命名空间的引入背景
在 Android Oreo 中,Google 宣布 Project Treble 来解决片段问题。Treble 将 Android 平台分为框架(Framework)和供应商(Vendor)部分,分别承载应用程序和管理设备特定功能。当处理设备特定功能时,框架通过供应商界面(Vendor Interface)要求供应商提供服务。该接口计划在多个 Android 版本中保持稳定。因此,通过 Treble,Android 框架可以在供应商实现保持不变的情况下升级。从本地库视角来看,Treble 引入了两套本地库——框架和供应商的。在某些情况下,这两个库中的库可能具有相同的名称,但是不同的实现。由于库的符号暴露给一个进程的所有代码,因此这两个集合需要被单独区分和链接,否则可能会出现混乱的调用。
为了解决这些问题,Android 动态链接器引入了基于命名空间的动态链接(namespace based dynamic linking),它和 Java 类加载器 隔离资源的方法类似。通过这种设计,每个库都加载到一个特定的 命名空间 中,除非它们通过 命名空间链接 (namespace link)共享,否则不能访问其他 命名空间 中的库。
命名空间的初始化
bionic库的init_default_namespaces函数会根据入参的executable_path(可执行文件路径)来初始化命名空间。Android中Java进程的可执行文件路径是/system/bin/app_process64,那么"/system/bin/app_process64"这个路径就会被作为executable_path传入。
静态变量g_default_namespace代表一个默认的命名空间,名称为"(default)",是没有指定特定的命名空间时使用的命名空间。而g_default_namespace保存了命名空间名称和命名空间的键值对。get_ld_config_file_path根据入参的路径按以下顺序来决定要使用的配置文件:
1.如果定义了USE_LD_CONFIG_FILE宏,使用"LD_CONFIG_FILE"环境变量的值作为配置文件;
2.如果入参以"/apex/{name}/bin/“为开头,使用”/linkerconfig/{name}/ld.config.txt"作为配置文件,如果不存在,则使用"/apex/{name}/etc/ld.config.txt";
3.使用"/system/etc/ld.config.{abi值}.txt"作为配置文件;
4.使用"/linkerconfig/ld.config.txt"作为配置文件;
5.如果ro.vndk.lite的属性值为true,使用"/system/etc/ld.config.vndk_lite.txt"作为配置文件;否则,使用/system/etc/ld.config.{vndk版本}.txt;
6.使用"/system/etc/ld.config.txt"作为配置文件。
以我的pixel3a Android11模拟器为例,使用的是"/linkerconfig/ld.config.txt"配置文件,里面的内容大致为:
/linkerconfig/ld.config.txt
//目录-区段 映射属性
dir.system = /system/bin/
dir.system = /system/xbin/
dir.system = /system_ext/bin/
dir.system = /product/bin/
dir.vendor = /odm/bin/
dir.vendor = /vendor/bin/
dir.vendor = /data/nativetest/odm
dir.vendor = /data/nativetest64/odm
dir.vendor = /data/benchmarktest/odm
dir.vendor = /data/benchmarktest64/odm
dir.vendor = /data/nativetest/vendor
dir.vendor = /data/nativetest64/vendor
dir.vendor = /data/benchmarktest/vendor
dir.vendor = /data/benchmarktest64/vendor
dir.unrestricted = /data/nativetest/unrestricted
dir.unrestricted = /data/nativetest64/unrestricted
dir.unrestricted = /data/local/tmp
dir.postinstall = /postinstall
dir.system = /data
//标签段
[system]
additional.namespaces = com_android_adbd,com_android_art,com_android_conscrypt,com_android_media,com_android_neuralnetworks,com_android_os_statsd,com_android_resolv,com_android_runtime,rs,sphal,vndk
namespace.default.isolated = true
namespace.default.visible = true
namespace.default.search.paths = /system/${LIB}
namespace.default.search.paths += /system_ext/${LIB}
namespace.default.search.paths += /product/${LIB}
...
//标签段
[vendor]
additional.namespaces = com_android_adbd,com_android_art,com_android_neuralnetworks,com_android_runtime,system,vndk
namespace.default.isolated = true
namespace.default.visible = true
namespace.default.search.paths = /odm/${LIB}
namespace.default.search.paths += /vendor/${LIB}
namespace.default.search.paths += /vendor/${LIB}/hw
...
Config::read_binary_config用来解析配置文件。规则可以参考:链接器命名空间。以"/system/bin/app_process64"可执行文件为例,其区段可以匹配“dir.system = /system/bin/”这一段内容,所以"/system/bin/app_process64"初始化命名空间的信息可以在[system]标签段下找到。
bionic/linker/linker.cpp
std::vector<android_namespace_t*> init_default_namespaces(const char* executable_path) {
g_default_namespace.set_name("(default)");
soinfo* somain = solist_get_somain();
const char *interp = phdr_table_get_interpreter_name(somain->phdr, somain->phnum,
somain->load_bias);
const char* bname = (interp != nullptr) ? basename(interp) : nullptr;
g_is_asan = bname != nullptr &&
(strcmp(bname, "linker_asan") == 0 ||
strcmp(bname, "linker_asan64") == 0);
const Config* config = nullptr;
std::string error_msg;
std::string ld_config_file_path = get_ld_config_file_path(executable_path);
INFO("[ Reading linker config \"%s\" ]", ld_config_file_path.c_str());
if (!Config::read_binary_config(ld_config_file_path.c_str(),
executable_path,
g_is_asan,
&config,
&error_msg)) {
if (!error_msg.empty()) {
DL_WARN("Warning: couldn't read \"%s\" for \"%s\" (using default configuration instead): %s",
ld_config_file_path.c_str(),
executable_path,
error_msg.c_str());
}
config = nullptr;
}
if (config == nullptr) {
return init_default_namespace_no_config(g_is_asan);
}
const auto& namespace_configs = config->namespace_configs();
std::unordered_map<std::string, android_namespace_t*> namespaces;
// 1. Initialize default namespace
const NamespaceConfig* default_ns_config = config->default_namespace_config();
g_default_namespace.set_isolated(default_ns_config->isolated());
g_default_namespace.set_default_library_paths(default_ns_config->search_paths());
g_default_namespace.set_permitted_paths(default_ns_config->permitted_paths());
namespaces[default_ns_config->name()] = &g_default_namespace;
if (default_ns_config->visible()) {
g_exported_namespaces[default_ns_config->name()] = &g_default_namespace;
}
// 2. Initialize other namespaces
for (auto& ns_config : namespace_configs) {
if (namespaces.find(ns_config->name()) != namespaces.end()) {
continue;
}
android_namespace_t* ns = new (g_namespace_allocator.alloc()) android_namespace_t();
ns->set_name(ns_config->name());
ns->set_isolated(ns_config->isolated());
ns->set_default_library_paths(ns_config->search_paths());
ns->set_permitted_paths(ns_config->permitted_paths());
ns->set_whitelisted_libs(ns_config->whitelisted_libs());
namespaces[ns_config->name()] = ns;
if (ns_config->visible()) {
g_exported_namespaces[ns_config->name()] = ns;
}
}
// 3. Establish links between namespaces
for (auto& ns_config : namespace_configs) {
auto it_from = namespaces.find(ns_config->name());
CHECK(it_from != namespaces.end());
android_namespace_t* namespace_from = it_from->second;
for (const NamespaceLinkConfig& ns_link : ns_config->links()) {
auto it_to = namespaces.find(ns_link.ns_name());
