diff options
Diffstat (limited to 'rootdir')
-rw-r--r-- | rootdir/etc/ld.config.vndk_lite.txt | 149 |
1 files changed, 135 insertions, 14 deletions
diff --git a/rootdir/etc/ld.config.vndk_lite.txt b/rootdir/etc/ld.config.vndk_lite.txt index 4b9f5caca..5aac61bb9 100644 --- a/rootdir/etc/ld.config.vndk_lite.txt +++ b/rootdir/etc/ld.config.vndk_lite.txt @@ -6,41 +6,162 @@ # All binaries gets the same configuration 'legacy' dir.legacy = /system +dir.legacy = /product dir.legacy = /vendor dir.legacy = /odm dir.legacy = /sbin -# Except for /postinstall, where only /system is searched +# Except for /postinstall, where only /system and /product are searched dir.postinstall = /postinstall +# Fallback entry to provide APEX namespace lookups for binaries anywhere else. +# This must be last. +dir.legacy = /data + [legacy] namespace.default.isolated = false namespace.default.search.paths = /system/${LIB} +namespace.default.search.paths += /product/${LIB} namespace.default.search.paths += /vendor/${LIB} namespace.default.search.paths += /odm/${LIB} namespace.default.asan.search.paths = /data/asan/system/${LIB} namespace.default.asan.search.paths += /system/${LIB} -namespace.default.asan.search.paths += /data/asan/%PRODUCT%/${LIB} -namespace.default.asan.search.paths += /%PRODUCT%/${LIB} -namespace.default.asan.search.paths += /data/asan/%PRODUCT_SERVICES%/${LIB} -namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB} -namespace.default.asan.search.paths += /data/asan/odm/${LIB} -namespace.default.asan.search.paths += /odm/${LIB} +namespace.default.asan.search.paths += /data/asan/product/${LIB} +namespace.default.asan.search.paths += /product/${LIB} namespace.default.asan.search.paths += /data/asan/vendor/${LIB} namespace.default.asan.search.paths += /vendor/${LIB} +namespace.default.asan.search.paths += /data/asan/odm/${LIB} +namespace.default.asan.search.paths += /odm/${LIB} + +############################################################################### +# APEX related namespaces. +############################################################################### + +additional.namespaces = runtime,conscrypt,media,resolv + +# Keep in sync with ld.config.txt in the com.android.runtime APEX. +# If a shared library or an executable requests a shared library that +# cannot be loaded into the default namespace, the dynamic linker tries +# to load the shared library from the runtime namespace. And then, if the +# shared library cannot be loaded from the runtime namespace either, the +# dynamic linker tries to load the shared library from the resolv namespace. +# Finally, if all attempts fail, the dynamic linker returns an error. +namespace.default.links = runtime,resolv +namespace.default.asan.links = runtime,resolv +# Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by +# libart. +namespace.default.visible = true +namespace.default.link.runtime.shared_libs = libdexfile_external.so +namespace.default.link.runtime.shared_libs += libnativebridge.so +namespace.default.link.runtime.shared_libs += libnativehelper.so +namespace.default.link.runtime.shared_libs += libnativeloader.so +namespace.default.link.runtime.shared_libs += libandroidicu.so +# libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466 +namespace.default.link.runtime.shared_libs += libicui18n.so +namespace.default.link.runtime.shared_libs += libicuuc.so + +# TODO(b/122876336): Remove libpac.so once it's migrated to Webview +namespace.default.link.runtime.shared_libs += libpac.so + +# When libnetd_resolv.so can't be found in the default namespace, search for it +# in the resolv namespace. Don't allow any other libraries from the resolv namespace +# to be loaded in the default namespace. +namespace.default.link.resolv.shared_libs = libnetd_resolv.so + +############################################################################### +# "runtime" APEX namespace +# +# This namespace exposes externally accessible libraries from the Runtime APEX. +############################################################################### +namespace.runtime.isolated = true +namespace.runtime.visible = true + +# Keep in sync with ld.config.txt in the com.android.runtime APEX. +namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} +namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} +namespace.runtime.links = default +# TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library +# when it exists. +namespace.runtime.link.default.allow_all_shared_libs = true + +############################################################################### +# "media" APEX namespace +# +# This namespace is for libraries within the media APEX. +############################################################################### +namespace.media.isolated = true +namespace.media.visible = true + +namespace.media.search.paths = /apex/com.android.media/${LIB} +namespace.media.asan.search.paths = /apex/com.android.media/${LIB} + +namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors + +namespace.media.links = default +namespace.media.link.default.shared_libs = libbinder_ndk.so +namespace.media.link.default.shared_libs += libc.so +namespace.media.link.default.shared_libs += libcgrouprc.so +namespace.media.link.default.shared_libs += libdl.so +namespace.media.link.default.shared_libs += liblog.so +namespace.media.link.default.shared_libs += libmediametrics.so +namespace.media.link.default.shared_libs += libmediandk.so +namespace.media.link.default.shared_libs += libm.so +namespace.media.link.default.shared_libs += libvndksupport.so + +namespace.media.link.default.shared_libs += libclang_rt.asan-aarch64-android.so +namespace.media.link.default.shared_libs += libclang_rt.asan-arm-android.so +namespace.media.link.default.shared_libs += libclang_rt.asan-i686-android.so +namespace.media.link.default.shared_libs += libclang_rt.asan-x86_64-android.so +namespace.media.link.default.shared_libs += libclang_rt.hwasan-aarch64-android.so + +############################################################################### +# "conscrypt" APEX namespace +# +# This namespace is for libraries within the conscrypt APEX. +############################################################################### +namespace.conscrypt.isolated = true +namespace.conscrypt.visible = true + +# Keep in sync with ld.config.txt in the com.android.runtime APEX. +namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} +namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} +namespace.conscrypt.links = runtime,default +namespace.conscrypt.link.runtime.shared_libs = libandroidio.so +namespace.conscrypt.link.default.shared_libs = libc.so +namespace.conscrypt.link.default.shared_libs += libm.so +namespace.conscrypt.link.default.shared_libs += libdl.so +namespace.conscrypt.link.default.shared_libs += liblog.so + +############################################################################### +# "resolv" APEX namespace +# +# This namespace is for libraries within the resolv APEX. +############################################################################### +namespace.resolv.isolated = true +namespace.resolv.visible = true + +namespace.resolv.search.paths = /apex/com.android.resolv/${LIB} +namespace.resolv.asan.search.paths = /apex/com.android.resolv/${LIB} +namespace.resolv.links = default +namespace.resolv.link.default.shared_libs = libc.so +namespace.resolv.link.default.shared_libs += libcgrouprc.so +namespace.resolv.link.default.shared_libs += libm.so +namespace.resolv.link.default.shared_libs += libdl.so +namespace.resolv.link.default.shared_libs += libbinder_ndk.so +namespace.resolv.link.default.shared_libs += liblog.so +namespace.resolv.link.default.shared_libs += libvndksupport.so ############################################################################### # Namespace config for binaries under /postinstall. -# Only default namespace is defined and default has no directories -# other than /system/lib in the search paths. This is because linker calls -# realpath on the search paths and this causes selinux denial if the paths -# (/vendor, /odm) are not allowed to the postinstall binaries. There is no -# reason to allow the binaries to access the paths. +# Only one default namespace is defined and it has no directories other than +# /system/lib and /product/lib in the search paths. This is because linker +# calls realpath on the search paths and this causes selinux denial if the +# paths (/vendor, /odm) are not allowed to the poinstall binaries. +# There is no reason to allow the binaries to access the paths. ############################################################################### [postinstall] namespace.default.isolated = false namespace.default.search.paths = /system/${LIB} -namespace.default.search.paths += /%PRODUCT%/${LIB} -namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB} +namespace.default.search.paths += /product/${LIB} |