Loading libnativeloader/native_loader.cpp +30 −15 Original line number Diff line number Diff line Loading @@ -126,7 +126,7 @@ static constexpr const char* kRuntimeNamespaceName = "runtime"; // classloader, the classloader-namespace namespace associated with that // classloader is selected for dlopen. The namespace is configured so that its // search path is set to the app-local JNI directory and it is linked to the // default namespace with the names of libs listed in the public.libraries.txt. // platform namespace with the names of libs listed in the public.libraries.txt. // This way an app can only load its own JNI libraries along with the public libs. static constexpr const char* kClassloaderNamespaceName = "classloader-namespace"; // Same thing for vendor APKs. Loading Loading @@ -307,21 +307,24 @@ class LibraryNamespaces { } } std::string runtime_exposed_libraries = base::Join(kRuntimePublicLibraries, ":"); std::string runtime_exposed_libraries = runtime_public_libraries_; NativeLoaderNamespace native_loader_ns; if (!is_native_bridge) { // The platform namespace is called "default" for binaries in /system and // "platform" for those in the Runtime APEX. Try "platform" first since // "default" always exists. android_namespace_t* platform_ns = android_get_exported_namespace(kPlatformNamespaceName); if (platform_ns == nullptr) { platform_ns = android_get_exported_namespace(kDefaultNamespaceName); } android_namespace_t* android_parent_ns; if (parent_ns != nullptr) { android_parent_ns = parent_ns->get_android_ns(); } else { // Fall back to the platform namespace if no parent is found. It is // called "default" for binaries in /system and "platform" for those in // the Runtime APEX. Try "platform" first since "default" always exists. android_parent_ns = android_get_exported_namespace(kPlatformNamespaceName); if (android_parent_ns == nullptr) { android_parent_ns = android_get_exported_namespace(kDefaultNamespaceName); } // Fall back to the platform namespace if no parent is found. android_parent_ns = platform_ns; } android_namespace_t* ns = android_create_namespace(namespace_name, Loading @@ -342,7 +345,7 @@ class LibraryNamespaces { android_namespace_t* runtime_ns = android_get_exported_namespace(kRuntimeNamespaceName); if (!android_link_namespaces(ns, nullptr, system_exposed_libraries.c_str())) { if (!android_link_namespaces(ns, platform_ns, system_exposed_libraries.c_str())) { *error_msg = dlerror(); return nullptr; } Loading Loading @@ -372,14 +375,19 @@ class LibraryNamespaces { native_loader_ns = NativeLoaderNamespace(ns); } else { // Same functionality as in the branch above, but calling through native bridge. native_bridge_namespace_t* platform_ns = NativeBridgeGetExportedNamespace(kPlatformNamespaceName); if (platform_ns == nullptr) { platform_ns = NativeBridgeGetExportedNamespace(kDefaultNamespaceName); } native_bridge_namespace_t* native_bridge_parent_namespace; if (parent_ns != nullptr) { native_bridge_parent_namespace = parent_ns->get_native_bridge_ns(); } else { native_bridge_parent_namespace = NativeBridgeGetExportedNamespace(kPlatformNamespaceName); if (native_bridge_parent_namespace == nullptr) { native_bridge_parent_namespace = NativeBridgeGetExportedNamespace(kDefaultNamespaceName); } native_bridge_parent_namespace = platform_ns; } native_bridge_namespace_t* ns = NativeBridgeCreateNamespace(namespace_name, Loading @@ -397,7 +405,7 @@ class LibraryNamespaces { native_bridge_namespace_t* runtime_ns = NativeBridgeGetExportedNamespace(kRuntimeNamespaceName); if (!NativeBridgeLinkNamespaces(ns, nullptr, system_exposed_libraries.c_str())) { if (!NativeBridgeLinkNamespaces(ns, platform_ns, system_exposed_libraries.c_str())) { *error_msg = NativeBridgeGetError(); return nullptr; } Loading Loading @@ -449,6 +457,7 @@ class LibraryNamespaces { std::string root_dir = android_root_env != nullptr ? android_root_env : "/system"; std::string public_native_libraries_system_config = root_dir + kPublicNativeLibrariesSystemConfigPathFromRoot; std::string runtime_public_libraries = base::Join(kRuntimePublicLibraries, ":"); std::string llndk_native_libraries_system_config = root_dir + kLlndkNativeLibrariesSystemConfigPathFromRoot; std::string vndksp_native_libraries_system_config = Loading @@ -470,6 +479,10 @@ class LibraryNamespaces { std::vector<std::string> additional_libs_vector = base::Split(additional_libs, ":"); std::copy(additional_libs_vector.begin(), additional_libs_vector.end(), std::back_inserter(sonames)); // Apply the same list to the runtime namespace, since some libraries // might reside there. CHECK(sizeof(kRuntimePublicLibraries) > 