commit 55f05d79f9e83757acb72d3d300262f5954a00af
author Jiyong Park <jiyong@google.com> Mon Aug 28 14:42:49 2017 +0900
committer Jiyong Park <jiyong@google.com> Thu Aug 31 11:52:03 2017 +0900
tree 9641ad6fada2494984f3372acb73904892668daf
parent a2f1335819191a0ab29aa79d343ddf7376495af3

Make default namespace for system processes isolated

The default namespace for system process now becomes isolated, which
means it can load only the libs that are in search.paths and under
permitted.paths.

/system/framework, /system/app, /system/priv-app, /vendor/app, /data,
etc are added to the permitted paths since libart should be able to
dlopen odex files under the locations.

Following directories become unavailable:
/system/lib/vndk
/system/lib/vndk-sp

Bug: 37013858
Bug: 64888291
Bug: 64950640
Test: 2017 pixel devices builds and boots
Test: android.jni.cts.JniStaticTest#test_linker_namespaces passes
Change-Id: I2bbe9cc19940c3633c2fb901f9bf8ab813e38c13

rootdir/etc/ld.config.vndk.txt

diff --git a/rootdir/etc/ld.config.vndk.txt b/rootdir/etc/ld.config.vndk.txt
index 063aab9..adffd92 100644
--- a/rootdir/etc/ld.config.vndk.txt
+++ b/rootdir/etc/ld.config.vndk.txt
@@ -23,25 +23,21 @@
 ###############################################################################
 # "default" namespace
 #
-# Framework-side code runs in this namespace. Anything from /vendor partition
+# Framework-side code runs in this namespace. Libs from /vendor partition
 # can't be loaded in this namespace.
 ###############################################################################
-namespace.default.isolated = false
+namespace.default.isolated = true
+# TODO(b/63553457): remove /vendor/lib from the search path. For now, this is
+# required since the classloader namespace for vendor apks should have access
+# vendor libraries in the directory. These search paths are copied to the search
+# paths of the classloader namespace.
 namespace.default.search.paths = /system/${LIB}:/vendor/${LIB}
-namespace.default.permitted.paths = /system/${LIB}:/vendor/${LIB}
+# /vendor/app, /vendor/framework were added since libart should be able to dlopen
+# the odex files from the directory.
+namespace.default.permitted.paths = /system/${LIB}/drm:/system/${LIB}/hw:/system/framework:/system/app:/system/priv-app:/vendor/app:/vendor/framework:/oem/app:/data:/mnt/expand
 
 namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}
-namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}
-
-# TODO(b/37013858): remove all dependencies to /vendor/lib from system processes
-# When this is done, comment out following three lines and remove the three
-# lines above
-#namespace.default.isolated = true
-#namespace.default.search.paths = /system/${LIB}
-#namespace.default.permitted.paths = /system/${LIB}
-#
-#namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}
-#namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}
+namespace.default.asan.permitted.paths = /data:/system/${LIB}/drm:/system/${LIB}/hw:/system/framework:/system/app:/system/priv-app:/vendor/app:/vendor/framework:/oem/app:/mnt/expand
 
 ###############################################################################
 # "sphal" namespace