[Android] Put Java JNI function in a separate static library

src/installer/pkg/sfx/Microsoft.NETCore.App/Directory.Build.props

@@ -92,6 +92,7 @@
     <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.Apple.a" IsNative="true" />
     <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.Apple.dylib" IsNative="true" />
     <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.Android.a" IsNative="true" />
+    <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.Android.JNIExport.a" IsNative="true" />
     <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.Android.so" IsNative="true" />
     <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.Android.dex" IsNative="true" />
     <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.Android.jar" IsNative="true" />

src/native/libs/System.Security.Cryptography.Native.Android/CMakeLists.txt

@@ -33,7 +33,7 @@ set(NATIVECRYPTO_SOURCES
 
 add_library(System.Security.Cryptography.Native.Android
     SHARED
-    ${NATIVECRYPTO_SOURCES} pal_jni_onload.c
+    ${NATIVECRYPTO_SOURCES} pal_jni_onload.c pal_trust_manager_jni_export.c
     ${VERSION_FILE_PATH}
 )
 
@@ -42,15 +42,34 @@ add_library(System.Security.Cryptography.Native.Android-Static
     ${NATIVECRYPTO_SOURCES}
 )
 
-set_target_properties(System.Security.Cryptography.Native.Android-Static PROPERTIES OUTPUT_NAME System.Security.Cryptography.Native.Android CLEAN_DIRECT_OUTPUT 1)
+#
+# This is necessary so that dynamic linking of the .NET for Android runtime
+# can hide all the other symbols in System.Security.Cryptography.Native.Android.
+#
+# .NET for Android dynamic runtime linking links all the relevant native BCL
+# libraries into a single .so, using the .a archives built here.  clang allows
+# hiding all the symbols in the .a archive, but there's no (working) way to
+# exclude just select symbols from hiding.
+#
+# Java VM requires that all the functions implementing the `native` methods are
+# exported from the shared libraries they are implemented in.  Therefore it is
+# necessary to put this symbol in a separate .a archive so that we can exclude it
+# from hiding described above.
+#
+add_library(System.Security.Cryptography.Native.Android-StaticJNIExport
+    STATIC
+    pal_trust_manager_jni_export.c
+)
 
 target_link_libraries(System.Security.Cryptography.Native.Android
     PRIVATE
     -llog
 )
 
 set_target_properties(System.Security.Cryptography.Native.Android PROPERTIES OUTPUT_NAME "System.Security.Cryptography.Native.Android")
-set_target_properties(System.Security.Cryptography.Native.Android-Static PROPERTIES OUTPUT_NAME "System.Security.Cryptography.Native.Android")
+set_target_properties(System.Security.Cryptography.Native.Android-Static PROPERTIES OUTPUT_NAME "System.Security.Cryptography.Native.Android" CLEAN_DIRECT_OUTPUT 1)
+set_target_properties(System.Security.Cryptography.Native.Android-StaticJNIExport PROPERTIES OUTPUT_NAME "System.Security.Cryptography.Native.Android.JNIExport"  CLEAN_DIRECT_OUTPUT 1)
 
 install_with_stripped_symbols (System.Security.Cryptography.Native.Android PROGRAMS .)
 install (TARGETS System.Security.Cryptography.Native.Android-Static DESTINATION .)
+install (TARGETS System.Security.Cryptography.Native.Android-StaticJNIExport DESTINATION .)

src/native/libs/System.Security.Cryptography.Native.Android/pal_trust_manager.c

@@ -1,11 +1,8 @@
 #include "pal_trust_manager.h"
-#include <stdatomic.h>
-
-static _Atomic RemoteCertificateValidationCallback verifyRemoteCertificate;
 
 ARGS_NON_NULL_ALL void AndroidCryptoNative_RegisterRemoteCertificateValidationCallback(RemoteCertificateValidationCallback callback)
 {
-    atomic_store(&verifyRemoteCertificate, callback);
+    StoreRemoteVerificationCallback(callback);
 }
 
 ARGS_NON_NULL_ALL jobjectArray GetTrustManagers(JNIEnv* env, intptr_t sslStreamProxyHandle)
@@ -28,10 +25,3 @@ ARGS_NON_NULL_ALL jobjectArray GetTrustManagers(JNIEnv* env, intptr_t sslStreamP
     return trustManagers;
 }
 
-ARGS_NON_NULL_ALL jboolean Java_net_dot_android_crypto_DotnetProxyTrustManager_verifyRemoteCertificate(
-    JNIEnv* env, jobject thisHandle, jlong sslStreamProxyHandle)
-{
-    RemoteCertificateValidationCallback verify = atomic_load(&verifyRemoteCertificate);
-    abort_unless(verify, "verifyRemoteCertificate callback has not been registered");
-    return verify((intptr_t)sslStreamProxyHandle);
-}

src/native/libs/System.Security.Cryptography.Native.Android/pal_trust_manager.h

@@ -6,5 +6,6 @@ PALEXPORT void AndroidCryptoNative_RegisterRemoteCertificateValidationCallback(R
 
 jobjectArray GetTrustManagers(JNIEnv* env, intptr_t sslStreamProxyHandle);
 
+void StoreRemoteVerificationCallback (RemoteCertificateValidationCallback callback);
 JNIEXPORT jboolean JNICALL Java_net_dot_android_crypto_DotnetProxyTrustManager_verifyRemoteCertificate(
     JNIEnv *env, jobject thisHandle, jlong sslStreamProxyHandle);

src/native/libs/System.Security.Cryptography.Native.Android/pal_trust_manager_jni_export.c

@@ -0,0 +1,17 @@
+#include "pal_trust_manager.h"
+#include <stdatomic.h>
+
+static _Atomic RemoteCertificateValidationCallback verifyRemoteCertificate;
+
+void StoreRemoteVerificationCallback (RemoteCertificateValidationCallback callback)
+{
+    atomic_store(&verifyRemoteCertificate, callback);
+}
+
+ARGS_NON_NULL_ALL jboolean Java_net_dot_android_crypto_DotnetProxyTrustManager_verifyRemoteCertificate(
+    JNIEnv* env, jobject thisHandle, jlong sslStreamProxyHandle)
+{
+    RemoteCertificateValidationCallback verify = atomic_load(&verifyRemoteCertificate);
+    abort_unless(verify, "verifyRemoteCertificate callback has not been registered");
+    return verify((intptr_t)sslStreamProxyHandle);
+}