From 45b90e79c9b0807221f9d4584bd2524cac16369b Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Wed, 11 Mar 2020 16:03:09 +0900 Subject: [PATCH] Prevent statically linking to a lib providing stable C APIs A lib providing stable C APIs should be available only to the APEX containing the library. It shouldn't be available to other APEXes, especially via static linking. This change also fixes a bug that llndkImplDep (the dependency from llndk stub to its implementation library) was recognized as being in the same APEX. Bug: 151051671 Test: m Change-Id: Ifda7f4a367f68afcde93c86cda45a28cacd91f99 --- apex/apex.go | 39 +++++++++++++++++++++++++++++++++++++++ apex/apex_test.go | 36 ++++++++++++++++++++++++++++++++++++ cc/cc.go | 3 +++ 3 files changed, 78 insertions(+) diff --git a/apex/apex.go b/apex/apex.go index 93ceb8387..95a1b858a 100644 --- a/apex/apex.go +++ b/apex/apex.go @@ -1858,6 +1858,44 @@ func (a *apexBundle) checkUpdatable(ctx android.ModuleContext) { } } +// Ensures that a lib providing stub isn't statically linked +func (a *apexBundle) checkStaticLinkingToStubLibraries(ctx android.ModuleContext) { + // Practically, we only care about regular APEXes on the device. + if ctx.Host() || a.testApex || a.vndkApex { + return + } + + a.walkPayloadDeps(ctx, func(ctx android.ModuleContext, from blueprint.Module, to android.ApexModule, externalDep bool) bool { + if ccm, ok := to.(*cc.Module); ok { + apexName := ctx.ModuleName() + fromName := ctx.OtherModuleName(from) + toName := ctx.OtherModuleName(to) + + // If `to` is not actually in the same APEX as `from` then it does not need apex_available and neither + // do any of its dependencies. + if am, ok := from.(android.DepIsInSameApex); ok && !am.DepIsInSameApex(ctx, to) { + // As soon as the dependency graph crosses the APEX boundary, don't go further. + return false + } + + // The dynamic linker and crash_dump tool in the runtime APEX is the only exception to this rule. + // It can't make the static dependencies dynamic because it can't + // do the dynamic linking for itself. + if apexName == "com.android.runtime" && (fromName == "linker" || fromName == "crash_dump") { + return false + } + + isStubLibraryFromOtherApex := ccm.HasStubsVariants() && !android.DirectlyInApex(apexName, toName) + if isStubLibraryFromOtherApex && !externalDep { + ctx.ModuleErrorf("%q required by %q is a native library providing stub. "+ + "It shouldn't be included in this APEX via static linking. Dependency path: %s", to.String(), fromName, ctx.GetPathString(false)) + } + + } + return true + }) +} + func (a *apexBundle) GenerateAndroidBuildActions(ctx android.ModuleContext) { buildFlattenedAsDefault := ctx.Config().FlattenApex() && !ctx.Config().UnbundledBuild() switch a.properties.ApexType { @@ -1895,6 +1933,7 @@ func (a *apexBundle) GenerateAndroidBuildActions(ctx android.ModuleContext) { a.checkApexAvailability(ctx) a.checkUpdatable(ctx) + a.checkStaticLinkingToStubLibraries(ctx) handleSpecialLibs := !android.Bool(a.properties.Ignore_system_library_special_case) diff --git a/apex/apex_test.go b/apex/apex_test.go index ce39b39e4..e89ebe07c 100644 --- a/apex/apex_test.go +++ b/apex/apex_test.go @@ -4774,6 +4774,42 @@ func TestTestFor(t *testing.T) { ensureNotContains(t, ldFlags, "mylib/android_arm64_armv8-a_shared_1/mylib.so") } +func TestNoStaticLinkingToStubsLib(t *testing.T) { + testApexError(t, `.*required by "mylib" is a native library providing stub.*`, ` + apex { + name: "myapex", + key: "myapex.key", + native_shared_libs: ["mylib"], + } + + apex_key { + name: "myapex.key", + public_key: "testkey.avbpubkey", + private_key: "testkey.pem", + } + + cc_library { + name: "mylib", + srcs: ["mylib.cpp"], + static_libs: ["otherlib"], + system_shared_libs: [], + stl: "none", + apex_available: [ "myapex" ], + } + + cc_library { + name: "otherlib", + srcs: ["mylib.cpp"], + system_shared_libs: [], + stl: "none", + stubs: { + versions: ["1", "2", "3"], + }, + apex_available: [ "myapex" ], + } + `) +} + func TestMain(m *testing.M) { run := func() int { setUp() diff --git a/cc/cc.go b/cc/cc.go index 49605ccb3..6dc6138a0 100644 --- a/cc/cc.go +++ b/cc/cc.go @@ -2851,6 +2851,9 @@ func (c *Module) DepIsInSameApex(ctx android.BaseModuleContext, dep android.Modu return false } } + } else if ctx.OtherModuleDependencyTag(dep) == llndkImplDep { + // We don't track beyond LLNDK + return false } return true }