当我们使用命令行:

$ cargo build --release --target aarch64-linux-android

或使用 org.mozilla.rust-android-gradle.rust-android gradle plugin:

plugins {
    alias(libs.plugins.android.library)
    alias(libs.plugins.kotlin.android)
    id "org.mozilla.rust-android-gradle.rust-android"
}

android.libraryVariants.configureEach { LibraryVariant variant ->
    tasks.named("merge${variant.name.capitalize()}JniLibFolders").get().dependsOn 'cargoBuild'
}

cargo {
    module  = "src/rust/hansome"       // Or whatever directory contains your Cargo.toml
    libname = "hansome"          // Or whatever matches Cargo.toml's [package] name.
    targets = ["arm", "arm64"]  // See bellow for a longer list of options
    profile = "release"
}

tasks.named("clean", Delete) {
    delete(project.layout.buildDirectory)
    delete(project.file(cargo.module + "/target"))
}

构建一个可以在 Android 平台上运行的动态链接库后,我们可以使用任何的二进制查看工具查看生成的 so, 会有很多明文的字符串, 例如:

error: entered unreachable code/Users/enjoy/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde_json-1.0.138/src/de.rsstruct 

关键的问题是里面会包含我们的设备用户名: /Users/enjoy, 具体的内容我们可以在终端里输入: $ echo $HOME 获取. 这是不可接受的,在一些安全的领域,这会泄漏我们的敏感信息,如何解决呢:

 cargo {
     module  = "src/rust/hive"       // Or whatever directory contains your Cargo.toml
     libname = "hive"          // Or whatever matches Cargo.toml's [package] name.
     targets = ["arm", "arm64"]  // See bellow for a longer list of options
     profile = "release"
+    exec { spec, toolchain ->
+        def modulePath = project.file(cargo.module)
+        def home = System.getProperty("user.home")
+        spec.environment("CARGO_BUILD_RUSTFLAGS", "--remap-path-prefix=$home=/ArcticFox --remap-path-prefix=${modulePath}=/BlueWhale")
+    }
 }

如上所示,我们可以通过 --remap-path-prefix 解决, 通过上面的配置,/Users/enjoy 会被替换成 /ArcticFox, 从而移除敏感信息。

-buildrustflags