0); runtime_public_libraries = runtime_public_libraries + ':' + additional_libs; } } Loading @@ -495,6 +508,7 @@ class LibraryNamespaces { } system_public_libraries_ = base::Join(sonames, ':'); runtime_public_libraries_ = runtime_public_libraries; // read /system/etc/public.libraries-<companyname>.txt which contain partner defined // system libs that are exposed to apps. The libs in the txt files must be Loading Loading @@ -722,6 +736,7 @@ class LibraryNamespaces { bool initialized_; std::list<std::pair<jweak, NativeLoaderNamespace>> namespaces_; std::string system_public_libraries_; std::string runtime_public_libraries_; std::string vendor_public_libraries_; std::string oem_public_libraries_; std::string product_public_libraries_; Loading rootdir/etc/ld.config.legacy.txt +8 −6 Original line number Diff line number Diff line Loading @@ -20,6 +20,9 @@ dir.legacy = /data [legacy] namespace.default.isolated = false # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.default.visible = true namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /product/${LIB} Loading @@ -41,7 +44,7 @@ namespace.default.asan.search.paths += /odm/${LIB} additional.namespaces = runtime,conscrypt,media,resolv # Keep in sync with ld.config.txt in the com.android.runtime APEX. # Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt. # If a shared library or an executable requests a shared library that # cannot be loaded into the default namespace, the dynamic linker tries # to load the shared library from the runtime namespace. And then, if the Loading @@ -50,9 +53,6 @@ additional.namespaces = runtime,conscrypt,media,resolv # Finally, if all attempts fail, the dynamic linker returns an error. namespace.default.links = runtime,resolv namespace.default.asan.links = runtime,resolv # Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by # libart. namespace.default.visible = true namespace.default.link.runtime.shared_libs = libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so Loading @@ -71,11 +71,13 @@ namespace.default.link.resolv.shared_libs = libnetd_resolv.so # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.runtime.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading Loading @@ -119,11 +121,11 @@ namespace.media.link.default.shared_libs += libclang_rt.hwasan-aarch64-android.s # "conscrypt" APEX namespace # # This namespace is for libraries within the conscrypt APEX. # Keep in sync with the "conscrypt" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default Loading rootdir/etc/ld.config.txt +22 −12 Original line number Diff line number Diff line Loading @@ -43,6 +43,9 @@ additional.namespaces = runtime,conscrypt,media,resolv,sphal,vndk,rs # can't be loaded in this namespace. ############################################################################### namespace.default.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.default.visible = true namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /%PRODUCT%/${LIB} Loading Loading @@ -121,7 +124,7 @@ namespace.default.asan.permitted.paths += /mnt/expand namespace.default.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic namespace.default.asan.permitted.paths += /system/${LIB}/bootstrap # Keep in sync with ld.config.txt in the com.android.runtime APEX. # Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt. # If a shared library or an executable requests a shared library that # cannot be loaded into the default namespace, the dynamic linker tries # to load the shared library from the runtime namespace. And then, if the Loading @@ -129,9 +132,6 @@ namespace.default.asan.permitted.paths += /system/${LIB}/bootstrap # dynamic linker tries to load the shared library from the resolv namespace. # Finally, if all attempts fail, the dynamic linker returns an error. namespace.default.links = runtime,resolv # Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by # libart. namespace.default.visible = true namespace.default.link.runtime.shared_libs = libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so Loading @@ -150,11 +150,13 @@ namespace.default.link.resolv.shared_libs = libnetd_resolv.so # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.runtime.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading Loading @@ -187,11 +189,11 @@ namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # "conscrypt" APEX namespace # # This namespace is for libraries within the conscrypt APEX. # Keep in sync with the "conscrypt" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default Loading Loading @@ -234,6 +236,8 @@ namespace.resolv.link.default.shared_libs += libvndksupport.so # Note that there is no link from the default namespace to this namespace. ############################################################################### namespace.sphal.