Merge "Use generated linker config only"

)

endef

#######################################

# ld.config.txt selection variables

#

_enforce_vndk_at_runtime := false

ifdef BOARD_VNDK_VERSION

  ifneq ($(BOARD_VNDK_RUNTIME_DISABLE),true)

    _enforce_vndk_at_runtime := true

  endif

endif

_enforce_vndk_lite_at_runtime := false

ifeq ($(_enforce_vndk_at_runtime),false)

  ifeq ($(PRODUCT_TREBLE_LINKER_NAMESPACES)|$(SANITIZE_TARGET),true|)

    _enforce_vndk_lite_at_runtime := true

  endif

endif

#######################################

# ld.config.txt

#

# For VNDK enforced devices that have defined BOARD_VNDK_VERSION, use

# "ld.config.txt" as a source file. This configuration includes strict VNDK

# run-time restrictions for vendor process.

#

# Other treblized devices, that have not defined BOARD_VNDK_VERSION or that

# have set BOARD_VNDK_RUNTIME_DISABLE to true, use "ld.config.vndk_lite.txt"

# as a source file. This configuration does not have strict VNDK run-time

# restrictions.

#

# If the device is not treblized, use "ld.config.legacy.txt" for legacy

# namespace configuration.

#

include $(CLEAR_VARS)

LOCAL_MODULE := ld.config.txt

LOCAL_MODULE_CLASS := ETC

LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)

# Start of i18n and ART APEX compatibility.

#

# Meta-comment:

# The placing of this section is somewhat arbitrary. The LOCAL_POST_INSTALL_CMD

# entries need to be associated with something that goes into /system.

# ld.config.txt qualifies but it could be anything else in /system until soong

# supports creation of symlinks. http://b/123333111

#

# Keeping the appearance of files/dirs having old locations for apps that have

# come to rely on them.

# http://b/121248172 - create a link from /system/usr/icu to

# /apex/com.android.i18n/etc/icu so that apps can find the ICU .dat file.

# A symlink can't overwrite a directory and the /system/usr/icu directory once

# existed so the required structure must be created whatever we find.

LOCAL_POST_INSTALL_CMD = mkdir -p $(TARGET_OUT)/usr && rm -rf $(TARGET_OUT)/usr/icu

LOCAL_POST_INSTALL_CMD += && ln -sf /apex/com.android.i18n/etc/icu $(TARGET_OUT)/usr/icu

# TODO(b/124106384): Clean up compat symlinks for ART binaries.

ART_BINARIES := dalvikvm dex2oat

LOCAL_POST_INSTALL_CMD += && mkdir -p $(TARGET_OUT)/bin

$(foreach b,$(ART_BINARIES), \

  $(eval LOCAL_POST_INSTALL_CMD += \

    && ln -sf /apex/com.android.art/bin/$(b) $(TARGET_OUT)/bin/$(b)) \

)

# End of i18n and ART APEX compatibilty.

ifeq ($(_enforce_vndk_at_runtime),true)

# for VNDK enforced devices

# This file will be replaced with dynamically generated one from system/linkerconfig

LOCAL_MODULE_STEM := $(LOCAL_MODULE)

LOCAL_SRC_FILES := etc/ld.config.txt

include $(BUILD_PREBUILT)

else ifeq ($(_enforce_vndk_lite_at_runtime),true)

# for treblized but VNDK lightly enforced devices

LOCAL_MODULE_STEM := ld.config.vndk_lite.txt

include $(BUILD_SYSTEM)/base_rules.mk

ld_config_template := $(LOCAL_PATH)/etc/ld.config.vndk_lite.txt

vndk_version := $(PLATFORM_VNDK_VERSION)

libz_is_llndk := true

include $(LOCAL_PATH)/update_and_install_ld_config.mk

else

# for legacy non-treblized devices

LOCAL_MODULE_STEM := $(LOCAL_MODULE)

LOCAL_SRC_FILES := etc/ld.config.legacy.txt

include $(BUILD_PREBUILT)

endif  # ifeq ($(_enforce_vndk_at_runtime),true)

#######################################

# ld.config.vndk_lite.txt

#

# This module is only for GSI.

#

ifeq ($(_enforce_vndk_lite_at_runtime),false)

include $(CLEAR_VARS)

LOCAL_MODULE := ld.config.vndk_lite.txt

LOCAL_MODULE_CLASS := ETC

LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)

LOCAL_MODULE_STEM := $(LOCAL_MODULE)

include $(BUILD_SYSTEM)/base_rules.mk

ld_config_template := $(LOCAL_PATH)/etc/ld.config.vndk_lite.txt

vndk_version := $(PLATFORM_VNDK_VERSION)

libz_is_llndk := true

include $(LOCAL_PATH)/update_and_install_ld_config.mk

endif  # ifeq ($(_enforce_vndk_lite_at_runtime),false)

