As of Id663c5f284e3b4fc65ed8cb8c2da6bcf6542e034, the asan libs
are in the TARGET_COPY_OUT_X subpath of the /data/asan/ dir, rather
than just 'x' unconditionally.
Test: presubmit
Change-Id: I3a515791e237ad10703415ea532c7a089660d8e9
The vulkan runtime loads drivers into the sphal namespace and relies
on them being in the sphal search path so that it doesn't have to
hardcode /vendor/${LIB}/hw.
These paths used to be allowed, but were removed by commit 2498e1b
because they were believed not to be required. Things didn't break
immediately because the vulkan runtime has a (supposed to be
temporary) fallback to hw_get_module, which loads from
/vendor/${LIB}/hw using absolute paths.
Bug: 123600276
Test: Launch Vulkan app on device with hw_get_module disabled
Change-Id: I07ac43bc9d2d877d8f427058b2d62c62d065c558
This CL fixes the design problem of the previous mechanism for providing
the bootstrap bionic and the runtime bionic to the same path.
Previously, bootstrap bionic was self-bind-mounted; i.e.
/system/bin/libc.so is bind-mounted to itself. And the runtime bionic
was bind-mounted on top of the bootstrap bionic. This has not only caused
problems like `adb sync` not working(b/122737045), but also is quite
difficult to understand due to the double-and-self mounting.
This is the new design:
Most importantly, these four are all distinct:
1) bootstrap bionic (/system/lib/bootstrap/libc.so)
2) runtime bionic (/apex/com.android.runtime/lib/bionic/libc.so)
3) mount point for 1) and 2) (/bionic/lib/libc.so)
4) symlink for 3) (/system/lib/libc.so -> /bionic/lib/libc.so)
Inside the mount namespace of the pre-apexd processes, 1) is
bind-mounted to 3). Likewise, inside the mount namespace of the
post-apexd processes, 2) is bind-mounted to 3). In other words, there is
no self-mount, and no double-mount.
Another change is that mount points are under /bionic and the legacy
paths become symlinks to the mount points. This is to make sure that
there is no bind mounts under /system, which is breaking some apps.
Finally, code for creating mount namespaces, mounting bionic, etc are
refactored to mount_namespace.cpp
Bug: 120266448
Bug: 123275379
Test: m, device boots, adb sync/push/pull works,
especially with following paths:
/bionic/lib64/libc.so
/bionic/bin/linker64
/system/lib64/bootstrap/libc.so
/system/bin/bootstrap/linker64
Change-Id: Icdfbdcc1efca540ac854d4df79e07ee61fca559f
Getting it back in line with the normal ld.config.txt. This was missed in
http://r.android.com/854740.
Test: Flash and boot on marlin
Bug: 119867084
Bug: 113373927
Change-Id: Ic7e482133250eda20ff2c94c27bdee30e015ab5c
Support netd to load resolv Apex.
Switch namespaces when switching library paths between
/system and the APEX, so that internal library dependencies in both
locations are loaded from their own directory.
Bug: 119527674
Test: make; flash; lsof -p $(pidof netd)
Test: 1. manual test datacall/wifi work
2. manual test tethering work
3. system/netd/tests/runtests.sh
Change-Id: I3f69e85f2f529636f0ef29a2d9d71ad582c46dfb
* changes:
Make libdexfile_external.so accessible from binaries and libraries in /system.
The runtime namespace needs to be visible since libopenjdk is loaded through dlopen().
There are dependencies on libdexfile_external from some central libraries
that are widely used (b/123186083).
One example is vendor/bin/hw/android.hardware.media.omx@1.0-service, which
requries the link from "system" to "runtime" in the [vendor] section.
The direct dependants are libunwindstack and simpleperf, so it's enough to
link from namespaces containing /system/{lib,lib64,bin}.
Test: Flash and boot
Test: Flash and boot with Runtime APEX enabled (http://r.android.com/q/topic:art-move-libs-to-runtime-apex)
Bug: 123186083
Bug: 113373927
Change-Id: I081aa7392c875202acdaf1185c2ff28e17ac7e76
This reverts commit 67a09e5791.
Exempt-From-Owner-Approval: Fixes P0 failures.
Bug: 123185917
Reason for revert: media namespace needs to be introduced.
Change-Id: I0c28798a3143c1e627278c3a908207e670171416
And have the linker translate a java library path from an apex
to a linker namespace.
Bug: 122874359
Test: m, boots, gtest, run-test, CtsJdwpTests
Change-Id: I216c3509c45589d28acdac068aec53877aeb104a
Exempt-From-Owner-Approval: Carrying Jiyong's +2
Bionic libs, regardless of whether they are bootstrap ones or from the
runtime APEX, are available via /system/lib. Since /system/lib is in the
search paths of the default(platform) namespace, there is no need to
list the bionic libs to the namespace link to the runtime namespace.
Bug: 120266448
Test: m; device boots
Test: atest CtsJniTestCases CtsCompilationTestCases CtsBionicTestCases
all passing except for following tests that are also failing at ToT
dl#exec_linker
dl#exec_linker_load_from_zip
dl#exec_linker_load_self
dl#exec_linker_load_file
Change-Id: Ib67acd4f384b2f0e70b5fe8ec6b45a5506367223
This commit removes the soname filter from the namespace fallback link
from `runtime` to `system` in the vendor process. This fixes the
problem that vendor process might fail to load `libnetd_client.so`,
`libc_malloc_debug.so`, `libc_malloc_debug_leak.so`, and other libc
dependencies.
This commit also removes the namespace fallback link from `runtime` to
`default` in the vendor process. According to the comments in [1], the
original intention was to allow the access to `/system/${LIB}` not
`/vendor/${LIB}`. Furthermore, `com.android.runtime` suppose to work
without libraries from `/vendor/${LIB}`.
