Avoid loading external libraries from ARTs internal linker namespace.

dlopen() calls in ART will use its own linker namespace
(com_android_art). That's appropriate for internal libraries in the
APEX, but not when ART loads libraries on behalf of external requests.
In those cases we should instead use android_dlopen_ext to load them
from the system namespace, i.e. the one that searches /system/lib(64).

The linker config has been using allow_all_shared_libs, so any loads
from com_android_art fall back to the system namespace, and hence
dlopen() usually works regardless which namespace it ought to use.
However we want to drop allow_all_shared_libs, so we need to figure out
which dlopen's should use which namespace:

1. Several ART libraries are loaded on-demand, e.g. libart-compiler and
   libart-disassembler. There are also those going through the runtime
   plugin system, like libperfetto_hprofd and heapprofd_client_api. All
   these are internal or at least statically known (so we can provide
   links for them in the linker config), and should continue to use
   dlopen from the ART namespace.

2. libnativeloader loads the preloadable public libraries from
   system/etc/public.libraries.txt, and should use the system namespace
   for that.

3. libnativebridge loads the native bridge implementation specified
   through the command line (or ultimately the system property
   ro.dalvik.vm.native.bridge). It's not part of the ART APEX and not
   known statically, so the system namespace should be used.

4. libnativeloader also loads JNI libraries from classloader
   namespaces, but has a fallback if no such namespace can be found
   based on caller location. Fall back to the system namespace to
   handle libraries loaded during the preload phase in the zygote.

5. JVMTI agents are loaded by dalvik.system.VMDebug.attachAgent().
   Treat these too as external libraries - they are loaded in a way
   similar to JNI libraries through OpenNativeLibrary in
   libnativeloader, so are covered by #4.

   They are normally loaded by apps with a classloader, but a special
   case is adbconnection which loads libjdwp.so in the ART APEX without
   one and hence falls back to the system namespace. We therefore need
   to create a link for it (https://r.android.com/1690889,
   https://r.android.com/1690795).

All cases #2-#5 are covered by libnativeloader and libnativebridge.
Introduce OpenSystemLibrary, and since libnativeloader depends on
libnativebridge, put it in the latter to be usable from both. It's only
an internal dependency not exposed in the APEX stubs.

(Another possibility could be to put it in the generic toolbox lib
libartbase, but it's split into -d and non-d variants, and we don't
want to split libnative{loader,bridge} that way.)

Since libnativeloader_test no longer needs to mock dlopen we can
simplify it to a more regular test that loads the tested libs
dynamically.

Test: mmm art
Test: atest art/libnativeloader
Test: atest CtsJniTestCases
Test: Cuttlefish app compat test that uses NDK translation
Test: Manual tests with Android Studio TI agents
  (http://g/art-module-team/7Jy3Tg7LCh0)
Bug: 130340935
Change-Id: I2513472c4e1c44f0fcb01a6b4f6eccbb03718f1d

3 files changed, 41 insertions, 9 deletions

diff --git a/libnativebridge/Android.bp b/libnativebridge/Android.bp
index cb07d35363..8e87997b00 100644
--- a/libnativebridge/Android.bp
+++ b/libnativebridge/Android.bp
@@ -10,9 +10,6 @@ package {
 cc_defaults {
     name: "libnativebridge-defaults",
     defaults: ["art_defaults"],
-    cppflags: [
-        "-fvisibility=protected",
-    ],
     header_libs: [
         "jni_headers",
         "libnativebridge-headers",
@@ -64,10 +61,10 @@ art_cc_library {
 
     target: {
         android: {
-            version_script: "libnativebridge.map.txt",
-        },
-        linux: {
-            version_script: "libnativebridge.map.txt",
+            header_libs: [
+                "libnativeloader-headers", // For dlext_namespaces.h
+            ],
+            shared_libs: ["libdl_android"],
         },
     },
 
diff --git a/libnativebridge/include/nativebridge/native_bridge.h b/libnativebridge/include/nativebridge/native_bridge.h
index e20b6270a1..2199bab552 100644
--- a/libnativebridge/include/nativebridge/native_bridge.h
+++ b/libnativebridge/include/nativebridge/native_bridge.h
@@ -29,6 +29,11 @@ namespace android {
 extern "C" {
 #endif  // __cplusplus
 
+// Loads a shared library from the system linker namespace, suitable for
+// platform libraries in /system/lib(64). If linker namespaces don't exist (i.e.
+// on host), this simply calls dlopen().
+void* OpenSystemLibrary(const char* path, int flags);
+
 struct NativeBridgeRuntimeCallbacks;
 struct NativeBridgeRuntimeValues;
 
diff --git a/libnativebridge/native_bridge.cc b/libnativebridge/native_bridge.cc
index 46a05a23bf..fb13d62be0 100644
--- a/libnativebridge/native_bridge.cc
+++ b/libnativebridge/native_bridge.cc
@@ -31,6 +31,10 @@
 #include <android-base/macros.h>
 #include <log/log.h>
 
+#ifdef ART_TARGET_ANDROID
+#include "nativeloader/dlext_namespaces.h"
+#endif
+
 namespace android {
 
 #ifdef __APPLE__
@@ -40,6 +44,28 @@ void UNUSED(const T&) {}
 
 extern "C" {
 
+void* OpenSystemLibrary(const char* path, int flags) {
+#ifdef ART_TARGET_ANDROID
+  // The system namespace is called "default" for binaries in /system and
+  // "system" for those in the Runtime APEX. Try "system" first since
+  // "default" always exists.
+  // TODO(b/185587109): Get rid of this error prone logic.
+  android_namespace_t* system_ns = android_get_exported_namespace("system");
+  if (system_ns == nullptr) {
+    system_ns = android_get_exported_namespace("default");
+    LOG_ALWAYS_FATAL_IF(system_ns == nullptr,
+                        "Failed to get system namespace for loading %s", path);
+  }
+  const android_dlextinfo dlextinfo = {
+      .flags = ANDROID_DLEXT_USE_NAMESPACE,
+      .library_namespace = system_ns,
+  };
+  return android_dlopen_ext(path, flags, &dlextinfo);
+#else
+  return dlopen(path, flags);
+#endif
+}
+
 // Environment values required by the apps running with native bridge.
 struct NativeBridgeRuntimeValues {
     const char* os_arch;
@@ -223,8 +249,12 @@ bool LoadNativeBridge(const char* nb_library_filename,
     if (!NativeBridgeNameAcceptable(nb_library_filename)) {
       CloseNativeBridge(true);
     } else {
-      // Try to open the library.
-      void* handle = dlopen(nb_library_filename, RTLD_LAZY);
+      // Try to open the library. We assume this library is provided by the
+      // platform rather than the ART APEX itself, so use the system namespace
+      // to avoid requiring a static linker config link to it from the
+      // com_android_art namespace.
+      void* handle = OpenSystemLibrary(nb_library_filename, RTLD_LAZY);
+
       if (handle != nullptr) {
         callbacks = reinterpret_cast<NativeBridgeCallbacks*>(dlsym(handle,
                                                                    kNativeBridgeInterfaceSymbol));