search

github / choosealicense.com

A site to provide non-judgmental guidance on choosing a license for your open source project
https://choosealicense.com
MIT License
3.69k stars 1.34k forks source link

Kaschey758 #1114

Closed kaschey77 closed 1 year ago

kaschey77 commented 1 year ago

Copyright (C) 2017 The Android Open Source Project

#

Bionic loader config file.

#

Don't change the order here. The first pattern that matches with the

absolute path of an executable is selected.

dir.system = /system/bin/ dir.system = /system/xbin/ dir.system = /system/product/bin/

dir.vendor = /odm/bin/ dir.vendor = /vendor/bin/ dir.vendor = /data/nativetest/odm dir.vendor = /data/nativetest64/odm dir.vendor = /data/benchmarktest/odm dir.vendor = /data/benchmarktest64/odm dir.vendor = /data/nativetest/vendor dir.vendor = /data/nativetest64/vendor dir.vendor = /data/benchmarktest/vendor dir.vendor = /data/benchmarktest64/vendor

dir.unrestricted = /data/nativetest/unrestricted dir.unrestricted = /data/nativetest64/unrestricted

TODO(b/123864775): Ensure tests are run from /data/nativetest{,64} or (if

necessary) the unrestricted subdirs above. Then clean this up.

dir.unrestricted = /data/local/tmp

dir.postinstall = /postinstall

Fallback entry to provide APEX namespace lookups for binaries anywhere else.

This must be last.

dir.system = /data

[system] additional.namespaces = runtime,conscrypt,media,resolv,sphal,vndk,rs

###############################################################################

"default" namespace

#

Framework-side code runs in this namespace. Libs from /vendor partition

can't be loaded in this namespace.

############################################################################### namespace.default.isolated = true

namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /system/product/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_engineering/${LIB}

We can't have entire /system/${LIB} as permitted paths because doing so

makes it possible to load libs in /system/${LIB}/vndk* directories by

their absolute paths (e.g. dlopen("/system/lib/vndk/libbase.so");).

VNDK libs are built with previous versions of Android and thus must not be

loaded into this namespace where libs built with the current version of

Android are loaded. Mixing the two types of libs in the same namespace can

cause unexpected problem.

namespace.default.permitted.paths = /system/${LIB}/drm namespace.default.permitted.paths += /system/${LIB}/oiface namespace.default.permitted.paths += /system/${LIB}/extractors namespace.default.permitted.paths += /system/${LIB}/hw namespace.default.permitted.paths += /system/product/${LIB}

vendor auto add

namespace.default.permitted.paths += /oppo_product/${LIB}

vendor auto add

namespace.default.permitted.paths += /oppo_custom/${LIB}

vendor auto add

namespace.default.permitted.paths += /oppo_version/${LIB}

vendor auto add

namespace.default.permitted.paths += /oppo_engineering/${LIB}

These are where odex files are located. libart has to be able to dlopen the files

namespace.default.permitted.paths += /system/framework namespace.default.permitted.paths += /system/app namespace.default.permitted.paths += /system/priv-app namespace.default.permitted.paths += /vendor/framework namespace.default.permitted.paths += /vendor/app namespace.default.permitted.paths += /vendor/priv-app namespace.default.permitted.paths += /system/vendor/framework namespace.default.permitted.paths += /system/vendor/app namespace.default.permitted.paths += /system/vendor/priv-app namespace.default.permitted.paths += /odm/framework namespace.default.permitted.paths += /odm/app namespace.default.permitted.paths += /odm/priv-app namespace.default.permitted.paths += /oem/app namespace.default.permitted.paths += /system/product/framework namespace.default.permitted.paths += /system/product/app namespace.default.permitted.paths += /system/product/priv-app namespace.default.permitted.paths += /data namespace.default.permitted.paths += /mnt/expand namespace.default.permitted.paths += /apex/com.android.runtime/${LIB}/bionic namespace.default.permitted.paths += /system/${LIB}/bootstrap

namespace.default.asan.search.paths = /data/asan/system/${LIB} namespace.default.asan.search.paths += /system/${LIB} namespace.default.asan.search.paths += /data/asan/system/product/${LIB} namespace.default.asan.search.paths += /system/product/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_engineering/${LIB}

namespace.default.asan.permitted.paths = /data namespace.default.asan.permitted.paths += /system/${LIB}/drm namespace.default.asan.permitted.paths += /system/${LIB}/extractors namespace.default.asan.permitted.paths += /system/${LIB}/hw namespace.default.asan.permitted.paths += /system/framework namespace.default.asan.permitted.paths += /system/app namespace.default.asan.permitted.paths += /system/priv-app namespace.default.asan.permitted.paths += /vendor/framework namespace.default.asan.permitted.paths += /vendor/app namespace.default.asan.permitted.paths += /vendor/priv-app namespace.default.asan.permitted.paths += /system/vendor/framework namespace.default.asan.permitted.paths += /system/vendor/app namespace.default.asan.permitted.paths += /system/vendor/priv-app namespace.default.asan.permitted.paths += /odm/framework namespace.default.asan.permitted.paths += /odm/app namespace.default.asan.permitted.paths += /odm/priv-app namespace.default.asan.permitted.paths += /oem/app namespace.default.asan.permitted.paths += /system/product/${LIB}

vendor auto add

namespace.default.asan.permitted.paths += /oppo_product/${LIB}

vendor auto add

namespace.default.asan.permitted.paths += /oppo_custom/${LIB}

vendor auto add

namespace.default.asan.permitted.paths += /oppo_version/${LIB}

vendor auto add

namespace.default.asan.permitted.paths += /oppo_engineering/${LIB} namespace.default.asan.permitted.paths += /system/product/framework namespace.default.asan.permitted.paths += /system/product/app namespace.default.asan.permitted.paths += /system/product/priv-app namespace.default.asan.permitted.paths += /mnt/expand namespace.default.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic namespace.default.asan.permitted.paths += /system/${LIB}/bootstrap

Keep in sync with ld.config.txt in the com.android.runtime APEX.

