Snap for 7486544 from f0552b0d5950e7708fafb2baaa4be2f3ead81f33 to sc-release
Change-Id: I9f21f92feb9cb3f09d14dc12d4df121f5b8101c7
diff --git a/contents/include/linkerconfig/common.h b/contents/include/linkerconfig/common.h
index 3955722..70b16c7 100644
--- a/contents/include/linkerconfig/common.h
+++ b/contents/include/linkerconfig/common.h
@@ -31,7 +31,7 @@
// libdl.so) and applicable libclang_rt.*.
void AddStandardSystemLinks(const Context& ctx, modules::Section* section);
-const std::vector<std::string> GetSystemPermittedPaths();
+void SetupSystemPermittedPaths(modules::Namespace* ns);
} // namespace contents
} // namespace linkerconfig
diff --git a/contents/namespace/apexplatform.cc b/contents/namespace/apexplatform.cc
index 2c2f630..67e7ac2 100644
--- a/contents/namespace/apexplatform.cc
+++ b/contents/namespace/apexplatform.cc
@@ -39,10 +39,7 @@
ns.AddSearchPath(Var("PRODUCT") + "/${LIB}");
}
- const std::vector<std::string> permitted_paths = GetSystemPermittedPaths();
- for (const auto& path : permitted_paths) {
- ns.AddPermittedPath(path);
- }
+ SetupSystemPermittedPaths(&ns);
ns.AddProvides(ctx.GetSystemProvideLibs());
ns.AddRequires(ctx.GetSystemRequireLibs());
diff --git a/contents/namespace/system.cc b/contents/namespace/system.cc
index b6e2c5b..b017584 100644
--- a/contents/namespace/system.cc
+++ b/contents/namespace/system.cc
@@ -35,6 +35,8 @@
ns.AddSearchPath(Var("PRODUCT") + "/${LIB}");
}
+ SetupSystemPermittedPaths(&ns);
+
ns.AddRequires(ctx.GetSystemRequireLibs());
ns.AddProvides(ctx.GetSystemProvideLibs());
return ns;
diff --git a/contents/namespace/systemdefault.cc b/contents/namespace/systemdefault.cc
index 6e7f286..0d5c42b 100644
--- a/contents/namespace/systemdefault.cc
+++ b/contents/namespace/systemdefault.cc
@@ -29,7 +29,7 @@
namespace linkerconfig {
namespace contents {
-const std::vector<std::string> GetSystemPermittedPaths() {
+void SetupSystemPermittedPaths(Namespace* ns) {
std::string product = Var("PRODUCT");
std::string system_ext = Var("SYSTEM_EXT");
@@ -40,7 +40,7 @@
// loaded into this namespace where libs built with the current version of
// Android are loaded. Mixing the two types of libs in the same namespace
// can cause unexpected problems.
- return {
+ const std::vector<std::string> permitted_paths = {
"/system/${LIB}/drm",
"/system/${LIB}/extractors",
"/system/${LIB}/hw",
@@ -73,6 +73,14 @@
"/apex/com.android.runtime/${LIB}/bionic",
"/system/${LIB}/bootstrap",
};
+
+ for (const std::string& path : permitted_paths) {
+ ns->AddPermittedPath(path);
+ }
+ if (!IsProductVndkVersionDefined()) {
+ // System processes can use product libs only if product VNDK is not enforced.
+ ns->AddPermittedPath(product + "/${LIB}");
+ }
}
Namespace BuildSystemDefaultNamespace([[maybe_unused]] const Context& ctx) {
@@ -99,14 +107,7 @@
}
if (is_fully_treblelized) {
- const std::vector<std::string> permitted_paths = GetSystemPermittedPaths();
- for (const auto& path : permitted_paths) {
- ns.AddPermittedPath(path);
- }
- if (!IsProductVndkVersionDefined()) {
- // System processes can use product libs only if product VNDK is not enforced.