CHECK(it_to != namespaces.end());
android_namespace_t* namespace_to = it_to->second;
if (ns_link.allow_all_shared_libs()) {
link_namespaces_all_libs(namespace_from, namespace_to);
} else {
link_namespaces(namespace_from, namespace_to, ns_link.shared_libs().c_str());
}
}
}
// we can no longer rely on the fact that libdl.so is part of default namespace
// this is why we want to add ld-android.so to all namespaces from ld.config.txt
soinfo* ld_android_so = solist_get_head();
// we also need vdso to be available for all namespaces (if present)
soinfo* vdso = solist_get_vdso();
for (auto it : namespaces) {
if (it.second != &g_default_namespace) {
it.second->add_soinfo(ld_android_so);
if (vdso != nullptr) {
it.second->add_soinfo(vdso);
}
// somain and ld_preloads are added to these namespaces after LD_PRELOAD libs are linked
}
}
set_application_target_sdk_version(config->target_sdk_version());
std::vector<android_namespace_t*> created_namespaces;
created_namespaces.reserve(namespaces.size());
for (const auto& kv : namespaces) {
created_namespaces.push_back(kv.second);
}
return created_namespaces;
}
system.load
system.load接收一个路径参数,该路径参数必须是一个绝对路径。
libcore/ojluni/src/main/java/java/lang/System.java
@CallerSensitive
public static void load(String filename) {
Runtime.getRuntime().load0(Reflection.getCallerClass(), filename);
}
libcore/ojluni/src/main/java/java/lang/Runtime.java
synchronized void load0(Class<?> fromClass, String filename) {
if (!(new File(filename).isAbsolute())) {
throw new UnsatisfiedLinkError(
"Expecting an absolute path of the library: " + filename);
}
if (filename == null) {
throw new NullPointerException("filename == null");
}
String error = nativeLoad(filename, fromClass.getClassLoader());
if (error != null) {
throw new UnsatisfiedLinkError(error);
}
}
Jni层的实现如下:
art/openjdkjvm/OpenjdkJvm.cc
JNIEXPORT jstring JVM_NativeLoad(JNIEnv* env,
jstring javaFilename,
jobject javaLoader,
jclass caller) {
ScopedUtfChars filename(env, javaFilename);
if (filename.c_str() == nullptr) {
return nullptr;
}
std::string error_msg;
{
art::JavaVMExt* vm = art::Runtime::Current()->GetJavaVM();
bool success = vm->LoadNativeLibrary(env,
filename.c_str(),
javaLoader,
caller,
&error_msg);
if (success) {
return nullptr;
}
}
// Don't let a pending exception from JNI_OnLoad cause a CheckJNI issue with NewStringUTF.
env->ExceptionClear();
return env->NewStringUTF(error_msg.c_str());
Android中每个Java进程都持有一个JavaVMExt实例,加载共享库的入口为
JavaVMExt::LoadNativeLibrary。JavaVMExt内部有一个libraries_的数据结构,记录了共享库路径和加载过的共享库的的键值对。
JavaVMExt::LoadNativeLibrary的流程是:1.先查找libraries_有没有加载过的记录,如果有加载过,函数可以直接返回,否则进入第2点;2.使用android::OpenNativeLibrary加载共享库,并将加载后的句柄封装在SharedLibrary数据结构中,添加到libraries_的数据结构中;3.查找共享库中的"JNI_OnLoad"函数符号,并进行调用。
art/runtime/jni/java_vm_ext.cc
bool JavaVMExt::LoadNativeLibrary(JNIEnv* env,
const std::string& path,
jobject class_loader,
jclass caller_class,
std::string* error_msg) {
error_msg->clear();
// See if we've already loaded this library. If we have, and the class loader
// matches, return successfully without doing anything.
// TODO: for better results we should canonicalize the pathname (or even compare
// inodes). This implementation is fine if everybody is using System.loadLibrary.
SharedLibrary* library;
Thread* self = Thread::Current();
{
// TODO: move the locking (and more of this logic) into Libraries.
MutexLock mu(self, *Locks::jni_libraries_lock_);
library = libraries_->Get(path);
}
void* class_loader_allocator = nullptr;
std::string caller_location;
{
ScopedObjectAccess soa(env);
// As the incoming class loader is reachable/alive during the call of this function,
// it's okay to decode it without worrying about unexpectedly marking it alive.
ObjPtr<mirror::ClassLoader> loader = soa.Decode<mirror::ClassLoader>(class_loader);
ClassLinker* class_linker = Runtime::Current()->GetClassLinker();
if (class_linker->IsBootClassLoader(soa, loader.Ptr())) {//因为bootclassloader是全局唯一的,不可以将bootclassloader对象作为键放进到全局变量g_namespaces中,所以要将loader和class_loader设置为nullptr,那样系统会使用android_dlopen_ext或者dlopen进行加载,使用的是系统已有的命名空间。
loader = nullptr;
class_loader = nullptr;
if (caller_class != nullptr) {
ObjPtr<mirror::Class> caller = soa.Decode<mirror::Class>(caller_class);
ObjPtr<mirror::DexCache> dex_cache = caller->GetDexCache();
if (dex_cache != nullptr) {
caller_location = dex_cache->GetLocation()->ToModifiedUtf8();
}
}
}
class_loader_allocator = class_linker->GetAllocatorForClassLoader(loader.Ptr());
CHECK(class_loader_allocator != nullptr);
}
if (library != nullptr) {
// Use the allocator pointers for class loader equality to avoid unnecessary weak root decode.
if (library->GetClassLoaderAllocator() != class_loader_allocator) {
// The library will be associated with class_loader. The JNI
// spec says we can't load the same library into more than one
// class loader.
//
// This isn't very common. So spend some time to get a readable message.
auto call_to_string = [&](jobject obj) -> std::string {
if (obj == nullptr) {
return "null";
}
// Handle jweaks. Ignore double local-ref.
ScopedLocalRef<jobject> local_ref(env, env->NewLocalRef(obj));
if (local_ref != nullptr) {
ScopedLocalRef<jclass> local_class(env, env->GetObjectClass(local_ref.get()));
jmethodID to_string = env->GetMethodID(local_class.get(),
"toString",
"()Ljava/lang/String;");
DCHECK(to_string != nullptr);
ScopedLocalRef<jobject> local_string(env,
env->CallObjectMethod(local_ref.get(), to_string));
if (local_string != nullptr) {
ScopedUtfChars utf(env, reinterpret_cast<jstring>(local_string.get()));
if (utf.c_str() != nullptr) {
return utf.c_str();
}
}
if (env->ExceptionCheck()) {
// We can't do much better logging, really. So leave it with a Describe.
