fa4971f3c3
With the recent change that removed get_exported_namespace out of libdl, the RenderScript SP-HAL stopped using android_dlopen_ext which it used to load libRS_internal.so in the "rs" namespace. Instead, it now falls back to the ordinary dlopen() call. The dlopen() call tries to load the lib in the current namespace (which is sphal) and then falls back to the linked namespaces: default, vndk, rs. The problem is that rs is listed as the last namespace and therefore the linker tries the namespace only when it failed to load the library in other namespaces: default and vndk. libRS_internal.so is accessible to both vndk and rs namespaces. So, the dlopen() call always goes into the vndk namespace and there is no chance for the lib to be loaded in the rs namespace. To fix the problem, the rs namespace is placed before vndk so that the namespace is tried first. Bug: 129550847 Test: runtest -x cts/tests/camera/src/android/hardware/ Change-Id: Idafc32f8a309dd12495768931d7ea17a2f791c50
675 lines
32 KiB
Text
675 lines
32 KiB
Text
# Copyright (C) 2017 The Android Open Source Project
|
|
#
|
|
# Bionic loader config file.
|
|
#
|
|
|
|
# Don't change the order here. The first pattern that matches with the
|
|
# absolute path of an executable is selected.
|
|
dir.system = /system/bin/
|
|
dir.system = /system/xbin/
|
|
dir.system = /%PRODUCT%/bin/
|
|
|
|
dir.vendor = /odm/bin/
|
|
dir.vendor = /vendor/bin/
|
|
dir.vendor = /data/nativetest/odm
|
|
dir.vendor = /data/nativetest64/odm
|
|
dir.vendor = /data/benchmarktest/odm
|
|
dir.vendor = /data/benchmarktest64/odm
|
|
dir.vendor = /data/nativetest/vendor
|
|
dir.vendor = /data/nativetest64/vendor
|
|
dir.vendor = /data/benchmarktest/vendor
|
|
dir.vendor = /data/benchmarktest64/vendor
|
|
|
|
dir.unrestricted = /data/nativetest/unrestricted
|
|
dir.unrestricted = /data/nativetest64/unrestricted
|
|
|
|
# TODO(b/123864775): Ensure tests are run from /data/nativetest{,64} or (if
|
|
# necessary) the unrestricted subdirs above. Then clean this up.
|
|
dir.unrestricted = /data/local/tmp
|
|
|
|
dir.postinstall = /postinstall
|
|
|
|
# Fallback entry to provide APEX namespace lookups for binaries anywhere else.
|
|
# This must be last.
|
|
dir.system = /data
|
|
|
|
[system]