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.sphal.visible = true namespace.sphal.search.paths = /odm/${LIB} Loading Loading @@ -323,6 +327,8 @@ namespace.rs.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES% # This namespace is exclusively for vndk-sp libs. ############################################################################### namespace.vndk.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.vndk.visible = true namespace.vndk.search.paths = /odm/${LIB}/vndk-sp Loading Loading @@ -430,10 +436,10 @@ namespace.default.link.vndk.shared_libs += %VNDK_CORE_LIBRARIES% # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = system Loading Loading @@ -564,6 +570,10 @@ namespace.vndk_in_system.link.vndk.allow_all_shared_libs = true [unrestricted] additional.namespaces = runtime,media,conscrypt,resolv # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.default.visible = true namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /odm/${LIB} namespace.default.search.paths += /vendor/${LIB} Loading @@ -575,10 +585,8 @@ namespace.default.asan.search.paths += /odm/${LIB} namespace.default.asan.search.paths += /data/asan/vendor/${LIB} namespace.default.asan.search.paths += /vendor/${LIB} # Keep in sync with ld.config.txt in the com.android.runtime APEX. # Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt. namespace.default.links = runtime,resolv namespace.default.visible = true namespace.default.link.runtime.shared_libs = libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so Loading @@ -594,11 +602,13 @@ namespace.default.link.resolv.shared_libs = libnetd_resolv.so # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.runtime.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading Loading @@ -629,11 +639,11 @@ namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # "conscrypt" APEX namespace # # This namespace is for libraries within the conscrypt APEX. # Keep in sync with the "conscrypt" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default Loading rootdir/etc/ld.config.vndk_lite.txt +22 −14 Original line number Diff line number Diff line Loading @@ -43,6 +43,9 @@ additional.namespaces = runtime,conscrypt,media,resolv,sphal,vndk,rs # partitions are also allowed temporarily. ############################################################################### namespace.default.isolated = false # Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by # libart. namespace.default.visible = true namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /odm/${LIB} Loading @@ -61,8 +64,7 @@ namespace.default.asan.search.paths += /%PRODUCT%/${LIB} namespace.default.asan.search.paths += /data/asan/%PRODUCT_SERVICES%/${LIB} namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB} # Keep in sync with the platform namespace in the com.android.runtime APEX # ld.config.txt. # Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt. # If a shared library or an executable requests a shared library that # cannot be loaded into the default namespace, the dynamic linker tries # to load the shared library from the runtime namespace. And then, if the Loading @@ -70,9 +72,6 @@ namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB} # dynamic linker tries to load the shared library from the resolv namespace. # Finally, if all attempts fail, the dynamic linker returns an error. namespace.default.links = runtime,resolv # Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by # libart. namespace.default.visible = true namespace.default.link.runtime.shared_libs = libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so Loading @@ -91,12 +90,13 @@ namespace.default.link.resolv.shared_libs = libnetd_resolv.so # "runtime" APEX namespace # # This namespace pulls in externally accessible libs from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.runtime.visible = true # Keep in sync with the default namespace in the com.android.runtime APEX # ld.config.txt. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading Loading @@ -129,11 +129,11 @@ namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # "conscrypt" APEX namespace # # This namespace is for libraries within the conscrypt APEX. # Keep in sync with the "conscrypt" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default Loading Loading @@ -176,6 +176,8 @@ namespace.resolv.link.default.shared_libs += libvndksupport.so # Note that there is no link from the default namespace to this namespace. ############################################################################### namespace.sphal.