ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make default namespace for system processes isolated

Browse source 
am: 246338f90e

Change-Id: I2f2d2799ab57031a3c3b24830c0e10376e035acd
This commit is contained in:
Jiyong Park 2017-10-23 03:01:58 +00:00 committed by android-build-merger
commit 6683a8735b
1 changed files with 10 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
rootdir/etc/ld.config.vndk.txt
View file

@ -23,25 +23,21 @@ additional.namespaces = sphal,vndk,rs
###############################################################################
# "default" namespace
#
# Framework-side code runs in this namespace. Anything from /vendor partition
# Framework-side code runs in this namespace. Libs from /vendor partition
# can't be loaded in this namespace.
###############################################################################
namespace.default.isolated = false
namespace.default.isolated = true
# TODO(b/63553457): remove /vendor/lib from the search path. For now, this is
# required since the classloader namespace for vendor apks should have access
# vendor libraries in the directory. These search paths are copied to the search
# paths of the classloader namespace.
namespace.default.search.paths = /system/${LIB}:/vendor/${LIB}
namespace.default.permitted.paths = /system/${LIB}:/vendor/${LIB}
# /vendor/app, /vendor/framework were added since libart should be able to dlopen
# the odex files from the directory.
namespace.default.permitted.paths = /system/${LIB}/drm:/system/${LIB}/hw:/system/framework:/system/app:/system/priv-app:/vendor/app:/vendor/framework:/oem/app:/data:/mnt/expand
namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}
namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}
# TODO(b/37013858): remove all dependencies to /vendor/lib from system processes
# When this is done, comment out following three lines and remove the three
# lines above
#namespace.default.isolated = true
#namespace.default.search.paths = /system/${LIB}
#namespace.default.permitted.paths = /system/${LIB}
#
#namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}
#namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}
namespace.default.asan.permitted.paths = /data:/system/${LIB}/drm:/system/${LIB}/hw:/system/framework:/system/app:/system/priv-app:/vendor/app:/vendor/framework:/oem/app:/mnt/expand
###############################################################################
# "sphal" namespace