 }
2146