If a shared library or an executable requests a shared library that

cannot be loaded into the default namespace, the dynamic linker tries

to load the shared library from the runtime namespace. And then, if the

shared library cannot be loaded from the runtime namespace either, the

dynamic linker tries to load the shared library from the resolv namespace.

Finally, if all attempts fail, the dynamic linker returns an error.

namespace.default.links = runtime,resolv

Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by

libart.

namespace.default.visible = true namespace.default.link.runtime.shared_libs = libdexfile_external.so

libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466

namespace.default.link.runtime.shared_libs += libicui18n.so namespace.default.link.runtime.shared_libs += libicuuc.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so namespace.default.link.runtime.shared_libs += libnativeloader.so namespace.default.link.runtime.shared_libs += libandroidicu.so

TODO(b/122876336): Remove libpac.so once it's migrated to Webview

namespace.default.link.runtime.shared_libs += libpac.so

When libnetd_resolv.so can't be found in the default namespace, search for it

in the resolv namespace. Don't allow any other libraries from the resolv namespace

to be loaded in the default namespace.

namespace.default.link.resolv.shared_libs = libnetd_resolv.so

###############################################################################

"runtime" APEX namespace

#

This namespace exposes externally accessible libraries from the Runtime APEX.

############################################################################### namespace.runtime.isolated = true namespace.runtime.visible = true

Keep in sync with ld.config.txt in the com.android.runtime APEX.

namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default

TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library

when it exists.

namespace.runtime.link.default.allow_all_shared_libs = true

###############################################################################

"media" APEX namespace

#

This namespace is for libraries within the media APEX.

############################################################################### namespace.media.isolated = true namespace.media.visible = true

namespace.media.search.paths = /apex/com.android.media/${LIB} namespace.media.asan.search.paths = /apex/com.android.media/${LIB}

namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors namespace.media.asan.permitted.paths = /apex/com.android.media/${LIB}/extractors

namespace.media.links = default namespace.media.link.default.shared_libs = libEGL.so:libGLESv1_CM.so:libGLESv2.so:libGLESv3.so:libRS.so:libandroid_net.so:libc.so:libcgrouprc.so:libclang_rt.asan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-aarch64-android.so:libdl.so:libft2.so:liblog.so:libm.so:libmediandk.so:libnativewindow.so:libneuralnetworks.so:libsync.so:libvndksupport.so:libvulkan.so namespace.media.link.default.shared_libs += libbinder_ndk.so namespace.media.link.default.shared_libs += libcgrouprc.so namespace.media.link.default.shared_libs += libmediametrics.so namespace.media.link.default.shared_libs += libclang_rt.asan-aarch64-android.so:libclang_rt.hwasan-aarch64-android.so:libclang_rt.ubsan_standalone-aarch64-android.so:libclang_rt.tsan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-arm-android.so:libclang_rt.ubsan_standalone-arm-android.so:libclang_rt.tsan-arm-android.so

###############################################################################

"conscrypt" APEX namespace

#

This namespace is for libraries within the conscrypt APEX.

############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true

Keep in sync with ld.config.txt in the com.android.runtime APEX.

namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default namespace.conscrypt.link.runtime.shared_libs = libandroidio.so namespace.conscrypt.link.default.shared_libs = libc.so namespace.conscrypt.link.default.shared_libs += libm.so namespace.conscrypt.link.default.shared_libs += libdl.so namespace.conscrypt.link.default.shared_libs += liblog.so

###############################################################################

"resolv" APEX namespace

#

This namespace is for libraries within the resolv APEX.

############################################################################### namespace.resolv.isolated = true namespace.resolv.visible = true

namespace.resolv.search.paths = /apex/com.android.resolv/${LIB} namespace.resolv.asan.search.paths = /apex/com.android.resolv/${LIB} namespace.resolv.links = default namespace.resolv.link.default.shared_libs = libc.so namespace.resolv.link.default.shared_libs += libcgrouprc.so namespace.resolv.link.default.shared_libs += libm.so namespace.resolv.link.default.shared_libs += libdl.so namespace.resolv.link.default.shared_libs += libbinder_ndk.so namespace.resolv.link.default.shared_libs += liblog.so namespace.resolv.link.default.shared_libs += libvndksupport.so

###############################################################################

"sphal" namespace

#

SP-HAL(Sameprocess-HAL)s are the only vendor libraries that are allowed to be

loaded inside system processes. libEGL.so, libGLESv2.so,

android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs.

#

This namespace is exclusivly for SP-HALs. When the framework tries to dynami-

cally load SP-HALs, android_dlopen_ext() is used to explicitly specifying

that they should be searched and loaded from this namespace.

#

Note that there is no link from the default namespace to this namespace.

############################################################################### namespace.sphal.isolated = true namespace.sphal.visible = true

namespace.sphal.search.paths = /odm/${LIB}

vendor auto add

namespace.sphal.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.sphal.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.sphal.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.sphal.search.paths += /oppo_engineering/${LIB} namespace.sphal.search.paths += /vendor/${LIB} namespace.sphal.search.paths += /vendor/${LIB}/hw

namespace.sphal.permitted.paths = /odm/${LIB}

vendor auto add

namespace.sphal.permitted.paths += /oppo_product/${LIB}

vendor auto add

namespace.sphal.permitted.paths += /oppo_custom/${LIB}

vendor auto add

namespace.sphal.permitted.paths += /oppo_version/${LIB}

vendor auto add

namespace.sphal.permitted.paths += /oppo_engineering/${LIB} namespace.sphal.permitted.paths += /vendor/${LIB} namespace.sphal.permitted.paths += /system/vendor/${LIB}

namespace.sphal.asan.search.paths = /data/asan/odm/${LIB} namespace.sphal.asan.search.paths += /odm/${LIB}

vendor auto add

namespace.sphal.asan.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.sphal.asan.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.sphal.asan.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.sphal.asan.search.paths += /oppo_engineering/${LIB} namespace.sphal.asan.search.paths += /data/asan/vendor/${LIB} namespace.sphal.asan.search.paths += /vendor/${LIB}

namespace.sphal.asan.permitted.paths = /data/asan/odm/${LIB} namespace.sphal.asan.permitted.paths += /odm/${LIB}

vendor auto add

namespace.sphal.asan.permitted.paths += /oppo_product/${LIB}

vendor auto add

namespace.sphal.asan.permitted.paths += /oppo_custom/${LIB}

vendor auto add

namespace.sphal.asan.permitted.paths += /oppo_version/${LIB}

vendor auto add

namespace.sphal.asan.permitted.paths += /oppo_engineering/${LIB} namespace.sphal.asan.permitted.paths += /data/asan/vendor/${LIB} namespace.sphal.asan.permitted.paths += /vendor/${LIB}

