From 9e253ce6b7aea5a1a6f761d94a7471bb88574e53 Mon Sep 17 00:00:00 2001
From: Dimitry Ivanov <dimitry@google.com>
Date: Mon, 8 May 2017 22:24:24 -0700
Subject: [PATCH] Explicitly enable greylist for classloader-namespaces

The linker no longer enables greylist by default, it
needs to be explicitly enabled by specifying corresponding
flag.

Bug: https://issuetracker.google.com/38146125
Test: builds
Change-Id: Ib593f2d9a35dbadffb436f5fbc9a2a7a8f64ada0
(cherry picked from commit 058b2ea8c52ed8ce33442eda3a39e49ecd11e6dd)
---
 .../include/nativeloader/dlext_namespaces.h      |  6 ++++++
 libnativeloader/native_loader.cpp                | 16 ++++++++++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/libnativeloader/include/nativeloader/dlext_namespaces.h b/libnativeloader/include/nativeloader/dlext_namespaces.h
index ac64f710a..912127753 100644
--- a/libnativeloader/include/nativeloader/dlext_namespaces.h
+++ b/libnativeloader/include/nativeloader/dlext_namespaces.h
@@ -55,6 +55,12 @@ enum {
    * permitted_path from the caller's namespace.
    */
   ANDROID_NAMESPACE_TYPE_SHARED = 2,
+
+  /* This flag instructs linker to enable grey-list workaround for the namespace.
+   * See http://b/26394120 for details.
+   */
+  ANDROID_NAMESPACE_TYPE_GREYLIST_ENABLED = 0x08000000,
+
   ANDROID_NAMESPACE_TYPE_SHARED_ISOLATED = ANDROID_NAMESPACE_TYPE_SHARED |
                                            ANDROID_NAMESPACE_TYPE_ISOLATED,
 };
diff --git a/libnativeloader/native_loader.cpp b/libnativeloader/native_loader.cpp
index f3391d1be..d9cb90d04 100644
--- a/libnativeloader/native_loader.cpp
+++ b/libnativeloader/native_loader.cpp
@@ -99,6 +99,7 @@ class LibraryNamespaces {
   LibraryNamespaces() : initialized_(false) { }
 
   bool Create(JNIEnv* env,
+              uint32_t target_sdk_version,
               jobject class_loader,
               bool is_shared,
               jstring java_library_path,
@@ -141,6 +142,10 @@ class LibraryNamespaces {
       namespace_type |= ANDROID_NAMESPACE_TYPE_SHARED;
     }
 
+    if (target_sdk_version < 24) {
+      namespace_type |= ANDROID_NAMESPACE_TYPE_GREYLIST_ENABLED;
+    }
+
     NativeLoaderNamespace parent_ns;
     bool found_parent_namespace = FindParentNamespaceByClassLoader(env, class_loader, &parent_ns);
 
@@ -397,12 +402,12 @@ jstring CreateClassLoaderNamespace(JNIEnv* env,
                                    jstring library_path,
                                    jstring permitted_path) {
 #if defined(__ANDROID__)
-  UNUSED(target_sdk_version);
   std::lock_guard<std::mutex> guard(g_namespaces_mutex);
 
   std::string error_msg;
   NativeLoaderNamespace ns;
   bool success = g_namespaces->Create(env,
+                                      target_sdk_version,
                                       class_loader,
                                       is_shared,
                                       library_path,
@@ -439,7 +444,14 @@ void* OpenNativeLibrary(JNIEnv* env,
   if (!g_namespaces->FindNamespaceByClassLoader(env, class_loader, &ns)) {
     // This is the case where the classloader was not created by ApplicationLoaders
     // In this case we create an isolated not-shared namespace for it.
-    if (!g_namespaces->Create(env, class_loader, false, library_path, nullptr, &ns, error_msg)) {
+    if (!g_namespaces->Create(env,
+                              target_sdk_version,
+                              class_loader,
+                              false,
+                              library_path,
+                              nullptr,
+                              &ns,
+                              error_msg)) {
       return nullptr;
     }
   }