Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 24c29f1b authored by Justin Yun's avatar Justin Yun Committed by Jiyong Park
Browse files

Implement system namespace for vendor process 

For vendor process default namespace searches as following order:
1. /vendor/lib/(hw|egl), /vendor/lib: Vendor libs + VNDK-vnd-ext
2. /system/lib/vndk-$(ver): VNDK libs
3. /vendor/lib/vndk-sp-$(ver): VNDK-SP-vnd-ext
4. /system/lib/vndk-sp-$(ver): VNDK-SP
and searches system namespace (/system/lib) only for LL-NDK libs.
This configuarion is used only with BOARD_VNDK_VERSION is defined.

Bug: 37192038
Test: build with 'BOARD_VNDK_VERSION=current' and boot

Change-Id: If9778b9266a084846ba8fe73e6bff25828359d33
parent b9beeed5

rootdir/Android.mk

+8 −0
Original line number Original line Diff line number Diff line
@@ -195,7 +195,15 @@ include $(CLEAR_VARS) 




LOCAL_MODULE := ld.config.txt

LOCAL_MODULE := ld.config.txt

ifeq ($(PRODUCT_FULL_TREBLE)|$(SANITIZE_TARGET),true|)

ifeq ($(PRODUCT_FULL_TREBLE)|$(SANITIZE_TARGET),true|)

ifdef BOARD_VNDK_VERSION

  ifeq ($(BOARD_VNDK_RUNTIME_DISABLE),true)

    LOCAL_SRC_FILES := etc/ld.config.txt

    LOCAL_SRC_FILES := etc/ld.config.txt

  else

    LOCAL_SRC_FILES := etc/ld.config.vndk.txt

  endif

else

LOCAL_SRC_FILES := etc/ld.config.txt

endif

else

else

LOCAL_SRC_FILES := etc/ld.config.legacy.txt

LOCAL_SRC_FILES := etc/ld.config.legacy.txt

endif

endif

rootdir/etc/ld.config.vndk.txt

0 → 100644
+158 −0
Original line number Original line Diff line number Diff line 
# Copyright (C) 2017 The Android Open Source Project

#

# Bionic loader config file.

#



# Don't change the order here. The first pattern that matches with the

# absolution path of an executable is selected.

dir.system = /system/bin/

dir.system = /system/xbin/

dir.vendor = /vendor/bin/

dir.vendor = /data/nativetest/vendor

dir.vendor = /data/nativetest64/vendor

dir.vendor = /data/benchmarktest/vendor

dir.vendor = /data/benchmarktest64/vendor

dir.system = /data/nativetest

dir.system = /data/nativetest64

dir.system = /data/benchmarktest

dir.system = /data/benchmarktest64



[system]

additional.namespaces = sphal,vndk,rs



###############################################################################

# "default" namespace

#

# Framework-side code runs in this namespace. Anything from /vendor partition

# can't be loaded in this namespace.

###############################################################################

namespace.default.isolated = false

namespace.default.search.paths = /system/${LIB}:/vendor/${LIB}

namespace.default.permitted.paths = /system/${LIB}:/vendor/${LIB}



namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}

namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}



# TODO(b/37013858): remove all dependencies to /vendor/lib from system processes

# When this is done, comment out following three lines and remove the three

# lines above

#namespace.default.isolated = true

#namespace.default.search.paths = /system/${LIB}

#namespace.default.permitted.paths = /system/${LIB}

#

#namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}

#namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}



###############################################################################

# "sphal" namespace

#

# SP-HAL(Sameprocess-HAL)s are the only vendor libraries that are allowed to be

# loaded inside system processes. libEGL_<chipset>.so, libGLESv2_<chipset>.so,

# android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs.

#

# This namespace is exclusivly for SP-HALs. When the framework tries to dynami-

# cally load SP-HALs, android_dlopen_ext() is used to explicitly specifying

# that they should be searched and loaded from this namespace.

#

# Note that there is no link from the default namespace to this namespace.

###############################################################################

namespace.sphal.isolated = true

namespace.sphal.visible = true

namespace.sphal.search.paths = /vendor/${LIB}/egl:/vendor/${LIB}/hw:/vendor/${LIB}

namespace.sphal.permitted.paths = /vendor/${LIB}:/system/${LIB}/vndk-sp/hw



namespace.sphal.asan.search.paths = /data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl:/data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}:/vendor/${LIB}

namespace.sphal.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}



# Once in this namespace, access to libraries in /system/lib is restricted. Only

# libs listed here can be used.

namespace.sphal.links = default,vndk,rs



# WARNING: only NDK libs can be listed here.

namespace.sphal.link.default.shared_libs = libEGL.so:libm.so:libandroid_net.so:libvndksupport.so:libc.so:libGLESv1_CM.so:liblog.so:libsync.so:libnativewindow.so:libGLESv3.so:libdl.so:libGLESv2.so



