Embedder API dylibs should not expose any symbols other than the ones in embedder.h

[chinmaygarde]

We already do this for iOS and Android. We used to have a check that queried global symbols that tripped if unexpected symbols were found. We depended on this check for the embedder dylib as well. Some time ago, this post link check was replaced by a linker script that finely controlled the exposed symbols. The linker script was not applied to the embedder API dylibs.

This caused the issue in #106118. The chronology of events:

• 4 months ago, FreeType was rolled to 2.11.1 in Roll FreeType to a version based on 2.11.1 engine#31678. This roll included a change to the GN rule where the FT_PUBLIC_FUNCTION_ATTRIBUTE was unset. The default FT_PUBLIC_FUNCTION_ATTRIBUTE implementation unsets symbol visibility which engine builds set to hidden. Now FreeType symbols were exposed by the embedder API dylibs (found using nm --dynamic).
• customer: vroom rolls in the embedder dylib. This embedder also depends on libfreetype2 and there are symbol overrides.
• The symbol visibility leak is patched in https://flutter-review.googlesource.com/c/third_party/freetype2/+/31480
• The embedder works around the issue using RTLD_DEEPBIND in [engine] 3.x x86_64 embedder segfaults #106118 (comment)

We should guarantee that no symbols used by the internal dependencies of Flutter leak from the Flutter engine dylib accidentally. we can either do this via a linker script like the Android or iOS embedders or via a post link check (or both).

[chinmaygarde]

cc @jason-simmons @zanderso for the issue we spoke of during the weekly sync.

[jwinarske]

Any update on the? I'm looking into building flutter stack with musl; it doesn't support RTLD_DEEPBIND. So I would need this fixed.

[0xchase]

This remains a blocker for me also.

[jason-simmons]

I landed a linker script that limits the symbols exported by the embedder library on Linux.

RTLD_DEEPBIND should no longer be necessary.

[jwinarske]

Master? Can we get a cherry pick into stable?