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.sphal.visible = true namespace.sphal.search.paths = /odm/${LIB} Loading Loading @@ -265,6 +267,8 @@ namespace.rs.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES% # This namespace is exclusively for vndk-sp libs. ############################################################################### namespace.vndk.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.vndk.visible = true namespace.vndk.search.paths = /odm/${LIB}/vndk-sp Loading Loading @@ -367,10 +371,10 @@ namespace.default.link.runtime.shared_libs += libandroidicu.so # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading @@ -387,6 +391,10 @@ namespace.runtime.link.default.allow_all_shared_libs = true [unrestricted] additional.namespaces = runtime,media,conscrypt,resolv # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.default.visible = true namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /odm/${LIB} namespace.default.search.paths += /vendor/${LIB} Loading @@ -398,10 +406,8 @@ namespace.default.asan.search.paths += /odm/${LIB} namespace.default.asan.search.paths += /data/asan/vendor/${LIB} namespace.default.asan.search.paths += /vendor/${LIB} # Keep in sync with ld.config.txt in the com.android.runtime APEX. # Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt. namespace.default.links = runtime,resolv namespace.default.visible = true namespace.default.link.runtime.shared_libs = libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so Loading @@ -417,11 +423,13 @@ namespace.default.link.resolv.shared_libs = libnetd_resolv.so # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.runtime.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading Loading @@ -452,11 +460,11 @@ namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # "conscrypt" APEX namespace # # This namespace is for libraries within the conscrypt APEX. # Keep in sync with the "conscrypt" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default Loading Loading
libnativeloader/native_loader.cpp +30 −15 Original line number Diff line number Diff line Loading @@ -126,7 +126,7 @@ static constexpr const char* kRuntimeNamespaceName = "runtime"; // classloader, the classloader-namespace namespace associated with that // classloader is selected for dlopen. The namespace is configured so that its // search path is set to the app-local JNI directory and it is linked to the // default namespace with the names of libs listed in the public.libraries.txt. // platform namespace with the names of libs listed in the public.libraries.txt. // This way an app can only load its own JNI libraries along with the public libs. static constexpr const char* kClassloaderNamespaceName = "classloader-namespace"; // Same thing for vendor APKs. Loading Loading @@ -307,21 +307,24 @@ class LibraryNamespaces { } } std::string runtime_exposed_libraries = base::Join(kRuntimePublicLibraries, ":"); std::string runtime_exposed_libraries = runtime_public_libraries_; NativeLoaderNamespace native_loader_ns; if (!is_native_bridge) { // The platform namespace is called "default" for binaries in /system and // "platform" for those in the Runtime APEX. Try "platform" first since // "default" always exists. android_namespace_t* platform_ns = android_get_exported_namespace(kPlatformNamespaceName); if (platform_ns == nullptr) { platform_ns = android_get_exported_namespace(kDefaultNamespaceName); } android_namespace_t* android_parent_ns; if (parent_ns != nullptr) { android_parent_ns = parent_ns->get_android_ns(); } else { // Fall back to the platform namespace if no parent is found. It is // called "default" for binaries in /system and "platform" for those in // the Runtime APEX. Try "platform" first since "default" always exists. android_parent_ns = android_get_exported_namespace(kPlatformNamespaceName); if (android_parent_ns == nullptr) { android_parent_ns = android_get_exported_namespace(kDefaultNamespaceName); } // Fall back to the platform namespace if no parent is found. android_parent_ns = platform_ns; } android_namespace_t* ns = android_create_namespace(namespace_name, Loading @@ -342,7 +345,7 @@ class LibraryNamespaces { android_namespace_t* runtime_ns = android_get_exported_namespace(kRuntimeNamespaceName); if (!android_link_namespaces(ns, nullptr, system_exposed_libraries.c_str())) { if (!android_link_namespaces(ns, platform_ns, system_exposed_libraries.c_str())) { *error_msg = dlerror(); return nullptr; } Loading Loading @@ -372,14 +375,19 @@ class LibraryNamespaces { native_loader_ns = NativeLoaderNamespace(ns); } else { // Same functionality as in the branch above, but calling through native bridge. native_bridge_namespace_t* platform_ns = NativeBridgeGetExportedNamespace(kPlatformNamespaceName); if (platform_ns == nullptr) { platform_ns = NativeBridgeGetExportedNamespace(kDefaultNamespaceName); } native_bridge_namespace_t* native_bridge_parent_namespace; if (parent_ns != nullptr) { native_bridge_parent_namespace = parent_ns->get_native_bridge_ns(); } else { native_bridge_parent_namespace = NativeBridgeGetExportedNamespace(kPlatformNamespaceName); if (native_bridge_parent_namespace == nullptr) { native_bridge_parent_namespace = NativeBridgeGetExportedNamespace(kDefaultNamespaceName); } native_bridge_parent_namespace = platform_ns; } native_bridge_namespace_t* ns = NativeBridgeCreateNamespace(namespace_name, Loading @@ -397,7 +405,7 @@ class LibraryNamespaces { native_bridge_namespace_t* runtime_ns = NativeBridgeGetExportedNamespace(kRuntimeNamespaceName); if (!NativeBridgeLinkNamespaces(ns, nullptr, system_exposed_libraries.c_str())) { if (!NativeBridgeLinkNamespaces(ns, platform_ns, system_exposed_libraries.c_str())) { *error_msg = NativeBridgeGetError(); return nullptr; } Loading Loading @@ -449,6 +457,7 @@ class LibraryNamespaces { std::string root_dir = android_root_env != nullptr ? android_root_env : "/system"; std::string public_native_libraries_system_config = root_dir + kPublicNativeLibrariesSystemConfigPathFromRoot; std::string runtime_public_libraries = base::Join(kRuntimePublicLibraries, ":"); std::string llndk_native_libraries_system_config = root_dir + kLlndkNativeLibrariesSystemConfigPathFromRoot; std::string vndksp_native_libraries_system_config = Loading @@ -470,6 +479,10 @@ class LibraryNamespaces { std::vector<std::string> additional_libs_vector = base::Split(additional_libs, ":"); std::copy(additional_libs_vector.begin(), additional_libs_vector.end(), std::back_inserter(sonames)); // Apply the same list to the runtime namespace, since some libraries // might reside there. CHECK(sizeof(kRuntimePublicLibraries) > 0); runtime_public_libraries = runtime_public_libraries + ':' + additional_libs; } } Loading @@ -495,6 +508,7 @@ class LibraryNamespaces { } system_public_libraries_ = base::Join(sonames, ':'); runtime_public_libraries_ = runtime_public_libraries; // read /system/etc/public.libraries-<companyname>.txt which contain partner defined // system libs that are exposed to apps. The libs in the txt files must be Loading Loading @@ -722,6 +736,7 @@ class LibraryNamespaces { bool initialized_; std::list<std::pair<jweak, NativeLoaderNamespace>> namespaces_; std::string system_public_libraries_; std::string runtime_public_libraries_; std::string vendor_public_libraries_; std::string oem_public_libraries_; std::string product_public_libraries_; Loading
rootdir/etc/ld.config.legacy.txt +8 −6 Original line number Diff line number Diff line Loading @@ -20,6 +20,9 @@ dir.legacy = /data [legacy] namespace.default.isolated = false # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.default.visible = true namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /product/${LIB} Loading @@ -41,7 +44,7 @@ namespace.default.asan.search.paths += /odm/${LIB} additional.namespaces = runtime,conscrypt,media,resolv # Keep in sync with ld.config.txt in the com.android.runtime APEX. # Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt. # If a shared library or an executable requests a shared library that # cannot be loaded into the default namespace, the dynamic linker tries # to load the shared library from the runtime namespace. And then, if the Loading @@ -50,9 +53,6 @@ additional.namespaces = runtime,conscrypt,media,resolv # Finally, if all attempts fail, the dynamic linker returns an error. namespace.default.links = runtime,resolv namespace.default.asan.links = runtime,resolv # Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by # libart. namespace.default.visible = true namespace.default.link.runtime.shared_libs = libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so Loading @@ -71,11 +71,13 @@ namespace.default.link.resolv.shared_libs = libnetd_resolv.so # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.runtime.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading Loading @@ -119,11 +121,11 @@ namespace.media.link.default.shared_libs += libclang_rt.hwasan-aarch64-android.s # "conscrypt" APEX namespace # # This namespace is for libraries within the conscrypt APEX. # Keep in sync with the "conscrypt" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default Loading
