Make default namespace for system processes isolated
The default namespace for system process now becomes isolated, which
means it can load only the libs that are in search.paths and under
permitted.paths.
/system/framework, /system/app, /system/priv-app, /vendor/app, /data,
etc are added to the permitted paths since libart should be able to
dlopen odex files under the locations.
Following directories become unavailable:
/system/lib/vndk
/system/lib/vndk-sp
Bug: 37013858
Bug: 64888291
Bug: 64950640
Test: 2017 pixel devices builds and boots
Test: android.jni.cts.JniStaticTest#test_linker_namespaces passes
Change-Id: I2bbe9cc19940c3633c2fb901f9bf8ab813e38c13
1 file changed