|
|
additional.namespaces = runtime,conscrypt,media,resolv,sphal,vndk,rs
|
|
|
|
###############################################################################
|
|
# "default" namespace
|
|
#
|
|
# Framework-side code runs in this namespace. Libs from /vendor partition
|
|
# can't be loaded in this namespace.
|
|
###############################################################################
|
|
namespace.default.isolated = true
|
|
|
|
namespace.default.search.paths = /system/${LIB}
|
|
namespace.default.search.paths += /%PRODUCT%/${LIB}
|
|
namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
|
|
|
|
# We can't have entire /system/${LIB} as permitted paths because doing so
|
|
# makes it possible to load libs in /system/${LIB}/vndk* directories by
|
|
# their absolute paths (e.g. dlopen("/system/lib/vndk/libbase.so");).
|
|
# VNDK libs are built with previous versions of Android and thus must not be
|
|
# loaded into this namespace where libs built with the current version of
|
|
# Android are loaded. Mixing the two types of libs in the same namespace can
|
|
# cause unexpected problem.
|
|
namespace.default.permitted.paths = /system/${LIB}/drm
|
|
namespace.default.permitted.paths += /system/${LIB}/extractors
|
|
namespace.default.permitted.paths += /system/${LIB}/hw
|
|
namespace.default.permitted.paths += /%PRODUCT%/${LIB}
|
|
namespace.default.permitted.paths += /%PRODUCT_SERVICES%/${LIB}
|
|
# These are where odex files are located. libart has to be able to dlopen the files
|
|
namespace.default.permitted.paths += /system/framework
|
|
namespace.default.permitted.paths += /system/app
|
|
namespace.default.permitted.paths += /system/priv-app
|
|
namespace.default.permitted.paths += /vendor/framework
|
|
namespace.default.permitted.paths += /vendor/app
|
|
namespace.default.permitted.paths += /vendor/priv-app
|
|
namespace.default.permitted.paths += /system/vendor/framework
|
|
namespace.default.permitted.paths += /system/vendor/app
|
|
namespace.default.permitted.paths += /system/vendor/priv-app
|
|
namespace.default.permitted.paths += /odm/framework
|
|
namespace.default.permitted.paths += /odm/app
|
|
namespace.default.permitted.paths += /odm/priv-app
|
|
namespace.default.permitted.paths += /oem/app
|
|
namespace.default.permitted.paths += /%PRODUCT%/framework
|
|
namespace.default.permitted.paths += /%PRODUCT%/app
|
|
namespace.default.permitted.paths += /%PRODUCT%/priv-app
|
|
namespace.default.permitted.paths += /%PRODUCT_SERVICES%/framework
|
|
namespace.default.permitted.paths += /%PRODUCT_SERVICES%/app
|
|
namespace.default.permitted.paths += /%PRODUCT_SERVICES%/priv-app
|
|
namespace.default.permitted.paths += /data
|
|
namespace.default.permitted.paths += /mnt/expand
|
|
namespace.default.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
|
|
namespace.default.permitted.paths += /system/${LIB}/bootstrap
|
|
|
|
namespace.default.asan.search.paths = /data/asan/system/${LIB}
|
|
namespace.default.asan.search.paths += /system/${LIB}
|
|
namespace.default.asan.search.paths += /data/asan/%PRODUCT%/${LIB}
|
|
namespace.default.asan.search.paths += /%PRODUCT%/${LIB}
|
|
namespace.default.asan.search.paths += /data/asan/%PRODUCT_SERVICES%/${LIB}
|
|
namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB}
|
|
|
|
namespace.default.asan.permitted.paths = /data
|
|
namespace.default.asan.permitted.paths += /system/${LIB}/drm
|
|
namespace.default.asan.permitted.paths += /system/${LIB}/extractors
|
|
namespace.default.asan.permitted.paths += /system/${LIB}/hw
|
|
namespace.default.asan.permitted.paths += /system/framework
|
|
namespace.default.asan.permitted.paths += /system/app
|
|
namespace.default.asan.permitted.paths += /system/priv-app
|
|
namespace.default.asan.permitted.paths += /vendor/framework
|
|
namespace.default.asan.permitted.paths += /vendor/app
|
|
namespace.default.asan.permitted.paths += /vendor/priv-app
|
|
namespace.default.asan.permitted.paths += /system/vendor/framework
|
|
namespace.default.asan.permitted.paths += /system/vendor/app
|
|
namespace.default.asan.permitted.paths += /system/vendor/priv-app
|
|
namespace.default.asan.permitted.paths += /odm/framework
|
|
namespace.default.asan.permitted.paths += /odm/app
|
|
namespace.default.asan.permitted.paths += /odm/priv-app
|
|
namespace.default.asan.permitted.paths += /oem/app
|
|
namespace.default.asan.permitted.paths += /%PRODUCT%/${LIB}
|
|
namespace.default.asan.permitted.paths += /%PRODUCT%/framework
|
|
namespace.default.asan.permitted.paths += /%PRODUCT%/app