rootdir/etc/ld.config.txt +22 −12 Original line number Diff line number Diff line Loading @@ -43,6 +43,9 @@ additional.namespaces = runtime,conscrypt,media,resolv,sphal,vndk,rs # can't be loaded in this namespace. ############################################################################### namespace.default.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.default.visible = true namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /%PRODUCT%/${LIB} Loading Loading @@ -121,7 +124,7 @@ namespace.default.asan.permitted.paths += /mnt/expand namespace.default.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic namespace.default.asan.permitted.paths += /system/${LIB}/bootstrap # Keep in sync with ld.config.txt in the com.android.runtime APEX. # Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt. # If a shared library or an executable requests a shared library that # cannot be loaded into the default namespace, the dynamic linker tries # to load the shared library from the runtime namespace. And then, if the Loading @@ -129,9 +132,6 @@ namespace.default.asan.permitted.paths += /system/${LIB}/bootstrap # dynamic linker tries to load the shared library from the resolv namespace. # Finally, if all attempts fail, the dynamic linker returns an error. namespace.default.links = runtime,resolv # Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by # libart. namespace.default.visible = true namespace.default.link.runtime.shared_libs = libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so Loading @@ -150,11 +150,13 @@ namespace.default.link.resolv.shared_libs = libnetd_resolv.so # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.runtime.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading Loading @@ -187,11 +189,11 @@ namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # "conscrypt" APEX namespace # # This namespace is for libraries within the conscrypt APEX. # Keep in sync with the "conscrypt" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default Loading Loading @@ -234,6 +236,8 @@ namespace.resolv.link.default.shared_libs += libvndksupport.so # Note that there is no link from the default namespace to this namespace. ############################################################################### namespace.sphal.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.sphal.visible = true namespace.sphal.search.paths = /odm/${LIB} Loading Loading @@ -323,6 +327,8 @@ namespace.rs.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES% # This namespace is exclusively for vndk-sp libs. ############################################################################### namespace.vndk.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.vndk.visible = true namespace.vndk.search.paths = /odm/${LIB}/vndk-sp Loading Loading @@ -430,10 +436,10 @@ namespace.default.link.vndk.shared_libs += %VNDK_CORE_LIBRARIES% # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = system Loading Loading @@ -564,6 +570,10 @@ namespace.vndk_in_system.link.vndk.allow_all_shared_libs = true [unrestricted] additional.namespaces = runtime,media,conscrypt,resolv # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.default.visible = true namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /odm/${LIB} namespace.default.search.paths += /vendor/${LIB} Loading @@ -575,10 +585,8 @@ namespace.default.asan.search.paths += /odm/${LIB} namespace.default.asan.search.paths += /data/asan/vendor/${LIB} namespace.default.asan.search.paths += /vendor/${LIB} # Keep in sync with ld.config.txt in the com.android.runtime APEX. # Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt. namespace.default.links = runtime,resolv namespace.default.visible = true namespace.default.link.runtime.shared_libs = libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so Loading @@ -594,11 +602,13 @@ namespace.default.link.resolv.shared_libs = libnetd_resolv.so # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.runtime.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading Loading @@ -629,11 +639,11 @@ namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # "conscrypt" APEX namespace # # This namespace is for libraries within the conscrypt APEX. # Keep in sync with the "conscrypt" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default Loading