env->ExceptionDescribe();
env->ExceptionClear();
}
return "(Error calling toString)";
}
return "null";
};
std::string old_class_loader = call_to_string(library->GetClassLoader());
std::string new_class_loader = call_to_string(class_loader);
StringAppendF(error_msg, "Shared library \"%s\" already opened by "
"ClassLoader %p(%s); can't open in ClassLoader %p(%s)",
path.c_str(),
library->GetClassLoader(),
old_class_loader.c_str(),
class_loader,
new_class_loader.c_str());
LOG(WARNING) << *error_msg;
return false;
}
VLOG(jni) << "[Shared library \"" << path << "\" already loaded in "
<< " ClassLoader " << class_loader << "]";
if (!library->CheckOnLoadResult()) {
StringAppendF(error_msg, "JNI_OnLoad failed on a previous attempt "
"to load \"%s\"", path.c_str());
return false;
}
return true;
}
每个Java进程的底层实现都有一个全局变量:g_namespaces,里面保存了classloader对象与NativeLoaderNamespace指针的键值对。NativeLoaderNamespace包含了共享库的命名空间等信息,是对bionic库的android_namespace_t命名空间的一个封装。
分析下OpenNativeLibrary的流程:首先判断如果入参的classloader为空,则不需要在g_namespaces中进行查找,直接使用bionic库的android_dlopen_ext或者dlopen加载共享库。如果system.load的调用者使用的classloader是BootClassLoader,且调用者所在的dex文件位于/apex/{namespace}/下面(以/apex/com.android.adbd为例),则使用带额外信息的android_dlopen_ext来加载,额外信息中指定使用com_android_adbd的命名空间来加载。dlopen没有指定命名空间,按默认的规则来选择命名空间。
art/libnativeloader/native_loader.cpp
void* OpenNativeLibrary(JNIEnv* env, int32_t target_sdk_version, const char* path,
jobject class_loader, const char* caller_location, jstring library_path,
bool* needs_native_bridge, char** error_msg) {
#if defined(__ANDROID__)
UNUSED(target_sdk_version);
if (class_loader == nullptr) {
*needs_native_bridge = false;
if (caller_location != nullptr) {
android_namespace_t* boot_namespace = FindExportedNamespace(caller_location);
if (boot_namespace != nullptr) {
const android_dlextinfo dlextinfo = {
.flags = ANDROID_DLEXT_USE_NAMESPACE,
.library_namespace = boot_namespace,
};
void* handle = android_dlopen_ext(path, RTLD_NOW, &dlextinfo);
if (handle == nullptr) {
*error_msg = strdup(dlerror());
}
return handle;
}
}
void* handle = dlopen(path, RTLD_NOW);
if (handle == nullptr) {
*error_msg = strdup(dlerror());
}
return handle;
}
std::lock_guard<std::mutex> guard(g_namespaces_mutex);
NativeLoaderNamespace* ns;
if ((ns = g_namespaces->FindNamespaceByClassLoader(env, class_loader)) == nullptr) {
// This is the case where the classloader was not created by ApplicationLoaders
// In this case we create an isolated not-shared namespace for it.
Result<NativeLoaderNamespace*> isolated_ns =
g_namespaces->Create(env, target_sdk_version, class_loader, false /* is_shared */, nullptr,
library_path, nullptr);
if (!isolated_ns.ok()) {
*error_msg = strdup(isolated_ns.error().message().c_str());
return nullptr;
} else {
ns = *isolated_ns;
}
}
return OpenNativeLibraryInNamespace(ns, path, needs_native_bridge, error_msg);
#else
UNUSED(env, target_sdk_version, class_loader, caller_location);
// Do some best effort to emulate library-path support. It will not
// work for dependencies.
//
// Note: null has a special meaning and must be preserved.
std::string c_library_path; // Empty string by default.
if (library_path != nullptr && path != nullptr && path[0] != '/') {
ScopedUtfChars library_path_utf_chars(env, library_path);
c_library_path = library_path_utf_chars.c_str();
}
std::vector<std::string> library_paths = base::Split(c_library_path, ":");
for (const std::string& lib_path : library_paths) {
*needs_native_bridge = false;
const char* path_arg;
std::string complete_path;
if (path == nullptr) {
// Preserve null.
path_arg = nullptr;
} else {
complete_path = lib_path;
if (!complete_path.empty()) {
complete_path.append("/");
}
complete_path.append(path);
path_arg = complete_path.c_str();
}
void* handle = dlopen(path_arg, RTLD_NOW);
if (handle != nullptr) {
return handle;
}
if (NativeBridgeIsSupported(path_arg)) {
*needs_native_bridge = true;
handle = NativeBridgeLoadLibrary(path_arg, RTLD_NOW);
if (handle != nullptr) {
return handle;
}
*error_msg = strdup(NativeBridgeGetError());
} else {
*error_msg = strdup(dlerror());
}
}
return nullptr;
#endif
}
命名空间的构造
如果在g_namespaces找不到入参classloader对应的命名空间,则使用LibraryNamespaces::Create创建一个全新的命名空间。
art/libnativeloader/library_namespaces.cpp
Result<NativeLoaderNamespace*> LibraryNamespaces::Create(JNIEnv* env, uint32_t target_sdk_version,
jobject class_loader, bool is_shared,
jstring dex_path,
jstring java_library_path,
jstring java_permitted_path) {
std::string library_path; // empty string by default.
if (java_library_path != nullptr) {
ScopedUtfChars library_path_utf_chars(env, java_library_path);
library_path = library_path_utf_chars.c_str();//这里是入参classloader的LdLibraryPath,只有classloader是BaseDexClassLoader的子类才不为空,也就是BaseDexClassLoader#getLdLibraryPath的值
}
ApkOrigin apk_origin = GetApkOriginFromDexPath(env, dex_path);//获取调用者来源,如果是使用system.load,system.loadLibrary的方式,返回的是APK_ORIGIN_DEFAULT;如果是apk初始化过程中调用的,按照apk的zip文件路径决定返回值:1.在/vendor下面的返回APK_ORIGIN_VENDOR;2.在/product/,/system/product下面的返回APK_ORIGIN_PRODUCT;3,其他情况返回APK_ORIGIN_DEFAULT
// (http://b/27588281) This is a workaround for apps using custom
// classloaders and calling System.load() with an absolute path which
// is outside of the classloader library search path.
//
// This part effectively allows such a classloader to access anything
// under /data and /mnt/expand
std::string permitted_path = kWhitelistedDirectories;//将/data和/mnt/expand添加到permitted_path 中,意味着创建的命名空间是可以访问/data和/mnt/expand下及其子目录下的共享库内容的
if (java_permitted_path != nullptr) {
ScopedUtfChars path(env, java_permitted_path);
if (path.c_str() != nullptr && path.size() > 0) {
permitted_path = permitted_path + ":" + path.c_str();
}
}
LOG_ALWAYS_FATAL_IF(FindNamespaceByClassLoader(env, class_loader) != nullptr,
"There is already a namespace associated with this classloader");
//system_exposed_libraries返回的是/system/etc/public.libraries.txt记录的共享库名称
std::string system_exposed_libraries = default_public_libraries();
//创建的命名空间名称为"classloader-namespace"
std::string namespace_name = kClassloaderNamespaceName;
ApkOrigin unbundled_app_origin = APK_ORIGIN_DEFAULT;
if ((apk_origin == APK_ORIGIN_VENDOR ||
(apk_origin == APK_ORIGIN_PRODUCT &&
is_product_vndk_version_defined())) &&
!is_shared) {
//满足以下条件走此逻辑:1.不共享父命名空间,apk属于vendor分区;2.不共享父命名空间,apk在/product或/system/product下面,且product分区定义了ro.product.vndk.version属性
unbundled_app_origin = apk_origin;
// For vendor / product apks, give access to the vendor / product lib even though
// they are treated as unbundled; the libs and apks are still bundled
// together in the vendor / product partition.
const char* origin_partition;
const char* origin_lib_path;
const char* llndk_libraries;
switch (apk_origin) {
case APK_ORIGIN_VENDOR:
origin_partition = "vendor";
origin_lib_path = kVendorLibPath;//将/vendor/lib64添加到命名空间的library_path
llndk_libraries = llndk_libraries_vendor().c_str();//将/apex/com.android.vndk.v30/etc/llndk.libraries.30.txt里面记载的共享库名称添加到链接到系统命名空间的名单里
break;
case APK_ORIGIN_PRODUCT:
origin_partition = "product";
origin_lib_path = kProductLibPath;//将/product/lib64添加到命名空间的library_path
llndk_libraries = llndk_libraries_product().c_str();//将/apex/com.android.vndk.v30/etc/llndk.libraries.30.txt里面记载的共享库名称添加到链接到系统库命名空间的名单里
break;
default:
origin_partition = "unknown";
origin_lib_path = "";
llndk_libraries = "";
}
library_path = library_path + ":" + origin_lib_path;
permitted_path = permitted_path + ":" + origin_lib_path;
// Also give access to LLNDK libraries since they are available to vendor or product
system_exposed_libraries = system_exposed_libraries + ":" + llndk_libraries;
// Different name is useful for debugging
//使用"vendor-classloader-namespace"的命名空间名称
namespace_name = kVendorClassloaderNamespaceName;
ALOGD("classloader namespace configured for unbundled %s apk. library_path=%s",
origin_partition, library_path.c_str());
} else {
// extended public libraries are NOT available to vendor apks, otherwise it
// would be system->vendor violation.
