From 8ebf6ee6f6c18aca03f4ac4b33a65194562dc0d4 Mon Sep 17 00:00:00 2001 From: Justin Yun Date: Thu, 10 Aug 2017 17:39:30 +0900 Subject: [PATCH 1/7] Move libz vndk-sp from ll-ndk The ABI of libz is not as stable as it is for ll-ndk. Bug: 37617391 Test: build and boot Merged-In: I883bc6fda268e98cc7cdd5888264170c58688794 Change-Id: I883bc6fda268e98cc7cdd5888264170c58688794 (cherry picked from commit dadd3a846fae03b1d4416fcb8f2499b8296d9e83) --- rootdir/etc/ld.config.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt index b4a0158bc..6c3395c7e 100644 --- a/rootdir/etc/ld.config.txt +++ b/rootdir/etc/ld.config.txt @@ -64,10 +64,10 @@ namespace.sphal.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB} namespace.sphal.links = default,vndk,rs # WARNING: only NDK libs can be listed here. -namespace.sphal.link.default.shared_libs = libc.so:libz.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libvndksupport.so +namespace.sphal.link.default.shared_libs = libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libvndksupport.so # WARNING: only VNDK-SP libs can be listed here. DO NOT EDIT this line. -namespace.sphal.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.common@1.0.so:android.hidl.memory@1.0.so:libhwbinder.so:libbase.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libion.so:libutils.so:libc++.so +namespace.sphal.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.common@1.0.so:android.hidl.memory@1.0.so:libhwbinder.so:libbase.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libion.so:libutils.so:libc++.so:libz.so # Renderscript gets separate namespace namespace.sphal.link.rs.shared_libs = libRS_internal.so @@ -88,8 +88,8 @@ namespace.rs.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB} namespace.rs.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}:/data namespace.rs.links = default,vndk -namespace.rs.link.default.shared_libs = libc.so:libz.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libmediandk.so:libvndksupport.so -namespace.rs.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.common@1.0.so:android.hidl.memory@1.0.so:libhwbinder.so:libbase.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libion.so:libutils.so:libc++.so +namespace.rs.link.default.shared_libs = libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libmediandk.so:libvndksupport.so +namespace.rs.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.common@1.0.so:android.hidl.memory@1.0.so:libhwbinder.so:libbase.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libion.so:libutils.so:libc++.so:libz.so ############################################################################### # "vndk" namespace @@ -107,7 +107,7 @@ namespace.vndk.asan.permitted.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB} # to the default namespace. This is possible since their ABI is stable across # Android releases. namespace.vndk.links = default -namespace.vndk.link.default.shared_libs = android.hidl.memory@1.0-impl.so:libc.so:libz.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libvndksupport.so +namespace.vndk.link.default.shared_libs = android.hidl.memory@1.0-impl.so:libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libvndksupport.so ############################################################################### # Namespace config for vendor processes. In O, no restriction is enforced for From 136eb058923bc5b4fc4434751797bb70783da539 Mon Sep 17 00:00:00 2001 From: Justin Yun Date: Mon, 14 Aug 2017 12:18:29 +0900 Subject: [PATCH 2/7] Add libft2.so to ll-ndk for rs namespace libft2.so is changed to ll-ndk that is available only for rs namespace. Bug: 64425518 Test: build and boot with BOARD_VNDK_VERSION=current Merged-In: I991dc774ca9b92fb6e95a7656243a6a4ecdc0ab9 Change-Id: I991dc774ca9b92fb6e95a7656243a6a4ecdc0ab9 (cherry picked from commit 513f76394a767192965888ed495305102b318dab) --- rootdir/etc/ld.config.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt index 6c3395c7e..fa6fc07bf 100644 --- a/rootdir/etc/ld.config.txt +++ b/rootdir/etc/ld.config.txt @@ -88,7 +88,7 @@ namespace.rs.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB} namespace.rs.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}:/data namespace.rs.links = default,vndk -namespace.rs.link.default.shared_libs = libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libmediandk.so:libvndksupport.so +namespace.rs.link.default.shared_libs = libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libmediandk.so:libvndksupport.so:libft2.so namespace.rs.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.common@1.0.so:android.hidl.memory@1.0.so:libhwbinder.so:libbase.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libion.so:libutils.so:libc++.so:libz.so ############################################################################### From 7075bca364718a3d060bd373c3d1b20db2e89bfc Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Wed, 16 Aug 2017 23:32:54 +0900 Subject: [PATCH 3/7] Make the rs namespace visible This allows us to dlopen libRS_internal.so directly from the rs namespace, not from the sphal namespace. Bug: 64747884 Test: VtsHalRenderscriptV1_0TargetTest successful on the device built with BOARD_VNDK_VERSION=current and [system] namespace config is applied to /data/nativetest[64]/* processes. Merged-In: I0b441791e395798e80a84592ca01e771bb1c201a Change-Id: I0b441791e395798e80a84592ca01e771bb1c201a (cherry picked from commit 421a5e46b780cab394e4bc18745b8555ba26afa5) --- rootdir/etc/ld.config.