前语

so库的加载可是咱们日常开发都会用到的,因而系统也提供了十分便利的api给咱们进行调用

System.loadLibrary(xxxso);

当然,随着版别的改变,loadLibrary也是呈现了十分大的改变,最重要的是分水岭是androidN加入了namespace机制,可能很多人都是一头雾水噢!这是个啥?咱们在动态so加载计划中,会频频呈现这个名词,一起还有一个高频的词便是Linker,本期不触及杂乱的技术计划,咱们就来深入聊聊,Linker的概念,与namespace机制的加入,希望能协助更多开发者去了解so的加载进程。

Linker

咱们都知道,Linux渠道下有动态链接文件(.so)与静态链接文件(.a),两者其实都是一种ELF文件(相关的文件格式咱们不赘述)。为什么会有这么两种文件呢?咱们就从简单的角度来想一次,其实便是为了更多的代码复用,比如程序1,程序2都用到了同一个东西,比如xx.so

so加载 - Linker跟NameSpace知识 (上篇)

此刻就会呈现,程序1与程序2中调用fun common的地方,在没有链接之前,调用处的地址,咱们以“stub”,表明这其实是一个未确定的东西,而后续的这个地址填充(写入正确的common地址),其实便是Linker的责任。

咱们经过上面的例子,其实就能够理解,Linker,首要的责任,便是协助查找当时程序所依靠的动态库文件(ELF文件)。那么Linker自身是个什么呢,其实他跟.so文件都是同一种格式,也是ELF文件,那么Linker又由谁协助加载发动呢,这儿就会呈现存在一个(鸡生蛋,蛋生鸡)的问题,而ELF文件给出的答案便是,建立一个:interp 的段,当一个进程发动的时分(linux中经过execv发动),此刻就会经过load_elf_binary函数,先加载ELF文件,然后再调用load_elf_interp办法,直接加载了:interp 段地址的起点,从而能够构建咱们的大管家Linker,当然,Linker自身就不能像一般的so文件一样,去依靠另一个so,其实原因也很简单,没人帮他初始化呀!因而Linker是选用配置的办法先发动起来了!

当然,咱们首要的目标是建立概念,Linker自身触及的杂乱加载,咱们也不继续贴出来了

NameSpace

在以往的anroidN以下版别中,加载so库通常是直接选用dlopen的办法去直接加载的,对于非揭露的符号,假如被运用,就容易在之后迭代呈现问题,(相似java,运用了一个三方库的private办法,假如后续变更办法含义,就会呈现问题),因而引入了NameSpace机制

Android 7.0 为原生库引入了命名空间,以限制内部 API 可见性并解决运用意外运用渠道库而不是自己的渠道库的状况。

咱们说的NameSpace,首要对应着一个数据结构android_namespace_link_t

linker_namespaces.h
struct android_namespace_link_t 
private:
        std::string name_; namespace称号
        bool is_isolated_; 是否隔离(大部分是true)
        std::vector<std::string> ld_library_paths_; 链接途径
        std::vector<std::string> default_library_paths_;默认可拜访途径
        std::vector<std::string> permitted_paths_;已答应拜访途径
        ....

咱们来看一看,这个数据结构在哪里会被运用到,其实便是so库加载进程。当咱们调用System.loadLibrary的时分,其实终究调用的是

private synchronized void loadLibrary0(ClassLoader loader, Class<?> callerClass, String libname) {
    文件名校验
    if (libname.indexOf((int)File.separatorChar) != -1) {
        throw new UnsatisfiedLinkError(
"Directory separator should not appear in library name: " + libname);
    }
    String libraryName = libname;
    // Android-note: BootClassLoader doesn't implement findLibrary(). http://b/111850480
    // Android's class.getClassLoader() can return BootClassLoader where the RI would
    // have returned null; therefore we treat BootClassLoader the same as null here.
    if (loader != null && !(loader instanceof BootClassLoader)) {
        String filename = loader.findLibrary(libraryName);
        if (filename == null &&
                (loader.getClass() == PathClassLoader.class ||
                 loader.getClass() == DelegateLastClassLoader.class)) {
            // Don't give up even if we failed to find the library in the native lib paths.
            // The underlying dynamic linker might be able to find the lib in one of the linker
            // namespaces associated with the current linker namespace. In order to give the
            // dynamic linker a chance, proceed to load the library with its soname, which
            // is the fileName.
            // Note that we do this only for PathClassLoader  and DelegateLastClassLoader to
            // minimize the scope of this behavioral change as much as possible, which might
            // cause problem like b/143649498. These two class loaders are the only
            // platform-provided class loaders that can load apps. See the classLoader attribute
            // of the application tag in app manifest.
            filename = System.mapLibraryName(libraryName);
        }
        if (filename == null) {
            // It's not necessarily true that the ClassLoader used
            // System.mapLibraryName, but the default setup does, and it's
            // misleading to say we didn't find "libMyLibrary.so" when we
            // actually searched for "liblibMyLibrary.so.so".
            throw new UnsatisfiedLinkError(loader + " couldn't find "" +
                                           System.mapLibraryName(libraryName) + """);
        }
        String error = nativeLoad(filename, loader);
        if (error != null) {
            throw new UnsatisfiedLinkError(error);
        }
        return;
    }
    // We know some apps use mLibPaths directly, potentially assuming it's not null.
    // Initialize it here to make sure apps see a non-null value.
    getLibPaths();
    String filename = System.mapLibraryName(libraryName);
    终究调用nativeLoad
    String error = nativeLoad(filename, loader, callerClass);
    if (error != null) {
        throw new UnsatisfiedLinkError(error);
    }
}

