ld.config.txt revision e5c2de355b3d37015f332af5fc97d535d97f9693
1# Copyright (C) 2017 The Android Open Source Project 2# 3# Bionic loader config file. 4# 5 6# Don't change the order here. The first pattern that matches with the 7# absolute path of an executable is selected. 8dir.system = /system/bin/ 9dir.system = /system/xbin/ 10 11dir.vendor = /odm/bin/ 12dir.vendor = /vendor/bin/ 13dir.vendor = /data/nativetest/odm 14dir.vendor = /data/nativetest64/odm 15dir.vendor = /data/benchmarktest/odm 16dir.vendor = /data/benchmarktest64/odm 17dir.vendor = /data/nativetest/vendor 18dir.vendor = /data/nativetest64/vendor 19dir.vendor = /data/benchmarktest/vendor 20dir.vendor = /data/benchmarktest64/vendor 21 22dir.system = /data/nativetest 23dir.system = /data/nativetest64 24dir.system = /data/benchmarktest 25dir.system = /data/benchmarktest64 26 27dir.postinstall = /postinstall 28 29[system] 30additional.namespaces = sphal,vndk,rs 31 32############################################################################### 33# "default" namespace 34# 35# Framework-side code runs in this namespace. Libs from /vendor partition 36# can't be loaded in this namespace. 37############################################################################### 38namespace.default.isolated = true 39 40namespace.default.search.paths = /system/${LIB} 41namespace.default.search.paths += /product/${LIB} 42 43# We can't have entire /system/${LIB} as permitted paths because doing so 44# makes it possible to load libs in /system/${LIB}/vndk* directories by 45# their absolute paths (e.g. dlopen("/system/lib/vndk/libbase.so");). 46# VNDK libs are built with previous versions of Android and thus must not be 47# loaded into this namespace where libs built with the current version of 48# Android are loaded. Mixing the two types of libs in the same namespace can 49# cause unexpected problem. 50namespace.default.permitted.paths = /system/${LIB}/drm 51namespace.default.permitted.paths += /system/${LIB}/extractors 52namespace.default.permitted.paths += /system/${LIB}/hw 53namespace.default.permitted.paths += /product/${LIB} 54# These are where odex files are located. libart has to be able to dlopen the files 55namespace.default.permitted.paths += /system/framework 56namespace.default.permitted.paths += /system/app 57namespace.default.permitted.paths += /system/priv-app 58namespace.default.permitted.paths += /vendor/framework 59namespace.default.permitted.paths += /vendor/app 60namespace.default.permitted.paths += /vendor/priv-app 61namespace.default.permitted.paths += /odm/framework 62namespace.default.permitted.paths += /odm/app 63namespace.default.permitted.paths += /odm/priv-app 64namespace.default.permitted.paths += /oem/app 65namespace.default.permitted.paths += /product/framework 66namespace.default.permitted.paths += /product/app 67namespace.default.permitted.paths += /product/priv-app 68namespace.default.permitted.paths += /data 69namespace.default.permitted.paths += /mnt/expand 70 71namespace.default.asan.search.paths = /data/asan/system/${LIB} 72namespace.default.asan.search.paths += /system/${LIB} 73namespace.default.asan.search.paths += /data/asan/product/${LIB} 74namespace.default.asan.search.paths += /product/${LIB} 75 76namespace.default.asan.permitted.paths = /data 77namespace.default.asan.permitted.paths += /system/${LIB}/drm 78namespace.default.asan.permitted.paths += /system/${LIB}/extractors 79namespace.default.asan.permitted.paths += /system/${LIB}/hw 80namespace.default.asan.permitted.paths += /system/framework 81namespace.default.asan.permitted.paths += /system/app 82namespace.default.asan.permitted.paths += /system/priv-app 83namespace.default.asan.permitted.paths += /vendor/framework 84namespace.default.asan.permitted.paths += /vendor/app 85namespace.default.asan.permitted.paths += /vendor/priv-app 86namespace.default.asan.permitted.paths += /odm/framework 87namespace.default.asan.permitted.paths += /odm/app 88namespace.default.asan.permitted.paths += /odm/priv-app 89namespace.default.asan.permitted.paths += /oem/app 90namespace.default.asan.permitted.paths += /product/${LIB} 91namespace.default.asan.permitted.paths += /product/framework 92namespace.default.asan.permitted.paths += /product/app 93namespace.default.asan.permitted.paths += /product/priv-app 94namespace.default.asan.permitted.paths += /mnt/expand 95 96############################################################################### 97# "sphal" namespace 98# 99# SP-HAL(Sameprocess-HAL)s are the only vendor libraries that are allowed to be 100# loaded inside system processes. libEGL_<chipset>.so, libGLESv2_<chipset>.so, 101# android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs. 102# 103# This namespace is exclusivly for SP-HALs. When the framework tries to dynami- 104# cally load SP-HALs, android_dlopen_ext() is used to explicitly specifying 105# that they should be searched and loaded from this namespace. 106# 107# Note that there is no link from the default namespace to this namespace. 108############################################################################### 109namespace.sphal.isolated = true 110namespace.sphal.visible = true 111 112namespace.sphal.search.paths = /odm/${LIB} 113namespace.sphal.search.paths += /vendor/${LIB} 114 115namespace.sphal.permitted.paths = /odm/${LIB} 116namespace.sphal.permitted.paths += /vendor/${LIB} 117 118namespace.sphal.asan.search.paths = /data/asan/odm/${LIB} 119namespace.sphal.asan.search.paths += /odm/${LIB} 120namespace.sphal.asan.search.paths += /data/asan/vendor/${LIB} 121namespace.sphal.asan.search.paths += /vendor/${LIB} 122 123namespace.sphal.asan.permitted.paths = /data/asan/odm/${LIB} 124namespace.sphal.asan.permitted.paths += /odm/${LIB} 125namespace.sphal.asan.permitted.paths += /data/asan/vendor/${LIB} 126namespace.sphal.asan.permitted.paths += /vendor/${LIB} 127 128# Once in this namespace, access to libraries in /system/lib is restricted. Only 129# libs listed here can be used. 130namespace.sphal.links = default,vndk,rs 131 132namespace.sphal.link.default.shared_libs = %LLNDK_LIBRARIES% 133namespace.sphal.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% 134 135namespace.sphal.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES% 136 137# Renderscript gets separate namespace 138namespace.sphal.link.rs.shared_libs = libRS_internal.so 139 140############################################################################### 141# "rs" namespace 142# 143# This namespace is exclusively for Renderscript internal libraries. 144# This namespace has slightly looser restriction than the vndk namespace because 145# of the genuine characteristics of Renderscript; /data is in the permitted path 146# to load the compiled *.so file and libmediandk.so can be used here. 147############################################################################### 148namespace.rs.isolated = true 149namespace.rs.visible = true 150 151namespace.rs.search.paths = /odm/${LIB}/vndk-sp 152namespace.rs.search.paths += /vendor/${LIB}/vndk-sp 153namespace.rs.search.paths += /system/${LIB}/vndk-sp%VNDK_VER% 154namespace.rs.search.paths += /odm/${LIB} 155namespace.rs.search.paths += /vendor/${LIB} 156 157namespace.rs.permitted.paths = /odm/${LIB} 158namespace.rs.permitted.paths += /vendor/${LIB} 159namespace.rs.permitted.paths += /data 160 161namespace.rs.asan.search.paths = /data/asan/odm/${LIB}/vndk-sp 162namespace.rs.asan.search.paths += /odm/${LIB}/vndk-sp 163namespace.rs.asan.search.paths += /data/asan/vendor/${LIB}/vndk-sp 164namespace.rs.asan.search.paths += /vendor/${LIB}/vndk-sp 165namespace.rs.asan.search.paths += /data/asan/system/${LIB}/vndk-sp%VNDK_VER% 166namespace.rs.asan.search.paths += /system/${LIB}/vndk-sp%VNDK_VER% 167namespace.rs.asan.search.paths += /data/asan/odm/${LIB} 168namespace.rs.asan.search.paths += /odm/${LIB} 169namespace.rs.asan.search.paths += /data/asan/vendor/${LIB} 170namespace.rs.asan.search.paths += /vendor/${LIB} 171 172namespace.rs.asan.permitted.paths = /data/asan/odm/${LIB} 173namespace.rs.asan.permitted.paths += /odm/${LIB} 174namespace.rs.asan.permitted.paths += /data/asan/vendor/${LIB} 175namespace.rs.asan.permitted.paths += /vendor/${LIB} 176namespace.rs.asan.permitted.paths += /data 177 178namespace.rs.links = default,vndk 179 180namespace.rs.link.default.shared_libs = %LLNDK_LIBRARIES% 181namespace.rs.