1# Copyright (C) 2017 The Android Open Source Project 2# 3# Bionic loader config file. 4# This gives the exactly the same namespace setup in pre-O. 5# 6 7# All binaries gets the same configuration 'legacy' 8dir.legacy = /system 9dir.legacy = /product 10dir.legacy = /vendor 11dir.legacy = /odm 12dir.legacy = /sbin 13 14# Except for /postinstall, where only /system and /product are searched 15dir.postinstall = /postinstall 16 17# Fallback entry to provide APEX namespace lookups for binaries anywhere else. 18# This must be last. 19dir.legacy = /data 20 21[legacy] 22namespace.default.isolated = false 23 24namespace.default.search.paths = /system/${LIB} 25namespace.default.search.paths += /product/${LIB} 26namespace.default.search.paths += /vendor/${LIB} 27namespace.default.search.paths += /odm/${LIB} 28 29namespace.default.asan.search.paths = /data/asan/system/${LIB} 30namespace.default.asan.search.paths += /system/${LIB} 31namespace.default.asan.search.paths += /data/asan/product/${LIB} 32namespace.default.asan.search.paths += /product/${LIB} 33namespace.default.asan.search.paths += /data/asan/vendor/${LIB} 34namespace.default.asan.search.paths += /vendor/${LIB} 35namespace.default.asan.search.paths += /data/asan/odm/${LIB} 36namespace.default.asan.search.paths += /odm/${LIB} 37 38############################################################################### 39# APEX related namespaces. 40############################################################################### 41 42additional.namespaces = runtime,conscrypt,media,resolv 43 44# Keep in sync with ld.config.txt in the com.android.runtime APEX. 45# If a shared library or an executable requests a shared library that 46# cannot be loaded into the default namespace, the dynamic linker tries 47# to load the shared library from the runtime namespace. And then, if the 48# shared library cannot be loaded from the runtime namespace either, the 49# dynamic linker tries to load the shared library from the resolv namespace. 50# Finally, if all attempts fail, the dynamic linker returns an error. 51namespace.default.links = runtime,resolv 52namespace.default.asan.links = runtime,resolv 53# Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by 54# libart. 55namespace.default.visible = true 56namespace.default.link.runtime.shared_libs = libdexfile_external.so 57namespace.default.link.runtime.shared_libs += libnativebridge.so 58namespace.default.link.runtime.shared_libs += libnativehelper.so 59namespace.default.link.runtime.shared_libs += libnativeloader.so 60namespace.default.link.runtime.shared_libs += libandroidicu.so 61# libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466 62namespace.default.link.runtime.shared_libs += libicui18n.so 63namespace.default.link.runtime.shared_libs += libicuuc.so 64 65# TODO(b/122876336): Remove libpac.so once it's migrated to Webview 66namespace.default.link.runtime.shared_libs += libpac.so 67 68# When libnetd_resolv.so can't be found in the default namespace, search for it 69# in the resolv namespace. Don't allow any other libraries from the resolv namespace 70# to be loaded in the default namespace. 71namespace.default.link.resolv.shared_libs = libnetd_resolv.so 72 73############################################################################### 74# "runtime" APEX namespace 75# 76# This namespace exposes externally accessible libraries from the Runtime APEX. 77############################################################################### 78namespace.runtime.isolated = true 79namespace.runtime.visible = true 80 81# Keep in sync with ld.config.txt in the com.android.runtime APEX. 82namespace.runtime.search.paths = /apex/com.android.runtime/${LIB} 83namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB} 84namespace.runtime.links = default 85# TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library 86# when it exists. 87namespace.runtime.link.default.allow_all_shared_libs = true 88 89############################################################################### 90# "media" APEX namespace 91# 92# This namespace is for libraries within the media APEX. 93############################################################################### 94namespace.media.isolated = true 95namespace.media.visible = true 96 97namespace.media.search.paths = /apex/com.android.media/${LIB} 98namespace.media.asan.search.paths = /apex/com.android.media/${LIB} 99 100namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors 101 102namespace.media.links = default 103namespace.media.link.default.shared_libs = libbinder_ndk.so 104namespace.media.link.default.shared_libs += libc.so 105namespace.media.link.default.shared_libs += libcgrouprc.so 106namespace.media.link.default.shared_libs += libdl.so 107namespace.media.link.default.shared_libs += liblog.so 108namespace.media.link.default.shared_libs += libmediametrics.so 109namespace.media.link.default.shared_libs += libmediandk.so 110namespace.media.link.default.shared_libs += libm.so 111namespace.media.link.default.shared_libs += libvndksupport.so 112 113namespace.media.link.default.shared_libs += libclang_rt.asan-aarch64-android.so 114namespace.media.link.default.shared_libs += libclang_rt.asan-arm-android.so 115namespace.media.link.default.shared_libs += libclang_rt.asan-i686-android.so 116namespace.media.link.default.shared_libs += libclang_rt.asan-x86_64-android.so 117namespace.media.link.default.shared_libs += libclang_rt.hwasan-aarch64-android.so 118 119############################################################################### 120# "conscrypt" APEX namespace 121# 122# This namespace is for libraries within the conscrypt APEX. 123############################################################################### 124namespace.conscrypt.isolated = true 125namespace.conscrypt.visible = true 126 127# Keep in sync with ld.config.txt in the com.android.runtime APEX. 128namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB} 129namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB} 130namespace.conscrypt.links = runtime,default 131namespace.conscrypt.link.runtime.shared_libs = libandroidio.so 132namespace.conscrypt.link.default.shared_libs = libc.so 133namespace.conscrypt.link.default.shared_libs += libm.so 134namespace.conscrypt.link.default.shared_libs += libdl.so 135namespace.conscrypt.link.default.shared_libs += liblog.so 136 137############################################################################### 138# "resolv" APEX namespace 139# 140# This namespace is for libraries within the resolv APEX. 141############################################################################### 142namespace.resolv.isolated = true 143namespace.resolv.visible = true 144 145namespace.resolv.search.paths = /apex/com.android.resolv/${LIB} 146namespace.resolv.asan.search.paths = /apex/com.android.resolv/${LIB} 147namespace.resolv.links = default 148namespace.resolv.link.default.shared_libs = libc.so 149namespace.resolv.link.default.shared_libs += libcgrouprc.so 150namespace.resolv.link.default.shared_libs += libm.so 151namespace.resolv.link.default.shared_libs += libdl.so 152namespace.resolv.link.default.shared_libs += libbinder_ndk.so 153namespace.resolv.link.default.shared_libs += liblog.so 154namespace.resolv.link.default.shared_libs += libvndksupport.so 155 156############################################################################### 157# Namespace config for binaries under /postinstall. 158# Only one default namespace is defined and it has no directories other than 159# /system/lib and /product/lib in the search paths. This is because linker 160# calls realpath on the search paths and this causes selinux denial if the 161# paths (/vendor, /odm) are not allowed to the poinstall binaries. 162# There is no reason to allow the binaries to access the paths. 163############################################################################### 164[postinstall] 165namespace.default.isolated = false 166namespace.default.search.paths = /system/${LIB} 167namespace.default.search.paths += /product/${LIB} 168