这儿咱们留意到,抛出UnsatisfiedLinkError的时机,要么so文件名加载不合法,要么便是nativeLoad办法返回了错误信息,这儿是需要咱们留意的,咱们假如呈现这个异常,能够从这儿排查,nativeLoad办法终究经过LoadNativeLibrary,在native层真正进入so的加载进程

LoadNativeLibrary 十分长,咱们截取部分
bool JavaVMExt::LoadNativeLibrary(JNIEnv* env,
                                  const std::string& path,
jobject class_loader,
        jclass caller_class,
std::string* error_msg) {
会判别是否现已加载过当时so,一起也要加锁,因为存在多线程加载的状况
SharedLibrary* library;
Thread* self = Thread::Current();
{
// TODO: move the locking (and more of this logic) into Libraries.
MutexLock mu(self, *Locks::jni_libraries_lock_);
library = libraries_->Get(path);
}
调用OpenNativeLibrary加载
void* handle = android::OpenNativeLibrary(
        env,
        runtime_->GetTargetSdkVersion(),
        path_str,
        class_loader,
        (caller_location.empty() ? nullptr : caller_location.c_str()),
        library_path.get(),
        &needs_native_bridge,
        &nativeloader_error_msg);

这儿又是漫长的native办法,OpenNativeLibrary,在这儿咱们终于见到namespace了

void* OpenNativeLibrary(JNIEnv* env, int32_t target_sdk_version, const char* path,
jobject class_loader, const char* caller_location, jstring library_path,
bool* needs_native_bridge, char** error_msg) {
    #if defined(ART_TARGET_ANDROID)
    UNUSED(target_sdk_version);
    if (class_loader == nullptr) {
        *needs_native_bridge = false;
        if (caller_location != nullptr) {
            android_namespace_t* boot_namespace = FindExportedNamespace(caller_location);
            if (boot_namespace != nullptr) {
                const android_dlextinfo dlextinfo = {
                    .flags = ANDROID_DLEXT_USE_NAMESPACE,
                    .library_namespace = boot_namespace,
                };
                终究调用android_dlopen_ext翻开
                void* handle = android_dlopen_ext(path, RTLD_NOW, &dlextinfo);
                if (handle == nullptr) {
                    *error_msg = strdup(dlerror());
                }
                return handle;
            }
        }
        // Check if the library is in NATIVELOADER_DEFAULT_NAMESPACE_LIBS and should
        // be loaded from the kNativeloaderExtraLibs namespace.
        {
            Result<void*> handle = TryLoadNativeloaderExtraLib(path);
            if (!handle.ok()) {
                *error_msg = strdup(handle.error().message().c_str());
                return nullptr;
            }
            if (handle.value() != nullptr) {
                return handle.value();
            }
        }
        // Fall back to the system namespace. This happens for preloaded JNI
        // libraries in the zygote.
        // TODO(b/185833744): Investigate if this should fall back to the app main
        // namespace (aka anonymous namespace) instead.
        void* handle = OpenSystemLibrary(path, RTLD_NOW);
        if (handle == nullptr) {
            *error_msg = strdup(dlerror());
        }
        return handle;
    }
    std::lock_guard<std::mutex> guard(g_namespaces_mutex);
    NativeLoaderNamespace* ns;
    触及到了namespace,假如当时classloader没有,则创立,可是这归于异常状况
    if ((ns = g_namespaces->FindNamespaceByClassLoader(env, class_loader)) == nullptr) {
        // This is the case where the classloader was not created by ApplicationLoaders
        // In this case we create an isolated not-shared namespace for it.
        Result<NativeLoaderNamespace*> isolated_ns =
        CreateClassLoaderNamespaceLocked(env,
            target_sdk_version,
            class_loader,
            /*is_shared=*/false,
            /*dex_path=*/nullptr,
            library_path,
            /*permitted_path=*/nullptr,
            /*uses_library_list=*/nullptr);
        if (!isolated_ns.ok()) {
            *error_msg = strdup(isolated_ns.error().message().c_str());
            return nullptr;
        } else {
            ns = *isolated_ns;
        }
    }
    return OpenNativeLibraryInNamespace(ns, path, needs_native_bridge, error_msg);