- ns.AddPermittedPath(product + "/${LIB}");
- }
+ SetupSystemPermittedPaths(&ns);
}
ns.AddRequires(ctx.GetSystemRequireLibs());
diff --git a/testdata/golden_output/legacy/com.android.adbd/ld.config.txt b/testdata/golden_output/legacy/com.android.adbd/ld.config.txt
index 321f2fc..d1301e6 100644
--- a/testdata/golden_output/legacy/com.android.adbd/ld.config.txt
+++ b/testdata/golden_output/legacy/com.android.adbd/ld.config.txt
@@ -204,6 +204,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -263,6 +264,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/legacy/com.android.art/ld.config.txt b/testdata/golden_output/legacy/com.android.art/ld.config.txt
index 52b9d00..dfd03ea 100644
--- a/testdata/golden_output/legacy/com.android.art/ld.config.txt
+++ b/testdata/golden_output/legacy/com.android.art/ld.config.txt
@@ -268,6 +268,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -327,6 +328,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/legacy/com.android.conscrypt/ld.config.txt b/testdata/golden_output/legacy/com.android.conscrypt/ld.config.txt
index 7342e03..f26a7e2 100644
--- a/testdata/golden_output/legacy/com.android.conscrypt/ld.config.txt
+++ b/testdata/golden_output/legacy/com.android.conscrypt/ld.config.txt
@@ -223,6 +223,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -282,6 +283,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/legacy/com.android.media.swcodec/ld.config.txt b/testdata/golden_output/legacy/com.android.media.swcodec/ld.config.txt
index 52e8824..bbbbaf4 100644
--- a/testdata/golden_output/legacy/com.android.media.swcodec/ld.config.txt
+++ b/testdata/golden_output/legacy/com.android.media.swcodec/ld.config.txt
@@ -262,6 +262,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -321,6 +322,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/legacy/com.android.runtime/ld.config.txt b/testdata/golden_output/legacy/com.android.runtime/ld.config.txt
index 49ef611..a50167f 100644
--- a/testdata/golden_output/legacy/com.android.runtime/ld.config.txt
+++ b/testdata/golden_output/legacy/com.android.runtime/ld.config.txt
@@ -213,6 +213,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -272,6 +273,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/legacy/com.android.sdkext/ld.config.txt b/testdata/golden_output/legacy/com.android.sdkext/ld.config.txt
index 4d9215a..d5a303b 100644
--- a/testdata/golden_output/legacy/com.android.sdkext/ld.config.txt
+++ b/testdata/golden_output/legacy/com.android.sdkext/ld.config.txt
@@ -218,6 +218,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -277,6 +278,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/legacy/com.vendor.service1/ld.config.txt b/testdata/golden_output/legacy/com.vendor.service1/ld.config.txt
index ec7681d..7a377c5 100644
--- a/testdata/golden_output/legacy/com.vendor.service1/ld.config.txt
+++ b/testdata/golden_output/legacy/com.vendor.service1/ld.config.txt
@@ -223,6 +223,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -282,6 +283,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/product-enabled/ld.config.txt b/testdata/golden_output/product-enabled/ld.config.txt
index 9a2fb80..88ccb85 100644
--- a/testdata/golden_output/product-enabled/ld.config.txt
+++ b/testdata/golden_output/product-enabled/ld.config.txt
@@ -687,10 +687,90 @@
namespace.system.isolated = false
namespace.system.search.paths = /system/${LIB}
namespace.system.search.paths += /system_ext/${LIB}
+namespace.system.permitted.paths = /system/${LIB}/drm
+namespace.system.permitted.paths += /system/${LIB}/extractors
+namespace.system.permitted.paths += /system/${LIB}/hw
+namespace.system.permitted.paths += /system_ext/${LIB}
+namespace.system.permitted.paths += /system/framework
+namespace.system.permitted.paths += /system/app
+namespace.system.permitted.paths += /system/priv-app
+namespace.system.permitted.paths += /system_ext/framework
+namespace.system.permitted.paths += /system_ext/app
+namespace.system.permitted.paths += /system_ext/priv-app
+namespace.system.permitted.paths += /vendor/framework
+namespace.system.permitted.paths += /vendor/app
+namespace.system.permitted.paths += /vendor/priv-app
+namespace.system.permitted.paths += /system/vendor/framework
+namespace.system.permitted.paths += /system/vendor/app
+namespace.system.permitted.paths += /system/vendor/priv-app
+namespace.system.permitted.paths += /odm/framework
