This commit removes the soname filter from the namespace fallback link
from `runtime` to `system` in the vendor process. This fixes the
problem that vendor process might fail to load `libnetd_client.so`,
`libc_malloc_debug.so`, `libc_malloc_debug_leak.so`, and other libc
dependencies.
This commit also removes the namespace fallback link from `runtime` to
`default` in the vendor process. According to the comments in [1], the
original intention was to allow the access to `/system/${LIB}` not
`/vendor/${LIB}`. Furthermore, `com.android.runtime` suppose to work
without libraries from `/vendor/${LIB}`.
[1] https://android-review.googlesource.com/c/858456
Bug: 119867084
Bug: 122025516 # Motivation of this commit
Test: Executables under vendor partition are not blocked by
`libnetd_client.so` not found error.
Change-Id: I682baada9d755910832474bb3d8307cd49c21ece
This is a workaround to allow us to use libnetd_resolv.so from
the resolver APEX before b/120661824 is fixed.
We cannot put the APEX into the search path due to b/120661824,
but we can put it into the permitted path,
Bug: b/122073006
Test: builds, boots
Test: system/netd/tests/runtests.sh
Change-Id: If6f13ba9dc249d019b820a7c37cf6d4cdd8d0a7d
This reverts commit a0d9f2fd6c.
Original change: Needs to support e.g. app_process in "default" ->
libnativehelper in "runtime" -> platform libs in "default" -> libc etc in "runtime".
Always make sure to switch namespaces when switching library paths between
/system and the APEX, so that internal library dependencies in both
locations are loaded from their own directory. E.g. libc++ and libbase live
in both places, and their dependents must always load the version they were
compiled with.
This CL also adds a temporary workaround to not break hwasan builds
(b/121038155).
Bug: 119867084
Bug: 113373927
Bug: 121038155
Change-Id: I58d09ed091dd82b2162c4a0b51555174d9322e0e
Test: Flash and reboot device
Test: Remount / read-write, then on device: rm -f system/lib{,64}/lib{c,m,dl}.so; system/bin/dex2oat -h; stop && start
Test: mmma bionic/tests/ && adb root && adb shell rm -rf /data/nativetest\* && adb push out/target/product/taimen/data/nativetest* /data/ && adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests && adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: cts-tradefed run commandAndExit cts-dev -m CtsJniTestCases
Test: cts-tradefed run commandAndExit cts-dev -m CtsCompilationTestCases
Test: cts-tradefed run commandAndExit cts-dev -m CtsBionicTestCases (8 failures remain unchanged by this CL)
Test: Patch internal; lunch taimen_hwasan-userdebug && m SANITIZE_TARGET=hwaddress && vendor/google/tools/flashall -w && adb shell /vendor/bin/sh -c ls
This is a workaround to allow us to use libnetd_resolv.so from
the resolver APEX before b/120661824 is fixed.
We cannot put the APEX into the search path due to b/120661824,
but we can put it into the permitted path,
Test: builds, boots
Test: system/netd/tests/runtests.sh
Test: atest FrameworksNetTests android.net.cts.ConnectivityManagerTest
Change-Id: Ia68df860b7edc92180284f62736146e6029d7655
Needs to support e.g. app_process in "default" -> libnativehelper in
"runtime" -> platform libs in "default" -> libc etc in "runtime".
Always make sure to switch namespaces when switching library paths between
/system and the APEX, so that internal library dependencies in both
locations are loaded from their own directory. E.g. libc++ and libbase live
in both places, and their dependents must always load the version they were
compiled with.
Bug: 119867084,113373927
Test: Flash and reboot device
Test: Remount / read-write, then on device: rm -f system/lib{,64}/lib{c,m,dl}.so; system/bin/dex2oat -h; stop && start
Test: mmma bionic/tests/ && adb root && adb shell rm -rf /data/nativetest\* && adb push out/target/product/taimen/data/nativetest* /data/ && adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests && adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: cts-tradefed run commandAndExit cts -m CtsJniTestCases
Change-Id: I6c4fc2f1abea1fb8851546e258ffaaa4ef6fe7d0
This reverts commit 2f56b1fff8.