|
|
namespace.default.asan.permitted.paths += /%PRODUCT%/priv-app
|
|
namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/${LIB}
|
|
namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/framework
|
|
namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/app
|
|
namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/priv-app
|
|
namespace.default.asan.permitted.paths += /mnt/expand
|
|
namespace.default.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
|
|
namespace.default.asan.permitted.paths += /system/${LIB}/bootstrap
|
|
|
|
# Keep in sync with ld.config.txt in the com.android.runtime APEX.
|
|
# If a shared library or an executable requests a shared library that
|
|
# cannot be loaded into the default namespace, the dynamic linker tries
|
|
# to load the shared library from the runtime namespace. And then, if the
|
|
# shared library cannot be loaded from the runtime namespace either, the
|
|
# dynamic linker tries to load the shared library from the resolv namespace.
|
|
# Finally, if all attempts fail, the dynamic linker returns an error.
|
|
namespace.default.links = runtime,resolv
|
|
# Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by
|
|
# libart.
|
|
namespace.default.visible = true
|
|
namespace.default.link.runtime.shared_libs = libdexfile_external.so
|
|
namespace.default.link.runtime.shared_libs += libnativebridge.so
|
|
namespace.default.link.runtime.shared_libs += libnativehelper.so
|
|
namespace.default.link.runtime.shared_libs += libnativeloader.so
|
|
namespace.default.link.runtime.shared_libs += libandroidicu.so
|
|
|
|
# TODO(b/122876336): Remove libpac.so once it's migrated to Webview
|
|
namespace.default.link.runtime.shared_libs += libpac.so
|
|
|
|
# When libnetd_resolv.so can't be found in the default namespace, search for it
|
|
# in the resolv namespace. Don't allow any other libraries from the resolv namespace
|
|
# to be loaded in the default namespace.
|
|
namespace.default.link.resolv.shared_libs = libnetd_resolv.so
|
|
|
|
###############################################################################
|
|
# "runtime" APEX namespace
|
|
#
|
|
# This namespace exposes externally accessible libraries from the Runtime APEX.
|
|
###############################################################################
|
|
namespace.runtime.isolated = true
|
|
namespace.runtime.visible = true
|
|
|
|
# Keep in sync with ld.config.txt in the com.android.runtime APEX.
|
|
namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
|
|
namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB}
|
|
namespace.runtime.links = default
|
|
# TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library
|
|
# when it exists.
|
|
namespace.runtime.link.default.allow_all_shared_libs = true
|
|
|
|
###############################################################################
|
|
# "media" APEX namespace
|
|
#
|
|
# This namespace is for libraries within the media APEX.
|
|
###############################################################################
|
|
namespace.media.isolated = true
|
|
namespace.media.visible = true
|
|
|
|
namespace.media.search.paths = /apex/com.android.media/${LIB}
|
|
namespace.media.asan.search.paths = /apex/com.android.media/${LIB}
|
|
|
|
namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors
|
|
|
|
namespace.media.links = default
|
|
namespace.media.link.default.shared_libs = %LLNDK_LIBRARIES%
|
|
namespace.media.link.default.shared_libs += libandroid.so
|
|
namespace.media.link.default.shared_libs += libbinder_ndk.so
|
|
namespace.media.link.default.shared_libs += libmediametrics.so
|
|
namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
|
|
|
|
###############################################################################
|
|
# "conscrypt" APEX namespace
|
|
#
|
|
# This namespace is for libraries within the conscrypt APEX.
|
|
###############################################################################
|
|
namespace.conscrypt.isolated = true
|
|
namespace.conscrypt.visible = true
|
|
|
|
# Keep in sync with ld.config.txt in the com.android.runtime APEX.
|
|
namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB}
|
|
namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB}
|
|
namespace.conscrypt.links = runtime,default
|
|
namespace.conscrypt.link.runtime.shared_libs = libandroidio.so
|
|
namespace.conscrypt.link.default.shared_libs = libc.so
|
|
namespace.conscrypt.link.default.shared_libs += libm.so
|
|
namespace.conscrypt.link.default.shared_libs += libdl.so
