Commit Graph

602 Commits

Author SHA1 Message Date
Dmitriy Ivanov
dbe26fdcc7 Fix protected symbol lookups for mips
Bug: http://b/20694161
Change-Id: I5cc58034f9776e1db9cddc34abe48ef85f6048f4
2015-05-04 19:30:49 -07:00
Dmitriy Ivanov
f39cb63603 Lookup version info when relocating mips got
Bug: http://b/20693971
Bug: http://b/20139821
Change-Id: I28bd3bc44dafe048761b2c598facfe20320128c4
2015-04-30 20:17:03 -07:00
Dmitriy Ivanov
7e4bbbae4a Refactoring: move VersionTracker to link_image
Use one instance of VersionTracker per link (instead of 2).

Change-Id: I6860013df65f5969975c82ebdae8bd90a82e0a82
2015-04-30 19:49:19 -07:00
Dmitriy Ivanov
31b408d2c2 Refactoring: extract lookup_version_info(..)
Change-Id: I47f9c21a1738dc520fd83281c8227dc3a7e79650
2015-04-30 16:12:32 -07:00
Dmitriy Ivanov
f29640c2d8 Merge "linker: initialize system properties" 2015-04-29 23:44:57 +00:00
Dmitriy Ivanov
0373d4f473 Fix mips relocation to use load_bias as intended
Bug: http://b/20658994
Change-Id: I5a15605fe34db359e26d563e13841ae993083c4a
2015-04-29 14:41:06 -07:00
Dmitriy Ivanov
f8093a9485 Fix LD_PRELOAD for dlopen()
We did not set DF_1_GLOBAL flag for LD_PRELOADed
 libraries which led to the situation when ld_preloads
 where ignored during on dlopen()

Change-Id: I696b3b2506a8ed4c0984ad2c803210a7a4f8e686
2015-04-28 18:09:53 -07:00
Dmitriy Ivanov
b4e5067cab linker: initialize system properties
Bug: http://b/20567629
Bug: https://code.google.com/p/chromium/issues/detail?id=478886
Change-Id: I8d2d89b749015e7fcd6e7ea646911f2e617dd1ba
2015-04-28 15:52:52 -07:00
Dmitriy Ivanov
a85bcc2e99 linker: use libc's environ variable to store envp
This is to make getenv() work correctly.

Bug: http://b/20567629
Change-Id: I148627e1efea1649fb0822c95876811652fb4082
2015-04-28 14:21:36 -07:00
Dmitriy Ivanov
2ea504fed1 Remove outdated warning
It is ok to use malloc in linker.

Bug: http://b/20567629
Change-Id: I54183dbe8ebcd223a44e710e511c339688a65dba
2015-04-27 11:24:36 -07:00
Dmitriy Ivanov
18870d350c Always use signed leb128 decoder
Relocation packer no longer encodes relocation tables
  using unsigned leb128: https://android-review.googlesource.com/147745

Bug: http://b/18051137
Change-Id: I620b7188e5f3dd9d5123431aa1fc7feca76be607
2015-04-22 13:29:42 -07:00
Dmitriy Ivanov
3d7bea1fa0 Add library name to error message
Change-Id: I079e6f1dd95fe9cae2135fcd7358c51f8b584ac9
2015-04-20 17:40:39 -07:00
Dmitriy Ivanov
2a81536144 Support symbol versioning
Bug: http://b/20139821
Change-Id: I64122a0fb0960c20b2ce614161b7ab048456b681
2015-04-16 17:57:30 -07:00
Dmitriy Ivanov
aae859cc3c Add realpath for soinfo
This change adds realpath to soinfo and
  extends limit on filenames from 128 to PATH_MAX.

  It also removes soinfo::name field, linker uses
  dt_soname instead.

Bug: http://b/19818481
Bug: https://code.google.com/p/android/issues/detail?id=80336
Change-Id: I9cff4cb5bda3ee2bc74e1bbded9594ea7fbe2a08
2015-04-06 21:15:43 +00:00
Dmitriy Ivanov
aea165cb03 Merge "Add ANDROID_DLEXT_FORCE_LOAD flag" 2015-04-03 19:45:24 +00:00
Dmitriy Ivanov
9b82136b98 Add ANDROID_DLEXT_FORCE_LOAD flag
This flag allows to force loading of the library
  in the case when for some reason multiple ELF files
  share the same filename (because the already-loaded
  library has been removed and overwritten, for example).

