Merge "Fix __clone_for_fork attributes"
diff --git a/linker/ld.config.format.md b/linker/ld.config.format.md
index f9fbcde..a16efa4 100644
--- a/linker/ld.config.format.md
+++ b/linker/ld.config.format.md
@@ -80,7 +80,9 @@
namespace.ns.links = default
namespace.ns.link.default.shared_libs = libc.so:libdl.so:libm.so:libstdc++.so
-# This defines what libraries are allowed to be loaded from ns1
+# [Deprecated] This defines what libraries are allowed to be loaded from ns1
namespace.ns1.whitelisted = libsomething.so
+# This defines what libraries are allowed to be loaded from ns1
+namespace.ns1.allowed_libs = libsomething2.so
```
diff --git a/linker/linker.cpp b/linker/linker.cpp
index 6da315e..9e0584e 100644
--- a/linker/linker.cpp
+++ b/linker/linker.cpp
@@ -3500,7 +3500,7 @@
ns->set_isolated(ns_config->isolated());
ns->set_default_library_paths(ns_config->search_paths());
ns->set_permitted_paths(ns_config->permitted_paths());
- ns->set_whitelisted_libs(ns_config->whitelisted_libs());
+ ns->set_allowed_libs(ns_config->allowed_libs());
namespaces[ns_config->name()] = ns;
if (ns_config->visible()) {
diff --git a/linker/linker_config.cpp b/linker/linker_config.cpp
index aaa3a03..1771e87 100644
--- a/linker/linker_config.cpp
+++ b/linker/linker_config.cpp
@@ -326,7 +326,8 @@
(*properties)[name].append_value(std::move(value));
} else if (android::base::EndsWith(name, ".paths") ||
android::base::EndsWith(name, ".shared_libs") ||
- android::base::EndsWith(name, ".whitelisted")) {
+ android::base::EndsWith(name, ".whitelisted") ||
+ android::base::EndsWith(name, ".allowed_libs")) {
value = ":" + value;
(*properties)[name].append_value(std::move(value));
} else {
@@ -564,10 +565,15 @@
ns_config->set_isolated(properties.get_bool(property_name_prefix + ".isolated"));
ns_config->set_visible(properties.get_bool(property_name_prefix + ".visible"));
- std::string whitelisted =
+ std::string allowed_libs =
properties.get_string(property_name_prefix + ".whitelisted", &lineno);
- if (!whitelisted.empty()) {
- ns_config->set_whitelisted_libs(android::base::Split(whitelisted, ":"));
+ const std::string libs = properties.get_string(property_name_prefix + ".allowed_libs", &lineno);
+ if (!allowed_libs.empty() && !libs.empty()) {
+ allowed_libs += ":";
+ }
+ allowed_libs += libs;
+ if (!allowed_libs.empty()) {
+ ns_config->set_allowed_libs(android::base::Split(allowed_libs, ":"));
}
// these are affected by is_asan flag
diff --git a/linker/linker_config.h b/linker/linker_config.h
index 6733148..fe23ec1 100644
--- a/linker/linker_config.h
+++ b/linker/linker_config.h
@@ -98,9 +98,7 @@
return permitted_paths_;
}
- const std::vector<std::string>& whitelisted_libs() const {
- return whitelisted_libs_;
- }
+ const std::vector<std::string>& allowed_libs() const { return allowed_libs_; }
const std::vector<NamespaceLinkConfig>& links() const {
return namespace_links_;
@@ -127,16 +125,17 @@
permitted_paths_ = std::move(permitted_paths);
}
- void set_whitelisted_libs(std::vector<std::string>&& whitelisted_libs) {
- whitelisted_libs_ = std::move(whitelisted_libs);
+ void set_allowed_libs(std::vector<std::string>&& allowed_libs) {
+ allowed_libs_ = std::move(allowed_libs);
}
+
private:
const std::string name_;