_enforce_vndk_at_runtime :=

_enforce_vndk_lite_at_runtime :=

#######################################

# sanitizer.libraries.txt

include $(CLEAR_VARS)

# Copyright (C) 2017 The Android Open Source Project

#

# Bionic loader config file.

# This gives the exactly the same namespace setup in pre-O.

#

# All binaries gets the same configuration 'legacy'

dir.legacy = /system

dir.legacy = /product

dir.legacy = /vendor

dir.legacy = /odm

dir.legacy = /sbin

# Except for /postinstall, where only /system and /product are searched

dir.postinstall = /postinstall

# Fallback entry to provide APEX namespace lookups for binaries anywhere else.

# This must be last.

dir.legacy = /data

[legacy]

namespace.default.isolated = false

# Visible to allow links to be created at runtime, e.g. through

# android_link_namespaces in libnativeloader.

namespace.default.visible = true

namespace.default.search.paths  = /system/${LIB}

namespace.default.search.paths += /product/${LIB}

namespace.default.search.paths += /vendor/${LIB}

namespace.default.search.paths += /odm/${LIB}

namespace.default.asan.search.paths  = /data/asan/system/${LIB}

namespace.default.asan.search.paths +=           /system/${LIB}

namespace.default.asan.search.paths += /data/asan/product/${LIB}

namespace.default.asan.search.paths +=           /product/${LIB}

namespace.default.asan.search.paths += /data/asan/vendor/${LIB}

namespace.default.asan.search.paths +=           /vendor/${LIB}

namespace.default.asan.search.paths += /data/asan/odm/${LIB}

namespace.default.asan.search.paths +=           /odm/${LIB}

###############################################################################

# APEX related namespaces.

###############################################################################

additional.namespaces = art,conscrypt,media,neuralnetworks,resolv

# Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt.

