1*e5eeaa8eSAndroid Build Coastguard Worker /*
2*e5eeaa8eSAndroid Build Coastguard Worker * Copyright (C) 2019 The Android Open Source Project
3*e5eeaa8eSAndroid Build Coastguard Worker *
4*e5eeaa8eSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*e5eeaa8eSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*e5eeaa8eSAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*e5eeaa8eSAndroid Build Coastguard Worker *
8*e5eeaa8eSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*e5eeaa8eSAndroid Build Coastguard Worker *
10*e5eeaa8eSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*e5eeaa8eSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*e5eeaa8eSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*e5eeaa8eSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*e5eeaa8eSAndroid Build Coastguard Worker * limitations under the License.
15*e5eeaa8eSAndroid Build Coastguard Worker */
16*e5eeaa8eSAndroid Build Coastguard Worker
17*e5eeaa8eSAndroid Build Coastguard Worker // Framework-side code runs in this namespace. Libs from /vendor partition can't
18*e5eeaa8eSAndroid Build Coastguard Worker // be loaded in this namespace.
19*e5eeaa8eSAndroid Build Coastguard Worker
20*e5eeaa8eSAndroid Build Coastguard Worker #include "linkerconfig/common.h"
21*e5eeaa8eSAndroid Build Coastguard Worker #include "linkerconfig/environment.h"
22*e5eeaa8eSAndroid Build Coastguard Worker #include "linkerconfig/namespace.h"
23*e5eeaa8eSAndroid Build Coastguard Worker #include "linkerconfig/namespacebuilder.h"
24*e5eeaa8eSAndroid Build Coastguard Worker
25*e5eeaa8eSAndroid Build Coastguard Worker using android::linkerconfig::modules::Namespace;
26*e5eeaa8eSAndroid Build Coastguard Worker
27*e5eeaa8eSAndroid Build Coastguard Worker namespace android {
28*e5eeaa8eSAndroid Build Coastguard Worker namespace linkerconfig {
29*e5eeaa8eSAndroid Build Coastguard Worker namespace contents {
30*e5eeaa8eSAndroid Build Coastguard Worker
SetupSystemPermittedPaths(Namespace * ns)31*e5eeaa8eSAndroid Build Coastguard Worker void SetupSystemPermittedPaths(Namespace* ns) {
32*e5eeaa8eSAndroid Build Coastguard Worker std::string product = Var("PRODUCT");
33*e5eeaa8eSAndroid Build Coastguard Worker std::string system_ext = Var("SYSTEM_EXT");
34*e5eeaa8eSAndroid Build Coastguard Worker
35*e5eeaa8eSAndroid Build Coastguard Worker // We can't have entire /system/${LIB} as permitted paths because doing so
36*e5eeaa8eSAndroid Build Coastguard Worker // makes it possible to load libs in /system/${LIB}/vndk* directories by
37*e5eeaa8eSAndroid Build Coastguard Worker // their absolute paths, e.g. dlopen("/system/lib/vndk/libbase.so"). VNDK
38*e5eeaa8eSAndroid Build Coastguard Worker // libs are built with previous versions of Android and thus must not be
39*e5eeaa8eSAndroid Build Coastguard Worker // loaded into this namespace where libs built with the current version of
40*e5eeaa8eSAndroid Build Coastguard Worker // Android are loaded. Mixing the two types of libs in the same namespace
41*e5eeaa8eSAndroid Build Coastguard Worker // can cause unexpected problems.
42*e5eeaa8eSAndroid Build Coastguard Worker const std::vector<std::string> permitted_paths = {
43*e5eeaa8eSAndroid Build Coastguard Worker "/system/${LIB}/drm",
44*e5eeaa8eSAndroid Build Coastguard Worker "/system/${LIB}/extractors",
45*e5eeaa8eSAndroid Build Coastguard Worker "/system/${LIB}/hw",
46*e5eeaa8eSAndroid Build Coastguard Worker system_ext + "/${LIB}",
47*e5eeaa8eSAndroid Build Coastguard Worker
48*e5eeaa8eSAndroid Build Coastguard Worker // These are where odex files are located. libart has to be able to dlopen
49*e5eeaa8eSAndroid Build Coastguard Worker // the files
50*e5eeaa8eSAndroid Build Coastguard Worker "/system/framework",
51*e5eeaa8eSAndroid Build Coastguard Worker
52*e5eeaa8eSAndroid Build Coastguard Worker "/system/app",
53*e5eeaa8eSAndroid Build Coastguard Worker "/system/priv-app",
54*e5eeaa8eSAndroid Build Coastguard Worker system_ext + "/framework",
55*e5eeaa8eSAndroid Build Coastguard Worker system_ext + "/app",
56*e5eeaa8eSAndroid Build Coastguard Worker system_ext + "/priv-app",
57*e5eeaa8eSAndroid Build Coastguard Worker "/vendor/framework",
58*e5eeaa8eSAndroid Build Coastguard Worker "/vendor/app",