+namespace.system.permitted.paths += /odm/app
+namespace.system.permitted.paths += /odm/priv-app
+namespace.system.permitted.paths += /oem/app
+namespace.system.permitted.paths += /product/framework
+namespace.system.permitted.paths += /product/app
+namespace.system.permitted.paths += /product/priv-app
+namespace.system.permitted.paths += /data
+namespace.system.permitted.paths += /mnt/expand
+namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.permitted.paths += /system/${LIB}/bootstrap
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
namespace.system.asan.search.paths += /system_ext/${LIB}
+namespace.system.asan.permitted.paths = /data/asan/system/${LIB}/drm
+namespace.system.asan.permitted.paths += /system/${LIB}/drm
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/hw
+namespace.system.asan.permitted.paths += /system/${LIB}/hw
+namespace.system.asan.permitted.paths += /data/asan/system_ext/${LIB}
+namespace.system.asan.permitted.paths += /system_ext/${LIB}
+namespace.system.asan.permitted.paths += /data/asan/system/framework
+namespace.system.asan.permitted.paths += /system/framework
+namespace.system.asan.permitted.paths += /data/asan/system/app
+namespace.system.asan.permitted.paths += /system/app
+namespace.system.asan.permitted.paths += /data/asan/system/priv-app
+namespace.system.asan.permitted.paths += /system/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/framework
+namespace.system.asan.permitted.paths += /system_ext/framework
+namespace.system.asan.permitted.paths += /data/asan/system_ext/app
+namespace.system.asan.permitted.paths += /system_ext/app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/priv-app
+namespace.system.asan.permitted.paths += /system_ext/priv-app
+namespace.system.asan.permitted.paths += /data/asan/vendor/framework
+namespace.system.asan.permitted.paths += /vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/vendor/app
+namespace.system.asan.permitted.paths += /vendor/app
+namespace.system.asan.permitted.paths += /data/asan/vendor/priv-app
+namespace.system.asan.permitted.paths += /vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/framework
+namespace.system.asan.permitted.paths += /system/vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/app
+namespace.system.asan.permitted.paths += /system/vendor/app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/priv-app
+namespace.system.asan.permitted.paths += /system/vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/odm/framework
+namespace.system.asan.permitted.paths += /odm/framework
+namespace.system.asan.permitted.paths += /data/asan/odm/app
+namespace.system.asan.permitted.paths += /odm/app
+namespace.system.asan.permitted.paths += /data/asan/odm/priv-app
+namespace.system.asan.permitted.paths += /odm/priv-app
+namespace.system.asan.permitted.paths += /data/asan/oem/app
+namespace.system.asan.permitted.paths += /oem/app
+namespace.system.asan.permitted.paths += /data/asan/product/framework
+namespace.system.asan.permitted.paths += /product/framework
+namespace.system.asan.permitted.paths += /data/asan/product/app
+namespace.system.asan.permitted.paths += /product/app
+namespace.system.asan.permitted.paths += /data/asan/product/priv-app
+namespace.system.asan.permitted.paths += /product/priv-app
+namespace.system.asan.permitted.paths += /data/asan/data
+namespace.system.asan.permitted.paths += /data
+namespace.system.asan.permitted.paths += /data/asan/mnt/expand
+namespace.system.asan.permitted.paths += /mnt/expand
+namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
@@ -932,10 +1012,90 @@
namespace.system.isolated = false
namespace.system.search.paths = /system/${LIB}
namespace.system.search.paths += /system_ext/${LIB}
+namespace.system.permitted.paths = /system/${LIB}/drm
+namespace.system.permitted.paths += /system/${LIB}/extractors
+namespace.system.permitted.paths += /system/${LIB}/hw
+namespace.system.permitted.paths += /system_ext/${LIB}
+namespace.system.permitted.paths += /system/framework
+namespace.system.permitted.paths += /system/app
+namespace.system.permitted.paths += /system/priv-app
+namespace.system.permitted.paths += /system_ext/framework
+namespace.system.permitted.paths += /system_ext/app
+namespace.system.permitted.paths += /system_ext/priv-app
+namespace.system.permitted.paths += /vendor/framework
+namespace.system.permitted.paths += /vendor/app
