No surefire way to bypass linker namespaces on Android 7.0 Nougat

[Chainfire]

Linker namespace were introduced in Android 7.0 Nougat. The linker prevents libraries from outside of the namespace-permitted paths to be loaded into a binary.

There are a couple of ways to bypass linker namespaces, one is setting LD_LIBRARY_PATH before executing the binary that is being injected. That is not always a workable solution, though.

From Android 8.0 onwards, linker namespaces are relaxed for libraries loaded from tmpfs, so on 8.0+ we can simply move the library to be injected to /dev, but this still does not always leave us with an option for 7.0.

[Chainfire]

From other projects, it seems like moving to /dev and using /system/lib/libandroid_runtime.so's context (it varies between Android versions) may work.

[allcs21]

Nice