rootdir/etc/ld.config.vndk_lite.txt +22 −14 Original line number Diff line number Diff line Loading @@ -43,6 +43,9 @@ additional.namespaces = runtime,conscrypt,media,resolv,sphal,vndk,rs # partitions are also allowed temporarily. ############################################################################### namespace.default.isolated = false # Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by # libart. namespace.default.visible = true namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /odm/${LIB} Loading @@ -61,8 +64,7 @@ namespace.default.asan.search.paths += /%PRODUCT%/${LIB} namespace.default.asan.search.paths += /data/asan/%PRODUCT_SERVICES%/${LIB} namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB} # Keep in sync with the platform namespace in the com.android.runtime APEX # ld.config.txt. # Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt. # If a shared library or an executable requests a shared library that # cannot be loaded into the default namespace, the dynamic linker tries # to load the shared library from the runtime namespace. And then, if the Loading @@ -70,9 +72,6 @@ namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB} # dynamic linker tries to load the shared library from the resolv namespace. # Finally, if all attempts fail, the dynamic linker returns an error. namespace.default.links = runtime,resolv # Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by # libart. namespace.default.visible = true namespace.default.link.runtime.shared_libs = libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so Loading @@ -91,12 +90,13 @@ namespace.default.link.resolv.shared_libs = libnetd_resolv.so # "runtime" APEX namespace # # This namespace pulls in externally accessible libs from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.runtime.visible = true # Keep in sync with the default namespace in the com.android.runtime APEX # ld.config.txt. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading Loading @@ -129,11 +129,11 @@ namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # "conscrypt" APEX namespace # # This namespace is for libraries within the conscrypt APEX. # Keep in sync with the "conscrypt" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default Loading Loading @@ -176,6 +176,8 @@ namespace.resolv.link.default.shared_libs += libvndksupport.so # Note that there is no link from the default namespace to this namespace. ############################################################################### namespace.sphal.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.sphal.visible = true namespace.sphal.search.paths = /odm/${LIB} Loading Loading @@ -265,6 +267,8 @@ namespace.rs.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES% # This namespace is exclusively for vndk-sp libs. ############################################################################### namespace.vndk.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.vndk.visible = true namespace.vndk.search.paths = /odm/${LIB}/vndk-sp Loading Loading @@ -367,10 +371,10 @@ namespace.default.link.runtime.shared_libs += libandroidicu.so # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading @@ -387,6 +391,10 @@ namespace.runtime.link.default.allow_all_shared_libs = true [unrestricted] additional.namespaces = runtime,media,conscrypt,resolv # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.default.visible = true namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /odm/${LIB} namespace.default.search.paths += /vendor/${LIB} Loading @@ -398,10 +406,8 @@ namespace.default.asan.search.paths += /odm/${LIB} namespace.default.asan.search.paths += /data/asan/vendor/${LIB} namespace.default.asan.search.paths += /vendor/${LIB} # Keep in sync with ld.config.txt in the com.android.runtime APEX. # Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt. namespace.default.links = runtime,resolv namespace.default.visible = true namespace.default.link.runtime.shared_libs = libdexfile_external.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so Loading @@ -417,11 +423,13 @@ namespace.default.link.resolv.shared_libs = libnetd_resolv.so # "runtime" APEX namespace # # This namespace exposes externally accessible libraries from the Runtime APEX. # Keep in sync with the "runtime" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.runtime.isolated = true # Visible to allow links to be created at runtime, e.g. through # android_link_namespaces in libnativeloader. namespace.runtime.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default Loading Loading @@ -452,11 +460,11 @@ namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% # "conscrypt" APEX namespace # # This namespace is for libraries within the conscrypt APEX. # Keep in sync with the "conscrypt" namespace in art/build/apex/ld.config.txt. ############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true # Keep in sync with ld.config.txt in the com.android.runtime APEX. namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default Loading