Change-Id: I798d44409ee13d63eaa75d685e99c4d028d2b0c1
2015-04-03 10:50:48 -07:00
Dmitriy Ivanov
06b6e3c51d Merge "Look into local group on dlsym with RTLD_DEFAULT" 2015-04-02 21:55:01 +00:00
Dmitriy Ivanov
76ac1acdac Look into local group on dlsym with RTLD_DEFAULT
Fix dlsym to look into local group when called with
  RTLD_DEFAULT and RTLD_NEXT.

Bug: 17512583
Change-Id: I541354e89539c712af2ea4ec751e546913027084
2015-04-02 14:12:45 -07:00
Nick Kralevich
8fdb3419a5 linker: never mark pages simultaneously writable / executable
When the Android dynamic linker handles a text relocation,
it first relaxes the permissions on the segment being modified,
performs the modifications, and then restores the page permissions.
The relaxation worked by adding PROT_WRITE to whatever protection
bits were set in the section. In effect, the pages were getting set
to PROT_READ|PROT_WRITE|PROT_EXEC, modified, then restored to
PROT_READ|PROT_EXEC

The SELinux kernel code differentiates between 4 different kinds
of executable memory:
* Executable stack (execstack)
* Executable heap (execheap)
* File-based executable code which has been modified (execmod)
* All other executable memory (execmem)

The execmod capability is only triggered by the kernel when a
dirty but non-executable mmap()ed page becomes executable. When that
occurs, an SELinux policy check is done to see if the execmod capability
is provided by policy.

However, if the page is already executable, and PROT_WRITE is added
to the page, it's considered an execmem permission check, not an execmod
permission check.

There are certain circumstances where we may want to distinguish between
execmod and execmem. This change adjusts the dynamic linker to avoid
using RWX pages, so that an RX -> RW -> RX transition will properly
be detected as an execmod permission check instead of an execmem permission
check.

Bug: 20013628
Change-Id: I14d7be29170b156942f9809023f3b2fc1f37846c
2015-04-01 18:05:19 -07:00
Dimitry Ivanov
56be6ed9e4 Revert "Remove text-relocation support for lp32"
This reverts commit cb00add1b3.

Bug: 20020312
Bug: 20013628
Change-Id: I8baa3d4b6c7fef50c9e2531257d5b96762099eb3
2015-04-01 21:18:48 +00:00
Dmitriy Ivanov
cb00add1b3 Remove text-relocation support for lp32
Bug: 20013628
Change-Id: Idaf8012f00ee1304d429c3b42f9ebc6b648c55b8
2015-03-31 17:42:45 -07:00
Dmitriy Ivanov
20d89cb5b0 Fix long lines and replace macros with functions.
Change-Id: I4e1cab488d5b2c8e4289da617350a86e72a4ba12
2015-03-31 11:49:25 -07:00
Nick Kralevich
e001ca3e18 linker_environ: clear MALLOC_CONF when AT_SECURE=1
Clear JE_MALLOC_CONF and MALLOC_CONF

Change-Id: Ia76e263783194ecaa362e8ccafbe13a28a4a1ba6
2015-03-27 15:49:33 -07:00
Dmitriy Ivanov
797bffb760 Explain why we need objcopy for the linker
Change-Id: I646673abc6095b56f72add493b60925375b75b78
2015-03-26 16:47:18 -07:00
Dmitriy Ivanov
d165f56fb6 Replace fixed arrays with vectors
This effectively removes limit on length and count
  of LD_LIBRARY_PATH and LD_PRELOAD entries.

Change-Id: Ie7ea34a50d99c4018f9dd1a33aaebc4049a7f424
2015-03-24 16:55:52 -07:00
Dmitriy Ivanov
e631f91a01 Limit soinfo compatibility fields to arm32
Change-Id: I3924cd68397c223c0d206295d587f9dd8ebdc086
2015-03-19 17:50:29 -07:00
Dmitriy Ivanov
618f1a36f8 Implement lookup by DT_SONAME
This CL also fixes SEARCH_NAME hack and resolves
  https://code.google.com/p/android/issues/detail?id=6670
  once and for all.

Bug: https://code.google.com/p/android/issues/detail?id=6670
Change-Id: I9b8d6a672cd722f30fbfbb40cdee8d9b39cfe56e
2015-03-18 18:14:30 -07:00
Dmitriy Ivanov
e44fffd7f9 Fix library lookup for filenames with slash.
If filename contains a slash, then it is interpreted
  as a (relative or absolute) pathname.