+namespace.system.permitted.paths += /vendor/priv-app
+namespace.system.permitted.paths += /system/vendor/framework
+namespace.system.permitted.paths += /system/vendor/app
+namespace.system.permitted.paths += /system/vendor/priv-app
+namespace.system.permitted.paths += /odm/framework
+namespace.system.permitted.paths += /odm/app
+namespace.system.permitted.paths += /odm/priv-app
+namespace.system.permitted.paths += /oem/app
+namespace.system.permitted.paths += /product/framework
+namespace.system.permitted.paths += /product/app
+namespace.system.permitted.paths += /product/priv-app
+namespace.system.permitted.paths += /data
+namespace.system.permitted.paths += /mnt/expand
+namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.permitted.paths += /system/${LIB}/bootstrap
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
namespace.system.asan.search.paths += /system_ext/${LIB}
+namespace.system.asan.permitted.paths = /data/asan/system/${LIB}/drm
+namespace.system.asan.permitted.paths += /system/${LIB}/drm
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/hw
+namespace.system.asan.permitted.paths += /system/${LIB}/hw
+namespace.system.asan.permitted.paths += /data/asan/system_ext/${LIB}
+namespace.system.asan.permitted.paths += /system_ext/${LIB}
+namespace.system.asan.permitted.paths += /data/asan/system/framework
+namespace.system.asan.permitted.paths += /system/framework
+namespace.system.asan.permitted.paths += /data/asan/system/app
+namespace.system.asan.permitted.paths += /system/app
+namespace.system.asan.permitted.paths += /data/asan/system/priv-app
+namespace.system.asan.permitted.paths += /system/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/framework
+namespace.system.asan.permitted.paths += /system_ext/framework
+namespace.system.asan.permitted.paths += /data/asan/system_ext/app
+namespace.system.asan.permitted.paths += /system_ext/app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/priv-app
+namespace.system.asan.permitted.paths += /system_ext/priv-app
+namespace.system.asan.permitted.paths += /data/asan/vendor/framework
+namespace.system.asan.permitted.paths += /vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/vendor/app
+namespace.system.asan.permitted.paths += /vendor/app
+namespace.system.asan.permitted.paths += /data/asan/vendor/priv-app
+namespace.system.asan.permitted.paths += /vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/framework
+namespace.system.asan.permitted.paths += /system/vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/app
+namespace.system.asan.permitted.paths += /system/vendor/app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/priv-app
+namespace.system.asan.permitted.paths += /system/vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/odm/framework
+namespace.system.asan.permitted.paths += /odm/framework
+namespace.system.asan.permitted.paths += /data/asan/odm/app
+namespace.system.asan.permitted.paths += /odm/app
+namespace.system.asan.permitted.paths += /data/asan/odm/priv-app
+namespace.system.asan.permitted.paths += /odm/priv-app
+namespace.system.asan.permitted.paths += /data/asan/oem/app
+namespace.system.asan.permitted.paths += /oem/app
+namespace.system.asan.permitted.paths += /data/asan/product/framework
+namespace.system.asan.permitted.paths += /product/framework
+namespace.system.asan.permitted.paths += /data/asan/product/app
+namespace.system.asan.permitted.paths += /product/app
+namespace.system.asan.permitted.paths += /data/asan/product/priv-app
+namespace.system.asan.permitted.paths += /product/priv-app
+namespace.system.asan.permitted.paths += /data/asan/data
+namespace.system.asan.permitted.paths += /data
+namespace.system.asan.permitted.paths += /data/asan/mnt/expand
+namespace.system.asan.permitted.paths += /mnt/expand
+namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
@@ -1568,10 +1728,90 @@
namespace.system.isolated = false
namespace.system.search.paths = /system/${LIB}
namespace.system.search.paths += /system_ext/${LIB}
+namespace.system.permitted.paths = /system/${LIB}/drm
+namespace.system.permitted.paths += /system/${LIB}/extractors
+namespace.system.permitted.paths += /system/${LIB}/hw
+namespace.system.permitted.paths += /system_ext/${LIB}
+namespace.system.permitted.paths += /system/framework
+namespace.system.permitted.paths += /system/app
