commit 2d020e43fb098dde99d6f9a1c5f4aeebdda914ea
author Vic Yang <victoryang@google.com> Sat Jan 12 21:03:25 2019 -0800
committer Vic Yang <victoryang@google.com> Wed Mar 20 10:20:49 2019 -0700
tree 8e53ae0dc313d988ad66ea5892f4daf9e5349b08
parent ebdf4c19f9e034d7ec8e0e57539890d5c93eaed1

linker: Add support for "whitelisted" property in linker config files

In order to enable no-vendor-variant VNDK, we need a way to restrict a
namespace to only a list of whitelisted libraries.  We add a new
"whitelisted" property for this.  If the property is not set, all
libraries in the search paths are available in a namespace.  If the
property is set, only the libraries named are available.

Bug: 119423884
Test: Boot with no-vendor-variant VNDK enabled using the new property.
Change-Id: Id808c1733c8e2c2c3462b04c72461f9698403571

linker/linker_config_test.cpp

diff --git a/linker/linker_config_test.cpp b/linker/linker_config_test.cpp
index 6a55bb2..4937056 100644
--- a/linker/linker_config_test.cpp
+++ b/linker/linker_config_test.cpp
@@ -56,6 +56,7 @@
   "enable.target.sdk.version = true\n"
   "additional.namespaces=system\n"
   "additional.namespaces+=vndk\n"
+  "additional.namespaces+=vndk_in_system\n"
   "namespace.default.isolated = true\n"
   "namespace.default.search.paths = /vendor/${LIB}\n"
   "namespace.default.permitted.paths = /vendor/${LIB}\n"
@@ -82,6 +83,12 @@
   "namespace.vndk.asan.search.paths += /system/${LIB}/vndk\n"
   "namespace.vndk.links = default\n"
   "namespace.vndk.link.default.allow_all_shared_libs = true\n"
+  "namespace.vndk.link.vndk_in_system.allow_all_shared_libs = true\n"
+  "namespace.vndk_in_system.isolated = true\n"
+  "namespace.vndk_in_system.visible = true\n"
+  "namespace.vndk_in_system.search.paths = /system/${LIB}\n"
+  "namespace.vndk_in_system.permitted.paths = /system/${LIB}\n"
+  "namespace.vndk_in_system.whitelisted = libz.so:libyuv.so:libtinyxml2.so\n"
   "\n";
 
 static bool write_version(const std::string& path, uint32_t version) {
@@ -165,20 +172,24 @@
   ASSERT_FALSE(default_ns_links[1].allow_all_shared_libs());
 
   auto& ns_configs = config->namespace_configs();
-  ASSERT_EQ(3U, ns_configs.size());
+  ASSERT_EQ(4U, ns_configs.size());
 
   // find second namespace
   const NamespaceConfig* ns_system = nullptr;
   const NamespaceConfig* ns_vndk = nullptr;
+  const NamespaceConfig* ns_vndk_in_system = nullptr;
   for (auto& ns : ns_configs) {
     std::string ns_name = ns->name();
-    ASSERT_TRUE(ns_name == "system" || ns_name == "default" || ns_name == "vndk")
+    ASSERT_TRUE(ns_name == "system" || ns_name == "default" ||
+                ns_name == "vndk" || ns_name == "vndk_in_system")
         << "unexpected ns name: " << ns->name();
 
     if (ns_name == "system") {
       ns_system = ns.get();
     } else if (ns_name == "vndk") {
       ns_vndk = ns.get();
+    } else if (ns_name == "vndk_in_system") {
+      ns_vndk_in_system = ns.get();
     }
   }
 
@@ -199,6 +210,11 @@
   ASSERT_EQ(1U, ns_vndk_links.size());
   ASSERT_EQ("default", ns_vndk_links[0].ns_name());
   ASSERT_TRUE(ns_vndk_links[0].allow_all_shared_libs());
+
+  ASSERT_TRUE(ns_vndk_in_system != nullptr) << "vndk_in_system namespace was not found";
+  ASSERT_EQ(
+      std::vector<std::string>({"libz.so", "libyuv.so", "libtinyxml2.so"}),
+      ns_vndk_in_system->whitelisted_libs());
 }
 
 TEST(linker_config, smoke) {