//将/system/etc,/system_ext/etc,/product/etc下面的public.libraries.txt记录的共享库内容添加到链接到系统库命名空间的名单里
if (!extended_public_libraries().empty()) {
system_exposed_libraries = system_exposed_libraries + ':' + extended_public_libraries();
}
}
if (is_shared) {
// Show in the name that the namespace was created as shared, for debugging
// purposes.
//如果需要共享父命名空间的内容,命名空间名称后缀需要加上"-shared"
namespace_name = namespace_name + kSharedNamespaceSuffix;
}
// Create the app namespace
//找到父命名空间,本质是当前classloader的父classloader关联的命名空间
NativeLoaderNamespace* parent_ns = FindParentNamespaceByClassLoader(env, class_loader);
// Heuristic: the first classloader with non-empty library_path is assumed to
// be the main classloader for app
// TODO(b/139178525) remove this heuristic by determining this in LoadedApk (or its
// friends) and then passing it down to here.
bool is_main_classloader = app_main_namespace_ == nullptr && !library_path.empty();
// Policy: the namespace for the main classloader is also used as the
// anonymous namespace.
bool also_used_as_anonymous = is_main_classloader;
// Note: this function is executed with g_namespaces_mutex held, thus no
// racing here.
//创建命令空间
auto app_ns = NativeLoaderNamespace::Create(
namespace_name, library_path, permitted_path, parent_ns, is_shared,
target_sdk_version < 24 /* is_greylist_enabled */, also_used_as_anonymous);
if (!app_ns.ok()) {
return app_ns.error();
}
// ... and link to other namespaces to allow access to some public libraries
bool is_bridged = app_ns->IsBridged();
auto system_ns = NativeLoaderNamespace::GetSystemNamespace(is_bridged);
if (!system_ns.ok()) {
return system_ns.error();
}
//找到系统命名空间,Java进程都是由/system/bin/app_process64产生,/system/bin/路径对应的命名空间没有名为"system"的命名空间,所以这里返回的system_ns是名为“default”的命名空间。
auto linked = app_ns->Link(*system_ns, system_exposed_libraries);
if (!linked.ok()) {
return linked.error();
}
auto art_ns = NativeLoaderNamespace::GetExportedNamespace(kArtNamespaceName, is_bridged);
// ART APEX does not exist on host, and under certain build conditions.
//链接到art库命名空间
if (art_ns.ok()) {
linked = app_ns->Link(*art_ns, art_public_libraries());
if (!linked.ok()) {
return linked.error();
}
}
// Give access to NNAPI libraries (apex-updated LLNDK library).
auto nnapi_ns =
NativeLoaderNamespace::GetExportedNamespace(kNeuralNetworksNamespaceName, is_bridged);
//链接到nnapi库命名空间
if (nnapi_ns.ok()) {
linked = app_ns->Link(*nnapi_ns, neuralnetworks_public_libraries());
if (!linked.ok()) {
return linked.error();
}
}
// Give access to VNDK-SP libraries from the 'vndk' namespace for unbundled vendor apps.
//如果是vendor的apk,链接到VNDK-SP库命名空间
if (unbundled_app_origin == APK_ORIGIN_VENDOR && !vndksp_libraries_vendor().empty()) {
auto vndk_ns = NativeLoaderNamespace::GetExportedNamespace(kVndkNamespaceName, is_bridged);
if (vndk_ns.ok()) {
linked = app_ns->Link(*vndk_ns, vndksp_libraries_vendor());
if (!linked.ok()) {
return linked.error();
}
}
}
// Give access to VNDK-SP libraries from the 'vndk_product' namespace for unbundled product apps.
//如果是product的apk,链接到product VNDK-SP库命名空间
if (unbundled_app_origin == APK_ORIGIN_PRODUCT && !vndksp_libraries_product().empty()) {
auto vndk_ns = NativeLoaderNamespace::GetExportedNamespace(kVndkProductNamespaceName, is_bridged);
if (vndk_ns.ok()) {
linked = app_ns->Link(*vndk_ns, vndksp_libraries_product());
if (!linked.ok()) {
return linked.error();
}
}
}
// Give access to StatsdAPI libraries
//链接到StatsdAPI 库命名空间
auto statsd_ns =
NativeLoaderNamespace::GetExportedNamespace(kStatsdNamespaceName, is_bridged);
if (statsd_ns.ok()) {
linked = app_ns->Link(*statsd_ns, statsd_public_libraries());
if (!linked.ok()) {
return linked.error();
}
}
//链接到vendor库命名空间
if (!vendor_public_libraries().empty()) {
auto vendor_ns = NativeLoaderNamespace::GetExportedNamespace(kVendorNamespaceName, is_bridged);
// when vendor_ns is not configured, link to the system namespace
auto target_ns = vendor_ns.ok() ? vendor_ns : system_ns;
if (target_ns.ok()) {
linked = app_ns->Link(*target_ns, vendor_public_libraries());
if (!linked.ok()) {
return linked.error();
}
}
}
添加 classloader-命名空间 键值对到namespaces_中
auto& emplaced = namespaces_.emplace_back(
std::make_pair(env->NewWeakGlobalRef(class_loader), *app_ns));
if (is_main_classloader) {
app_main_namespace_ = &emplaced.second;
}
return &emplaced.second;
}
art/libnativeloader/native_loader_namespace.cpp
Result<NativeLoaderNamespace> NativeLoaderNamespace::Create(
const std::string& name, const std::string& search_paths, const std::string& permitted_paths,
const NativeLoaderNamespace* parent, bool is_shared, bool is_greylist_enabled,
bool also_used_as_anonymous) {
bool is_bridged = false;
if (parent != nullptr) {
is_bridged = parent->IsBridged();
} else if (!search_paths.empty()) {
is_bridged = NativeBridgeIsPathSupported(search_paths.c_str());
}
// Fall back to the system namespace if no parent is set.
