016059dd46
With b/144533348, there will be symlinks from libs in APEXes to the libs in the system partition. This is to reduce the size of APEXes when the APEX is bundled with the platform. Adding the /system/lib to the permitted paths so that the realpaths of the symlinks are allowed for the namespaces. Note that this however does not open all libs in the system partition to the APEX namespaces, because searching of the libs are NOT done in /system/lib, but in /apex/<module>/lib directory. Bug: 144533348 Test: m Change-Id: I4bb1d6cb5dbf647ae669f49aa5ccb178f5488b5e
45 lines
2.2 KiB
Text
45 lines
2.2 KiB
Text
# Copyright (C) 2019 The Android Open Source Project
|
|
#
|
|
# Bionic loader config file for the adbd APEX.
|
|
|
|
dir.adbd = /apex/com.android.adbd/bin/
|
|
|
|
[adbd]
|
|
additional.namespaces = platform,art
|
|
|
|
namespace.default.isolated = true
|
|
namespace.default.search.paths = /apex/com.android.adbd/${LIB}
|
|
namespace.default.asan.search.paths = /apex/com.android.adbd/${LIB}
|
|
namespace.default.permitted.paths = /system/${LIB}
|
|
namespace.default.asan.permitted.paths = /system/${LIB}
|
|
namespace.default.links = art,platform
|
|
namespace.default.link.art.shared_libs = libadbconnection_server.so
|
|
namespace.default.link.platform.shared_libs = libc.so:libdl.so:libm.so:libclang_rt.hwasan-aarch64-android.so
|
|
|
|
###############################################################################
|
|
# "art" APEX namespace: used for libadbdconnection_server
|
|
###############################################################################
|
|
namespace.art.isolated = true
|
|
namespace.art.search.paths = /apex/com.android.art/${LIB}
|
|
namespace.art.asan.search.paths = /apex/com.android.art/${LIB}
|
|
namespace.art.links = platform
|
|
namespace.art.link.platform.allow_all_shared_libs = true
|
|
|
|
###############################################################################
|
|
# "platform" namespace: used for NDK libraries, and libadbd_auth
|
|
###############################################################################
|
|
namespace.platform.isolated = true
|
|
namespace.platform.search.paths = /system/${LIB}
|
|
namespace.platform.asan.search.paths = /data/asan/system/${LIB}
|
|
|
|
# /system/lib/libc.so, etc are symlinks to
|
|
# /apex/com.android.runtime/lib/bionic/libc.so, etc. Add the path to the
|
|
# permitted paths because linker uses realpath(3) to check the accessibility
|
|
# of the lib. We could add this to search.paths instead but that makes the
|
|
# resolution of bionic libs be dependent on the order of /system/lib and
|
|
# /apex/.../lib/bionic in search.paths. If the latter is after the former,
|
|
# then the latter is never tried because libc.so is always found in
|
|
# /system/lib but fails to pass the accessibility test because of its realpath.
|
|
# It's better to not depend on the ordering if possible.
|
|
namespace.platform.permitted.paths = /apex/com.android.runtime/${LIB}/bionic
|
|
namespace.platform.asan.permitted.paths = /apex/com.android.runtime/${LIB}/bionic
|