# If a shared library or an executable requests a shared library that

# cannot be loaded into the default namespace, the dynamic linker tries

# to load the shared library from the art namespace. And then, if the

# shared library cannot be loaded from the art namespace either, the

# dynamic linker tries to load the shared library from the resolv namespace.

# Finally, if all attempts fail, the dynamic linker returns an error.

namespace.default.links = art,resolv,neuralnetworks

namespace.default.asan.links = art,resolv,neuralnetworks

namespace.default.link.art.shared_libs  = libandroidicu.so

namespace.default.link.art.shared_libs += libdexfile_external.so

namespace.default.link.art.shared_libs += libdexfiled_external.so

# TODO(b/120786417 or b/134659294): libicuuc.so and libicui18n.so are kept for app compat.

namespace.default.link.art.shared_libs += libicui18n.so

namespace.default.link.art.shared_libs += libicuuc.so

namespace.default.link.art.shared_libs += libnativebridge.so

namespace.default.link.art.shared_libs += libnativehelper.so

namespace.default.link.art.shared_libs += libnativeloader.so

# TODO(b/122876336): Remove libpac.so once it's migrated to Webview

namespace.default.link.art.shared_libs += libpac.so

# When libnetd_resolv.so can't be found in the default namespace, search for it

# in the resolv namespace. Don't allow any other libraries from the resolv namespace

# to be loaded in the default namespace.

namespace.default.link.resolv.shared_libs = libnetd_resolv.so

# LLNDK library moved into apex

namespace.default.link.neuralnetworks.shared_libs = libneuralnetworks.so

###############################################################################

# "art" APEX namespace

#

# This namespace exposes externally accessible libraries from the ART APEX.

# Keep in sync with the "art" namespace in art/build/apex/ld.config.txt.

###############################################################################

namespace.art.isolated = true

# Visible to allow links to be created at runtime, e.g. through

# android_link_namespaces in libnativeloader.

namespace.art.visible = true

namespace.art.search.paths = /apex/com.android.art/${LIB}

namespace.art.asan.search.paths = /apex/com.android.art/${LIB}

namespace.art.links = default,neuralnetworks

# Need allow_all_shared_libs because libart.so can dlopen oat files in

# /system/framework and /data.

# TODO(b/130340935): Use a dynamically created linker namespace similar to

# classloader-namespace for oat files, and tighten this up.

namespace.art.link.default.allow_all_shared_libs = true

namespace.art.link.neuralnetworks.shared_libs = libneuralnetworks.so

###############################################################################

# "media" APEX namespace

#

# This namespace is for libraries within the media APEX.

###############################################################################

namespace.media.isolated = true

namespace.media.visible = true

namespace.media.search.paths = /apex/com.android.media/${LIB}

namespace.media.asan.search.paths = /apex/com.android.media/${LIB}

namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors

namespace.media.links = default

namespace.media.link.default.shared_libs  = libbinder_ndk.so

namespace.media.link.default.shared_libs += libc.so

namespace.media.link.default.shared_libs += libcgrouprc.so

namespace.media.link.default.shared_libs += libdl.so

namespace.media.link.default.shared_libs += liblog.so

namespace.media.link.default.shared_libs += libmediametrics.so

namespace.media.link.default.shared_libs += libmediandk.so

namespace.media.link.default.shared_libs += libm.so

namespace.media.link.default.shared_libs += libvndksupport.so

namespace.media.link.default.shared_libs += libclang_rt.asan-aarch64-android.so

namespace.media.link.default.shared_libs += libclang_rt.asan-arm-android.so

namespace.media.link.default.shared_libs += libclang_rt.asan-i686-android.so

namespace.media.link.default.shared_libs += libclang_rt.asan-x86_64-android.so

namespace.media.link.default.shared_libs += libclang_rt.hwasan-aarch64-android.so

###############################################################################

# "conscrypt" APEX namespace

#

# This namespace is for libraries within the conscrypt APEX.

# Keep in sync with the "conscrypt" namespace in art/build/apex/ld.config.txt.

###############################################################################

namespace.conscrypt.isolated = true

namespace.conscrypt.visible = true

namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB}

namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB}

namespace.conscrypt.links = art,default

namespace.conscrypt.link.art.shared_libs = libandroidio.so

namespace.conscrypt.link.default.shared_libs  = libc.so

namespace.conscrypt.link.default.shared_libs += libm.so

namespace.conscrypt.link.default.shared_libs += libdl.so

namespace.conscrypt.link.default.shared_libs += liblog.so

###############################################################################

# "resolv" APEX namespace

#

# This namespace is for libraries within the resolv APEX.

###############################################################################

namespace.resolv.isolated = true

namespace.resolv.visible = true

namespace.resolv.search.paths = /apex/com.android.resolv/${LIB}

namespace.resolv.asan.search.paths = /apex/com.android.resolv/${LIB}

namespace.resolv.links = default

namespace.resolv.link.default.shared_libs  = libc.so

namespace.resolv.link.default.shared_libs += libcgrouprc.so

namespace.resolv.link.default.shared_libs += libm.so

namespace.resolv.link.default.shared_libs += libdl.so

namespace.resolv.link.default.shared_libs += libbinder_ndk.so

namespace.resolv.link.default.shared_libs += liblog.so

namespace.resolv.link.default.shared_libs += libvndksupport.so

###############################################################################

# "neuralnetworks" APEX namespace

#

# This namespace is for libraries within the NNAPI APEX.

###############################################################################

namespace.neuralnetworks.isolated = true

namespace.neuralnetworks.visible = true

namespace.neuralnetworks.search.paths = /apex/com.android.neuralnetworks/${LIB}

namespace.neuralnetworks.asan.search.paths = /apex/com.android.neuralnetworks/${LIB}

namespace.neuralnetworks.links = default

namespace.neuralnetworks.link.default.shared_libs  = libc.so

namespace.neuralnetworks.link.default.shared_libs += libcgrouprc.so

namespace.neuralnetworks.link.default.shared_libs += libdl.so

namespace.neuralnetworks.link.default.shared_libs += liblog.so

namespace.neuralnetworks.link.default.shared_libs += libm.so

namespace.neuralnetworks.link.default.shared_libs += libnativewindow.so

namespace.neuralnetworks.link.default.shared_libs += libneuralnetworks_packageinfo.so

namespace.neuralnetworks.link.default.shared_libs += libsync.so

namespace.neuralnetworks.link.default.shared_libs += libvndksupport.so

###############################################################################

# Namespace config for binaries under /postinstall.

# Only one default namespace is defined and it has no directories other than

# /system/lib and /product/lib in the search paths. This is because linker

# calls realpath on the search paths and this causes selinux denial if the

# paths (/vendor, /odm) are not allowed to the poinstall binaries.

# There is no reason to allow the binaries to access the paths.

###############################################################################

[postinstall]

namespace.default.isolated = false

namespace.default.search.paths  = /system/${LIB}

namespace.default.search.paths += /product/${LIB}

# This file is no longer in use.

# Please update linker configuration generator instead.

# You can find the code from /system/linkerconfig

 No newline at end of file

#!/usr/bin/env python

#

# Copyright (C) 2018 The Android Open Source Project

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#      http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

#

import glob

import os.path

import re

import sys

PREBUILTS_VNDK_DIR = "prebuilts/vndk"

VENDOR_DIRECTORIES = ('/vendor', '/odm')

def find_latest_vndk_snapshot_version():

  """Returns latest vndk snapshot version in current source tree.

  It will skip the test if the snapshot directories are not found.