Once in this namespace, access to libraries in /system/lib is restricted. Only

libs listed here can be used. Order is important here as the namespaces are

tried in this order. rs should be before vndk because both are capable

of loading libRS_internal.so

namespace.sphal.links = rs,default,vndk

Renderscript gets separate namespace

namespace.sphal.link.rs.shared_libs = libRS_internal.so

namespace.sphal.link.default.shared_libs = libEGL.so:libGLESv1_CM.so:libGLESv2.so:libGLESv3.so:libRS.so:libandroid_net.so:libc.so:libcgrouprc.so:libclang_rt.asan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-aarch64-android.so:libdl.so:libft2.so:liblog.so:libm.so:libmediandk.so:libnativewindow.so:libneuralnetworks.so:libsync.so:libvndksupport.so:libvulkan.so namespace.sphal.link.default.shared_libs += libclang_rt.asan-aarch64-android.so:libclang_rt.hwasan-aarch64-android.so:libclang_rt.ubsan_standalone-aarch64-android.so:libclang_rt.tsan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-arm-android.so:libclang_rt.ubsan_standalone-arm-android.so:libclang_rt.tsan-arm-android.so

namespace.sphal.link.vndk.shared_libs = android.hardware.graphics.common@1.0.so:android.hardware.graphics.common@1.1.so:android.hardware.graphics.common@1.2.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.mapper@2.1.so:android.hardware.graphics.mapper@3.0.so:android.hardware.renderscript@1.0.so:android.hidl.memory.token@1.0.so:android.hidl.memory@1.0.so:android.hidl.memory@1.0-impl.so:android.hidl.safe_union@1.0.so:libRSCpuRef.so:libRSDriver.so:libRS_internal.so:libbacktrace.so:libbase.so:libbcinfo.so:libbinderthreadstate.so:libblas.so:libc++.so:libcompiler_rt.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libhwbinder.so:libhwbinder_noltopgo.so:libion.so:libjsoncpp.so:liblzma.so:libprocessgroup.so:libunwindstack.so:libutils.so:libutilscallstack.so:libz.so

###############################################################################

"rs" namespace

#

This namespace is exclusively for Renderscript internal libraries.

This namespace has slightly looser restriction than the vndk namespace because

of the genuine characteristics of Renderscript; /data is in the permitted path

to load the compiled *.so file and libmediandk.so can be used here.

############################################################################### namespace.rs.isolated = true namespace.rs.visible = true

namespace.rs.search.paths = /odm/${LIB}/vndk-sp namespace.rs.search.paths += /vendor/${LIB}/vndk-sp namespace.rs.search.paths += /system/${LIB}/vndk-sp-29 namespace.rs.search.paths += /odm/${LIB}

vendor auto add

namespace.rs.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.rs.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.rs.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.rs.search.paths += /oppo_engineering/${LIB} namespace.rs.search.paths += /vendor/${LIB}

namespace.rs.permitted.paths = /odm/${LIB}

vendor auto add

namespace.rs.permitted.paths += /oppo_product/${LIB}

vendor auto add

namespace.rs.permitted.paths += /oppo_custom/${LIB}

vendor auto add

namespace.rs.permitted.paths += /oppo_version/${LIB}

vendor auto add

namespace.rs.permitted.paths += /oppo_engineering/${LIB} namespace.rs.permitted.paths += /vendor/${LIB} namespace.rs.permitted.paths += /system/vendor/${LIB} namespace.rs.permitted.paths += /data

namespace.rs.asan.search.paths = /data/asan/odm/${LIB}/vndk-sp namespace.rs.asan.search.paths += /odm/${LIB}/vndk-sp namespace.rs.asan.search.paths += /data/asan/vendor/${LIB}/vndk-sp namespace.rs.asan.search.paths += /vendor/${LIB}/vndk-sp namespace.rs.asan.search.paths += /data/asan/system/${LIB}/vndk-sp-29 namespace.rs.asan.search.paths += /system/${LIB}/vndk-sp-29 namespace.rs.asan.search.paths += /data/asan/odm/${LIB} namespace.rs.asan.search.paths += /odm/${LIB}

vendor auto add

namespace.rs.asan.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.rs.asan.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.rs.asan.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.rs.asan.search.paths += /oppo_engineering/${LIB} namespace.rs.asan.search.paths += /data/asan/vendor/${LIB} namespace.rs.asan.search.paths += /vendor/${LIB}

namespace.rs.asan.permitted.paths = /data/asan/odm/${LIB} namespace.rs.asan.permitted.paths += /odm/${LIB}

vendor auto add

namespace.rs.asan.permitted.paths += /oppo_product/${LIB}

vendor auto add

namespace.rs.asan.permitted.paths += /oppo_custom/${LIB}

vendor auto add

namespace.rs.asan.permitted.paths += /oppo_version/${LIB}

vendor auto add

namespace.rs.asan.permitted.paths += /oppo_engineering/${LIB} namespace.rs.asan.permitted.paths += /data/asan/vendor/${LIB} namespace.rs.asan.permitted.paths += /vendor/${LIB} namespace.rs.asan.permitted.paths += /data

namespace.rs.links = default,vndk

namespace.rs.link.default.shared_libs = libEGL.so:libGLESv1_CM.so:libGLESv2.so:libGLESv3.so:libRS.so:libandroid_net.so:libc.so:libcgrouprc.so:libclang_rt.asan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-aarch64-android.so:libdl.so:libft2.so:liblog.so:libm.so:libmediandk.so:libnativewindow.so:libneuralnetworks.so:libsync.so:libvndksupport.so:libvulkan.so namespace.rs.link.default.shared_libs += libclang_rt.asan-aarch64-android.so:libclang_rt.hwasan-aarch64-android.so:libclang_rt.ubsan_standalone-aarch64-android.so:libclang_rt.tsan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-arm-android.so:libclang_rt.ubsan_standalone-arm-android.so:libclang_rt.tsan-arm-android.so