[1] https://android-review.googlesource.com/c/858456
Bug: 119867084
Bug: 122025516 # Motivation of this commit
Test: Executables under vendor partition are not blocked by
`libnetd_client.so` not found error.
Change-Id: I682baada9d755910832474bb3d8307cd49c21ece
This is a workaround to allow us to use libnetd_resolv.so from
the resolver APEX before b/120661824 is fixed.
We cannot put the APEX into the search path due to b/120661824,
but we can put it into the permitted path,
Bug: b/122073006
Test: builds, boots
Test: system/netd/tests/runtests.sh
Change-Id: If6f13ba9dc249d019b820a7c37cf6d4cdd8d0a7d
This reverts commit a0d9f2fd6c.
Original change: Needs to support e.g. app_process in "default" ->
libnativehelper in "runtime" -> platform libs in "default" -> libc etc in "runtime".
Always make sure to switch namespaces when switching library paths between
/system and the APEX, so that internal library dependencies in both
locations are loaded from their own directory. E.g. libc++ and libbase live
in both places, and their dependents must always load the version they were
compiled with.
This CL also adds a temporary workaround to not break hwasan builds
(b/121038155).
Bug: 119867084
Bug: 113373927
Bug: 121038155
Change-Id: I58d09ed091dd82b2162c4a0b51555174d9322e0e
Test: Flash and reboot device
Test: Remount / read-write, then on device: rm -f system/lib{,64}/lib{c,m,dl}.so; system/bin/dex2oat -h; stop && start
Test: mmma bionic/tests/ && adb root && adb shell rm -rf /data/nativetest\* && adb push out/target/product/taimen/data/nativetest* /data/ && adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests && adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: cts-tradefed run commandAndExit cts-dev -m CtsJniTestCases
Test: cts-tradefed run commandAndExit cts-dev -m CtsCompilationTestCases
Test: cts-tradefed run commandAndExit cts-dev -m CtsBionicTestCases (8 failures remain unchanged by this CL)
Test: Patch internal; lunch taimen_hwasan-userdebug && m SANITIZE_TARGET=hwaddress && vendor/google/tools/flashall -w && adb shell /vendor/bin/sh -c ls
This is a workaround to allow us to use libnetd_resolv.so from
the resolver APEX before b/120661824 is fixed.
We cannot put the APEX into the search path due to b/120661824,
but we can put it into the permitted path,
Test: builds, boots
Test: system/netd/tests/runtests.sh
Test: atest FrameworksNetTests android.net.cts.ConnectivityManagerTest
Change-Id: Ia68df860b7edc92180284f62736146e6029d7655
Needs to support e.g. app_process in "default" -> libnativehelper in
"runtime" -> platform libs in "default" -> libc etc in "runtime".
Always make sure to switch namespaces when switching library paths between
/system and the APEX, so that internal library dependencies in both
locations are loaded from their own directory. E.g. libc++ and libbase live
in both places, and their dependents must always load the version they were
compiled with.
Bug: 119867084,113373927
Test: Flash and reboot device
Test: Remount / read-write, then on device: rm -f system/lib{,64}/lib{c,m,dl}.so; system/bin/dex2oat -h; stop && start
Test: mmma bionic/tests/ && adb root && adb shell rm -rf /data/nativetest\* && adb push out/target/product/taimen/data/nativetest* /data/ && adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests && adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: cts-tradefed run commandAndExit cts -m CtsJniTestCases
Change-Id: I6c4fc2f1abea1fb8851546e258ffaaa4ef6fe7d0
This reverts commit 2f56b1fff8.
Reason for revert: Breaks bionic-unit-tests's dlfcn.dladdr_libc
and x86 CtsJniTestCases' JniStaticTest.test_linker_namespaces.
Bug: 113373927
Bug: 120661824
Change-Id: I9b34bcb240a42bf99c6d8b58db4b18a4f6d36961
netd will use apex/com.android.resolv/lib64/libned_resolv.so to replace
system/lib64/libned_resolv.so.
note:Without disabling selinux, we setenv LD_LIBRARY_PATH in netd.rc but
netd couldn't use libnetd_resolv.so under com.android.resolv/lib64 because
LD_LIBRARY_PATH is ignored when AT_SECURE is on. Directly add path to the
libnetd_resolv apex to /system/etc/ld.config.txt for temporarily.
Bug: 119527674
Test: make; flash; lsof -p $(pidof netd)
Change-Id: I011d2da625151bf43c10497bb84c15f3d8e6ad33
Non-treblized devices use ld.config.legacy.txt, which does not
support product partition, leading to access denial from/to product partition.
Declare directly /product since search paths are resolved in linker config.
Test: m -j with non-treblized device upgraded to P.
Change-Id: Ic142b807f5dbffdfa5c774b3df8d0903b9626b6a
Test: Device boot test with Android Runtime APEX.
Test: Device boot test without Android Runtime APEX.
Bug: 113373927
Change-Id: Iff32fcd79a667b07df839f4e6ef2cdb3cf70e9d3
We're moving apps and their libs to product_services for older
devices too, so mimic the rules in the default ld.config related
to product_services.
Also fix a one-off disparity between /product and /product_services
in ld.config.txt.
Bug: 114804489
Test: m out/target/product/marlin/system/etc/ld.config.vndk_lite
Change-Id: I166275c035c85b4d69cff8e9d51af3d6d0ff4857
A few places had /product and /product_services hardcoded. Update
them to use values that get set at build time.
Bug: 114804489
Test: m out/target/product/marlin/system/etc/ld.config.vndk_lite.txt
Change-Id: Ie48dbb2453ae941c1b5ee57f092d12a5497d878f