|
|
namespace.conscrypt.link.default.shared_libs += liblog.so
|
|
|
|
###############################################################################
|
|
# "resolv" APEX namespace
|
|
#
|
|
# This namespace is for libraries within the resolv APEX.
|
|
###############################################################################
|
|
namespace.resolv.isolated = true
|
|
namespace.resolv.visible = true
|
|
|
|
namespace.resolv.search.paths = /apex/com.android.resolv/${LIB}
|
|
namespace.resolv.asan.search.paths = /apex/com.android.resolv/${LIB}
|
|
namespace.resolv.links = default
|
|
namespace.resolv.link.default.shared_libs = libc.so
|
|
namespace.resolv.link.default.shared_libs += libm.so
|
|
namespace.resolv.link.default.shared_libs += libdl.so
|
|
namespace.resolv.link.default.shared_libs += libbinder_ndk.so
|
|
namespace.resolv.link.default.shared_libs += liblog.so
|
|
namespace.resolv.link.default.shared_libs += libvndksupport.so
|
|
|
|
###############################################################################
|
|
# "sphal" namespace
|
|
#
|
|
# SP-HAL(Sameprocess-HAL)s are the only vendor libraries that are allowed to be
|
|
# loaded inside system processes. libEGL_<chipset>.so, libGLESv2_<chipset>.so,
|
|
# android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs.
|
|
#
|
|
# This namespace is exclusivly for SP-HALs. When the framework tries to dynami-
|
|
# cally load SP-HALs, android_dlopen_ext() is used to explicitly specifying
|
|
# that they should be searched and loaded from this namespace.
|
|
#
|
|
# Note that there is no link from the default namespace to this namespace.
|
|
###############################################################################
|
|
namespace.sphal.isolated = true
|
|
namespace.sphal.visible = true
|
|
|
|
namespace.sphal.search.paths = /odm/${LIB}
|
|
namespace.sphal.search.paths += /vendor/${LIB}
|
|
namespace.sphal.search.paths += /vendor/${LIB}/hw
|
|
|
|
namespace.sphal.permitted.paths = /odm/${LIB}
|
|
namespace.sphal.permitted.paths += /vendor/${LIB}
|
|
namespace.sphal.permitted.paths += /system/vendor/${LIB}
|
|
|
|
namespace.sphal.asan.search.paths = /data/asan/odm/${LIB}
|
|
namespace.sphal.asan.search.paths += /odm/${LIB}
|
|
namespace.sphal.asan.search.paths += /data/asan/vendor/${LIB}
|
|
namespace.sphal.asan.search.paths += /vendor/${LIB}
|
|
|
|
namespace.sphal.asan.permitted.paths = /data/asan/odm/${LIB}
|
|
namespace.sphal.asan.permitted.paths += /odm/${LIB}
|
|
namespace.sphal.asan.permitted.paths += /data/asan/vendor/${LIB}
|
|
namespace.sphal.asan.permitted.paths += /vendor/${LIB}
|
|
|
|
# Once in this namespace, access to libraries in /system/lib is restricted. Only
|
|
# libs listed here can be used. Order is important here as the namespaces are
|
|
# tried in this order. rs should be before vndk because both are capable
|
|
# of loading libRS_internal.so
|
|
namespace.sphal.links = rs,default,vndk
|
|
|
|
# Renderscript gets separate namespace
|
|
namespace.sphal.link.rs.shared_libs = libRS_internal.so
|
|
|
|
namespace.sphal.link.default.shared_libs = %LLNDK_LIBRARIES%
|
|
namespace.sphal.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
|
|
|
|
namespace.sphal.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES%
|
|
|
|
###############################################################################
|
|
# "rs" namespace
|
|
#
|
|
# This namespace is exclusively for Renderscript internal libraries.
|
|
# This namespace has slightly looser restriction than the vndk namespace because
|
|
# of the genuine characteristics of Renderscript; /data is in the permitted path
|
|
# to load the compiled *.so file and libmediandk.so can be used here.
|
|
###############################################################################
|
|
namespace.rs.isolated = true
|
|
namespace.rs.visible = true
|
|
|
|
namespace.rs.search.paths = /odm/${LIB}/vndk-sp
|
|
namespace.rs.search.paths += /vendor/${LIB}/vndk-sp
|
|
namespace.rs.search.paths += /system/${LIB}/vndk-sp%VNDK_VER%
|
|
namespace.rs.search.paths += /odm/${LIB}
|
|
namespace.rs.search.paths += /vendor/${LIB}
|
|
|
|
namespace.rs.permitted.paths = /odm/${LIB}
|
|
namespace.rs.permitted.paths += /vendor/${LIB}
|
|
namespace.rs.permitted.paths += /system/vendor/${LIB}
|
|
namespace.rs.permitted.paths += /data
|
|
|
|
namespace.rs.asan.search.paths = /data/asan/odm/${LIB}/vndk-sp
|
|
namespace.rs.asan.search.paths += /odm/${LIB}/vndk-sp
|
|
namespace.rs.asan.search.paths += /data/asan/vendor/${LIB}/vndk-sp
