Extend white-listed directories to include /mnt/expand

Apps on sdcard live under /mnt/expand and therefore
this directory should be under linker namespaces
permitted_path.

Bug: http://b/28639227
Change-Id: I462f9f23656c95d9c2a48bb3f513abcd9d08f340
(cherry picked from commit f334cbf0e1)

libnativeloader/native_loader.cpp

@@ -39,6 +39,11 @@ namespace android {
 static constexpr const char* kPublicNativeLibrariesSystemConfigPathFromRoot = "/etc/public.libraries.txt";
 static constexpr const char* kPublicNativeLibrariesVendorConfig = "/vendor/etc/public.libraries.txt";
 
+// (http://b/27588281) This is a workaround for apps using custom classloaders and calling
+// System.load() with an absolute path which is outside of the classloader library search path.
+// This list includes all directories app is allowed to access this way.
+static constexpr const char* kWhitelistedDirectories = "/data:/mnt/expand";
+
 static bool is_debuggable() {
   char debuggable[PROP_VALUE_MAX];
   property_get("ro.debuggable", debuggable, "0");
@@ -61,10 +66,17 @@ class LibraryNamespaces {
       library_path = library_path_utf_chars.c_str();
     }
 
-    std::string permitted_path;
+    // (http://b/27588281) This is a workaround for apps using custom
+    // classloaders and calling System.load() with an absolute path which
+    // is outside of the classloader library search path.
+    //
+    // This part effectively allows such a classloader to access anything
+    // under /data and /mnt/expand
+    std::string permitted_path = kWhitelistedDirectories;
+
     if (java_permitted_path != nullptr) {
       ScopedUtfChars path(env, java_permitted_path);
-      permitted_path = path.c_str();
+      permitted_path = permitted_path + ":" + path.c_str();
     }
 
     if (!initialized_ && !InitPublicNamespace(library_path.c_str())) {