commit 9ee4591cb4a23b3c1a899f5ae3e4d769d0ba5a15
author Logan Chien <loganchien@google.com> Thu Jan 18 12:05:09 2018 +0800
committer Logan Chien <loganchien@google.com> Thu Jan 25 14:45:29 2018 +0800
tree 317be1850b14a18f65bc8c9247971318c7606307
parent 73871ad09be8a8259171d606c4e3e3cf08d4733c

linker: Allow link namespaces without name filters

This commit allows users to create a link without soname filters between
two linker namespaces.

The motivation is to establish one-way shared library isolation.  For
example, assume that there are two linker namespaces `default` and
`vndk`.  We would like to limit the shared libraries that can be used by
the `default` namespace.  In the meanwhile, we would like to allow the
`vndk` namespace to use shared libs from the `default` namespace if the
soname cannot be find in the search path or loaded sonames of the `vndk`
namespace.

          shared_libs  = %VNDK_CORE_LIBRARIES%
          shared_libs += %VNDK_SAMEPROCESS_LIBRARIES%
    vndk <-------------------------------------------- default
       \_______________________________________________/^
                allow_all_shared_libs = true

android_link_namespaces_all_libs() is added to libdl, but it is
versioned as LIBC_PRIVATE.  android_link_namespaces_all_libs() is only
for unit tests.

Bug: 69824336

Test: adb shell /data/nativetest/linker-unit-tests/linker-unit-tests32
Test: adb shell /data/nativetest64/linker-unit-tests/linker-unit-tests64

Test: adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests

Test: Update /system/etc/ld.config*.txt and check whether the vndk
linker namespace of the vendor process can access the shared libs from
the default linker namespace.

Change-Id: I2879f0c5f5af60c7e56f8f743ebd2872e552286b

linker/linker_config.h

diff --git a/linker/linker_config.h b/linker/linker_config.h
index dde9362..0c50d57 100644
--- a/linker/linker_config.h
+++ b/linker/linker_config.h
@@ -43,8 +43,10 @@
 class NamespaceLinkConfig {
  public:
   NamespaceLinkConfig() = default;
-  NamespaceLinkConfig(const std::string& ns_name, const std::string& shared_libs)
-      : ns_name_(ns_name), shared_libs_(shared_libs)  {}
+  NamespaceLinkConfig(const std::string& ns_name, const std::string& shared_libs,
+                      bool allow_all_shared_libs)
+      : ns_name_(ns_name), shared_libs_(shared_libs),
+        allow_all_shared_libs_(allow_all_shared_libs) {}
 
   const std::string& ns_name() const {
     return ns_name_;
@@ -54,9 +56,14 @@
     return shared_libs_;
   }
 
+  bool allow_all_shared_libs() const {
+    return allow_all_shared_libs_;
+  }
+
  private:
   std::string ns_name_;
   std::string shared_libs_;
+  bool allow_all_shared_libs_;
 };
 
 class NamespaceConfig {
@@ -89,8 +96,9 @@
     return namespace_links_;
   }
 
-  void add_namespace_link(const std::string& ns_name, const std::string& shared_libs) {
-    namespace_links_.push_back(NamespaceLinkConfig(ns_name, shared_libs));
+  void add_namespace_link(const std::string& ns_name, const std::string& shared_libs,
+                          bool allow_all_shared_libs) {
+    namespace_links_.push_back(NamespaceLinkConfig(ns_name, shared_libs, allow_all_shared_libs));
   }
 
   void set_isolated(bool isolated) {