From 84b157fe6dc7e5a583ae42364482e5b482f3d9fb Mon Sep 17 00:00:00 2001 From: torne Date: Wed, 18 Feb 2015 13:37:16 -0800 Subject: [PATCH] android: Hide JNI exports by default. Hide JNI exported functions in Android binaries by default, unless the target in question has explicitly set "use_native_jni_exports" to indicate that it relies on the JVM's automatic symbol lookup mechanism. The functions are simply demoted to hidden visibility; the code will remain unless the linker determines that it is unreferenced and strips it via --gc-sections. This ensures that binaries by default actually test the explicit JNI registration codepaths, which are required for compatibility with the crazy linker, while still allowing binaries that do not require crazy linker compatibility to choose to use the automatic mechanism in future. BUG=442327 Review URL: https://codereview.chromium.org/843103003 Cr-Original-Commit-Position: refs/heads/master@{#316896} Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src Cr-Mirrored-Commit: 9d90d85f73ca46847047ccbda270f25b637ccc86 --- android/android_exports.gyp | 12 ++++++---- android/android_no_jni_exports.lst | 17 ++++++++++++++ ...t => android_webview_export_whitelist.lst} | 3 ++- common.gypi | 22 +++++++++++++++---- config/BUILDCONFIG.gn | 5 +++++ config/android/BUILD.gn | 5 +++++ 6 files changed, 55 insertions(+), 9 deletions(-) create mode 100644 android/android_no_jni_exports.lst rename android/{android_exports.lst => android_webview_export_whitelist.lst} (72%) diff --git a/android/android_exports.gyp b/android/android_exports.gyp index c259eee37..bf3424d73 100644 --- a/android/android_exports.gyp +++ b/android/android_exports.gyp @@ -2,13 +2,20 @@ # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. +# This target is only used when android_webview_build==1 - it implements a +# whitelist for exported symbols to minimise the binary size and prevent us +# accidentally exposing things we don't mean to expose. + { + 'variables': { + 'android_linker_script%': '<(SHARED_INTERMEDIATE_DIR)/android_webview_export_whitelist.lst', + }, 'targets': [ { 'target_name': 'android_exports', 'type': 'none', 'inputs': [ - '<(DEPTH)/build/android/android_exports.lst', + '<(DEPTH)/build/android/android_webview_export_whitelist.lst', ], 'outputs': [ '<(android_linker_script)', @@ -28,9 +35,6 @@ # Only export symbols that are specified in version script. '-Wl,--version-script=<(android_linker_script)', ], - 'ldflags!': [ - '-Wl,--exclude-libs=ALL', - ], }, }], ], diff --git a/android/android_no_jni_exports.lst b/android/android_no_jni_exports.lst new file mode 100644 index 000000000..ffc6cf702 --- /dev/null +++ b/android/android_no_jni_exports.lst @@ -0,0 +1,17 @@ +# Copyright 2014 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# This script makes all JNI exported symbols local, to prevent the JVM from +# being able to find them, enforcing use of manual JNI function registration. +# This is used for all Android binaries by default, unless they explicitly state +# that they want JNI exported symbols to remain visible, as we need to ensure +# the manual registration path is correct to maintain compatibility with the +# crazy linker. +# Check ld version script manual: +# https://sourceware.org/binutils/docs-2.24/ld/VERSION.html#VERSION + +{ + local: + Java_*; +}; diff --git a/android/android_exports.lst b/android/android_webview_export_whitelist.lst similarity index 72% rename from android/android_exports.lst rename to android/android_webview_export_whitelist.lst index 6eee232f9..2a56a75b0 100644 --- a/android/android_exports.lst +++ b/android/android_webview_export_whitelist.lst @@ -2,7 +2,8 @@ # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. -# Default exports specification for chromium shared libraries on android. +# Exports specification for android_webview_build==1, which uses a whitelist to +# enforce only specific symbols being exported. # Check ld version script manual: # https://sourceware.org/binutils/docs-2.24/ld/VERSION.html#VERSION diff --git a/common.gypi b/common.gypi index 93da26f23..f8181b0cf 100644 --- a/common.gypi +++ b/common.gypi @@ -1802,9 +1802,6 @@ # Copy it out one scope. 'android_webview_build%': '<(android_webview_build)', - - # Default android linker script for shared library exports. - 'android_linker_script%': '<(SHARED_INTERMEDIATE_DIR)/android_exports.lst', }], # OS=="android" ['embedded==1', { 'use_system_fontconfig%': 0, @@ -2463,6 +2460,14 @@ '-Wno-unnamed-type-template-args', ], + # By default, Android targets have their exported JNI symbols stripped, + # so we test the manual JNI registration code paths that are required + # when using the crazy linker. To allow use of native JNI exports (lazily + # resolved by the JVM), targets can enable this variable, which will stop + # the stripping from happening. Only targets which do not need to be + # compatible with the crazy linker are permitted to set this. + 'use_native_jni_exports%': 0, + 'conditions': [ ['OS=="win" and component=="shared_library"', { # See http://msdn.microsoft.com/en-us/library/aa652367.aspx @@ -4582,10 +4587,19 @@ '-Wl,--no-undefined', ], 'conditions': [ - ['component=="static_library"', { + ['component=="static_library" and android_webview_build==0', { 'ldflags': [ '-Wl,--exclude-libs=ALL', ], + 'target_conditions': [ + ['use_native_jni_exports==0', { + # Use a linker version script to strip JNI exports from + # binaries which have not specifically asked to use them. + 'ldflags': [ + '-Wl,--version-script=