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% 182# Private LLNDK libs (e.g. libft2.so) are exceptionally allowed to this 183# namespace because RS framework libs are using them. 184namespace.rs.link.default.shared_libs += %PRIVATE_LLNDK_LIBRARIES% 185 186namespace.rs.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES% 187 188############################################################################### 189# "vndk" namespace 190# 191# This namespace is exclusively for vndk-sp libs. 192############################################################################### 193namespace.vndk.isolated = true 194namespace.vndk.visible = true 195 196namespace.vndk.search.paths = /odm/${LIB}/vndk-sp 197namespace.vndk.search.paths += /vendor/${LIB}/vndk-sp 198namespace.vndk.search.paths += /system/${LIB}/vndk-sp%VNDK_VER% 199 200namespace.vndk.permitted.paths = /odm/${LIB}/hw 201namespace.vndk.permitted.paths += /odm/${LIB}/egl 202namespace.vndk.permitted.paths += /vendor/${LIB}/hw 203namespace.vndk.permitted.paths += /vendor/${LIB}/egl 204# This is exceptionally required since android.hidl.memory@1.0-impl.so is here 205namespace.vndk.permitted.paths += /system/${LIB}/vndk-sp%VNDK_VER%/hw 206 207namespace.vndk.asan.search.paths = /data/asan/odm/${LIB}/vndk-sp 208namespace.vndk.asan.search.paths += /odm/${LIB}/vndk-sp 209namespace.vndk.asan.search.paths += /data/asan/vendor/${LIB}/vndk-sp 210namespace.vndk.asan.search.paths += /vendor/${LIB}/vndk-sp 211namespace.vndk.asan.search.paths += /data/asan/system/${LIB}/vndk-sp%VNDK_VER% 212namespace.vndk.asan.search.paths += /system/${LIB}/vndk-sp%VNDK_VER% 213 214namespace.vndk.asan.permitted.paths = /data/asan/odm/${LIB}/hw 215namespace.vndk.asan.permitted.paths += /odm/${LIB}/hw 216namespace.vndk.asan.permitted.paths += /data/asan/odm/${LIB}/egl 217namespace.vndk.asan.permitted.paths += /odm/${LIB}/egl 218namespace.vndk.asan.permitted.paths += /data/asan/vendor/${LIB}/hw 219namespace.vndk.asan.permitted.paths += /vendor/${LIB}/hw 220namespace.vndk.asan.permitted.paths += /data/asan/vendor/${LIB}/egl 221namespace.vndk.asan.permitted.paths += /vendor/${LIB}/egl 222 223namespace.vndk.asan.permitted.paths += /data/asan/system/${LIB}/vndk-sp%VNDK_VER%/hw 224namespace.vndk.asan.permitted.paths += /system/${LIB}/vndk-sp%VNDK_VER%/hw 225 226# The "vndk" namespace links to "default" namespace for LLNDK libs and links to 227# "sphal" namespace for vendor libs. The ordering matters. The "default" 228# namespace has higher priority than the "sphal" namespace. 229namespace.vndk.links = default,sphal 230 231# When these NDK libs are required inside this namespace, then it is redirected 232# to the default namespace. This is possible since their ABI is stable across 233# Android releases. 234namespace.vndk.link.default.shared_libs = %LLNDK_LIBRARIES% 235namespace.vndk.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% 236 237# Allow VNDK-SP extensions to use vendor libraries 238namespace.vndk.link.sphal.allow_all_shared_libs = true 239 240############################################################################### 241# Namespace config for vendor processes. In O, no restriction is enforced for 242# them. However, in O-MR1, access to /system/${LIB} will not be allowed to 243# the default namespace. 'system' namespace will be added to give limited 244# (LL-NDK only) access. 245############################################################################### 246[vendor] 247additional.namespaces = system,vndk 248 249############################################################################### 250# "default" namespace 251# 252# This is the default linker namespace for a vendor process (a process started 253# from /vendor/bin/*). The main executable and the libs under /vendor/lib[64] 254# are loaded directly into this namespace. However, other libs under the system 255# partition (VNDK and LLNDK libraries) are not loaded here but from the 256# separate namespace 'system'. The delegation to the system namespace is done 257# via the 'namespace.default.link.system.shared_libs' property below. 