Reason for revert: Breaks bionic-unit-tests's dlfcn.dladdr_libc
and x86 CtsJniTestCases' JniStaticTest.test_linker_namespaces.
Bug: 113373927
Bug: 120661824
Change-Id: I9b34bcb240a42bf99c6d8b58db4b18a4f6d36961
netd will use apex/com.android.resolv/lib64/libned_resolv.so to replace
system/lib64/libned_resolv.so.
note:Without disabling selinux, we setenv LD_LIBRARY_PATH in netd.rc but
netd couldn't use libnetd_resolv.so under com.android.resolv/lib64 because
LD_LIBRARY_PATH is ignored when AT_SECURE is on. Directly add path to the
libnetd_resolv apex to /system/etc/ld.config.txt for temporarily.
Bug: 119527674
Test: make; flash; lsof -p $(pidof netd)
Change-Id: I011d2da625151bf43c10497bb84c15f3d8e6ad33
Non-treblized devices use ld.config.legacy.txt, which does not
support product partition, leading to access denial from/to product partition.
Declare directly /product since search paths are resolved in linker config.
Test: m -j with non-treblized device upgraded to P.
Change-Id: Ic142b807f5dbffdfa5c774b3df8d0903b9626b6a
Test: Device boot test with Android Runtime APEX.
Test: Device boot test without Android Runtime APEX.
Bug: 113373927
Change-Id: Iff32fcd79a667b07df839f4e6ef2cdb3cf70e9d3
We're moving apps and their libs to product_services for older
devices too, so mimic the rules in the default ld.config related
to product_services.
Also fix a one-off disparity between /product and /product_services
in ld.config.txt.
Bug: 114804489
Test: m out/target/product/marlin/system/etc/ld.config.vndk_lite
Change-Id: I166275c035c85b4d69cff8e9d51af3d6d0ff4857
A few places had /product and /product_services hardcoded. Update
them to use values that get set at build time.
Bug: 114804489
Test: m out/target/product/marlin/system/etc/ld.config.vndk_lite.txt
Change-Id: Ie48dbb2453ae941c1b5ee57f092d12a5497d878f
Attempting to reduce the number of different spellings we have for
"product services" partition in the codebase.
Bug: 112431447
Test: m
Change-Id: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
Merged-In: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
Attempting to reduce the number of different spellings we have for
"product-services" in the codebase.
Bug: 112431447
Test: m
Change-Id: I8714cc9c1ca63eb54745054aaeebd6b51f203f11
This CL is largely and adaptation of
Ie996def20e25dc1afe0c74af2096af844934b2dc
Bug: 80741439
Test: Successfully built product-services.img with one module in it, and
flashed on device. Also successfully built image with
/system/product-services and no dedicated /product-services partition.
Change-Id: I1046dfe19bf874da929c9131b76a1f85422fbb80
Merged-In: I1046dfe19bf874da929c9131b76a1f85422fbb80
Path of product partitoin can be set as /product or /system/product
whether generate extra product partition or not.
Substitute %PRODUCT% to relevant path to know linker which path should
search and permit.
Bug: 110286945
Test: m -j # Check /system/etc/ld.config.$(PLATFORM_VNDK_VERSION).txt
Change-Id: I6ca177d0c9c5af00ad821879fece40848331fc8d
As linker doesn't resolve paths in permitted paths, /system/product
variants should be added to support devices having product partition
under /system.
Bug: 110286945
Test: m -j succeeds on taimen and libraries under /system can dlopen
libraries under /system/product/apps
Change-Id: Icd102d44511702e4ec66c07a367b59c3d9700a44
adbd has been built as a static executable since the same binary was
copied to the recovery partition where shared library is not supported.
However, since we now support shared library in the recovery partition,
adbd is built as a dynamic executable.
In addition, the dependency from adbd to libdebuggerd_handler is removed
as debuggerd is handled by the dynamic linker.
