1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 // Framework-side code runs in this namespace. Libs from /vendor partition can't
18 // be loaded in this namespace.
19
20 #include "linkerconfig/common.h"
21 #include "linkerconfig/environment.h"
22 #include "linkerconfig/namespace.h"
23 #include "linkerconfig/namespacebuilder.h"
24
25 using android::linkerconfig::modules::IsProductVndkVersionDefined;
26 using android::linkerconfig::modules::Namespace;
27
28 namespace android {
29 namespace linkerconfig {
30 namespace contents {
31
SetupSystemPermittedPaths(Namespace * ns)32 void SetupSystemPermittedPaths(Namespace* ns) {
33 std::string product = Var("PRODUCT");
34 std::string system_ext = Var("SYSTEM_EXT");
35
36 // We can't have entire /system/${LIB} as permitted paths because doing so
37 // makes it possible to load libs in /system/${LIB}/vndk* directories by
38 // their absolute paths, e.g. dlopen("/system/lib/vndk/libbase.so"). VNDK
39 // libs are built with previous versions of Android and thus must not be
40 // loaded into this namespace where libs built with the current version of
41 // Android are loaded. Mixing the two types of libs in the same namespace
42 // can cause unexpected problems.
43 const std::vector<std::string> permitted_paths = {
44 "/system/${LIB}/drm",
45 "/system/${LIB}/extractors",
46 "/system/${LIB}/hw",
47 system_ext + "/${LIB}",
48
49 // These are where odex files are located. libart has to be able to dlopen
50 // the files
51 "/system/framework",
52
53 "/system/app",
54 "/system/priv-app",
55 system_ext + "/framework",
56 system_ext + "/app",
57 system_ext + "/priv-app",
58 "/vendor/framework",
59 "/vendor/app",
60 "/vendor/priv-app",
61 "/system/vendor/framework",
62 "/system/vendor/app",
63 "/system/vendor/priv-app",
64 "/odm/framework",
65 "/odm/app",
66 "/odm/priv-app",
67 "/oem/app",
68 product + "/framework",
69 product + "/app",
70 product + "/priv-app",
71 "/data",
72 "/mnt/expand",
73 "/apex/com.android.runtime/${LIB}/bionic",
74 "/system/${LIB}/bootstrap",
75 };
76
77 for (const std::string& path : permitted_paths) {
78 ns->AddPermittedPath(path);
79 }
80 if (!IsProductVndkVersionDefined()) {
81 // System processes can use product libs only if product VNDK is not enforced.
82 ns->AddPermittedPath(product + "/${LIB}");
83 }
84 }
85
BuildSystemDefaultNamespace(const Context & ctx)86 Namespace BuildSystemDefaultNamespace([[maybe_unused]] const Context& ctx) {
87 bool is_fully_treblelized = ctx.IsDefaultConfig();
88 std::string product = Var("PRODUCT");
89 std::string system_ext = Var("SYSTEM_EXT");
90
91 // Visible to allow links to be created at runtime, e.g. through
92 // android_link_namespaces in libnativeloader.
93 Namespace ns("default",
94 /*is_isolated=*/is_fully_treblelized,
95 /*is_visible=*/true);
96
97 ns.AddSearchPath("/system/${LIB}");
98 ns.AddSearchPath(system_ext + "/${LIB}");
99 if (!IsProductVndkVersionDefined() || !is_fully_treblelized) {
100 // System processes can search product libs only if product VNDK is not
101 // enforced.
102 ns.AddSearchPath(product + "/${LIB}");
103 }
104 if (!is_fully_treblelized) {
105 ns.AddSearchPath("/vendor/${LIB}");
106 ns.AddSearchPath("/odm/${LIB}");
107 }
108
109 if (is_fully_treblelized) {
110 SetupSystemPermittedPaths(&ns);
111 }
112
113 ns.AddRequires(ctx.GetSystemRequireLibs());
114 ns.AddProvides(ctx.GetSystemProvideLibs());
115 return ns;
116 }
117
118 } // namespace contents
119 } // namespace linkerconfig
120 } // namespace android
121