//找到系统命名空间,Java进程都是由/system/bin/app_process64产生,/system/bin/路径对应的命名空间没有名为"system"的命名空间,所以这里返回的system_ns是名为“default”的命名空间。
auto system_ns = GetSystemNamespace(is_bridged);
if (!system_ns.ok()) {
return system_ns.error();
}
//如果入参的父命名空间不为空,使用父命名空间;否则使用系统命名空间作为父命名空间使用
const NativeLoaderNamespace& effective_parent = parent != nullptr ? *parent : *system_ns;
// All namespaces for apps are isolated
uint64_t type = ANDROID_NAMESPACE_TYPE_ISOLATED;
// The namespace is also used as the anonymous namespace
// which is used when the linker fails to determine the caller address
if (also_used_as_anonymous) {
type |= ANDROID_NAMESPACE_TYPE_ALSO_USED_AS_ANONYMOUS;
}
// Bundled apps have access to all system libraries that are currently loaded
// in the default namespace
if (is_shared) {
type |= ANDROID_NAMESPACE_TYPE_SHARED;
}
if (is_greylist_enabled) {
type |= ANDROID_NAMESPACE_TYPE_GREYLIST_ENABLED;
}
if (!is_bridged) {
android_namespace_t* raw =
android_create_namespace(name.c_str(), nullptr, search_paths.c_str(), type,
permitted_paths.c_str(), effective_parent.ToRawAndroidNamespace());
if (raw != nullptr) {
return NativeLoaderNamespace(name, raw);
}
} else {
native_bridge_namespace_t* raw = NativeBridgeCreateNamespace(
name.c_str(), nullptr, search_paths.c_str(), type, permitted_paths.c_str(),
effective_parent.ToRawNativeBridgeNamespace());
if (raw != nullptr) {
return NativeLoaderNamespace(name, raw);
}
}
return Errorf("failed to create {} namespace name:{}, search_paths:{}, permitted_paths:{}",
is_bridged ? "bridged" : "native", name, search_paths, permitted_paths);
}
android_create_namespace最终会调用到bionic库的create_namespace函数,主要是创建并设置bionic库命名空间android_namespace_t的内容。 android_namespace_t命名空间分别通过set_ld_library_paths,set_default_library_paths和set_permitted_paths设置自己的库搜索路径,库默认搜索路径和允许搜索路径。当要在一个命名空间打开一个库时,如果库用绝对路径的形式表示,直接使用open系统调用打开;如果库只有一个库名称,则按“库搜索路径->库默认搜索路径”的顺序搜寻并打开。
如果入参type设置了ANDROID_NAMESPACE_TYPE_SHARED的标志位,则需要当前的命名空间共享父命名空间的一些内容:库搜索路径,库默认搜索路径,允许搜索路径,链接的命名空间和加载过的库等。app运行时创建的classloader都会带上ANDROID_NAMESPACE_TYPE_SHARED的标志位。
至此,一个命名空间的创建已完成。art库的NativeLoaderNamespace是对bionic库的android_namespace_t的封装,其构造函数由android_namespace_t和命名空间名称组成。
bionic/linker/linker.cpp
android_namespace_t* create_namespace(const void* caller_addr,
const char* name,
const char* ld_library_path,
const char* default_library_path,
uint64_t type,
const char* permitted_when_isolated_path,
android_namespace_t* parent_namespace) {
if (parent_namespace == nullptr) {
// if parent_namespace is nullptr -> set it to the caller namespace
soinfo* caller_soinfo = find_containing_library(caller_addr);
parent_namespace = caller_soinfo != nullptr ?
caller_soinfo->get_primary_namespace() :
g_anonymous_namespace;
}
ProtectedDataGuard guard;
std::vector<std::string> ld_library_paths;
std::vector<std::string> default_library_paths;
std::vector<std::string> permitted_paths;
parse_path(ld_library_path, ":", &ld_library_paths);
parse_path(default_library_path, ":", &default_library_paths);
parse_path(permitted_when_isolated_path, ":", &permitted_paths);
android_namespace_t* ns = new (g_namespace_allocator.alloc()) android_namespace_t();
ns->set_name(name);
ns->set_isolated((type & ANDROID_NAMESPACE_TYPE_ISOLATED) != 0);
ns->set_greylist_enabled((type & ANDROID_NAMESPACE_TYPE_GREYLIST_ENABLED) != 0);
ns->set_also_used_as_anonymous((type & ANDROID_NAMESPACE_TYPE_ALSO_USED_AS_ANONYMOUS) != 0);
if ((type & ANDROID_NAMESPACE_TYPE_SHARED) != 0) {
// append parent namespace paths.
std::copy(parent_namespace->get_ld_library_paths().begin(),
parent_namespace->get_ld_library_paths().end(),
back_inserter(ld_library_paths));
std::copy(parent_namespace->get_default_library_paths().begin(),
parent_namespace->get_default_library_paths().end(),
back_inserter(default_library_paths));
std::copy(parent_namespace->get_permitted_paths().begin(),
parent_namespace->get_permitted_paths().end(),
back_inserter(permitted_paths));
// If shared - clone the parent namespace
add_soinfos_to_namespace(parent_namespace->soinfo_list(), ns);
// and copy parent namespace links
for (auto& link : parent_namespace->linked_namespaces()) {
ns->add_linked_namespace(link.linked_namespace(), link.shared_lib_sonames(),
link.allow_all_shared_libs());
}
} else {
// If not shared - copy only the shared group
add_soinfos_to_namespace(parent_namespace->get_shared_group(), ns);
}
ns->set_ld_library_paths(std::move(ld_library_paths));
ns->set_default_library_paths(std::move(default_library_paths));
ns->set_permitted_paths(std::move(permitted_paths));
if (ns->is_also_used_as_anonymous() && !set_anonymous_namespace(ns)) {
DL_ERR("failed to set namespace: [name=\"%s\", ld_library_path=\"%s\", default_library_paths=\"%s\""
" permitted_paths=\"%s\"] as the anonymous namespace",
ns->get_name(),
android::base::Join(ns->get_ld_library_paths(), ':').c_str(),
android::base::Join(ns->get_default_library_paths(), ':').c_str(),
android::base::Join(ns->get_permitted_paths(), ':').c_str());
return nullptr;
}
return ns;
}
bool link_namespaces(android_namespace_t* namespace_from,
android_namespace_t* namespace_to,
const char* shared_lib_sonames) {
if (namespace_to == nullptr) {
namespace_to = &g_default_namespace;
}
if (namespace_from == nullptr) {
DL_ERR("error linking namespaces: namespace_from is null.");
return false;
}
if (shared_lib_sonames == nullptr || shared_lib_sonames[0] == '\0') {
DL_ERR("error linking namespaces \"%s\"->\"%s\": the list of shared libraries is empty.",
namespace_from->get_name(), namespace_to->get_name());
return false;
}
auto sonames = android::base::Split(shared_lib_sonames, ":");
std::unordered_set<std::string> sonames_set(sonames.begin(), sonames.end());
ProtectedDataGuard guard;
namespace_from->add_linked_namespace(namespace_to, sonames_set, false);
return true;
}
在命名空间中打开
当拥有了一个与classloader关联的命名空间后,OpenNativeLibraryInNamespace就会尝试在此命名空间打开需要加载的共享库。
art/libnativeloader/native_loader.cpp
if ((ns = g_namespaces->FindNamespaceByClassLoader(env, class_loader)) == nullptr) {
// This is the case where the classloader was not created by ApplicationLoaders
// In this case we create an isolated not-shared namespace for it.