Private LLNDK libs (e.g. libft2.so) are exceptionally allowed to this

namespace because RS framework libs are using them.

namespace.rs.link.default.shared_libs +=

namespace.rs.link.vndk.shared_libs = android.hardware.graphics.common@1.0.so:android.hardware.graphics.common@1.1.so:android.hardware.graphics.common@1.2.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.mapper@2.1.so:android.hardware.graphics.mapper@3.0.so:android.hardware.renderscript@1.0.so:android.hidl.memory.token@1.0.so:android.hidl.memory@1.0.so:android.hidl.memory@1.0-impl.so:android.hidl.safe_union@1.0.so:libRSCpuRef.so:libRSDriver.so:libRS_internal.so:libbacktrace.so:libbase.so:libbcinfo.so:libbinderthreadstate.so:libblas.so:libc++.so:libcompiler_rt.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libhwbinder.so:libhwbinder_noltopgo.so:libion.so:libjsoncpp.so:liblzma.so:libprocessgroup.so:libunwindstack.so:libutils.so:libutilscallstack.so:libz.so

###############################################################################

"vndk" namespace

#

This namespace is exclusively for vndk-sp libs.

############################################################################### namespace.vndk.isolated = true namespace.vndk.visible = true

namespace.vndk.search.paths = /odm/${LIB}/vndk-sp namespace.vndk.search.paths += /vendor/${LIB}/vndk-sp namespace.vndk.search.paths += /system/${LIB}/vndk-sp-29

namespace.vndk.permitted.paths = /odm/${LIB}/hw namespace.vndk.permitted.paths += /odm/${LIB}/egl namespace.vndk.permitted.paths += /vendor/${LIB}/hw namespace.vndk.permitted.paths += /vendor/${LIB}/egl namespace.vndk.permitted.paths += /system/vendor/${LIB}/hw namespace.vndk.permitted.paths += /system/vendor/${LIB}/egl

This is exceptionally required since android.hidl.memory@1.0-impl.so is here

namespace.vndk.permitted.paths += /system/${LIB}/vndk-sp-29/hw

namespace.vndk.asan.search.paths = /data/asan/odm/${LIB}/vndk-sp namespace.vndk.asan.search.paths += /odm/${LIB}/vndk-sp namespace.vndk.asan.search.paths += /data/asan/vendor/${LIB}/vndk-sp namespace.vndk.asan.search.paths += /vendor/${LIB}/vndk-sp namespace.vndk.asan.search.paths += /data/asan/system/${LIB}/vndk-sp-29 namespace.vndk.asan.search.paths += /system/${LIB}/vndk-sp-29

namespace.vndk.asan.permitted.paths = /data/asan/odm/${LIB}/hw namespace.vndk.asan.permitted.paths += /odm/${LIB}/hw namespace.vndk.asan.permitted.paths += /data/asan/odm/${LIB}/egl namespace.vndk.asan.permitted.paths += /odm/${LIB}/egl namespace.vndk.asan.permitted.paths += /data/asan/vendor/${LIB}/hw namespace.vndk.asan.permitted.paths += /vendor/${LIB}/hw namespace.vndk.asan.permitted.paths += /data/asan/vendor/${LIB}/egl namespace.vndk.asan.permitted.paths += /vendor/${LIB}/egl

namespace.vndk.asan.permitted.paths += /data/asan/system/${LIB}/vndk-sp-29/hw namespace.vndk.asan.permitted.paths += /system/${LIB}/vndk-sp-29/hw

The "vndk" namespace links to "default" namespace for LLNDK libs and links to

"sphal" namespace for vendor libs. The ordering matters. The "default"

namespace has higher priority than the "sphal" namespace.

namespace.vndk.links = default,sphal

When these NDK libs are required inside this namespace, then it is redirected

to the default namespace. This is possible since their ABI is stable across

Android releases.

namespace.vndk.link.default.shared_libs = libEGL.so:libGLESv1_CM.so:libGLESv2.so:libGLESv3.so:libRS.so:libandroid_net.so:libc.so:libcgrouprc.so:libclang_rt.asan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-aarch64-android.so:libdl.so:libft2.so:liblog.so:libm.so:libmediandk.so:libnativewindow.so:libneuralnetworks.so:libsync.so:libvndksupport.so:libvulkan.so namespace.vndk.link.default.shared_libs += libclang_rt.asan-aarch64-android.so:libclang_rt.hwasan-aarch64-android.so:libclang_rt.ubsan_standalone-aarch64-android.so:libclang_rt.tsan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-arm-android.so:libclang_rt.ubsan_standalone-arm-android.so:libclang_rt.tsan-arm-android.so

Allow VNDK-SP extensions to use vendor libraries

namespace.vndk.link.sphal.allow_all_shared_libs = true

###############################################################################

Namespace config for vendor processes. In O, no restriction is enforced for

them. However, in O-MR1, access to /system/${LIB} will not be allowed to

the default namespace. 'system' namespace will be added to give limited

(LL-NDK only) access.

############################################################################### [vendor] additional.namespaces = runtime,system,vndk

###############################################################################

"default" namespace

#

This is the default linker namespace for a vendor process (a process started

from /vendor/bin/*). The main executable and the libs under /vendor/lib[64]

are loaded directly into this namespace. However, other libs under the system

partition (VNDK and LLNDK libraries) are not loaded here but from the

separate namespace 'system'. The delegation to the system namespace is done

via the 'namespace.default.link.system.shared_libs' property below.

