Make default namespace for system processes isolated
The default namespace for system process now becomes isolated, which means it can load only the libs that are in search.paths and under permitted.paths. /system/framework, /system/app, /system/priv-app, /vendor/app, /data, etc are added to the permitted paths since libart should be able to dlopen odex files under the locations. Following directories become unavailable: /system/lib/vndk /system/lib/vndk-sp Bug: 37013858 Bug: 64888291 Bug: 64950640 Test: 2017 pixel devices builds and boots Test: android.jni.cts.JniStaticTest#test_linker_namespaces passes Change-Id: I2bbe9cc19940c3633c2fb901f9bf8ab813e38c13
This commit is contained in:
Jiyong Park
parent
a2f1335819
commit
55f05d79f9
1 changed files with 10 additions and 14 deletions
|
|
@ -23,25 +23,21 @@ additional.namespaces = sphal,vndk,rs
|
|||
###############################################################################
|
||||
# "default" namespace
|
||||
#
|
||||
# Framework-side code runs in this namespace. Anything from /vendor partition
|
||||
# Framework-side code runs in this namespace. Libs from /vendor partition
|
||||
# can't be loaded in this namespace.
|
||||
###############################################################################
|
||||
namespace.default.isolated = false
|
||||
namespace.default.isolated = true
|
||||
# TODO(b/63553457): remove /vendor/lib from the search path. For now, this is
|
||||
# required since the classloader namespace for vendor apks should have access
|
||||
# vendor libraries in the directory. These search paths are copied to the search
|
||||
# paths of the classloader namespace.
|
||||
namespace.default.search.paths = /system/${LIB}:/vendor/${LIB}
|
||||
namespace.default.permitted.paths = /system/${LIB}:/vendor/${LIB}
|
||||
# /vendor/app, /vendor/framework were added since libart should be able to dlopen
|
||||
# the odex files from the directory.
|
||||
namespace.default.permitted.paths = /system/${LIB}/drm:/system/${LIB}/hw:/system/framework:/system/app:/system/priv-app:/vendor/app:/vendor/framework:/oem/app:/data:/mnt/expand
|
||||
|
||||
namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}
|
||||
namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}
|
||||
|
||||
# TODO(b/37013858): remove all dependencies to /vendor/lib from system processes
|
||||
# When this is done, comment out following three lines and remove the three
|
||||
# lines above
|
||||
#namespace.default.isolated = true
|
||||
#namespace.default.search.paths = /system/${LIB}
|
||||
#namespace.default.permitted.paths = /system/${LIB}
|
||||
#
|
||||
#namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}
|
||||
#namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}
|
||||
namespace.default.asan.permitted.paths = /data:/system/${LIB}/drm:/system/${LIB}/hw:/system/framework:/system/app:/system/priv-app:/vendor/app:/vendor/framework:/oem/app:/mnt/expand
|
||||
|
||||
###############################################################################
|
||||
# "sphal" namespace
|
||||
|
|
|
|||
Loading…
Reference in a new issue