Bug: https://code.google.com/p/android/issues/detail?id=6670
Change-Id: Iba57d638301f3089ad47ba083edca2dd36b801ed
2015-03-18 10:32:11 -07:00
Simon Baldwin
aef719510a Support loading shared libraries from zip files
Add code to support loading shared libraries directly from within
APK files.

Extends the linker's handling of LD_LIBRARY_PATH, DT_RUNPATH, etc
to allow elements to be either directories as normal, or ZIP
format files.  For ZIP, the ZIP subdirectory string is separated
from the path to file by '!'.

For example, if DT_NEEDED is libchrome.so and Chrome.apk is the
Android ARM APK then the path element

  /system/app/Chrome.apk!lib/armeabi-v7a

would cause the linker to load lib/armeabi-v7a/libchrome.so
directly from inside Chrome.apk.  For loading to succeed,
libchrome.so must be 'stored' and not compressed in Chrome.apk,
and must be page aligned within the file.

Motivation:
  Chromium tracking issue:
  https://code.google.com/p/chromium/issues/detail?id=390618

Bug: 8076853
Change-Id: Ic49046600b1417eae3ee8f37ee98c8ac1ecc19e7
2015-03-16 17:50:50 -07:00
Dmitriy Ivanov
19656ce537 General purpose memory allocator for linker.
Add basic general purpose memory allocator to
 linker in order to enable usage of other libraries
 like libziparchive.

Change-Id: I4a680ebb36ed5ba67c61249f81dba9f567808434
2015-03-16 11:19:53 -07:00
Dmitriy Ivanov
600bc3cb93 Rename LinkerAllocator and LinkerAllocatorPage
Change-Id: I87d80fbcd4ec26c0ee4f601b9c4c64f600418dd9
2015-03-10 15:43:50 -07:00
Dmitriy Ivanov
c9ce70d783 Refactoring: rename linker_allocator files
Change-Id: Ifc08e64b3a85205f072b7abab1149c7ab71e2f75
2015-03-10 15:30:26 -07:00
Dmitriy Ivanov
3597b8055d Store fields for gnu_hash separately
Kindle app relies on soinfo's sysv hash
  fields while linking native libraries.

  This change allows to keep sysv hash fields
  intact for the libraries linked with --hash-style=both.

Bug: 19059885
Change-Id: I12528652955638f1a6586bda99e111bb1c8aa7a3
2015-03-09 21:01:01 +00:00
Nick Kralevich
6bb01b6e63 linker: Allow an app to update it's own LD_LIBRARY_PATH
When the kernel executes a program which is setuid, setgid, has
file capabilities, or causes an SELinux domain transition, the
AT_SECURE flag is set. This flag instructs the dynamic linker to
prune any dangerous environment variables passed across security
boundaries.

For SELinux in particular, whether this flag is set depends on the
the "noatsecure" process permission. If that permission does not
exist, then AT_SECURE=1 whenever a domain transition occurs.

In https://android-review.googlesource.com/129971 , Android stopped
using noatsecure when executing init services. In
https://android-review.googlesource.com/130610 , init was flipped
back into SELinux enforcing mode, making ag/129971 active. The
combination of those two changes ensured that AT_SECURE=1 was
set when executing init spawned services.

In particular, AT_SECURE=1 is set when init executes zygote. Due to
the forking nature of zygote, AT_SECURE remains untouched when
executing zygote's children.

This causes problems for the code added in
https://android-review.googlesource.com/48409 . Specifically, if
AT_SECURE=1, an attempt to call android_update_LD_LIBRARY_PATH()
is silently ignored. This causes problems when art tries to adjust
the LD_LIBRARY_PATH for Android apps. Ultimately, apps are unable
to find shared libraries they depend on.

As discussed in bug 7896159, there's no security reason for
preventing an application from updating it's own LD_LIBRARY_PATH.
We only need to prune LD_LIBRARY_PATH when transitioning across
security boundaries, but not when we're entirely within a security
boundary.

Remove the AT_SECURE check within do_android_update_LD_LIBRARY_PATH().
It's unneeded and prevents an application from modifying it's own
LD_LIBRARY_PATH. This allows an application to specify a location
where it's dlopen()ed shared libraries should be loaded from.

There is no change to AT_SECURE handling in
__sanitize_environment_variables(). We continue to honor it there
to prevent using security sensitive environment variables across
an exec boundary.