#

'#VNDK27#' TAG is only for building ld.config.27.txt for backward

compatibility. (TODO:b/123390078) Move them to a separate file.

############################################################################### namespace.default.isolated = true namespace.default.visible = true

namespace.default.search.paths = /odm/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_engineering/${LIB} namespace.default.search.paths += /vendor/${LIB}

namespace.default.permitted.paths = /odm namespace.default.permitted.paths += /vendor namespace.default.permitted.paths += /system/vendor

namespace.default.asan.search.paths = /data/asan/odm/${LIB} namespace.default.asan.search.paths += /odm/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_engineering/${LIB} namespace.default.asan.search.paths += /data/asan/vendor/${LIB} namespace.default.asan.search.paths += /vendor/${LIB}

namespace.default.asan.permitted.paths = /data/asan/odm namespace.default.asan.permitted.paths += /odm namespace.default.asan.permitted.paths += /data/asan/vendor namespace.default.asan.permitted.paths += /vendor

namespace.default.links = system,vndk namespace.default.link.system.shared_libs = libEGL.so:libGLESv1_CM.so:libGLESv2.so:libGLESv3.so:libRS.so:libandroid_net.so:libc.so:libcgrouprc.so:libclang_rt.asan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-aarch64-android.so:libdl.so:libft2.so:liblog.so:libm.so:libmediandk.so:libnativewindow.so:libneuralnetworks.so:libsync.so:libvndksupport.so:libvulkan.so