  Returns:

    latest_version: string

  """

  vndk_dir_list = glob.glob(PREBUILTS_VNDK_DIR + "/v*")

  if not vndk_dir_list:

    """Exit without error because we may have source trees that do not include

    VNDK snapshot directories in it.

    """

    sys.exit(0)

  vndk_ver_list = [re.match(r".*/v(\d+)", vndk_dir).group(1)

                                          for vndk_dir in vndk_dir_list]

  latest_version = max(vndk_ver_list)

  if latest_version == '27':

    """Exit without error because VNDK v27 is not using ld.config.txt template

    """

    sys.exit(0)

  return latest_version

def get_vendor_configuration(ld_config_file):

  """Reads the ld.config.txt file to parse the namespace configurations.

  It finds the configurations that include vendor directories.

  Args:

    ld_config_file: string, path (relative to build top) of the ld.config.txt

                    file.

  Returns:

    configs: dict{string:[string]}, dictionary of namespace configurations.

             it has 'section + property' names as keys and the directory list

             as values.

  """

  try:

    conf_file = open(ld_config_file)

  except IOError:

    print("error: could not read %s" % ld_config_file)

    sys.exit(1)

  configs = dict()

  current_section = None

  with conf_file:

    for line in conf_file:

      # ignore comments

      found = line.find('#')

      if found != -1:

        line = line[:found]

      line = line.strip()

      if not line:

        continue

      if line[0] == '[' and line[-1] == ']':

        # new section started

        current_section = line[1:-1]

        continue

      if current_section == None:

        continue

      found = line.find('+=')

      opr_len = 2

      if found == -1:

        found = line.find('=')

        opr_len = 1

      if found == -1:

        continue

      namespace = line[:found].strip()

      if not namespace.endswith(".paths"):

        # check ".paths" only

        continue

      namespace = '[' + current_section + ']' + namespace

      values = line[found + opr_len:].strip()

      directories = values.split(':')

      for directory in directories:

        if any(vendor_dir in directory for vendor_dir in VENDOR_DIRECTORIES):

          if namespace in configs:

            configs[namespace].append(directory)

          else:

            configs[namespace] = [directory]

  return configs

def get_snapshot_config(version):

  """Finds the ld.config.{version}.txt file from the VNDK snapshot directory.

  In the vndk prebuilt directory (prebuilts/vndk/v{version}), it searches

  {arch}/configs/ld.config.{version}.txt file, where {arch} is one of ('arm64',

  'arm', 'x86_64', 'x86').

  Args:

    version: string, the VNDK snapshot version to search.

  Returns:

    ld_config_file: string, relative path to ld.config.{version}.txt

  """

  arch_list = ('arm64', 'arm', 'x86_64', 'x86')

  for arch in arch_list:

    ld_config_file = (PREBUILTS_VNDK_DIR

                + "/v{0}/{1}/configs/ld.config.{0}.txt".format(version, arch))

    if os.path.isfile(ld_config_file):

      return ld_config_file

  print("error: cannot find ld.config.{0}.txt file in snapshot v{0}"

                                                        .format(version))

  sys.exit(1)

def check_backward_compatibility(ld_config, vndk_snapshot_version):

  """Checks backward compatibility for current ld.config.txt file with the

  old ld.config.txt file. If any of the vendor directories in the old namespace

  configurations are missing, the test will fail. It is allowed to have new

  vendor directories in current ld.config.txt file.

  Args:

    ld_config: string, relative path to current ld.config.txt file.

    vndk_snapshot_version: string, the VNDK snapshot version that has an old

                           ld.config.txt file to compare.

  Returns:

    result: bool, True if the current configuration is backward compatible.

  """

  current_config = get_vendor_configuration(ld_config)

  old_config = get_vendor_configuration(

                                get_snapshot_config(vndk_snapshot_version))

  for namespace in old_config:

    if namespace not in current_config:

      print("error: cannot find %s which was provided in ld.config.%s.txt"

                                        % (namespace, vndk_snapshot_version))

      return False

    for path in old_config[namespace]:

      if not path in current_config[namespace]:

        print("error: %s for %s in ld.config.%s.txt are missing in %s"

                % (path, namespace, vndk_snapshot_version, ld_config))

        return False

  return True

def main():

  if len(sys.argv) != 2:

    print ("Usage: %s target_ld_config_txt_file_name" % sys.argv[0])

    sys.exit(1)

  latest_vndk_snapshot_version = find_latest_vndk_snapshot_version()

  if not check_backward_compatibility(sys.argv[1],

                                          latest_vndk_snapshot_version):

    print("error: %s has backward incompatible changes to old "

          "vendor partition." % sys.argv[1])

    sys.exit(1)

  # Current ld.config.txt file is backward compatible

  sys.exit(0)

if __name__ == '__main__':

  main()