contents/namespace/systemdefault.cc

/*
 * Copyright (C) 2019 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include "linkerconfig/namespacebuilder.h"

#include "linkerconfig/environment.h"
#include "linkerconfig/namespace.h"

using android::linkerconfig::modules::Namespace;

namespace {
const std::vector<std::string> kLibsFromRuntimeLegacy = {
    "libart.so:libartd.so", "libdexfile_external.so", "libnativebridge.so",
    "libnativehelper.so", "libnativeloader.so", "libandroidicu.so",
    // TODO(b/122876336): Remove libpac.so once it's migrated to Webview
    "libpac.so"};

const std::vector<std::string> kLibsFromRuntime = {
    "libdexfile_external.so", "libnativebridge.so", "libnativehelper.so",
    "libnativeloader.so", "libandroidicu.so"};

const std::vector<std::string> kPermittedPaths = {
    "/system/${LIB}/drm", "/system/${LIB}/extractors", "/system/${LIB}/hw",
    "/@{SYSTEM_EXT:system_ext}/${LIB}", "/@{PRODUCT:product}/${LIB}",
    // These are where odex files are located. libart has to be able to
    // dlopen the files
    "/system/framework", "/system/app", "/system/priv-app",
    "/@{SYSTEM_EXT:system_ext}/framework", "/@{SYSTEM_EXT:system_ext}/app",
    "/@{SYSTEM_EXT:system_ext}/priv-app", "/vendor/framework", "/vendor/app",
    "/vendor/priv-app", "/system/vendor/framework", "/system/vendor/app",
    "/system/vendor/priv-app", "/odm/framework", "/odm/app", "/odm/priv-app",
    "/oem/app", "/@{PRODUCT:product}/framework", "/@{PRODUCT:product}/app",
    "/@{PRODUCT:product}/priv-app", "/data", "/mnt/expand",
    "/apex/com.android.runtime/${LIB}/bionic", "/system/${LIB}/bootstrap"};

void BuildPermittedPath(Namespace& ns) {
  for (const auto& path : kPermittedPaths) {
    ns.AddPermittedPath(path, true, false);
  }
}
}  // namespace

namespace android {
namespace linkerconfig {
namespace contents {
Namespace BuildSystemDefaultNamespace([[maybe_unused]] const Context& ctx) {
  bool is_legacy = android::linkerconfig::modules::IsLegacyDevice();
  Namespace ns("default", /*is_isolated=*/!is_legacy,
               /*is_visible=*/true);

  ns.AddSearchPath("/system/${LIB}", /*also_in_asan=*/true,
                   /*with_data_asan=*/true);
  ns.AddSearchPath("/@{SYSTEM_EXT:system_ext}/${LIB}",
                   /*also_in_asan=*/true, /*with_data_asan=*/true);
  ns.AddSearchPath("/@{PRODUCT:product}/${LIB}", /*also_in_asan=*/true,
                   /*with_data_asan=*/true);
  if (is_legacy) {
    ns.AddSearchPath("/vendor/${LIB}", /*also_in_asan=*/true,
                     /*with_data_asan=*/true);
    ns.AddSearchPath("/odm/${LIB}", /*also_in_asan=*/true,
                     /*with_data_asan=*/true);
  }

  if (!is_legacy) {
    BuildPermittedPath(ns);
  }

  ns.CreateLink("runtime").AddSharedLib(is_legacy ? kLibsFromRuntimeLegacy
                                                  : kLibsFromRuntime);
  ns.CreateLink("resolv").AddSharedLib("libnetd_resolv.so");

  return ns;
}
}  // namespace contents
}  // namespace linkerconfig
}  // namespace android