|
|
namespace.rs.asan.search.paths += /vendor/${LIB}/vndk-sp
|
|
namespace.rs.asan.search.paths += /data/asan/system/${LIB}/vndk-sp%VNDK_VER%
|
|
namespace.rs.asan.search.paths += /system/${LIB}/vndk-sp%VNDK_VER%
|
|
namespace.rs.asan.search.paths += /data/asan/odm/${LIB}
|
|
namespace.rs.asan.search.paths += /odm/${LIB}
|
|
namespace.rs.asan.search.paths += /data/asan/vendor/${LIB}
|
|
namespace.rs.asan.search.paths += /vendor/${LIB}
|
|
|
|
namespace.rs.asan.permitted.paths = /data/asan/odm/${LIB}
|
|
namespace.rs.asan.permitted.paths += /odm/${LIB}
|
|
namespace.rs.asan.permitted.paths += /data/asan/vendor/${LIB}
|
|
namespace.rs.asan.permitted.paths += /vendor/${LIB}
|
|
namespace.rs.asan.permitted.paths += /data
|
|
|
|
namespace.rs.links = default,vndk
|
|
|
|
namespace.rs.link.default.shared_libs = %LLNDK_LIBRARIES%
|
|
namespace.rs.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
|
|
# Private LLNDK libs (e.g. libft2.so) are exceptionally allowed to this
|
|
# namespace because RS framework libs are using them.
|
|
namespace.rs.link.default.shared_libs += %PRIVATE_LLNDK_LIBRARIES%
|
|
|
|
namespace.rs.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES%
|
|
|
|
###############################################################################
|
|
# "vndk" namespace
|
|
#
|
|
# This namespace is exclusively for vndk-sp libs.
|
|
###############################################################################
|
|
namespace.vndk.isolated = true
|
|
namespace.vndk.visible = true
|
|
|
|
namespace.vndk.search.paths = /odm/${LIB}/vndk-sp
|
|
namespace.vndk.search.paths += /vendor/${LIB}/vndk-sp
|
|
namespace.vndk.search.paths += /system/${LIB}/vndk-sp%VNDK_VER%
|
|
|
|
namespace.vndk.permitted.paths = /odm/${LIB}/hw
|
|
namespace.vndk.permitted.paths += /odm/${LIB}/egl
|
|
namespace.vndk.permitted.paths += /vendor/${LIB}/hw
|
|
namespace.vndk.permitted.paths += /vendor/${LIB}/egl
|
|
namespace.vndk.permitted.paths += /system/vendor/${LIB}/hw
|
|
namespace.vndk.permitted.paths += /system/vendor/${LIB}/egl
|
|
# This is exceptionally required since android.hidl.memory@1.0-impl.so is here
|
|
namespace.vndk.permitted.paths += /system/${LIB}/vndk-sp%VNDK_VER%/hw
|
|
|
|
namespace.vndk.asan.search.paths = /data/asan/odm/${LIB}/vndk-sp
|
|
namespace.vndk.asan.search.paths += /odm/${LIB}/vndk-sp
|
|
namespace.vndk.asan.search.paths += /data/asan/vendor/${LIB}/vndk-sp
|
|
namespace.vndk.asan.search.paths += /vendor/${LIB}/vndk-sp
|
|
namespace.vndk.asan.search.paths += /data/asan/system/${LIB}/vndk-sp%VNDK_VER%
|
|
namespace.vndk.asan.search.paths += /system/${LIB}/vndk-sp%VNDK_VER%
|
|
|
|
namespace.vndk.asan.permitted.paths = /data/asan/odm/${LIB}/hw
|
|
namespace.vndk.asan.permitted.paths += /odm/${LIB}/hw
|
|
namespace.vndk.asan.permitted.paths += /data/asan/odm/${LIB}/egl
|
|
namespace.vndk.asan.permitted.paths += /odm/${LIB}/egl
|
|
namespace.vndk.asan.permitted.paths += /data/asan/vendor/${LIB}/hw
|
|
namespace.vndk.asan.permitted.paths += /vendor/${LIB}/hw
|
|
namespace.vndk.asan.permitted.paths += /data/asan/vendor/${LIB}/egl
|
|
namespace.vndk.asan.permitted.paths += /vendor/${LIB}/egl
|
|
|
|
namespace.vndk.asan.permitted.paths += /data/asan/system/${LIB}/vndk-sp%VNDK_VER%/hw
|
|
namespace.vndk.asan.permitted.paths += /system/${LIB}/vndk-sp%VNDK_VER%/hw
|
|
|
|
# The "vndk" namespace links to "default" namespace for LLNDK libs and links to
|
|
# "sphal" namespace for vendor libs. The ordering matters. The "default"
|
|
# namespace has higher priority than the "sphal" namespace.
|
|
namespace.vndk.links = default,sphal
|
|
|
|
# When these NDK libs are required inside this namespace, then it is redirected
|
|
# to the default namespace. This is possible since their ABI is stable across
|
|
# Android releases.
|
|
namespace.vndk.link.default.shared_libs = %LLNDK_LIBRARIES%
|
|
namespace.vndk.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
|
|
|
|
# Allow VNDK-SP extensions to use vendor libraries
|
|
namespace.vndk.link.sphal.allow_all_shared_libs = true
|
|
|
|
|
|
###############################################################################
|
|
# Namespace config for vendor processes. In O, no restriction is enforced for
|
|
# them. However, in O-MR1, access to /system/${LIB} will not be allowed to
|
|
# the default namespace. 'system' namespace will be added to give limited
|
|
# (LL-NDK only) access.
|
|
###############################################################################
|
|
[vendor]