# WARNING: only VNDK-SP libs can be listed here. DO NOT EDIT this line.

namespace.sphal.link.vndk.shared_libs = libhardware.so:libc++.so:libhidlbase.so:libhwbinder.so:libhidltransport.so:libbase.so:libhidlmemory.so:libRS.so:libRSDriver.so:libcutils.so:libion.so:libRSCpuRef.so:android.hardware.graphics.common@1.0.so:android.hardware.graphics.mapper@2.0.so:android.hidl.memory@1.0.so:libbcinfo.so:android.hardware.graphics.allocator@2.0.so:android.hardware.renderscript@1.0.so:libutils.so:libz.so



# Renderscript gets separate namespace

namespace.sphal.link.rs.shared_libs = libRS_internal.so



###############################################################################

# "rs" namespace

#

# This namespace is exclusively for Renderscript internal libraries.

# This namespace has slightly looser restriction than the vndk namespace because

# of the genuine characteristics of Renderscript; /data is in the permitted path

# to load the compiled *.so file and libmediandk.so can be used here.

###############################################################################

namespace.rs.isolated = true

namespace.rs.visible = true

namespace.rs.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/vendor/${LIB}

namespace.rs.permitted.paths = /vendor/${LIB}:/data



namespace.rs.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/data/asan/vendor/${LIB}:/vendor/${LIB}

namespace.rs.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}:/data



namespace.rs.links = default,vndk

namespace.rs.link.default.shared_libs = libEGL.so:libm.so:libandroid_net.so:libvndksupport.so:libc.so:libGLESv1_CM.so:liblog.so:libsync.so:libnativewindow.so:libGLESv3.so:libdl.so:libGLESv2.so:libmediandk.so:libft2.so

namespace.rs.link.vndk.shared_libs = libhardware.so:libc++.so:libhidlbase.so:libhwbinder.so:libhidltransport.so:libbase.so:libhidlmemory.so:libRS.so:libRSDriver.so:libcutils.so:libion.so:libRSCpuRef.so:android.hardware.graphics.common@1.0.so:android.hardware.graphics.mapper@2.0.so:android.hidl.memory@1.0.so:libbcinfo.so:android.hardware.graphics.allocator@2.0.so:android.hardware.renderscript@1.0.so:libutils.so:libz.so



###############################################################################

# "vndk" namespace

#

# This namespace is exclusively for vndk-sp libs.

###############################################################################

namespace.vndk.isolated = true

namespace.vndk.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp

namespace.vndk.permitted.paths = /vendor/${LIB}/hw:/vendor/${LIB}/egl



namespace.vndk.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp

namespace.vndk.asan.permitted.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl



# When these NDK libs are required inside this namespace, then it is redirected

# to the default namespace. This is possible since their ABI is stable across

# Android releases.

namespace.vndk.links = default

namespace.vndk.link.default.shared_libs = libEGL.so:libm.so:libandroid_net.so:libvndksupport.so:libc.so:libGLESv1_CM.so:liblog.so:libsync.so:libnativewindow.so:libGLESv3.so:libdl.so:libGLESv2.so



###############################################################################

# Namespace config for vendor processes. In O, no restriction is enforced for

# them. However, in O-MR1, access to /system/${LIB} will not be allowed to

# the default namespace. 'system' namespace will be added to give limited

# (LL-NDK only) access.

###############################################################################

[vendor]

additional.namespaces = system



###############################################################################

# "default" namespace

#

# Vendor-side code runs in this namespace.

###############################################################################

namespace.default.isolated = true

namespace.default.visible = true



namespace.default.search.paths = /vendor/${LIB}/hw:/vendor/${LIB}/egl:/vendor/${LIB}:/system/${LIB}/vndk:/vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp

namespace.default.permitted.paths = /vendor:/system/${LIB}/vndk:/system/${LIB}/vndk-sp



namespace.default.asan.search.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl:/data/asan/vendor/${LIB}:/vendor/${LIB}:/data/asan/system/${LIB}/vndk:/system/${LIB}/vndk:/data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp

namespace.default.asan.permitted.paths = /data/asan/vendor:/vendor:/data/asan/system/${LIB}/vndk:/system/${LIB}/vndk:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp



namespace.default.links = system

namespace.default.link.system.shared_libs = libEGL.so:libm.so:libandroid_net.so:libvndksupport.so:libc.so:libGLESv1_CM.so:liblog.so:libsync.so:libnativewindow.so:libGLESv3.so:libdl.so:libGLESv2.so:libpowermanager.so:libmedia.so:libandroid_runtime.so

# libpowermanager.so must be removed after we have fix for libsdm-color.so (b/64732165)

# libmedia.so must be removed after we have fix for lib-dplmedia.so (b/64427765)

# libandroid_runtime.so must be removed after we have a fix for qseeproxydaemon (b/64820887)



###############################################################################

# "system" namespace

#

# This is for vendor process to use LL-NDK in system partition.

###############################################################################

namespace.system.isolated = false

namespace.system.search.paths = /system/${LIB}

namespace.system.permitted.paths = /system/${LIB}



namespace.system.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}

namespace.system.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}