59*e5eeaa8eSAndroid Build Coastguard Worker "/vendor/priv-app",
60*e5eeaa8eSAndroid Build Coastguard Worker "/system/vendor/framework",
61*e5eeaa8eSAndroid Build Coastguard Worker "/system/vendor/app",
62*e5eeaa8eSAndroid Build Coastguard Worker "/system/vendor/priv-app",
63*e5eeaa8eSAndroid Build Coastguard Worker "/odm/framework",
64*e5eeaa8eSAndroid Build Coastguard Worker "/odm/app",
65*e5eeaa8eSAndroid Build Coastguard Worker "/odm/priv-app",
66*e5eeaa8eSAndroid Build Coastguard Worker "/oem/app",
67*e5eeaa8eSAndroid Build Coastguard Worker product + "/framework",
68*e5eeaa8eSAndroid Build Coastguard Worker product + "/app",
69*e5eeaa8eSAndroid Build Coastguard Worker product + "/priv-app",
70*e5eeaa8eSAndroid Build Coastguard Worker "/data",
71*e5eeaa8eSAndroid Build Coastguard Worker "/mnt/expand",
72*e5eeaa8eSAndroid Build Coastguard Worker "/apex/com.android.runtime/${LIB}/bionic",
73*e5eeaa8eSAndroid Build Coastguard Worker "/system/${LIB}/bootstrap",
74*e5eeaa8eSAndroid Build Coastguard Worker };
75*e5eeaa8eSAndroid Build Coastguard Worker
76*e5eeaa8eSAndroid Build Coastguard Worker for (const std::string& path : permitted_paths) {
77*e5eeaa8eSAndroid Build Coastguard Worker ns->AddPermittedPath(path);
78*e5eeaa8eSAndroid Build Coastguard Worker }
79*e5eeaa8eSAndroid Build Coastguard Worker if (!android::linkerconfig::modules::IsTreblelizedDevice()) {
80*e5eeaa8eSAndroid Build Coastguard Worker // System processes can use product libs only if device is not treblelized.
81*e5eeaa8eSAndroid Build Coastguard Worker ns->AddPermittedPath(product + "/${LIB}");
82*e5eeaa8eSAndroid Build Coastguard Worker }
83*e5eeaa8eSAndroid Build Coastguard Worker }
84*e5eeaa8eSAndroid Build Coastguard Worker
BuildSystemDefaultNamespace(const Context & ctx)85*e5eeaa8eSAndroid Build Coastguard Worker Namespace BuildSystemDefaultNamespace([[maybe_unused]] const Context& ctx) {
86*e5eeaa8eSAndroid Build Coastguard Worker bool is_fully_treblelized =
87*e5eeaa8eSAndroid Build Coastguard Worker android::linkerconfig::modules::IsTreblelizedDevice();
88*e5eeaa8eSAndroid Build Coastguard Worker std::string product = Var("PRODUCT");
89*e5eeaa8eSAndroid Build Coastguard Worker std::string system_ext = Var("SYSTEM_EXT");
90*e5eeaa8eSAndroid Build Coastguard Worker
91*e5eeaa8eSAndroid Build Coastguard Worker // Visible to allow links to be created at runtime, e.g. through
92*e5eeaa8eSAndroid Build Coastguard Worker // android_link_namespaces in libnativeloader.
93*e5eeaa8eSAndroid Build Coastguard Worker Namespace ns("default",
94*e5eeaa8eSAndroid Build Coastguard Worker /*is_isolated=*/is_fully_treblelized,
95*e5eeaa8eSAndroid Build Coastguard Worker /*is_visible=*/true);
96*e5eeaa8eSAndroid Build Coastguard Worker
97*e5eeaa8eSAndroid Build Coastguard Worker ns.AddSearchPath("/system/${LIB}");
98*e5eeaa8eSAndroid Build Coastguard Worker ns.AddSearchPath(system_ext + "/${LIB}");
99*e5eeaa8eSAndroid Build Coastguard Worker if (!is_fully_treblelized) {
100*e5eeaa8eSAndroid Build Coastguard Worker // System processes can search product libs only if product VNDK is not
101*e5eeaa8eSAndroid Build Coastguard Worker // enforced.
102*e5eeaa8eSAndroid Build Coastguard Worker ns.AddSearchPath(product + "/${LIB}");
103*e5eeaa8eSAndroid Build Coastguard Worker ns.AddSearchPath("/vendor/${LIB}");
104*e5eeaa8eSAndroid Build Coastguard Worker ns.AddSearchPath("/odm/${LIB}");
105*e5eeaa8eSAndroid Build Coastguard Worker }
106*e5eeaa8eSAndroid Build Coastguard Worker
107*e5eeaa8eSAndroid Build Coastguard Worker if (is_fully_treblelized) {
108*e5eeaa8eSAndroid Build Coastguard Worker SetupSystemPermittedPaths(&ns);
109*e5eeaa8eSAndroid Build Coastguard Worker }
110*e5eeaa8eSAndroid Build Coastguard Worker
111*e5eeaa8eSAndroid Build Coastguard Worker ns.AddRequires(ctx.GetSystemRequireLibs());
112*e5eeaa8eSAndroid Build Coastguard Worker ns.AddProvides(ctx.GetSystemProvideLibs());
113*e5eeaa8eSAndroid Build Coastguard Worker return ns;
114*e5eeaa8eSAndroid Build Coastguard Worker }
115*e5eeaa8eSAndroid Build Coastguard Worker
116*e5eeaa8eSAndroid Build Coastguard Worker } // namespace contents
117*e5eeaa8eSAndroid Build Coastguard Worker } // namespace linkerconfig
118*e5eeaa8eSAndroid Build Coastguard Worker } // namespace android
119