android_system_core/rootdir/etc/ld.config.txt

# Copyright (C) 2017 The Android Open Source Project
#
# Bionic loader config file.
#

# Don't change the order here.
dir.system = /system/bin/
dir.system = /system/xbin/
dir.vendor = /vendor/bin/
dir.test = /data/nativetest/
dir.test = /data/nativetest64/
dir.test = /data/benchmarktest/
dir.test = /data/benchmarktest64/

[system]
additional.namespaces = sphal,vndk,rs

###############################################################################
# "default" namespace
#
# Framework-side code runs in this namespace. Anything from /vendor partition
# can't be loaded in this namespace.
###############################################################################
namespace.default.isolated = false
namespace.default.search.paths = /system/${LIB}:/vendor/${LIB}
namespace.default.permitted.paths = /system/${LIB}:/vendor/${LIB}

namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}
namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}

# TODO(b/37013858): remove all dependencies to /vendor/lib from system processes
# When this is done, comment out following three lines and remove the three
# lines above
#namespace.default.isolated = true
#namespace.default.search.paths = /system/${LIB}
#namespace.default.permitted.paths = /system/${LIB}
#
#namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}
#namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}

###############################################################################
# "sphal" namespace
#
# SP-HAL(Sameprocess-HAL)s are the only vendor libraries that are allowed to be
# loaded inside system processes. libEGL_<chipset>.so, libGLESv2_<chipset>.so,
# android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs.
#
# This namespace is exclusivly for SP-HALs. When the framework tries to dynami-
# cally load SP-HALs, android_dlopen_ext() is used to explicitly specifying
# that they should be searched and loaded from this namespace.
#
# Note that there is no link from the default namespace to this namespace.
###############################################################################
namespace.sphal.isolated = true
namespace.sphal.visible = true
namespace.sphal.search.paths = /vendor/${LIB}/egl:/vendor/${LIB}/hw:/vendor/${LIB}
namespace.sphal.permitted.paths = /vendor/${LIB}:/system/${LIB}/vndk-sp/hw

namespace.sphal.asan.search.paths = /data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl:/data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}:/vendor/${LIB}
namespace.sphal.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}

# Once in this namespace, access to libraries in /system/lib is restricted. Only
# libs listed here can be used.
namespace.sphal.links = default,vndk,rs

# WARNING: only NDK libs can be listed here.
namespace.sphal.link.default.shared_libs = libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libvndksupport.so:libz.so

# WARNING: only VNDK-SP libs can be listed here. DO NOT EDIT this line.
namespace.sphal.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.common@1.0.so:android.hidl.memory@1.0.so:libhwbinder.so:libbase.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libion.so:libutils.so:libc++.so

# Renderscript gets separate namespace
namespace.sphal.link.rs.shared_libs = libRS_internal.so

###############################################################################
# "rs" namespace
#
# This namespace is exclusively for Renderscript internal libraries.
# This namespace has slightly looser restriction than the vndk namespace because
# of the genuine characteristics of Renderscript; /data is in the permitted path
# to load the compiled *.so file and libmediandk.so can be used here.
###############################################################################
namespace.rs.isolated = true
namespace.rs.visible = true
namespace.rs.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/vendor/${LIB}
namespace.rs.permitted.paths = /vendor/${LIB}:/data

namespace.rs.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/data/asan/vendor/${LIB}:/vendor/${LIB}
namespace.rs.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}:/data

namespace.rs.links = default,vndk
namespace.rs.link.default.shared_libs = libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libmediandk.so:libvndksupport.so:libz.so:libft2.so
namespace.rs.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.common@1.0.so:android.hidl.memory@1.0.so:libhwbinder.so:libbase.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libion.so:libutils.so:libc++.so

###############################################################################
# "vndk" namespace
#
# This namespace is exclusively for vndk-sp libs.
###############################################################################
namespace.vndk.isolated = true
namespace.vndk.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp
namespace.vndk.permitted.paths = /vendor/${LIB}/hw:/vendor/${LIB}/egl

namespace.vndk.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp
namespace.vndk.asan.permitted.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl

# When these NDK libs are required inside this namespace, then it is redirected
# to the default namespace. This is possible since their ABI is stable across
# Android releases.
namespace.vndk.links = default
namespace.vndk.link.default.shared_libs = android.hidl.memory@1.0-impl.so:libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libvndksupport.so:libz.so

###############################################################################
# Namespace config for vendor processes. In O, no restriction is enforced for
# them. However, in O-MR1, access to /system/${LIB} will not be allowed to
# the default namespace. 'system' namespace will be added to give limited
# (LL-NDK only) access.
###############################################################################
[vendor]
namespace.default.isolated = false
namespace.default.search.paths = /vendor/${LIB}/hw:/vendor/${LIB}/egl:/vendor/${LIB}:/system/${LIB}/vndk:/vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/system/${LIB}

namespace.default.asan.search.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl:/data/asan/vendor/${LIB}:/vendor/${LIB}:/data/asan/system/${LIB}/vndk:/system/${LIB}/vndk:/data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/data/asan/system/${LIB}:/system/${LIB}

###############################################################################
# Namespace config for tests. No VNDK restriction is enforced for these tests.
###############################################################################
[test]
namespace.default.isolated = false
namespace.default.search.paths = /vendor/${LIB}:/vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/system/${LIB}

namespace.default.asan.search.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}:/data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/data/asan/system/${LIB}:/system/${LIB}