bool isolated_;
bool visible_;
std::vector<std::string> search_paths_;
std::vector<std::string> permitted_paths_;
- std::vector<std::string> whitelisted_libs_;
+ std::vector<std::string> allowed_libs_;
std::vector<NamespaceLinkConfig> namespace_links_;
DISALLOW_IMPLICIT_CONSTRUCTORS(NamespaceConfig);
diff --git a/linker/linker_config_test.cpp b/linker/linker_config_test.cpp
index 3caa4d4..acdf641 100644
--- a/linker/linker_config_test.cpp
+++ b/linker/linker_config_test.cpp
@@ -91,6 +91,8 @@
"namespace.vndk_in_system.permitted.paths = /system/${LIB}\n"
"namespace.vndk_in_system.whitelisted = libz.so:libyuv.so\n"
"namespace.vndk_in_system.whitelisted += libtinyxml2.so\n"
+ "namespace.vndk_in_system.allowed_libs = libfoo.so:libbar.so\n"
+ "namespace.vndk_in_system.allowed_libs += libtinyxml3.so\n"
"\n";
// clang-format on
@@ -215,9 +217,9 @@
ASSERT_TRUE(ns_vndk_links[0].allow_all_shared_libs());
ASSERT_TRUE(ns_vndk_in_system != nullptr) << "vndk_in_system namespace was not found";
- ASSERT_EQ(
- std::vector<std::string>({"libz.so", "libyuv.so", "libtinyxml2.so"}),
- ns_vndk_in_system->whitelisted_libs());
+ ASSERT_EQ(std::vector<std::string>({"libz.so", "libyuv.so", "libtinyxml2.so", "libfoo.so",
+ "libbar.so", "libtinyxml3.so"}),
+ ns_vndk_in_system->allowed_libs());
}
TEST(linker_config, smoke) {
diff --git a/linker/linker_namespaces.cpp b/linker/linker_namespaces.cpp
index b993689..5182129 100644
--- a/linker/linker_namespaces.cpp
+++ b/linker/linker_namespaces.cpp
@@ -39,10 +39,9 @@
return true;
}
- if (!whitelisted_libs_.empty()) {
+ if (!allowed_libs_.empty()) {
const char *lib_name = basename(file.c_str());
- if (std::find(whitelisted_libs_.begin(), whitelisted_libs_.end(),
- lib_name) == whitelisted_libs_.end()) {
+ if (std::find(allowed_libs_.begin(), allowed_libs_.end(), lib_name) == allowed_libs_.end()) {
return false;
}
}
diff --git a/linker/linker_namespaces.h b/linker/linker_namespaces.h
index 6843ebc..3c2dc20 100644
--- a/linker/linker_namespaces.h
+++ b/linker/linker_namespaces.h
@@ -118,14 +118,12 @@
permitted_paths_ = permitted_paths;
}
- const std::vector<std::string>& get_whitelisted_libs() const {
- return whitelisted_libs_;
+ const std::vector<std::string>& get_allowed_libs() const { return allowed_libs_; }
+ void set_allowed_libs(std::vector<std::string>&& allowed_libs) {
+ allowed_libs_ = std::move(allowed_libs);
}
- void set_whitelisted_libs(std::vector<std::string>&& whitelisted_libs) {
- whitelisted_libs_ = std::move(whitelisted_libs);
- }
- void set_whitelisted_libs(const std::vector<std::string>& whitelisted_libs) {
- whitelisted_libs_ = whitelisted_libs;
+ void set_allowed_libs(const std::vector<std::string>& allowed_libs) {
+ allowed_libs_ = allowed_libs;
}
const std::vector<android_namespace_link_t>& linked_namespaces() const {
@@ -176,7 +174,7 @@
std::vector<std::string> ld_library_paths_;
std::vector<std::string> default_library_paths_;
std::vector<std::string> permitted_paths_;
- std::vector<std::string> whitelisted_libs_;
+ std::vector<std::string> allowed_libs_;
// Loader looks into linked namespace if it was not able
// to find a library in this namespace. Note that library
// lookup in linked namespaces are limited by the list of