namespace.default.link.vndk.shared_libs = android.hardware.graphics.common@1.0.so:android.hardware.graphics.common@1.1.so:android.hardware.graphics.common@1.2.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.mapper@2.1.so:android.hardware.graphics.mapper@3.0.so:android.hardware.renderscript@1.0.so:android.hidl.memory.token@1.0.so:android.hidl.memory@1.0.so:android.hidl.memory@1.0-impl.so:android.hidl.safe_union@1.0.so:libRSCpuRef.so:libRSDriver.so:libRS_internal.so:libbacktrace.so:libbase.so:libbcinfo.so:libbinderthreadstate.so:libblas.so:libc++.so:libcompiler_rt.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libhwbinder.so:libhwbinder_noltopgo.so:libion.so:libjsoncpp.so:liblzma.so:libprocessgroup.so:libunwindstack.so:libutils.so:libutilscallstack.so:libz.so namespace.default.link.vndk.shared_libs += android.frameworks.cameraservice.common@2.0.so:android.frameworks.cameraservice.device@2.0.so:android.frameworks.cameraservice.service@2.0.so:android.frameworks.displayservice@1.0.so:android.frameworks.schedulerservice@1.0.so:android.frameworks.sensorservice@1.0.so:android.frameworks.stats@1.0.so:android.frameworks.vr.composer@1.0.so:android.hardware.atrace@1.0.so:android.hardware.audio.common@2.0.so:android.hardware.audio.common@4.0.so:android.hardware.audio.common@5.0.so:android.hardware.audio.effect@2.0.so:android.hardware.audio.effect@4.0.so:android.hardware.audio.effect@5.0.so:android.hardware.audio@2.0.so:android.hardware.audio@4.0.so:android.hardware.audio@5.0.so:android.hardware.authsecret@1.0.so:android.hardware.automotive.audiocontrol@1.0.so:android.hardware.automotive.evs@1.0.so:android.hardware.automotive.vehicle@2.0.so:android.hardware.biometrics.face@1.0.so:android.hardware.biometrics.fingerprint@2.1.so:android.hardware.bluetooth.a2dp@1.0.so:android.hardware.bluetooth.audio@2.0.so:android.hardware.bluetooth@1.0.so:android.hardware.boot@1.0.so:android.hardware.broadcastradio@1.0.so:android.hardware.broadcastradio@1.1.so:android.hardware.broadcastradio@2.0.so:android.hardware.camera.common@1.0.so:android.hardware.camera.device@1.0.so:android.hardware.camera.device@3.2.so:android.hardware.camera.device@3.3.so:android.hardware.camera.device@3.4.so:android.hardware.camera.device@3.5.so:android.hardware.camera.metadata@3.2.so:android.hardware.camera.metadata@3.3.so:android.hardware.camera.metadata@3.4.so:android.hardware.camera.provider@2.4.so:android.hardware.camera.provider@2.5.so:android.hardware.cas.native@1.0.so:android.hardware.cas@1.0.so:android.hardware.cas@1.1.so:android.hardware.configstore-utils.so:android.hardware.configstore@1.0.so:android.hardware.configstore@1.1.so:android.hardware.confirmationui-support-lib.so:android.hardware.confirmationui@1.0.so:android.hardware.contexthub@1.0.so:android.hardware.drm@1.0.so:android.hardware.drm@1.1.so:android.hardware.drm@1.2.so:android.hardware.dumpstate@1.0.so:android.hardware.fastboot@1.0.so:android.hardware.gatekeeper@1.0.so:android.hardware.gnss.measurement_corrections@1.0.so:android.hardware.gnss.visibility_control@1.0.so:android.hardware.gnss@1.0.so:android.hardware.gnss@1.1.so:android.hardware.gnss@2.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.allocator@3.0.so:android.hardware.graphics.bufferqueue@1.0.so:android.hardware.graphics.bufferqueue@2.0.so:android.hardware.graphics.composer@2.1.so:android.hardware.graphics.composer@2.2.so:android.hardware.graphics.composer@2.3.so:android.hardware.health.storage@1.0.so:android.hardware.health@1.0.so:android.hardware.health@2.0.so:android.hardware.input.classifier@1.0.so:android.hardware.input.common@1.0.so:android.hardware.ir@1.0.so:android.hardware.keymaster@3.0.so:android.hardware.keymaster@4.0.so:android.hardware.light@2.0.so:android.hardware.media.bufferpool@1.0.so:android.hardware.media.bufferpool@2.0.so:android.hardware.media.c2@1.0.so:android.hardware.media.omx@1.0.so:android.hardware.media@1.0.so:android.hardware.memtrack@1.0.so:android.hardware.neuralnetworks@1.0.so:android.hardware.neuralnetworks@1.1.so:android.hardware.neuralnetworks@1.2.so:android.hardware.nfc@1.0.so:android.hardware.nfc@1.1.so:android.hardware.nfc@1.2.so:android.hardware.oemlock@1.0.so:android.hardware.power.stats@1.0.so:android.hardware.power@1.0.so:android.hardware.power@1.1.so:android.hardware.power@1.2.so:android.hardware.power@1.3.so:android.hardware.radio.config@1.0.so:android.hardware.radio.config@1.1.so:android.hardware.radio.config@1.2.so:android.hardware.radio.deprecated@1.0.so:android.hardware.radio@1.0.so:android.hardware.radio@1.1.so:android.hardware.radio@1.2.so:android.hardware.radio@1.3.so:android.hardware.radio@1.4.so:android.hardware.secure_element@1.0.so:android.hardware.secure_element@1.1.so:android.hardware.sensors@1.0.so:android.hardware.sensors@2.0.so:android.hardware.soundtrigger@2.0.so:android.hardware.soundtrigger@2.0-core.so:android.hardware.soundtrigger@2.1.so:android.hardware.soundtrigger@2.2.so:android.hardware.tetheroffload.config@1.0.so:android.hardware.tetheroffload.control@1.0.so:android.hardware.thermal@1.0.so:android.hardware.thermal@1.1.so:android.hardware.thermal@2.0.so:android.hardware.tv.cec@1.0.so:android.hardware.tv.cec@2.0.so:android.hardware.tv.input@1.0.so:android.hardware.usb.gadget@1.0.so:android.hardware.usb@1.0.so:android.hardware.usb@1.1.so:android.hardware.usb@1.2.so:android.hardware.vibrator@1.0.so:android.hardware.vibrator@1.1.so:android.hardware.vibrator@1.2.so:android.hardware.vibrator@1.3.so:android.hardware.vr@1.0.so:android.hardware.weaver@1.0.so:android.hardware.wifi.hostapd@1.0.so:android.hardware.wifi.hostapd@1.1.so:android.hardware.wifi.offload@1.0.so:android.hardware.wifi.supplicant@1.0.so:android.hardware.wifi.supplicant@1.1.so:android.hardware.wifi.supplicant@1.2.so:android.hardware.wifi@1.0.so:android.hardware.wifi@1.1.so:android.hardware.wifi@1.2.so:android.hardware.wifi@1.3.so:android.hidl.allocator@1.0.so:android.hidl.memory.block@1.0.so:android.hidl.token@1.0.so:android.hidl.token@1.0-utils.so:android.system.net.netd@1.0.so:android.system.net.netd@1.1.so:android.system.suspend@1.0.so:android.system.wifi.keystore@1.0.so:libadf.so:libaudioroute.so:libaudioutils.so:libbinder.so:libcamera_metadata.so:libcap.so:libclang_rt.scudo-aarch64-android.so:libclang_rt.scudo-arm-android.so:libclang_rt.scudo_minimal-aarch64-android.so:libclang_rt.scudo_minimal-arm-android.so:libclang_rt.ubsan_minimal-aarch64-android.so:libclang_rt.ubsan_minimal-arm-android.so:libclang_rt.ubsan_standalone-aarch64-android.so:libclang_rt.ubsan_standalone-arm-android.so:libcn-cbor.so:libcodec2.so:libcrypto.so:libcrypto_utils.so:libcurl.so:libdiskconfig.so:libdumpstateutil.so:libevent.so:libexif.so:libexpat.so:libfmq.so:libgatekeeper.so:libgui.so:libhardware_legacy.so:libhidlallocatorutils.so:libhidlcache.so:libjpeg.so:libkeymaster_messages.so:libkeymaster_portable.so:libldacBT_abr.so:libldacBT_enc.so:liblz4.so:libmedia_helper.so:libmedia_omx.so:libmemtrack.so:libminijail.so:libmkbootimg_abi_check.so:libnetutils.so:libnl.so:libpcre2.so:libpiex.so:libpng.so:libpower.so:libprocinfo.so:libprotobuf-cpp-full.so:libprotobuf-cpp-lite.so:libpuresoftkeymasterdevice.so:libradio_metadata.so:libselinux.so:libsoftkeymasterdevice.so:libspeexresampler.so:libsqlite.so:libssl.so:libstagefright_bufferpool@2.0.so:libstagefright_bufferqueue_helper.so:libstagefright_foundation.so:libstagefright_omx.so:libstagefright_omx_utils.so:libstagefright_xmlparser.so:libsysutils.so:libtinyalsa.so:libtinyxml2.so:libui.so:libusbhost.so:libwifi-system-iface.so:libxml2.so:libyuv.so:libziparchive.so

###############################################################################

"runtime" APEX namespace

#

This namespace exposes externally accessible libraries from the Runtime APEX.

############################################################################### namespace.runtime.isolated = true

Keep in sync with ld.config.txt in the com.android.runtime APEX.

namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = system

TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library

when it exists.

namespace.runtime.link.system.allow_all_shared_libs = true

###############################################################################

"vndk" namespace

#

This namespace is where VNDK and VNDK-SP libraries are loaded for

a vendor process.