Result<NativeLoaderNamespace*> isolated_ns =
g_namespaces->Create(env, target_sdk_version, class_loader, false /* is_shared */, nullptr,
library_path, nullptr);
if (!isolated_ns.ok()) {
*error_msg = strdup(isolated_ns.error().message().c_str());
return nullptr;
} else {
ns = *isolated_ns;
}
}
return OpenNativeLibraryInNamespace(ns, path, needs_native_bridge, error_msg);
从NativeLoaderNamespace::Load的实现可以看到:这里使用了android_dlopen_ext来加载共享库,并且通过ANDROID_DLEXT_USE_NAMESPACE指定了命名空间。
art/libnativeloader/native_loader_namespace.cpp
Result<void*> NativeLoaderNamespace::Load(const char* lib_name) const {
if (!IsBridged()) {
android_dlextinfo extinfo;
extinfo.flags = ANDROID_DLEXT_USE_NAMESPACE;
extinfo.library_namespace = this->ToRawAndroidNamespace();
void* handle = android_dlopen_ext(lib_name, RTLD_NOW, &extinfo);
if (handle != nullptr) {
return handle;
}
} else {
void* handle =
NativeBridgeLoadLibraryExt(lib_name, RTLD_NOW, this->ToRawNativeBridgeNamespace());
if (handle != nullptr) {
return handle;
}
}
return Error() << GetLinkerError(IsBridged());
}
__loader_android_dlopen_ext额外传入了一个参数caller_addr,这个参数是调用者的返回地址。
bionic/libdl/libdl.cpp
__attribute__((__weak__))
void* android_dlopen_ext(const char* filename, int flag, const android_dlextinfo* extinfo) {
const void* caller_addr = __builtin_return_address(0);
return __loader_android_dlopen_ext(filename, flag, extinfo, caller_addr);
}
bionic/linker/dlfcn.cpp
static void* dlopen_ext(const char* filename,
int flags,
const android_dlextinfo* extinfo,
const void* caller_addr) {
ScopedPthreadMutexLocker locker(&g_dl_mutex);
g_linker_logger.ResetState();
void* result = do_dlopen(filename, flags, extinfo, caller_addr);
if (result == nullptr) {
__bionic_format_dlerror("dlopen failed", linker_get_error_buffer());
return nullptr;
}
return result;
}
do_dlopen的主要流程是:1.通过find_containing_library确定调用者所在的库,再而通过get_caller_namespace确定调用者所在的命名空间,这个命令空间就是初始的命名空间;2.如果参数带了不为null的extinfo参数且设置了ANDROID_DLEXT_USE_NAMESPACE的flag,则用extinfo参数指定的命名空间覆盖掉初始的命名空间;3.使用以上面得到的命名空间为参数,使用find_library加载需要的库。
bionic/linker/linker.cpp
void* do_dlopen(const char* name, int flags,
const android_dlextinfo* extinfo,
const void* caller_addr) {
std::string trace_prefix = std::string("dlopen: ") + (name == nullptr ? "(nullptr)" : name);
ScopedTrace trace(trace_prefix.c_str());
ScopedTrace loading_trace((trace_prefix + " - loading and linking").c_str());
soinfo* const caller = find_containing_library(caller_addr);
android_namespace_t* ns = get_caller_namespace(caller);
...
if (extinfo != nullptr) {
if ((extinfo->flags & ~(ANDROID_DLEXT_VALID_FLAG_BITS)) != 0) {
DL_OPEN_ERR("invalid extended flags to android_dlopen_ext: 0x%" PRIx64, extinfo->flags);
return nullptr;
}
if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) == 0 &&
(extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) {
DL_OPEN_ERR("invalid extended flag combination (ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET without "
"ANDROID_DLEXT_USE_LIBRARY_FD): 0x%" PRIx64, extinfo->flags);
return nullptr;
}
if ((extinfo->flags & ANDROID_DLEXT_USE_NAMESPACE) != 0) {
if (extinfo->library_namespace == nullptr) {
DL_OPEN_ERR("ANDROID_DLEXT_USE_NAMESPACE is set but extinfo->library_namespace is null");
return nullptr;
}
ns = extinfo->library_namespace;
}
...
ProtectedDataGuard guard;
soinfo* si = find_library(ns, translated_name, flags, extinfo, caller);
loading_trace.End();
if (si != nullptr) {
void* handle = si->to_handle();
LD_LOG(kLogDlopen,
"... dlopen calling constructors: realpath=\"%s\", soname=\"%s\", handle=%p",
si->get_realpath(), si->get_soname(), handle);
si->call_constructors();
failure_guard.Disable();
LD_LOG(kLogDlopen,
"... dlopen successful: realpath=\"%s\", soname=\"%s\", handle=%p",
si->get_realpath(), si->get_soname(), handle);
return handle;
}
bionic/linker/linker.cpp
static soinfo* find_library(android_namespace_t* ns,
const char* name, int rtld_flags,
const android_dlextinfo* extinfo,
soinfo* needed_by) {
soinfo* si = nullptr;
if (name == nullptr) {
si = solist_get_somain();
} else if (!find_libraries(ns,
needed_by,
&name,
1,
&si,
nullptr,
0,
rtld_flags,
extinfo,
false /* add_as_children */,
true /* search_linked_namespaces */)) {
if (si != nullptr) {
soinfo_unload(si);
}
return nullptr;
}
si->increment_ref_count();
return si;
}
find_libraries函数的实现比较长,下面节选重点部分。
find_libraries接收以下几个参数:1.指定命名空间ns;2.调用者所在的库start_with;3.需要查找加载的库列表library_names;4.需要查找加载的库列表个数library_names_count;5.存储加载结果的soinfos;6.预加载库列表ld_preloads;7.预加载库列表ld_preloads个数;8.加载库的flag rtld_flags;9.额外加载参数extinfo;10.是否作为被依赖库加载add_as_children;11.是否查找链接关联库search_linked_namespaces;12.预加载库需要保存记录到哪些命名空间namespaces。
bionic/linker/linker.cpp
bool find_libraries(android_namespace_t* ns,
soinfo* start_with,
const char* const library_names[],
size_t library_names_count,
soinfo* soinfos[],
std::vector<soinfo*>* ld_preloads,
size_t ld_preloads_count,
int rtld_flags,
const android_dlextinfo* extinfo,
bool add_as_children,
bool search_linked_namespaces,
std::vector<android_namespace_t*>* namespaces) {
// Step 0: prepare.
std::unordered_map<const soinfo*, ElfReader> readers_map;
LoadTaskList load_tasks;
for (size_t i = 0; i < library_names_count; ++i) {
const char* name = library_names[i];
load_tasks.push_back(LoadTask::create(name, start_with, ns, &readers_map));//根据入参的共享库数组创建多个LoadTask
}
...
// Step 1: expand the list of load_tasks to include
// all DT_NEEDED libraries (do not load them just yet)
//遍历所有LoadTask,期间find_library_internal会添加新的LoadTask到列表中
for (size_t i = 0; i<load_tasks.size(); ++i) {
LoadTask* task = load_tasks[i];
soinfo* needed_by = task->get_needed_by();//needed_by 是指当前LoadTask的库被哪个库依赖
//如果当前LoadTask的库被依赖,且被依赖的库与入参的被依赖库不相同或者入参add_as_children指定作为依赖库,则is_dt_needed 为true
bool is_dt_needed = needed_by != nullptr && (needed_by != start_with || add_as_children);
task->set_extinfo(is_dt_needed ? nullptr : extinfo);
task->set_dt_needed(is_dt_needed);
LD_LOG(kLogDlopen, "find_libraries(ns=%s): task=%s, is_dt_needed=%d", ns->get_name(),
task->get_name(), is_dt_needed);
// Note: start from the namespace that is stored in the LoadTask. This namespace
// is different from the current namespace when the LoadTask is for a transitive
// dependency and the lib that created the LoadTask is not found in the
// current namespace but in one of the linked namespace.
if (!find_library_internal(const_cast<android_namespace_t*>(task->get_start_from()),
task,
&zip_archive_cache,
&load_tasks,
rtld_flags,
search_linked_namespaces || is_dt_needed)) {
return false;
}
soinfo* si = task->get_soinfo();
if (is_dt_needed) {
needed_by->add_child(si);//将依赖库添加到child中
}
// When ld_preloads is not null, the first
// ld_preloads_count libs are in fact ld_preloads.
if (ld_preloads != nullptr && soinfos_count < ld_preloads_count) {
ld_preloads->push_back(si);
}
if (soinfos_count < library_names_count) {
soinfos[soinfos_count++] = si;
}
}
...
for (auto&& task : load_list) {
address_space_params* address_space =
(reserved_address_recursive || !task->is_dt_needed()) ? &extinfo_params : &default_params;
if (!task->load(address_space)) {
return false;
}
}
// Step 3: pre-link all DT_NEEDED libraries in breadth first order.
//LoadTask::load把共享库的ELF文件加载到内存中
for (auto&& task : load_tasks) {
soinfo* si = task->get_soinfo();
//soinfo::prelink_image主要是获取PT_DYNAMIC段,然后解析并保存相关内容,包括了init_array、string表、system table表等等
if (!si->is_linked() && !si->prelink_image()) {
return false;
}
register_soinfo_tls(si);
}
...