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt index fa6fc07bf..d9ed89198 100644 --- a/rootdir/etc/ld.config.txt +++ b/rootdir/etc/ld.config.txt @@ -81,6 +81,7 @@ namespace.sphal.link.rs.shared_libs = libRS_internal.so # to load the compiled *.so file and libmediandk.so can be used here. ############################################################################### namespace.rs.isolated = true +namespace.rs.visible = true namespace.rs.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/vendor/${LIB} namespace.rs.permitted.paths = /vendor/${LIB}:/data From e58fa1b0c617f53a0697a158139f57e9f2a70d8a Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Thu, 31 Aug 2017 22:11:35 +0900 Subject: [PATCH 4/7] libz is back to LLNDK For 2016 pixel devices, where VNDK is not fully enforced, move libz back to LLNDK so that we can pass the CTS without requiring the default namespace to be isolated. If we have libz in vndk-sp directory, test_linker_namespaces fails because /system/lib/vndk-sp/libz.so becomes accessible. In order to make the lib inaccessible, we have to make the default namespace isolated, but this can't be done for 2016 pixel devices where VNDK is not fully enforced. So, we choose to remove /system/lib/vndk-sp/libz.so and keep the single copy at /system/lib. Bug: 65018779 Test: android.jni.cts.JniStaticTest#test_linker_namespaces successful on 2016 pixel devices Merged-In: Ib6b6560b02be69d2015c0afb86acf07c02b30c2f Change-Id: Ib6b6560b02be69d2015c0afb86acf07c02b30c2f (cherry picked from commit 697eb2da0db5eaaa8b518e6da3b7b6377312825e) --- rootdir/etc/ld.config.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt index d9ed89198..2d1ea7cd7 100644 --- a/rootdir/etc/ld.config.txt +++ b/rootdir/etc/ld.config.txt @@ -64,10 +64,10 @@ namespace.sphal.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB} namespace.sphal.links = default,vndk,rs # WARNING: only NDK libs can be listed here. -namespace.sphal.link.default.shared_libs = libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libvndksupport.so +namespace.sphal.link.default.shared_libs = libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libvndksupport.so:libz.so # WARNING: only VNDK-SP libs can be listed here. DO NOT EDIT this line. -namespace.sphal.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.common@1.0.so:android.hidl.memory@1.0.so:libhwbinder.so:libbase.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libion.so:libutils.so:libc++.so:libz.so +namespace.sphal.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.common@1.0.so:android.hidl.memory@1.0.so:libhwbinder.so:libbase.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libion.so:libutils.so:libc++.so # Renderscript gets separate namespace namespace.sphal.link.rs.shared_libs = libRS_internal.so @@ -89,8 +89,8 @@ namespace.rs.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB} namespace.rs.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}:/data namespace.rs.links = default,vndk -namespace.rs.link.default.shared_libs = libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libmediandk.so:libvndksupport.so:libft2.so -namespace.rs.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.common@1.0.so:android.hidl.memory@1.0.so:libhwbinder.so:libbase.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libion.so:libutils.so:libc++.so:libz.so +namespace.rs.link.default.shared_libs = libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libGLESv1_CM.so:libGLESv2.so:libmediandk.so:libvndksupport.so:libz.so:libft2.so +namespace.rs.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:android.hardware.graphics.allocator@2.0.so:android.hardware.graphics.mapper@2.0.so:android.hardware.graphics.common@1.0.so:android.hidl.memory@1.0.so:libhwbinder.so:libbase.so:libcutils.so:libhardware.so:libhidlbase.so:libhidlmemory.so:libhidltransport.so:libion.so:libutils.so:libc++.so ############################################################################### # "vndk" namespace @@ -108,7 +108,7 @@ namespace.vndk.asan.permitted.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB} # to the default namespace. This is possible since their ABI is stable across # Android releases. namespace.vndk.links = default -namespace.vndk.link.default.shared_libs = android.hidl.memory@1.0-impl.so:libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libvndksupport.so +namespace.vndk.link.default.shared_libs = android.hidl.memory@1.0-impl.so:libc.so:libm.so:libdl.so:libstdc++.so:liblog.so:libnativewindow.so:libEGL.so:libsync.so:libvndksupport.so:libz.so ############################################################################### # Namespace config for vendor processes. In O, no restriction is enforced for From 7f654c3243ddf4859ce17e36ce7fe389a3c9a337 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Tue, 23 May 2017 16:24:48 +0900 Subject: [PATCH 5/7] vndk: remove vendor/lib from the search path of the 'vndk' namespace 'vndk' namespace is the place for VNDK-SP libs. So /vendor/lib must be removed from its search paths. It was there just because libhardware (which is VNDK-SP) is loading HAL libs in vendor partition from there. However this problem has been solved by modifying the libhardware so that HAL libs are loaded from the 'sphal' namespace and not from the current (the 'vndk') namespace. Bug: 37731053 Test: sailfish builds and boots Merged-In: Ia88934a975aa8811e05b5ba408e42d132f20f4e9 Change-Id: Ia88934a975aa8811e05b5ba408e42d132f20f4e9 (cherry picked from commit f01b52895dfb44c3a7e98a870ab415672aee0960) --- rootdir/etc/ld.config.