|
|
additional.namespaces = runtime,system,vndk%VNDK_IN_SYSTEM_NS%
|
|
|
|
###############################################################################
|
|
# "default" namespace
|
|
#
|
|
# This is the default linker namespace for a vendor process (a process started
|
|
# from /vendor/bin/*). The main executable and the libs under /vendor/lib[64]
|
|
# are loaded directly into this namespace. However, other libs under the system
|
|
# partition (VNDK and LLNDK libraries) are not loaded here but from the
|
|
# separate namespace 'system'. The delegation to the system namespace is done
|
|
# via the 'namespace.default.link.system.shared_libs' property below.
|
|
#
|
|
# '#VNDK27#' TAG is only for building ld.config.27.txt for backward
|
|
# compatibility. (TODO:b/123390078) Move them to a separate file.
|
|
###############################################################################
|
|
namespace.default.isolated = true
|
|
namespace.default.visible = true
|
|
|
|
namespace.default.search.paths = /odm/${LIB}
|
|
namespace.default.search.paths += /vendor/${LIB}
|
|
|
|
namespace.default.permitted.paths = /odm
|
|
namespace.default.permitted.paths += /vendor
|
|
namespace.default.permitted.paths += /system/vendor
|
|
#VNDK27#namespace.default.search.paths += /vendor/${LIB}/hw
|
|
#VNDK27#namespace.default.search.paths += /vendor/${LIB}/egl
|
|
|
|
namespace.default.asan.search.paths = /data/asan/odm/${LIB}
|
|
namespace.default.asan.search.paths += /odm/${LIB}
|
|
namespace.default.asan.search.paths += /data/asan/vendor/${LIB}
|
|
namespace.default.asan.search.paths += /vendor/${LIB}
|
|
#VNDK27#namespace.default.asan.search.paths += /data/asan/vendor/${LIB}/hw
|
|
#VNDK27#namespace.default.asan.search.paths += /vendor/${LIB}/hw
|
|
#VNDK27#namespace.default.asan.search.paths += /data/asan/vendor/${LIB}/egl
|
|
#VNDK27#namespace.default.asan.search.paths += /vendor/${LIB}/egl
|
|
|
|
namespace.default.asan.permitted.paths = /data/asan/odm
|
|
namespace.default.asan.permitted.paths += /odm
|
|
namespace.default.asan.permitted.paths += /data/asan/vendor
|
|
namespace.default.asan.permitted.paths += /vendor
|
|
|
|
namespace.default.links = system,vndk%VNDK_IN_SYSTEM_NS%
|
|
namespace.default.link.system.shared_libs = %LLNDK_LIBRARIES%
|
|
namespace.default.link.vndk_in_system.shared_libs = %VNDK_USING_CORE_VARIANT_LIBRARIES%
|
|
namespace.default.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES%
|
|
namespace.default.link.vndk.shared_libs += %VNDK_CORE_LIBRARIES%
|
|
|
|
###############################################################################
|
|
# "runtime" APEX namespace
|
|
#
|
|
# This namespace exposes externally accessible libraries from the Runtime APEX.
|
|
###############################################################################
|
|
namespace.runtime.isolated = true
|
|
|
|
# Keep in sync with ld.config.txt in the com.android.runtime APEX.
|
|
namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
|
|
namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB}
|
|
namespace.runtime.links = system
|
|
# TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library
|
|
# when it exists.
|
|
namespace.runtime.link.system.allow_all_shared_libs = true
|
|
|
|
###############################################################################
|
|
# "vndk" namespace
|
|
#
|
|
# This namespace is where VNDK and VNDK-SP libraries are loaded for
|
|
# a vendor process.
|
|
###############################################################################
|
|
namespace.vndk.isolated = false
|
|
|
|
namespace.vndk.search.paths = /odm/${LIB}/vndk
|
|
namespace.vndk.search.paths += /odm/${LIB}/vndk-sp
|
|
namespace.vndk.search.paths += /vendor/${LIB}/vndk
|
|
namespace.vndk.search.paths += /vendor/${LIB}/vndk-sp
|
|
namespace.vndk.search.paths += /system/${LIB}/vndk-sp%VNDK_VER%
|
|
namespace.vndk.search.paths += /system/${LIB}/vndk%VNDK_VER%
|
|
|
|
namespace.vndk.asan.search.paths = /data/asan/odm/${LIB}/vndk
|
|
namespace.vndk.asan.search.paths += /odm/${LIB}/vndk
|
|
namespace.vndk.asan.search.paths += /data/asan/odm/${LIB}/vndk-sp
|
|
namespace.vndk.asan.search.paths += /odm/${LIB}/vndk-sp
|
|
namespace.vndk.asan.search.paths += /data/asan/vendor/${LIB}/vndk
|
|
namespace.vndk.asan.search.paths += /vendor/${LIB}/vndk
|
|
namespace.vndk.asan.search.paths += /data/asan/vendor/${LIB}/vndk-sp
|
|
namespace.vndk.asan.search.paths += /vendor/${LIB}/vndk-sp
|
|
namespace.vndk.asan.search.paths += /data/asan/system/${LIB}/vndk-sp%VNDK_VER%
|
|
namespace.vndk.asan.search.paths += /system/${LIB}/vndk-sp%VNDK_VER%
|
|
namespace.vndk.asan.search.paths += /data/asan/system/${LIB}/vndk%VNDK_VER%
|
|
namespace.vndk.asan.search.paths += /system/${LIB}/vndk%VNDK_VER%
|
|
|
|
# When these NDK libs are required inside this namespace, then it is redirected
|
|
# to the system namespace. This is possible since their ABI is stable across
|
|
# Android releases. The links here should be identical to that of the
|
|
# 'vndk_in_system' namespace, except for the link between 'vndk' and
|
|
# 'vndk_in_system'.
|
|
namespace.vndk.links = system,default%VNDK_IN_SYSTEM_NS%
|
|
|
|
namespace.vndk.link.system.shared_libs = %LLNDK_LIBRARIES%
|
|
namespace.vndk.link.system.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
|
|
|
|
namespace.vndk.link.default.allow_all_shared_libs = true
|
|
|
|
namespace.vndk.link.vndk_in_system.shared_libs = %VNDK_USING_CORE_VARIANT_LIBRARIES%
