fix: Add a linker script to enforce exported symbols

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+**Breaking changes**:
+
+- When built as a shared library for Android or Linux, the Native SDK limits the export of symbols to the `sentry_`-prefix. The option `SENTRY_EXPORT_SYMBOLS` is no longer available and the linker settings are constrained to the Native SDK and no longer `PUBLIC` to parent projects. ([#363](https://github.com/getsentry/sentry-native/pull/363))
+
 **Features**:
 
 - A session may be ended with a different status code. ([#801](https://github.com/getsentry/sentry-native/pull/801))

CMakeLists.txt

@@ -334,16 +334,6 @@ target_include_directories(sentry
 		"$<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/src>"
 )
 
-# The modulefinder and symbolizer need these two settings, and they are exported
-# as `PUBLIC`, so libraries that depend on sentry get these too:
-# `-E`: To have all symbols in the dynamic symbol table.
-# `--build-id`: To have a build-id in the ELF object.
-# FIXME: cmake 3.13 introduced target_link_options
-option(SENTRY_EXPORT_SYMBOLS "Export symbols for modulefinder and symbolizer" ON)
-if(SENTRY_EXPORT_SYMBOLS)
-	target_link_libraries(sentry PUBLIC
-		"$<$<OR:$<PLATFORM_ID:Linux>,$<PLATFORM_ID:Android>>:-Wl,-E,--build-id=sha1>")
-endif()
 
 #respect CMAKE_SYSTEM_VERSION
 if(WIN32)
@@ -601,3 +591,16 @@ if(SENTRY_BUILD_EXAMPLES)
 
 	add_test(NAME sentry_example COMMAND sentry_example)
 endif()
+
+# Limit the exported symbols when sentry is built as a shared library to those with a "sentry_" prefix:
+# - we do this at the end of the file as to not affect subdirectories reading target_link_libraries from the parent.
+# - we do this as PRIVATE since our version script does not make sense in any other project that adds us.
+#
+# Used linker parameters:
+# `--build-id`: To have a build-id in the ELF object.
+# `--version-script`: version script either hides "foreign" symbols or defers them as unknown ("U") to system libraries.
+# FIXME: cmake 3.13 introduced target_link_options (blocked by Android)
+if(SENTRY_BUILD_SHARED_LIBS)
+	target_link_libraries(sentry PRIVATE
+			"$<$<OR:$<PLATFORM_ID:Linux>,$<PLATFORM_ID:Android>>:-Wl,--build-id=sha1,--version-script=${PROJECT_SOURCE_DIR}/src/exports.map>")
+endif()

src/exports.map

@@ -0,0 +1,4 @@
+{
+   global: sentry_*;
+   local: *;
+};

tests/unit/CMakeLists.txt

@@ -54,6 +54,7 @@ target_link_libraries(sentry_test_unit PRIVATE
 	${SENTRY_LINK_LIBRARIES}
 	${SENTRY_INTERFACE_LINK_LIBRARIES}
 	"$<$<PLATFORM_ID:Linux>:rt>"
+	"$<$<OR:$<PLATFORM_ID:Linux>,$<PLATFORM_ID:Android>>:-Wl,-E,--build-id=sha1>"
 )
 
 if(MINGW)