A few more modules in /system/core are marked as recovery_available:
true as they are transitive dependencies of the dynamic linker.
This change also includes ld.config.recovery.txt which is the linker
config file for the recovery mode. It is installed to /etc/ld.config.txt
and contains linker namespace config for the dynamic binaries under
/sbin.
Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Test: Select 'mount /system' in the recovery mode, then `adb shell`.
$ lsof -p `pidof adbd` shows that libm.so, libc.so, etc. are loaded from
the /lib directory.
Change-Id: I363d5a787863f1677ee40afb5d5841321ddaae77
Product-specific libraries in /product/lib can be exposed to Android
apps by adding the list of the libs into
/product/etc/public.libraries-<companyname>.txt. The libs MUST be named
as lib<name>.<companyname>.so.
Bug: 73095206
Test: with taimen
mma -j and runtest.sh. The libs are all loaded in system, but not in
vendor. After reinstalling app using adb -r and reopening app, only
libraries listed in .txt are loaded
Change-Id: I7c386813c72a7b225a7f244b6c5fec4ac0660fd3
Previously on Android Things, we used a vendor public.libraries.txt
file. This cl enables us to tag our library correctly.
Bug: 78226207
Test: test app works
Change-Id: I9e69717e5968a903e84f59c1d889c8e4cf9bcc35
This commit adds a wildcard linker namespace link between the "vndk"
namespace and the "sphal" namespace of the system processes. This is
created for VNDK-SP-Ext to load vendor libs in "sphal" namespace.
Bug: 77249955
Test: lunch aosp_walleye-userdebug && make -j8 # runs unit tests
Test: lunch aosp_sailfish-userdebug && make -j8 # runs unit tests
Test: Create a VNDK-SP-Ext, link to vendor libs, and run it.
Change-Id: I71b0fb604a84272156aa119130c272f891847008
There has been no section in the linker config file for the binaries
under /postinstall. As a result, the binaries were run with the legacy
default config where /vendor/lib and /odm/lib are added to the search
paths. This is causing selinux denials as the binaries for OTA are not
allowed to access /vendor/lib or /odm/lib, but the dynamic linker calls
realpath(3) on the paths to canonicalize them.
Fixing the issue by letting /postinstall/* binaries to run with a
dedicated linker namespace config, where /vendor/lib and /odm/lib are
not added to the search paths. Not having the paths is okay because
he OTA binaries should not have dependency to the libs there.
Bug: 75287236
Test: do the OTA, selinux denials on postinstall_file is not shown
Test: above test should pass on wahoo, marlin and pre-treble devices
Change-Id: I49c11a0929002adfef667890c0a375c2b41054f4
For strict VNDK runtime restriction, use ld.config.txt as a source
file. For treblized devices without BOARD_VNDK_VERSION, use
ld.config.vndk_lite.txt file.
Test: Build and boot on Pixel 2017 and 2018 devices.
Change-Id: Ie5b77facd4c11bc73219ecf13ad1298ac5d60d8e
Rename ld.config.txt.in to ld.config.vndk.txt and
ld.config.txt to ld.config.vndk_light.txt.
For FULL_TREBLE devices without BOARD_VNDK_VERSION, update the VNDK
library list in ld.config.vndk_light.txt with the actual VNDK list.
Bug: 69526027
Test: Build marlin/sailfish and check boot
Change-Id: Idbb0cc97d11037c1493d4739e84961297ce51dbd
Merged-In: Idbb0cc97d11037c1493d4739e84961297ce51dbd
This CL will enable reading /product/build.prop and add product paths
into ld.config.txt.in.
Bug: 64195575
Test: tested with 'PRODUCT_PRODUCT_PROPERTIES := ro.product.abc=abc' on
sailfish
Change-Id: Ie996def20e25dc1afe0c74af2096af844934b2dc
This commit links the vndk namespace of vendor processes to the default
namespace of vendor processes. allow_all_shared_libs is specified so
that VNDK extensions can link with other vendor libraries in
/vendor/lib[64].