//进入到动态链接环节,读取重定位信息
bool linked = local_group.visit([&](soinfo* si) {
// Even though local group may contain accessible soinfos from other namespaces
// we should avoid linking them (because if they are not linked -> they
// are in the local_group_roots and will be linked later).
if (!si->is_linked() && si->get_primary_namespace() == local_group_ns) {
const android_dlextinfo* link_extinfo = nullptr;
if (si == soinfos[0] || reserved_address_recursive) {
// Only forward extinfo for the first library unless the recursive
// flag is set.
link_extinfo = extinfo;
}
if (__libc_shared_globals()->load_hook) {
__libc_shared_globals()->load_hook(si->load_bias, si->phdr, si->phnum);
}
lookup_list.set_dt_symbolic_lib(si->has_DT_SYMBOLIC ? si : nullptr);
if (!si->link_image(lookup_list, local_group_root, link_extinfo, &relro_fd_offset) ||
!get_cfi_shadow()->AfterLoad(si, solist_get_head())) {
return false;
}
}
来看看find_library_internal的实现。find_library_internal接受几个参数:指定的命名空间ns,加载库的LoadTask task,打开zip包的辅助对象zip_archive_cache,LoadTask 集合load_tasks。加载库的flag rtld_flags,是否搜索链接共享库search_linked_namespaces。
首先是通过find_loaded_library_by_soname搜索指定的命名空间是否有加载过所需加载的共享库,如果没有,在find_loaded_library_by_soname的入参search_linked_namespaces为true的情况下,遍历指定的命名空间链接的所有命名空间,在这些链接命名空间查找所需加载的共享库。举个例子,在ld.config.txt中有如下配置:
namespace.default.links = com_android_adbd,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.default.link.com_android_adbd.shared_libs = libadb_pairing_auth.so
如上所示,“default”的命名空间链接了com_android_adbd,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd这些命名空间,并且指定了“default”的命名空间与“com_android_adbd”命名空间之间可以共享“ libadb_pairing_auth.so”这个库。因此,当使用“default”的命名空间查找“ libadb_pairing_auth.so”这个库不成功时,就会使用链接命名空间之一的“com_android_adbd”命名空间来查找“ libadb_pairing_auth.so”这个库。
bionic/linker/linker.cpp
static bool find_library_internal(android_namespace_t* ns,
LoadTask* task,
ZipArchiveCache* zip_archive_cache,
LoadTaskList* load_tasks,
int rtld_flags,
bool search_linked_namespaces) {
soinfo* candidate;
if (find_loaded_library_by_soname(ns, task->get_name(), search_linked_namespaces, &candidate)) {
LD_LOG(kLogDlopen,
"find_library_internal(ns=%s, task=%s): Already loaded (by soname): %s",
ns->get_name(), task->get_name(), candidate->get_realpath());
task->set_soinfo(candidate);
return true;
}
// Library might still be loaded, the accurate detection
// of this fact is done by load_library.
TRACE("[ \"%s\" find_loaded_library_by_soname failed (*candidate=%s@%p). Trying harder... ]",
task->get_name(), candidate == nullptr ? "n/a" : candidate->get_realpath(), candidate);
if (load_library(ns, task, zip_archive_cache, load_tasks, rtld_flags, search_linked_namespaces)) {
return true;
}
// TODO(dimitry): workaround for http://b/26394120 (the grey-list)
if (ns->is_greylist_enabled() && is_greylisted(ns, task->get_name(), task->get_needed_by())) {
// For the libs in the greylist, switch to the default namespace and then
// try the load again from there. The library could be loaded from the
// default namespace or from another namespace (e.g. runtime) that is linked
// from the default namespace.
LD_LOG(kLogDlopen,
"find_library_internal(ns=%s, task=%s): Greylisted library - trying namespace %s",
ns->get_name(), task->get_name(), g_default_namespace.get_name());
ns = &g_default_namespace;
if (load_library(ns, task, zip_archive_cache, load_tasks, rtld_flags,
search_linked_namespaces)) {
return true;
}
}
// END OF WORKAROUND
if (search_linked_namespaces) {
// if a library was not found - look into linked namespaces
// preserve current dlerror in the case it fails.
DlErrorRestorer dlerror_restorer;
LD_LOG(kLogDlopen, "find_library_internal(ns=%s, task=%s): Trying %zu linked namespaces",
ns->get_name(), task->get_name(), ns->linked_namespaces().size());
for (auto& linked_namespace : ns->linked_namespaces()) {
if (find_library_in_linked_namespace(linked_namespace, task)) {
if (task->get_soinfo() == nullptr) {
// try to load the library - once namespace boundary is crossed
// we need to load a library within separate load_group
// to avoid using symbols from foreign namespace while.
//
// However, actual linking is deferred until when the global group
// is fully identified and is applied to all namespaces.
// Otherwise, the libs in the linked namespace won't get symbols from
// the global group.
if (load_library(linked_namespace.linked_namespace(), task, zip_archive_cache, load_tasks, rtld_flags, false)) {
LD_LOG(
kLogDlopen, "find_library_internal(ns=%s, task=%s): Found in linked namespace %s",
ns->get_name(), task->get_name(), linked_namespace.linked_namespace()->get_name());
return true;
}
} else {
// lib is already loaded
return true;
}
}
}
}
return false;
}
bionic/linker/linker.cpp
// Returns true if library was found and false otherwise
static bool find_loaded_library_by_soname(android_namespace_t* ns,
const char* name,
bool search_linked_namespaces,
soinfo** candidate) {
*candidate = nullptr;
// Ignore filename with path.
if (strchr(name, '/') != nullptr) {
return false;
}
bool found = find_loaded_library_by_soname(ns, name, candidate);
if (!found && search_linked_namespaces) {
// if a library was not found - look into linked namespaces
for (auto& link : ns->linked_namespaces()) {
if (!link.is_accessible(name)) {
continue;
}
android_namespace_t* linked_ns = link.linked_namespace();
if (find_loaded_library_by_soname(linked_ns, name, candidate)) {
return true;
}
}
}
return found;
}
再看看load_library的实现。
首先用open_library打开so文件获得其文件描述符。这里会根据库的名称选用不同的方式打开so文件:当库的名称是全路径字符串(带’/’)时,使用open系统调用打开共享库;当库的名称只是共享库名字(不带’/’)时,会依次按库搜索路径,库默认搜索路径和允许搜索路径寻找是否存在这个共享库,存在的话也是使用open系统调用打开。
bionic/linker/linker.cpp
static bool load_library(android_namespace_t* ns,
LoadTask* task,
ZipArchiveCache* zip_archive_cache,
LoadTaskList* load_tasks,
int rtld_flags,
bool search_linked_namespaces) {
const char* name = task->get_name();
soinfo* needed_by = task->get_needed_by();
const android_dlextinfo* extinfo = task->get_extinfo();
off64_t file_offset;
std::string realpath;
...
LD_LOG(kLogDlopen,
"load_library(ns=%s, task=%s, flags=0x%x, search_linked_namespaces=%d): calling "
"open_library with realpath=%s",
ns->get_name(), name, rtld_flags, search_linked_namespaces, realpath.c_str());
// Open the file.
int fd = open_library(ns, zip_archive_cache, name, needed_by, &file_offset, &realpath);
...
task->set_fd(fd, true);
task->set_file_offset(file_offset);
return load_library(ns, task, load_tasks, rtld_flags, realpath, search_linked_namespaces);
}
其次是使用另一个不同参数的load_library进行加载。首先,会有一个准入检测,就是检测入参的命名空间是否可以访问入参的共享库。也就是说,共享库需要在库搜索路径(不含子目录),库默认搜索路径(不含子目录)和允许搜索路径(含子目录)之一下面,命名空间才可以访问入参的共享库。
准入检测通过以后,LoadTask::read把共享库文件的ELF文件头,段表头,节表头,.dynamic节,.strtab节等内容加载到内存中,方便读取一些关键信息。
在load_library的实现的最后,还会读取所有DT_NEEDED条目(简单理解就是当前共享库依赖的其他共享库),从而递归地去通过load_library加载这些被依赖的共享库。
bionic/linker/linker.cpp
static bool load_library(android_namespace_t* ns,
LoadTask* task,
LoadTaskList* load_tasks,
int rtld_flags,
const std::string& realpath,
bool search_linked_namespaces) {
off64_t file_offset = task->get_file_offset();
const char* name = task->get_name();
const android_dlextinfo* extinfo = task->get_extinfo();
...