Bug: 19559835
Change-Id: If4af2ee8e84265aaa0c93de8b281208b20d7942a
2015-03-07 13:37:05 -08:00
Dmitriy Ivanov
18a6956b76 Add support for packed relocations.
Change-Id: I796a4ce86d3fccb8361c19889419c96147ee3c9f
2015-03-06 17:12:47 -08:00
Dmitriy Ivanov
fa26eee776 Refactoring: introduce reloc_iterators
Replace rel/rela array with reloc_iterators.

Change-Id: I6165d062e0390b6bc60da2e8279aabbedf828ec9
2015-03-06 13:01:08 -08:00
Dmitriy Ivanov
c6292ea39c Fix: DT_DEBUG was acting as DT_REL on mips64
Change-Id: I88827aa07d75d06d606c987e6270fcca3ae6216f
2015-02-13 16:34:50 -08:00
Dimitry Ivanov
8e5f9bc8a4 Merge "linker: Use load_bias to adjust search address in elf_addr_lookup" 2015-02-05 02:23:34 +00:00
Chris Dearman
8e55381939 linker: Use load_bias to adjust search address in elf_addr_lookup
load_bias is the delta between a symbols address in memory and the value
contained in the symbol table.

Change-Id: I35c87b69025b64f7e4a1418ca766618f4533fb3e
2015-02-04 17:16:27 -08:00
Elliott Hughes
05fc1d7050 Add missing includes.
Change-Id: Ibf549266a19a67eb9158d341a69dddfb654be669
2015-01-28 19:23:11 -08:00
Christopher Ferris
8ea53fa87e Only one crashing thread should contact debuggerd.
If two or more threads crash at the same time, only let one talk to
debuggerd. It's possible for a race to occur that two threads send
data to debuggerd, the second one will cause errors in debuggerd since
the process will die once debuggerd lets the crashing pid start again.

Bug: 19183955
Change-Id: I17dfce46102117ab4a870f7381bd526488d37fb5
2015-01-28 16:20:26 -08:00
Nikola Veljkovic
db3078d97b Fix mips64 build. Replace explicit cast with static_cast
Change-Id: Ib08fbe8bb832884a3eb33904fe4d490759116cb2
2015-01-28 16:19:18 +01:00
Elliott Hughes
14152b9f31 Remove obsolete BUILD_TINY_ANDROID.
Change-Id: If2fc97134340fd09ec2583b666ace2f673cbdf66
2015-01-24 19:01:58 -08:00
Dmitriy Ivanov
31005ca4c8 Merge "Minimize calls to mprotect" 2015-01-24 00:45:25 +00:00
Dmitriy Ivanov
279a22f96e Minimize calls to mprotect
Implement refcounter based data protection guard
  to avoid unnecessary calls to mprotect when dlopen/dlclose
  is called from a constructor.

Bug: 19124318
Big: 7941716
Change-Id: Id221b84ce75443094f99756dc9950b0a1dc87222
2015-01-23 16:30:34 -08:00
Chih-Hung Hsieh
f5ae7e91ea Merge "Add comments about the -shared flag." 2015-01-23 23:33:54 +00:00
Elliott Hughes
611f95689e Add a log message to make the transition from linker to user code clear.
Handy when looking at strace output for seeing "where does my code start?",
though you'll need to set LD_DEBUG=1 (or greater) and constructors will
already have run (but you can set LD_DEBUG to a higher value to track that).

Change-Id: I82d53a7123b39febf5b2a956de83c8a30f229651
2015-01-23 10:43:58 -08:00
Chih-Hung Hsieh
306ea7ebe5 Add comments about the -shared flag.
Must build this linker as a shared object.
A statically linked module does not load during init.

BUG: 18008984

Change-Id: I5f0411129024edcb9381c473ea4e741a075e9184
2015-01-22 19:09:20 -08:00
Dmitriy Ivanov
1649e7ee5b Enable -Wold-style-cast warnings for linker
And fix old style casts.

Change-Id: I37e7a3e3fd852528ea76f02d967c7bd8cd5b06c9
2015-01-22 16:33:30 -08:00
Christopher Ferris
151da68100 Contact proper debuggerd when crashing.
Make the request structure match the new structure found in debuggerd
code.

On 64 bit systems, make sure that the 32 bit compiled linker is contacted.

Bug: https://code.google.com/p/android/issues/detail?id=97024
Change-Id: I675b8ff222fcf836b05de4e9b5976ff91ca929bf
2015-01-20 17:22:25 -08:00