1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 // Framework-side code runs in this namespace. Libs from /vendor partition can't
18 // be loaded in this namespace.
19 
20 #include "linkerconfig/common.h"
21 #include "linkerconfig/environment.h"
22 #include "linkerconfig/namespace.h"
23 #include "linkerconfig/namespacebuilder.h"
24 
25 using android::linkerconfig::modules::AsanPath;
26 using android::linkerconfig::modules::IsProductVndkVersionDefined;
27 using android::linkerconfig::modules::Namespace;
28 
29 namespace android {
30 namespace linkerconfig {
31 namespace contents {
32 Namespace BuildSystemDefaultNamespace([[maybe_unused]] const Context& ctx) {
33   bool is_fully_treblelized = ctx.IsDefaultConfig();
34   std::string product = Var("PRODUCT");
35   std::string system_ext = Var("SYSTEM_EXT");
36 
37   // Visible to allow links to be created at runtime, e.g. through
38   // android_link_namespaces in libnativeloader.
39   Namespace ns("default",
40                /*is_isolated=*/is_fully_treblelized,
41                /*is_visible=*/true);
42 
43   ns.AddSearchPath("/system/${LIB}", AsanPath::WITH_DATA_ASAN);
44   ns.AddSearchPath(system_ext + "/${LIB}", AsanPath::WITH_DATA_ASAN);
45   if (!IsProductVndkVersionDefined() || !is_fully_treblelized) {
46     // System processes can search product libs only if product VNDK is not
47     // enforced.
48     ns.AddSearchPath(product + "/${LIB}", AsanPath::WITH_DATA_ASAN);
49   }
50   if (!is_fully_treblelized) {
51     ns.AddSearchPath("/vendor/${LIB}", AsanPath::WITH_DATA_ASAN);
52     ns.AddSearchPath("/odm/${LIB}", AsanPath::WITH_DATA_ASAN);
53   }
54 
55   if (is_fully_treblelized) {
56     // We can't have entire /system/${LIB} as permitted paths because doing so
57     // makes it possible to load libs in /system/${LIB}/vndk* directories by
58     // their absolute paths, e.g. dlopen("/system/lib/vndk/libbase.so"). VNDK
59     // libs are built with previous versions of Android and thus must not be
60     // loaded into this namespace where libs built with the current version of
61     // Android are loaded. Mixing the two types of libs in the same namespace
62     // can cause unexpected problems.
63     const std::vector<std::string> permitted_paths = {
64         "/system/${LIB}/drm",
65         "/system/${LIB}/extractors",
66         "/system/${LIB}/hw",
67         system_ext + "/${LIB}",
68 
69         // These are where odex files are located. libart has to be able to
70         // dlopen the files
71         "/system/framework",
72 
73         "/system/app",
74         "/system/priv-app",
75         system_ext + "/framework",
76         system_ext + "/app",
77         system_ext + "/priv-app",
78         "/vendor/framework",
79         "/vendor/app",
80         "/vendor/priv-app",
81         "/system/vendor/framework",
82         "/system/vendor/app",
83         "/system/vendor/priv-app",
84         "/odm/framework",
85         "/odm/app",
86         "/odm/priv-app",
87         "/oem/app",
88         product + "/framework",
89         product + "/app",
90         product + "/priv-app",
91         "/data",
92         "/mnt/expand",
93         "/apex/com.android.runtime/${LIB}/bionic",
94         "/system/${LIB}/bootstrap"};
95 
96     for (const auto& path : permitted_paths) {
97       ns.AddPermittedPath(path, AsanPath::SAME_PATH);
98     }
99     if (!IsProductVndkVersionDefined()) {
100       // System processes can use product libs only if product VNDK is not enforced.
101       ns.AddPermittedPath(product + "/${LIB}", AsanPath::SAME_PATH);
102     }
103   }
104 
105   ns.AddRequires(std::vector{
106       // Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt.
107       "libdexfile_external.so",
108       "libdexfiled_external.so",
109       "libnativebridge.so",
110       "libnativehelper.so",
111       "libnativeloader.so",
112       "libandroidicu.so",
113       // TODO(b/122876336): Remove libpac.so once it's migrated to Webview
114       "libpac.so",
115       // TODO(b/120786417 or b/134659294): libicuuc.so
116       // and libicui18n.so are kept for app compat.
117       "libicui18n.so",
118       "libicuuc.so",
119       // resolv
120       "libnetd_resolv.so",
121       // nn
122       "libneuralnetworks.so",
123       // statsd
124       "libstatspull.so",
125       "libstatssocket.so",
126       // adbd
127       "libadb_pairing_auth.so",
128       "libadb_pairing_connection.so",
129       "libadb_pairing_server.so",
130   });
131 
132   ns.AddProvides(GetSystemStubLibraries());
133   return ns;
134 }
135 }  // namespace contents
136 }  // namespace linkerconfig
137 }  // namespace android
138