############################################################################### namespace.vndk.isolated = false

namespace.vndk.search.paths = /odm/${LIB}/vndk namespace.vndk.search.paths += /odm/${LIB}/vndk-sp namespace.vndk.search.paths += /vendor/${LIB}/vndk namespace.vndk.search.paths += /vendor/${LIB}/vndk-sp namespace.vndk.search.paths += /system/${LIB}/vndk-sp-29 namespace.vndk.search.paths += /system/${LIB}/vndk-29

namespace.vndk.asan.search.paths = /data/asan/odm/${LIB}/vndk namespace.vndk.asan.search.paths += /odm/${LIB}/vndk namespace.vndk.asan.search.paths += /data/asan/odm/${LIB}/vndk-sp namespace.vndk.asan.search.paths += /odm/${LIB}/vndk-sp namespace.vndk.asan.search.paths += /data/asan/vendor/${LIB}/vndk namespace.vndk.asan.search.paths += /vendor/${LIB}/vndk namespace.vndk.asan.search.paths += /data/asan/vendor/${LIB}/vndk-sp namespace.vndk.asan.search.paths += /vendor/${LIB}/vndk-sp namespace.vndk.asan.search.paths += /data/asan/system/${LIB}/vndk-sp-29 namespace.vndk.asan.search.paths += /system/${LIB}/vndk-sp-29 namespace.vndk.asan.search.paths += /data/asan/system/${LIB}/vndk-29 namespace.vndk.asan.search.paths += /system/${LIB}/vndk-29

When these NDK libs are required inside this namespace, then it is redirected

to the system namespace. This is possible since their ABI is stable across

Android releases. The links here should be identical to that of the

'vndk_in_system' namespace, except for the link between 'vndk' and

'vndk_in_system'.

namespace.vndk.links = system,default

namespace.vndk.link.system.shared_libs = libEGL.so:libGLESv1_CM.so:libGLESv2.so:libGLESv3.so:libRS.so:libandroid_net.so:libc.so:libcgrouprc.so:libclang_rt.asan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-aarch64-android.so:libdl.so:libft2.so:liblog.so:libm.so:libmediandk.so:libnativewindow.so:libneuralnetworks.so:libsync.so:libvndksupport.so:libvulkan.so namespace.vndk.link.system.shared_libs += libclang_rt.asan-aarch64-android.so:libclang_rt.hwasan-aarch64-android.so:libclang_rt.ubsan_standalone-aarch64-android.so:libclang_rt.tsan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-arm-android.so:libclang_rt.ubsan_standalone-arm-android.so:libclang_rt.tsan-arm-android.so

namespace.vndk.link.default.allow_all_shared_libs = true

###############################################################################

"system" namespace

#

This namespace is where system libs (VNDK and LLNDK libs) are loaded for

a vendor process.

############################################################################### namespace.system.isolated = false

namespace.system.search.paths = /system/${LIB} namespace.system.search.paths += /system/product/${LIB}

vendor auto add

namespace.system.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.system.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.system.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.system.search.paths += /oppo_engineering/${LIB}

namespace.system.asan.search.paths = /data/asan/system/${LIB} namespace.system.asan.search.paths += /system/${LIB} namespace.system.asan.search.paths += /data/asan/product/${LIB} namespace.system.asan.search.paths += /system/product/${LIB}

vendor auto add

namespace.system.asan.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.system.asan.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.system.asan.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.system.asan.search.paths += /oppo_engineering/${LIB} namespace.system.asan.search.paths += /data/asan/product_services/${LIB}

namespace.system.links = runtime namespace.system.link.runtime.shared_libs = libdexfile_external.so

libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466

namespace.system.link.runtime.shared_libs += libicui18n.so namespace.system.link.runtime.shared_libs += libicuuc.so namespace.system.link.runtime.shared_libs += libnativebridge.so namespace.system.link.runtime.shared_libs += libnativehelper.so namespace.system.link.runtime.shared_libs += libnativeloader.so

Workaround for b/124772622

namespace.system.link.runtime.shared_libs += libandroidicu.so

###############################################################################

"vndk_in_system" namespace

#

This namespace is where no-vendor-variant VNDK libraries are loaded for a

vendor process. Note that we do not simply export these libraries from

"system" namespace, because in some case both the core variant and the

vendor variant of a VNDK library may be loaded. In such case, we do not

want to eliminate double-loading because doing so means the global states

of the library would be shared.

#

Only the no-vendor-variant VNDK libraries are whitelisted in this namespace.

This is to ensure that we do not load libraries needed by no-vendor-variant

VNDK libraries into vndk_in_system namespace.

############################################################################### namespace.vndk_in_system.isolated = true namespace.vndk_in_system.visible = true

The search paths here should be kept the same as that of the 'system'

namespace.

namespace.vndk_in_system.search.paths = /system/${LIB} namespace.vndk_in_system.search.paths += /system/product/${LIB}

vendor auto add

namespace.vndk_in_system.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.vndk_in_system.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.vndk_in_system.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.vndk_in_system.search.paths += /oppo_engineering/${LIB}

namespace.vndk_in_system.asan.search.paths = /data/asan/system/${LIB} namespace.vndk_in_system.asan.search.paths += /system/${LIB} namespace.vndk_in_system.asan.search.paths += /data/asan/product/${LIB} namespace.vndk_in_system.asan.search.paths += /system/product/${LIB}

vendor auto add

namespace.vndk_in_system.asan.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.vndk_in_system.asan.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.vndk_in_system.asan.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.vndk_in_system.asan.search.paths += /oppo_engineering/${LIB} namespace.vndk_in_system.asan.search.paths += /data/asan/product_services/${LIB}

The links here should be identical to that of the 'vndk' namespace, with the

following exception:

1. 'vndk_in_system' needs to be freely linked back to 'vndk'.

2. 'vndk_in_system' does not need to link to 'default', as any library that

requires anything vendor would not be a vndk_in_system library.

namespace.vndk_in_system.links = vndk,system

namespace.vndk_in_system.link.system.shared_libs = libEGL.so:libGLESv1_CM.so:libGLESv2.so:libGLESv3.so:libRS.so:libandroid_net.so:libc.so:libcgrouprc.so:libclang_rt.asan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-aarch64-android.so:libdl.so:libft2.so:liblog.so:libm.so:libmediandk.so:libnativewindow.so:libneuralnetworks.so:libsync.so:libvndksupport.so:libvulkan.so namespace.vndk_in_system.link.system.shared_libs += libclang_rt.asan-aarch64-android.so:libclang_rt.hwasan-aarch64-android.so:libclang_rt.ubsan_standalone-aarch64-android.so:libclang_rt.tsan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-arm-android.so:libclang_rt.ubsan_standalone-arm-android.so:libclang_rt.tsan-arm-android.so

namespace.vndk_in_system.link.vndk.allow_all_shared_libs = true

###############################################################################

Namespace config for native tests that need access to both system and vendor

libraries. This replicates the default linker config (done by

init_default_namespace_no_config in bionic/linker/linker.cpp), except that it

includes the requisite namespace setup for APEXes.