这儿咱们打断一下,咱们看到上面代码剖析,假如当时classloader的namespace假如为null,则创立,这儿咱们也知道一个信息,namespace是跟classloader绑定的。一起咱们也知道,classloader在创立的时分,其实就会绑定一个namespace。咱们在app加载的时分,就会经过LoadedApk这个class去加载一个pathclassloader

frameworks/base/core/java/android/app/LoadedApk.java
if (!mIncludeCode) {
    if (mDefaultClassLoader == null) {
        StrictMode.ThreadPolicy oldPolicy = allowThreadDiskReads();
        mDefaultClassLoader = ApplicationLoaders.getDefault().getClassLoader(
            "" /* codePath */, mApplicationInfo.targetSdkVersion, isBundledApp,
            librarySearchPath, libraryPermittedPath, mBaseClassLoader,
            null /* classLoaderName */);
        setThreadPolicy(oldPolicy);
        mAppComponentFactory = AppComponentFactory.DEFAULT;
    }
    if (mClassLoader == null) {
        mClassLoader = mAppComponentFactory.instantiateClassLoader(mDefaultClassLoader,
            new ApplicationInfo(mApplicationInfo));
    }
    return;
}

之后ApplicationLoaders.getDefault().getClassLoader会调用createClassLoader

public static ClassLoader createClassLoader(String dexPath,
                                            String librarySearchPath, String libraryPermittedPath, ClassLoader parent,
                                            int targetSdkVersion, boolean isNamespaceShared, String classLoaderName,
                                            List<ClassLoader> sharedLibraries, List<String> nativeSharedLibraries,
                                            List<ClassLoader> sharedLibrariesAfter) {
    final ClassLoader classLoader = createClassLoader(dexPath, librarySearchPath, parent,
            classLoaderName, sharedLibraries, sharedLibrariesAfter);
    String sonameList = "";
    if (nativeSharedLibraries != null) {
        sonameList = String.join(":", nativeSharedLibraries);
    }
    Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "createClassloaderNamespace");
    这儿就讲上述的属性传入,创立了一个归于该classloader的namespace
    String errorMessage = createClassloaderNamespace(classLoader,
            targetSdkVersion,
            librarySearchPath,
            libraryPermittedPath,
            isNamespaceShared,
            dexPath,
            sonameList);
    Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);
    if (errorMessage != null) {
        throw new UnsatisfiedLinkError("Unable to create namespace for the classloader " +
                classLoader + ": " + errorMessage);
    }
    return classLoader;
}

这儿咱们得到的首要音讯是,咱们的classloader的namespace,里边的so检索途径,其实都在创立的时分就被定下来了(这个也是,为什么想要实现so动态加载,其间的一个计划便是替换classloader的原因,因为咱们当时运用的classloader的namespace检索途径,现已是固定了,后续对classloader自身的检索途径增加,是不会同步给namespace的,只要创立的时分才会同步)

好了,咱们继续回到OpenNativeLibrary,内部其实调用android_dlopen_ext翻开

void* android_dlopen_ext(const char* filename, int flag, const android_dlextinfo* extinfo) {
        const void* caller_addr = __builtin_return_address(0);
        return __loader_android_dlopen_ext(filename, flag, extinfo, caller_addr);
        }

这儿不知道大家有没有觉得眼熟,这儿肯定终究调用便是dlopen,只不过谷歌为了限制dlopen的调起方,选用了__builtin_return_address 内建函数作为卡口,限制了一般app调哟dlopen(这儿也是有破解办法的)

之后的阅历android_dlopen_ext -> dlopen_ext ->do_dlopen,终究到了最终加载的办法了

void* do_dlopen(const char* name, int flags,
        const android_dlextinfo* extinfo,
        const void* caller_addr) {
        std::string trace_prefix = std::string("dlopen: ") + (name == nullptr ? "(nullptr)" : name);
        ScopedTrace trace(trace_prefix.c_str());
        ScopedTrace loading_trace((trace_prefix + " - loading and linking").c_str());
        soinfo* const caller = find_containing_library(caller_addr);
        // 找到调用者,归于哪个namespace
        android_namespace_t* ns = get_caller_namespace(caller);
        ... 
        ProtectedDataGuard guard;
        之后便是在namespace的加载列表找library的进程了
        soinfo* si = find_library(ns, translated_name, flags, extinfo, caller);
       ....
        return nullptr;
        }

总结

最终咱们先总结一下,Linker作用跟NameSpace的调用流程,能够发现其实内部十分杂乱,可是咱们捉住主干去看,NameSpace其实作用的功用,也便是标准了查找so的进程,需要在指定列表查找。

上篇就到此结束,咱们下篇再会