1# Copyright (C) 2017 The Android Open Source Project 2# 3# Bionic loader config file. 4# 5 6# Don't change the order here. The first pattern that matches with the 7# absolution path of an executable is selected. 8dir.system = /system/bin/ 9dir.system = /system/xbin/ 10dir.vendor = /vendor/bin/ 11dir.vendor = /data/nativetest/vendor 12dir.vendor = /data/nativetest64/vendor 13dir.vendor = /data/benchmarktest/vendor 14dir.vendor = /data/benchmarktest64/vendor 15dir.system = /data/nativetest 16dir.system = /data/nativetest64 17dir.system = /data/benchmarktest 18dir.system = /data/benchmarktest64 19 20[system] 21additional.namespaces = sphal,vndk,rs 22 23############################################################################### 24# "default" namespace 25# 26# Framework-side code runs in this namespace. Libs from /vendor partition 27# can't be loaded in this namespace. 28############################################################################### 29namespace.default.isolated = true 30namespace.default.search.paths = /system/${LIB} 31# /vendor/app, /vendor/framework were added since libart should be able to dlopen 32# the odex files from the directory. 33namespace.default.permitted.paths = /system/${LIB}/drm:/system/${LIB}/hw:/system/framework:/system/app:/system/priv-app:/vendor/app:/vendor/framework:/oem/app:/data:/mnt/expand 34 35namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB} 36namespace.default.asan.permitted.paths = /data:/system/${LIB}/drm:/system/${LIB}/hw:/system/framework:/system/app:/system/priv-app:/vendor/app:/vendor/framework:/oem/app:/mnt/expand 37 38############################################################################### 39# "sphal" namespace 40# 41# SP-HAL(Sameprocess-HAL)s are the only vendor libraries that are allowed to be 42# loaded inside system processes. libEGL_<chipset>.so, libGLESv2_<chipset>.so, 43# android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs. 44# 45# This namespace is exclusivly for SP-HALs. When the framework tries to dynami- 46# cally load SP-HALs, android_dlopen_ext() is used to explicitly specifying 47# that they should be searched and loaded from this namespace. 48# 49# Note that there is no link from the default namespace to this namespace. 50############################################################################### 51namespace.sphal.isolated = true 52namespace.sphal.visible = true 53namespace.sphal.search.paths = /vendor/${LIB}/egl:/vendor/${LIB}/hw:/vendor/${LIB} 54namespace.sphal.permitted.paths = /vendor/${LIB}:/system/${LIB}/vndk-sp/hw 55 56namespace.sphal.asan.search.paths = /data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl:/data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}:/vendor/${LIB} 57namespace.sphal.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB} 58 59# Once in this namespace, access to libraries in /system/lib is restricted. Only 60# libs listed here can be used. 61namespace.sphal.links = default,vndk,rs 62 63# WARNING: only NDK libs can be listed here. 64namespace.sphal.link.default.shared_libs = %LLNDK_LIBRARIES%:%SANITIZER_RUNTIME_LIBRARIES% 65 66# WARNING: only VNDK-SP libs can be listed here. DO NOT EDIT this line. 67namespace.sphal.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES% 68 69# Renderscript gets separate namespace 70namespace.sphal.link.rs.shared_libs = libRS_internal.so 71 72############################################################################### 73# "rs" namespace 74# 75# This namespace is exclusively for Renderscript internal libraries. 76# This namespace has slightly looser restriction than the vndk namespace because 77# of the genuine characteristics of Renderscript; /data is in the permitted path 78# to load the compiled *.so file and libmediandk.so can be used here. 79############################################################################### 80namespace.rs.isolated = true 81namespace.rs.visible = true 82namespace.rs.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/vendor/${LIB} 83namespace.rs.permitted.paths = /vendor/${LIB}:/data 84 85namespace.rs.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/data/asan/vendor/${LIB}:/vendor/${LIB} 86namespace.rs.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}:/data 87 88namespace.rs.links = default,vndk 89namespace.rs.link.default.shared_libs = %LLNDK_LIBRARIES%:%SANITIZER_RUNTIME_LIBRARIES% 90namespace.rs.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES% 91 92############################################################################### 93# "vndk" namespace 94# 95# This namespace is exclusively for vndk-sp libs. 96############################################################################### 97namespace.vndk.isolated = true 98namespace.vndk.visible = true 99namespace.vndk.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp 100namespace.vndk.permitted.paths = /vendor/${LIB}/hw:/vendor/${LIB}/egl 101 102namespace.vndk.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp 103namespace.vndk.asan.permitted.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl 104 105# When these NDK libs are required inside this namespace, then it is redirected 106# to the default namespace. This is possible since their ABI is stable across 107# Android releases. 108namespace.vndk.links = default 109namespace.vndk.link.default.shared_libs = %LLNDK_LIBRARIES%:%SANITIZER_RUNTIME_LIBRARIES% 110 111############################################################################### 112# Namespace config for vendor processes. In O, no restriction is enforced for 113# them. However, in O-MR1, access to /system/${LIB} will not be allowed to 114# the default namespace. 'system' namespace will be added to give limited 115# (LL-NDK only) access. 116############################################################################### 117[vendor] 118additional.namespaces = system 119 120############################################################################### 121# "default" namespace 122# 123# Vendor-side code runs in this namespace. 124############################################################################### 125namespace.default.isolated = true 126namespace.default.visible = true 127 128namespace.default.search.paths = /vendor/${LIB}/hw:/vendor/${LIB}/egl:/vendor/${LIB}:/vendor/${LIB}/vndk:/system/${LIB}/vndk:/vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp 129namespace.default.permitted.paths = /vendor:/system/${LIB}/vndk:/system/${LIB}/vndk-sp 130 131namespace.default.asan.search.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl:/data/asan/vendor/${LIB}:/vendor/${LIB}:/data/asan/vendor/${LIB}/vndk:/vendor/${LIB}/vndk:/data/asan/system/${LIB}/vndk:/system/${LIB}/vndk:/data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp 132namespace.default.asan.permitted.paths = /data/asan/vendor:/vendor:/data/asan/system/${LIB}/vndk:/system/${LIB}/vndk:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp 133 134namespace.default.links = system 135namespace.default.link.system.shared_libs = %LLNDK_LIBRARIES% 136 137############################################################################### 138# "system" namespace 139# 140# This is for vendor process to use LL-NDK in system partition. 141############################################################################### 142namespace.system.isolated = false 143namespace.system.search.paths = /system/${LIB} 144namespace.system.permitted.paths = /system/${LIB} 145 146namespace.system.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB} 147namespace.system.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB} 148