// Check for symlink and other situations where
// file can have different names, unless ANDROID_DLEXT_FORCE_LOAD is set
if (extinfo == nullptr || (extinfo->flags & ANDROID_DLEXT_FORCE_LOAD) == 0) {
soinfo* si = nullptr;
if (find_loaded_library_by_inode(ns, file_stat, file_offset, search_linked_namespaces, &si)) {
LD_LOG(kLogDlopen,
"load_library(ns=%s, task=%s): Already loaded under different name/path \"%s\" - "
"will return existing soinfo",
ns->get_name(), name, si->get_realpath());
task->set_soinfo(si);
return true;
}
}
if ((rtld_flags & RTLD_NOLOAD) != 0) {
DL_OPEN_ERR("library \"%s\" wasn't loaded and RTLD_NOLOAD prevented it", name);
return false;
}
struct statfs fs_stat;
if (TEMP_FAILURE_RETRY(fstatfs(task->get_fd(), &fs_stat)) != 0) {
DL_OPEN_ERR("unable to fstatfs file for the library \"%s\": %s", name, strerror(errno));
return false;
}
// do not check accessibility using realpath if fd is located on tmpfs
// this enables use of memfd_create() for apps
if ((fs_stat.f_type != TMPFS_MAGIC) && (!ns->is_accessible(realpath))) {//准入检测
// TODO(dimitry): workaround for http://b/26394120 - the grey-list
// TODO(dimitry) before O release: add a namespace attribute to have this enabled
// only for classloader-namespaces
const soinfo* needed_by = task->is_dt_needed() ? task->get_needed_by() : nullptr;
if (is_greylisted(ns, name, needed_by)) {
// print warning only if needed by non-system library
if (needed_by == nullptr || !is_system_library(needed_by->get_realpath())) {
const soinfo* needed_or_dlopened_by = task->get_needed_by();
const char* sopath = needed_or_dlopened_by == nullptr ? "(unknown)" :
needed_or_dlopened_by->get_realpath();
DL_WARN_documented_change(24,
"private-api-enforced-for-api-level-24",
"library \"%s\" (\"%s\") needed or dlopened by \"%s\" "
"is not accessible by namespace \"%s\"",
name, realpath.c_str(), sopath, ns->get_name());
add_dlwarning(sopath, "unauthorized access to", name);
}
} else {
// do not load libraries if they are not accessible for the specified namespace.
const char* needed_or_dlopened_by = task->get_needed_by() == nullptr ?
"(unknown)" :
task->get_needed_by()->get_realpath();
DL_OPEN_ERR("library \"%s\" needed or dlopened by \"%s\" is not accessible for the namespace \"%s\"",
name, needed_or_dlopened_by, ns->get_name());
// do not print this if a library is in the list of shared libraries for linked namespaces
if (!maybe_accessible_via_namespace_links(ns, name)) {
PRINT("library \"%s\" (\"%s\") needed or dlopened by \"%s\" is not accessible for the"
" namespace: [name=\"%s\", ld_library_paths=\"%s\", default_library_paths=\"%s\","
" permitted_paths=\"%s\"]",
name, realpath.c_str(),
needed_or_dlopened_by,
ns->get_name(),
android::base::Join(ns->get_ld_library_paths(), ':').c_str(),
android::base::Join(ns->get_default_library_paths(), ':').c_str(),
android::base::Join(ns->get_permitted_paths(), ':').c_str());
}
return false;
}
}
soinfo* si = soinfo_alloc(ns, realpath.c_str(), &file_stat, file_offset, rtld_flags);
if (si == nullptr) {
return false;
}
task->set_soinfo(si);
// Read the ELF header and some of the segments.
if (!task->read(realpath.c_str(), file_stat.st_size)) {//将关键节点加载到内存
soinfo_free(si);
task->set_soinfo(nullptr);
return false;
}
// find and set DT_RUNPATH and dt_soname
// Note that these field values are temporary and are
// going to be overwritten on soinfo::prelink_image
// with values from PT_LOAD segments.
const ElfReader& elf_reader = task->get_elf_reader();
for (const ElfW(Dyn)* d = elf_reader.dynamic(); d->d_tag != DT_NULL; ++d) {
if (d->d_tag == DT_RUNPATH) {
si->set_dt_runpath(elf_reader.get_string(d->d_un.d_val));
}
if (d->d_tag == DT_SONAME) {
si->set_soname(elf_reader.get_string(d->d_un.d_val));
}
}
#if !defined(__ANDROID__)
// Bionic on the host currently uses some Android prebuilts, which don't set
// DT_RUNPATH with any relative paths, so they can't find their dependencies.
// b/118058804
if (si->get_dt_runpath().empty()) {
si->set_dt_runpath("$ORIGIN/../lib64:$ORIGIN/lib64");
}
#endif
//根据DT_NEEDED标记的库,将依赖的库添加到入参load_tasks,之后会递归加载这些新添加进去的库
for_each_dt_needed(task->get_elf_reader(), [&](const char* name) {
LD_LOG(kLogDlopen, "load_library(ns=%s, task=%s): Adding DT_NEEDED task: %s",
ns->get_name(), task->get_name(), name);
load_tasks->push_back(LoadTask::create(name, si, ns, task->get_readers_map()));
});
return true;
}
如果search_linked_namespaces为true(需要在链接命名空间搜索),且前面几步都没加载成功的话,便执行到此处。首先是通过find_library_in_linked_namespace在所有链接命名空间寻找加载的记录,如果没有加载过(即find_library_in_linked_namespace返回true且task->get_soinfo()返回nullptr),使用load_library进行加载(此处load_library传入的是链接命名空间)。
bionic/linker/linker.cpp
if (search_linked_namespaces) {
// if a library was not found - look into linked namespaces
// preserve current dlerror in the case it fails.
DlErrorRestorer dlerror_restorer;
LD_LOG(kLogDlopen, "find_library_internal(ns=%s, task=%s): Trying %zu linked namespaces",
ns->get_name(), task->get_name(), ns->linked_namespaces().size());
for (auto& linked_namespace : ns->linked_namespaces()) {
if (find_library_in_linked_namespace(linked_namespace, task)) {
if (task->get_soinfo() == nullptr) {
// try to load the library - once namespace boundary is crossed
// we need to load a library within separate load_group
// to avoid using symbols from foreign namespace while.
//
// However, actual linking is deferred until when the global group
// is fully identified and is applied to all namespaces.
// Otherwise, the libs in the linked namespace won't get symbols from
// the global group.
if (load_library(linked_namespace.linked_namespace(), task, zip_archive_cache, load_tasks, rtld_flags, false)) {
LD_LOG(
kLogDlopen, "find_library_internal(ns=%s, task=%s): Found in linked namespace %s",
ns->get_name(), task->get_name(), linked_namespace.linked_namespace()->get_name());
return true;
}
} else {
// lib is already loaded
return true;
}
}
}
通过find_library_internal,把整个共享库依赖链都放进到一个列表中,然后依次进行加载。
652
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