############################################################################### [unrestricted] additional.namespaces = runtime,media,conscrypt,resolv

namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /odm/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_engineering/${LIB} namespace.default.search.paths += /vendor/${LIB}

namespace.default.asan.search.paths = /data/asan/system/${LIB} namespace.default.asan.search.paths += /system/${LIB} namespace.default.asan.search.paths += /data/asan/odm/${LIB} namespace.default.asan.search.paths += /odm/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.default.asan.search.paths += /oppo_engineering/${LIB} namespace.default.asan.search.paths += /data/asan/vendor/${LIB} namespace.default.asan.search.paths += /vendor/${LIB}

Keep in sync with ld.config.txt in the com.android.runtime APEX.

namespace.default.links = runtime,resolv namespace.default.visible = true

namespace.default.link.runtime.shared_libs = libdexfile_external.so

libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466

namespace.default.link.runtime.shared_libs += libicui18n.so namespace.default.link.runtime.shared_libs += libicuuc.so namespace.default.link.runtime.shared_libs += libnativebridge.so namespace.default.link.runtime.shared_libs += libnativehelper.so namespace.default.link.runtime.shared_libs += libnativeloader.so namespace.default.link.runtime.shared_libs += libandroidicu.so

TODO(b/122876336): Remove libpac.so once it's migrated to Webview

namespace.default.link.runtime.shared_libs += libpac.so

namespace.default.link.resolv.shared_libs = libnetd_resolv.so

###############################################################################

"runtime" APEX namespace

#

This namespace exposes externally accessible libraries from the Runtime APEX.

############################################################################### namespace.runtime.isolated = true namespace.runtime.visible = true

Keep in sync with ld.config.txt in the com.android.runtime APEX.

namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} namespace.runtime.links = default

TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library

when it exists.

namespace.runtime.link.default.allow_all_shared_libs = true

###############################################################################

"media" APEX namespace

#

This namespace is for libraries within the media APEX.

############################################################################### namespace.media.isolated = true namespace.media.visible = true

namespace.media.search.paths = /apex/com.android.media/${LIB} namespace.media.asan.search.paths = /apex/com.android.media/${LIB}

namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors namespace.media.asan.permitted.paths = /apex/com.android.media/${LIB}/extractors

namespace.media.links = default namespace.media.link.default.shared_libs = libEGL.so:libGLESv1_CM.so:libGLESv2.so:libGLESv3.so:libRS.so:libandroid_net.so:libc.so:libcgrouprc.so:libclang_rt.asan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-aarch64-android.so:libdl.so:libft2.so:liblog.so:libm.so:libmediandk.so:libnativewindow.so:libneuralnetworks.so:libsync.so:libvndksupport.so:libvulkan.so namespace.media.link.default.shared_libs += libbinder_ndk.so namespace.media.link.default.shared_libs += libmediametrics.so namespace.media.link.default.shared_libs += libclang_rt.asan-aarch64-android.so:libclang_rt.hwasan-aarch64-android.so:libclang_rt.ubsan_standalone-aarch64-android.so:libclang_rt.tsan-aarch64-android.so:libclang_rt.asan-arm-android.so:libclang_rt.hwasan-arm-android.so:libclang_rt.ubsan_standalone-arm-android.so:libclang_rt.tsan-arm-android.so

###############################################################################

"conscrypt" APEX namespace

#

This namespace is for libraries within the conscrypt APEX.

############################################################################### namespace.conscrypt.isolated = true namespace.conscrypt.visible = true

Keep in sync with ld.config.txt in the com.android.runtime APEX.

namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} namespace.conscrypt.links = runtime,default namespace.conscrypt.link.runtime.shared_libs = libandroidio.so namespace.conscrypt.link.default.shared_libs = libc.so namespace.conscrypt.link.default.shared_libs += libm.so namespace.conscrypt.link.default.shared_libs += libdl.so namespace.conscrypt.link.default.shared_libs += liblog.so

###############################################################################

"resolv" APEX namespace

#

This namespace is for libraries within the resolv APEX.

############################################################################### namespace.resolv.isolated = true namespace.resolv.visible = true

namespace.resolv.search.paths = /apex/com.android.resolv/${LIB} namespace.resolv.asan.search.paths = /apex/com.android.resolv/${LIB} namespace.resolv.links = default namespace.resolv.link.default.shared_libs = libc.so namespace.resolv.link.default.shared_libs += libm.so namespace.resolv.link.default.shared_libs += libdl.so namespace.resolv.link.default.shared_libs += libbinder_ndk.so namespace.resolv.link.default.shared_libs += liblog.so

###############################################################################

Namespace config for binaries under /postinstall.

Only default namespace is defined and default has no directories

other than /system/lib in the search paths. This is because linker calls

realpath on the search paths and this causes selinux denial if the paths

(/vendor, /odm) are not allowed to the postinstall binaries. There is no

reason to allow the binaries to access the paths.

############################################################################### [postinstall] namespace.default.isolated = false namespace.default.search.paths = /system/${LIB} namespace.default.search.paths += /system/product/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_product/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_custom/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_version/${LIB}

vendor auto add

namespace.default.search.paths += /oppo_engineering/${LIB}

FranknittyV commented 1 year ago

I have no idea what any of this information means

On Sun, May 21, 2023, 12:39 kaschey77 @.***> wrote:

Closed #1114 https://github.com/github/choosealicense.com/issues/1114 as not planned.

— Reply to this email directly, view it on GitHub https://github.com/github/choosealicense.com/issues/1114#event-9296339803, or unsubscribe https://github.com/notifications/unsubscribe-auth/A63MDOWZN62MXIPCS36LDY3XHJHOJANCNFSM6AAAAAAYJQ45SU . You are receiving this because you are subscribed to this thread.Message ID: @.*** com>