Bug: 69824336
Test: Create a vndk-ext lib that links to vendor lib and use that
vndk-ext lib in a vendor executable.
Change-Id: Ibd3dc2e5f0f2e6ff9fc9677c6bcfcf87a1a70e50
This commit moves /{odm,vendor}/lib[64]/vndk[-sp] to vndk namespace so
that vndk extension can override vndk libs from
/system/lib[64]/vndk[-sp].
Bug: 69824336
Test: Create libutils_ext locally and it can be called from
android.hardware.nfc@1.0-service.
Change-Id: Id63e58d665fa41eda85950ee1d16fe06c35cd7d3
As we use different ld.config.txt per version, we don't need to
substitute the VNDK_VER on run time.
Remove all ${VNDK_VER} from the linker namespace configuration files.
Bug: 70603313
Test: build and boot GSI for walleye and sailfish
Change-Id: Ief8aee5c3308b2462cafaffc2423deda4e51a7bb
In the namespace with "isolated = false", "permitted.paths" is not
used.
Bug: 71727966
Test: walleye device boot
Change-Id: I6f624be3c4e2c4070bb784632d0757408ec12db0
Shared libraries in the directory should be dlopened with full file
paths. That was a workaround for some legacy prebuilt binaries and they
are all now fixed. Thus removing.
Bug: 70551668
Test: walleye, aosp_walleye, taimen, aosp_taimen boot to the UI
Change-Id: Ifb123b09c13f873cbefa7784e76dfe5f35575a8d
This commit extracts /system/lib[64]/vndk and /system/lib[64]/vndk-sp
into another namespace in the vendor section. This commit is necessary
because LLNDK libraries (e.g. libc or libnativewindow) may otherwise
link to the shared libraries in /system/lib[64]/vndk-sp, which may be
older than the one LLNDK libraries built with.
Test: aosp_walleye boots
Bug: 70816018
Change-Id: I6fceb0da92c978ad940af91f5efe84e673c9247e
Paths for extended VNDK libs don't need version suffix, because there
always is the single version that the vendor(odm) modules are built
against.
Bug: 70601582
Test: walleye boots to the UI.
Test: No further test is possible since we don't have extended VNDK yet
in our source tree.
Change-Id: Idbf4bb820ddb136d00744f64ddf6ebe6442ad16e
Re-format the files by splitting lines using +=.
Also add /odm/${LIB} where needed.
A few directories that are no longer required are removed from the
search paths and permitted paths.
Test: walleye and sailfish boots to the UI, renderscript, camera,
camcodder, sound, etc. are working.
Change-Id: I3150f0c3d35130d6b1a665e3f0813d33b1b7f546
The interface lib has been in VNDK-SP because
android.hardware.graphics.mapper@1.0 was using it. However, since the
dependency has gone [1], there is no need keep it in VNDK-SP. The
VNDK-SP set should be kept as small as possible because libs in VNDK-SP
are subject to double-loading.
[1] 79d13ff0f5
Bug: 69480083
Test: /system/lib64/vndk-sp/android.hardware.graphics.allocator@2.0.so
disappears.
Test: sailfish boots
Change-Id: I0e6518f169dd620d6b1a9ada47754e371ef4a739
Merged-In: I0e6518f169dd620d6b1a9ada47754e371ef4a739
(cherry picked from commit 9d898f3678)
This CL fixes an error with the asan permitted paths in
ld.config.txt.in.
Bug: 63927538
Test: lunch walleye_asan-userdebug && m -j40
Change-Id: Ica0504cb52ef6e6b3e4ce2deae3ce5984e38cc93
All vndk/vndk-sp directories will have version suffix if
"ro.vndk.version" is set.
Bug: 69984421
Bug: 66074376
Test: Build with BOARD_VNDK_VERSION=current and
BOARD_VNDK_RUNTIME_DISABLE=true. Check boot.
Change-Id: I03849f9f96bc6c7880aa70c517e963aab4e033b8