258############################################################################### 259namespace.default.isolated = true 260namespace.default.visible = true 261 262namespace.default.search.paths = /odm/${LIB} 263namespace.default.search.paths += /vendor/${LIB} 264 265namespace.default.permitted.paths = /odm 266namespace.default.permitted.paths += /vendor 267 268namespace.default.asan.search.paths = /data/asan/odm/${LIB} 269namespace.default.asan.search.paths += /odm/${LIB} 270namespace.default.asan.search.paths += /data/asan/vendor/${LIB} 271namespace.default.asan.search.paths += /vendor/${LIB} 272 273namespace.default.asan.permitted.paths = /data/asan/odm 274namespace.default.asan.permitted.paths += /odm 275namespace.default.asan.permitted.paths += /data/asan/vendor 276namespace.default.asan.permitted.paths += /vendor 277 278namespace.default.links = system,vndk 279namespace.default.link.system.shared_libs = %LLNDK_LIBRARIES% 280namespace.default.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES% 281namespace.default.link.vndk.shared_libs += %VNDK_CORE_LIBRARIES% 282 283############################################################################### 284# "vndk" namespace 285# 286# This namespace is where VNDK and VNDK-SP libraries are loaded for 287# a vendor process. 288############################################################################### 289namespace.vndk.isolated = false 290 291namespace.vndk.search.paths = /odm/${LIB}/vndk 292namespace.vndk.search.paths += /odm/${LIB}/vndk-sp 293namespace.vndk.search.paths += /vendor/${LIB}/vndk 294namespace.vndk.search.paths += /vendor/${LIB}/vndk-sp 295namespace.vndk.search.paths += /system/${LIB}/vndk-sp%VNDK_VER% 296namespace.vndk.search.paths += /system/${LIB}/vndk%VNDK_VER% 297 298namespace.vndk.asan.search.paths = /data/asan/odm/${LIB}/vndk 299namespace.vndk.asan.search.paths += /odm/${LIB}/vndk 300namespace.vndk.asan.search.paths += /data/asan/odm/${LIB}/vndk-sp 301namespace.vndk.asan.search.paths += /odm/${LIB}/vndk-sp 302namespace.vndk.asan.search.paths += /data/asan/vendor/${LIB}/vndk 303namespace.vndk.asan.search.paths += /vendor/${LIB}/vndk 304namespace.vndk.asan.search.paths += /data/asan/vendor/${LIB}/vndk-sp 305namespace.vndk.asan.search.paths += /vendor/${LIB}/vndk-sp 306namespace.vndk.asan.search.paths += /data/asan/system/${LIB}/vndk-sp%VNDK_VER% 307namespace.vndk.asan.search.paths += /system/${LIB}/vndk-sp%VNDK_VER% 308namespace.vndk.asan.search.paths += /data/asan/system/${LIB}/vndk%VNDK_VER% 309namespace.vndk.asan.search.paths += /system/${LIB}/vndk%VNDK_VER% 310 311# When these NDK libs are required inside this namespace, then it is redirected 312# to the system namespace. This is possible since their ABI is stable across 313# Android releases. 314namespace.vndk.links = system,default 315namespace.vndk.link.system.shared_libs = %LLNDK_LIBRARIES% 316namespace.vndk.link.system.shared_libs += %SANITIZER_RUNTIME_LIBRARIES% 317 318namespace.vndk.link.default.allow_all_shared_libs = true 319 320############################################################################### 321# "system" namespace 322# 323# This namespace is where system libs (VNDK and LLNDK libs) are loaded for 324# a vendor process. 325############################################################################### 326namespace.system.isolated = false 327 328namespace.system.search.paths = /system/${LIB} 329namespace.system.search.paths += /product/${LIB} 330 331namespace.system.asan.search.paths = /data/asan/system/${LIB} 332namespace.system.asan.search.paths += /system/${LIB} 333namespace.system.asan.search.paths += /data/asan/product/${LIB} 334namespace.system.asan.search.paths += /product/${LIB} 335 336############################################################################### 337# Namespace config for binaries under /postinstall. 338# Only one default namespace is defined and it has no directories other than 339# /system/lib in the search paths. This is because linker calls realpath on the 340# search paths and this causes selinux denial if the paths (/vendor, /odm) are 341# not allowed to the poinstall binaries. There is no reason to allow the 342# binaries to access the paths. 343############################################################################### 344[postinstall] 345namespace.default.isolated = false 346namespace.default.search.paths = /system/${LIB} 347namespace.default.search.paths += /product/${LIB} 348