|
|
|
|
###############################################################################
|
|
# "system" namespace
|
|
#
|
|
# This namespace is where system libs (VNDK and LLNDK libs) are loaded for
|
|
# a vendor process.
|
|
###############################################################################
|
|
namespace.system.isolated = false
|
|
|
|
namespace.system.search.paths = /system/${LIB}
|
|
namespace.system.search.paths += /%PRODUCT%/${LIB}
|
|
namespace.system.search.paths += /%PRODUCT_SERVICES%/${LIB}
|
|
|
|
namespace.system.asan.search.paths = /data/asan/system/${LIB}
|
|
namespace.system.asan.search.paths += /system/${LIB}
|
|
namespace.system.asan.search.paths += /data/asan/product/${LIB}
|
|
namespace.system.asan.search.paths += /%PRODUCT%/${LIB}
|
|
namespace.system.asan.search.paths += /data/asan/product_services/${LIB}
|
|
namespace.system.asan.search.paths += /%PRODUCT_SERVICES%/${LIB}
|
|
|
|
namespace.system.links = runtime
|
|
namespace.system.link.runtime.shared_libs = libdexfile_external.so
|
|
namespace.system.link.runtime.shared_libs += libnativebridge.so
|
|
namespace.system.link.runtime.shared_libs += libnativehelper.so
|
|
namespace.system.link.runtime.shared_libs += libnativeloader.so
|
|
# Workaround for b/124772622
|
|
namespace.system.link.runtime.shared_libs += libandroidicu.so
|
|
|
|
###############################################################################
|
|
# "vndk_in_system" namespace
|
|
#
|
|
# This namespace is where no-vendor-variant VNDK libraries are loaded for a
|
|
# vendor process. Note that we do not simply export these libraries from
|
|
# "system" namespace, because in some case both the core variant and the
|
|
# vendor variant of a VNDK library may be loaded. In such case, we do not
|
|
# want to eliminate double-loading because doing so means the global states
|
|
# of the library would be shared.
|
|
#
|
|
# Only the no-vendor-variant VNDK libraries are whitelisted in this namespace.
|
|
# This is to ensure that we do not load libraries needed by no-vendor-variant
|
|
# VNDK libraries into vndk_in_system namespace.
|
|
###############################################################################
|
|
namespace.vndk_in_system.isolated = true
|
|
namespace.vndk_in_system.visible = true
|
|
|
|
# The search paths here should be kept the same as that of the 'system'
|
|
# namespace.
|
|
namespace.vndk_in_system.search.paths = /system/${LIB}
|
|
namespace.vndk_in_system.search.paths += /%PRODUCT%/${LIB}
|
|
namespace.vndk_in_system.search.paths += /%PRODUCT_SERVICES%/${LIB}
|
|
|
|
namespace.vndk_in_system.asan.search.paths = /data/asan/system/${LIB}
|
|
namespace.vndk_in_system.asan.search.paths += /system/${LIB}
|
|
namespace.vndk_in_system.asan.search.paths += /data/asan/product/${LIB}
|
|
namespace.vndk_in_system.asan.search.paths += /%PRODUCT%/${LIB}
|
|
namespace.vndk_in_system.asan.search.paths += /data/asan/product_services/${LIB}
|
|
namespace.vndk_in_system.asan.search.paths += /%PRODUCT_SERVICES%/${LIB}
|
|
|
|
namespace.vndk_in_system.whitelisted = %VNDK_USING_CORE_VARIANT_LIBRARIES%
|
|
|
|
# The links here should be identical to that of the 'vndk' namespace, with the
|
|
# following exception:
|
|
# 1. 'vndk_in_system' needs to be freely linked back to 'vndk'.
|
|
# 2. 'vndk_in_system' does not need to link to 'default', as any library that
|
|
# requires anything vendor would not be a vndk_in_system library.
|
|
namespace.vndk_in_system.links = vndk,system
|
|
|
|
namespace.vndk_in_system.link.system.shared_libs = %LLNDK_LIBRARIES%
|
|
namespace.vndk_in_system.link.system.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
|
|
|
|
namespace.vndk_in_system.link.vndk.allow_all_shared_libs = true
|
|
|
|
|
|
###############################################################################
|
|
# Namespace config for native tests that need access to both system and vendor
|
|
# libraries. This replicates the default linker config (done by
|
|
# init_default_namespace_no_config in bionic/linker/linker.cpp), except that it
|
|
# includes the requisite namespace setup for APEXes.
|
|
###############################################################################
|
|
[unrestricted]