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt index 2d1ea7cd7..7f86a950b 100644 --- a/rootdir/etc/ld.config.txt +++ b/rootdir/etc/ld.config.txt @@ -98,10 +98,10 @@ namespace.rs.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:androi # This namespace is exclusively for vndk-sp libs. ############################################################################### namespace.vndk.isolated = true -namespace.vndk.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/vendor/${LIB} +namespace.vndk.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp namespace.vndk.permitted.paths = /vendor/${LIB}/hw:/vendor/${LIB}/egl -namespace.vndk.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/data/asan/vendor/${LIB}:/vendor/${LIB} +namespace.vndk.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp namespace.vndk.asan.permitted.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl # When these NDK libs are required inside this namespace, then it is redirected From 6ed1a1c339e33a5d83096262b07e909cc365b629 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Tue, 26 Sep 2017 01:38:22 +0900 Subject: [PATCH 6/7] Fix: make vndk namespace visible for 2016 Pixes The nativeloader tries to find the 'vndk' namespace when there is a vendor apk in the classloader paths. This can happen even for a downloaded app if the app is using a vendor apk via tag. In order to prevent the nativeloader from failing to find the vndk namespace, the namespace is marked as visible. Bug: 66482442 Test: download the app mentioned in the bug, it does not crash. Merged-In: I82e2394eb6eedcb8645e1a5b3735bbfe2735b312 Change-Id: I82e2394eb6eedcb8645e1a5b3735bbfe2735b312 (cherry picked from commit 1cc09e749f196774a4e6fa4afedfd4eda623ee67) --- rootdir/etc/ld.config.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt index 7f86a950b..01336ffde 100644 --- a/rootdir/etc/ld.config.txt +++ b/rootdir/etc/ld.config.txt @@ -98,6 +98,7 @@ namespace.rs.link.vndk.shared_libs = android.hardware.renderscript@1.0.so:androi # This namespace is exclusively for vndk-sp libs. ############################################################################### namespace.vndk.isolated = true +namespace.vndk.visible = true namespace.vndk.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp namespace.vndk.permitted.paths = /vendor/${LIB}/hw:/vendor/${LIB}/egl From a2935e0c8b4c3ca1244c1c92bb87200b31b013f2 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Fri, 29 Sep 2017 05:04:00 +0900 Subject: [PATCH 7/7] Tests are run with proper namespace configs by their locations Tests in /data/[nativetest|benchmarktest] run with namespace config for system and tests in /data/[nativetest|benchmarktest]/vendor run with namespace config for vendor. They no longer run in the 'test' namespace config which didn't impose any restriction for libraries. Bug: 67028906 Test: sailfish/marlin builds and boots Test: no VTS regression on system.img from GSI + vendor.img from marlin/sailfish Test: VtsKernelLibcutilsTest successful in above config Merged-In: I28cdef960d087565c8a22dca0e9a154fb1c3bb94 Change-Id: I28cdef960d087565c8a22dca0e9a154fb1c3bb94 (cherry picked from commit 326b783ad92048432c4a8a70a35c8342b35128b0) --- rootdir/etc/ld.config.txt | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt index 01336ffde..8aa336930 100644 --- a/rootdir/etc/ld.config.txt +++ b/rootdir/etc/ld.config.txt @@ -7,10 +7,14 @@ dir.system = /system/bin/ dir.system = /system/xbin/ dir.vendor = /vendor/bin/ -dir.test = /data/nativetest/ -dir.test = /data/nativetest64/ -dir.test = /data/benchmarktest/ -dir.test = /data/benchmarktest64/ +dir.vendor = /data/nativetest/vendor +dir.vendor = /data/nativetest64/vendor +dir.vendor = /data/benchmarktest/vendor +dir.vendor = /data/benchmarktest64/vendor +dir.system = /data/nativetest +dir.system = /data/nativetest64 +dir.system = /data/benchmarktest +dir.system = /data/benchmarktest64 [system] additional.namespaces = sphal,vndk,rs @@ -122,12 +126,3 @@ namespace.default.isolated = false namespace.default.search.paths = /vendor/${LIB}/hw:/vendor/${LIB}/egl:/vendor/${LIB}:/system/${LIB}/vndk:/vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/system/${LIB} namespace.default.asan.search.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl:/data/asan/vendor/${LIB}:/vendor/${LIB}:/data/asan/system/${LIB}/vndk:/system/${LIB}/vndk:/data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/data/asan/system/${LIB}:/system/${LIB} - -############################################################################### -# Namespace config for tests. No VNDK restriction is enforced for these tests. -############################################################################### -[test] -namespace.default.isolated = false -namespace.default.search.paths = /vendor/${LIB}:/vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/system/${LIB} - -namespace.default.asan.search.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}:/data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/data/asan/system/${LIB}:/system/${LIB}