|
|
additional.namespaces = runtime,media,conscrypt,resolv
|
|
|
|
namespace.default.search.paths = /system/${LIB}
|
|
namespace.default.search.paths += /odm/${LIB}
|
|
namespace.default.search.paths += /vendor/${LIB}
|
|
|
|
namespace.default.asan.search.paths = /data/asan/system/${LIB}
|
|
namespace.default.asan.search.paths += /system/${LIB}
|
|
namespace.default.asan.search.paths += /data/asan/odm/${LIB}
|
|
namespace.default.asan.search.paths += /odm/${LIB}
|
|
namespace.default.asan.search.paths += /data/asan/vendor/${LIB}
|
|
namespace.default.asan.search.paths += /vendor/${LIB}
|
|
|
|
# Keep in sync with ld.config.txt in the com.android.runtime APEX.
|
|
namespace.default.links = runtime,resolv
|
|
namespace.default.visible = true
|
|
|
|
namespace.default.link.runtime.shared_libs = libdexfile_external.so
|
|
namespace.default.link.runtime.shared_libs += libnativebridge.so
|
|
namespace.default.link.runtime.shared_libs += libnativehelper.so
|
|
namespace.default.link.runtime.shared_libs += libnativeloader.so
|
|
namespace.default.link.runtime.shared_libs += libandroidicu.so
|
|
|
|
# TODO(b/122876336): Remove libpac.so once it's migrated to Webview
|
|
namespace.default.link.runtime.shared_libs += libpac.so
|
|
|
|
namespace.default.link.resolv.shared_libs = libnetd_resolv.so
|
|
|
|
###############################################################################
|
|
# "runtime" APEX namespace
|
|
#
|
|
# This namespace exposes externally accessible libraries from the Runtime APEX.
|
|
###############################################################################
|
|
namespace.runtime.isolated = true
|
|
namespace.runtime.visible = true
|
|
|
|
# Keep in sync with ld.config.txt in the com.android.runtime APEX.
|
|
namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
|
|
namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB}
|
|
namespace.runtime.links = default
|
|
# TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library
|
|
# when it exists.
|
|
namespace.runtime.link.default.allow_all_shared_libs = true
|
|
|
|
###############################################################################
|
|
# "media" APEX namespace
|
|
#
|
|
# This namespace is for libraries within the media APEX.
|
|
###############################################################################
|
|
namespace.media.isolated = true
|
|
namespace.media.visible = true
|
|
|
|
namespace.media.search.paths = /apex/com.android.media/${LIB}
|
|
namespace.media.asan.search.paths = /apex/com.android.media/${LIB}
|
|
|
|
namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors
|
|
|
|
namespace.media.links = default
|
|
namespace.media.link.default.shared_libs = %LLNDK_LIBRARIES%
|
|
namespace.media.link.default.shared_libs += libandroid.so
|
|
namespace.media.link.default.shared_libs += libbinder_ndk.so
|
|
namespace.media.link.default.shared_libs += libmediametrics.so
|
|
namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
|
|
|
|
###############################################################################
|
|
# "conscrypt" APEX namespace
|
|
#
|
|
# This namespace is for libraries within the conscrypt APEX.
|
|
###############################################################################
|
|
namespace.conscrypt.isolated = true
|
|
namespace.conscrypt.visible = true
|
|
|
|
# Keep in sync with ld.config.txt in the com.android.runtime APEX.
|
|
namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB}
|
|
namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB}
|
|
namespace.conscrypt.links = runtime,default
|
|
namespace.conscrypt.link.runtime.shared_libs = libandroidio.so
|
|
namespace.conscrypt.link.default.shared_libs = libc.so
|
|
namespace.conscrypt.link.default.shared_libs += libm.so
|
|
namespace.conscrypt.link.default.shared_libs += libdl.so
|
|
namespace.conscrypt.link.default.shared_libs += liblog.so
|
|
|
|
###############################################################################
|
|
# "resolv" APEX namespace
|
|
#
|
|
# This namespace is for libraries within the resolv APEX.
|
|
###############################################################################
|
|
namespace.resolv.isolated = true
|
|
namespace.resolv.visible = true
|
|
|
|
namespace.resolv.search.paths = /apex/com.android.resolv/${LIB}
|
|
namespace.resolv.asan.search.paths = /apex/com.android.resolv/${LIB}
|
|
namespace.resolv.links = default
|
|
namespace.resolv.link.default.shared_libs = libc.so
|
|
namespace.resolv.link.default.shared_libs += libm.so
|
|
namespace.resolv.link.default.shared_libs += libdl.so
|
|
namespace.resolv.link.default.shared_libs += libbinder_ndk.so
|
|
namespace.resolv.link.default.shared_libs += liblog.so
|
|
|
|
|
|
###############################################################################
|
|
# Namespace config for binaries under /postinstall.
|
|
# Only default namespace is defined and default has no directories
|
|
# other than /system/lib in the search paths. This is because linker calls
|
|
# realpath on the search paths and this causes selinux denial if the paths
|
|
# (/vendor, /odm) are not allowed to the postinstall binaries. There is no
|
|
# reason to allow the binaries to access the paths.
|
|
###############################################################################
|
|
[postinstall]
|
|
namespace.default.isolated = false
|
|
namespace.default.search.paths = /system/${LIB}
|
|
namespace.default.search.paths += /%PRODUCT%/${LIB}
|
|
namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
|