+namespace.system.permitted.paths += /system/priv-app
+namespace.system.permitted.paths += /system_ext/framework
+namespace.system.permitted.paths += /system_ext/app
+namespace.system.permitted.paths += /system_ext/priv-app
+namespace.system.permitted.paths += /vendor/framework
+namespace.system.permitted.paths += /vendor/app
+namespace.system.permitted.paths += /vendor/priv-app
+namespace.system.permitted.paths += /system/vendor/framework
+namespace.system.permitted.paths += /system/vendor/app
+namespace.system.permitted.paths += /system/vendor/priv-app
+namespace.system.permitted.paths += /odm/framework
+namespace.system.permitted.paths += /odm/app
+namespace.system.permitted.paths += /odm/priv-app
+namespace.system.permitted.paths += /oem/app
+namespace.system.permitted.paths += /product/framework
+namespace.system.permitted.paths += /product/app
+namespace.system.permitted.paths += /product/priv-app
+namespace.system.permitted.paths += /data
+namespace.system.permitted.paths += /mnt/expand
+namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.permitted.paths += /system/${LIB}/bootstrap
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
namespace.system.asan.search.paths += /system_ext/${LIB}
+namespace.system.asan.permitted.paths = /data/asan/system/${LIB}/drm
+namespace.system.asan.permitted.paths += /system/${LIB}/drm
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/hw
+namespace.system.asan.permitted.paths += /system/${LIB}/hw
+namespace.system.asan.permitted.paths += /data/asan/system_ext/${LIB}
+namespace.system.asan.permitted.paths += /system_ext/${LIB}
+namespace.system.asan.permitted.paths += /data/asan/system/framework
+namespace.system.asan.permitted.paths += /system/framework
+namespace.system.asan.permitted.paths += /data/asan/system/app
+namespace.system.asan.permitted.paths += /system/app
+namespace.system.asan.permitted.paths += /data/asan/system/priv-app
+namespace.system.asan.permitted.paths += /system/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/framework
+namespace.system.asan.permitted.paths += /system_ext/framework
+namespace.system.asan.permitted.paths += /data/asan/system_ext/app
+namespace.system.asan.permitted.paths += /system_ext/app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/priv-app
+namespace.system.asan.permitted.paths += /system_ext/priv-app
+namespace.system.asan.permitted.paths += /data/asan/vendor/framework
+namespace.system.asan.permitted.paths += /vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/vendor/app
+namespace.system.asan.permitted.paths += /vendor/app
+namespace.system.asan.permitted.paths += /data/asan/vendor/priv-app
+namespace.system.asan.permitted.paths += /vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/framework
+namespace.system.asan.permitted.paths += /system/vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/app
+namespace.system.asan.permitted.paths += /system/vendor/app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/priv-app
+namespace.system.asan.permitted.paths += /system/vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/odm/framework
+namespace.system.asan.permitted.paths += /odm/framework
+namespace.system.asan.permitted.paths += /data/asan/odm/app
+namespace.system.asan.permitted.paths += /odm/app
+namespace.system.asan.permitted.paths += /data/asan/odm/priv-app
+namespace.system.asan.permitted.paths += /odm/priv-app
+namespace.system.asan.permitted.paths += /data/asan/oem/app
+namespace.system.asan.permitted.paths += /oem/app
+namespace.system.asan.permitted.paths += /data/asan/product/framework
+namespace.system.asan.permitted.paths += /product/framework
+namespace.system.asan.permitted.paths += /data/asan/product/app
+namespace.system.asan.permitted.paths += /product/app
+namespace.system.asan.permitted.paths += /data/asan/product/priv-app
+namespace.system.asan.permitted.paths += /product/priv-app
+namespace.system.asan.permitted.paths += /data/asan/data
+namespace.system.asan.permitted.paths += /data
+namespace.system.asan.permitted.paths += /data/asan/mnt/expand
+namespace.system.asan.permitted.paths += /mnt/expand
+namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/stage0/ld.config.txt b/testdata/golden_output/stage0/ld.config.txt
index e0597a9..5718d21 100644
--- a/testdata/golden_output/stage0/ld.config.txt
+++ b/testdata/golden_output/stage0/ld.config.txt
@@ -143,9 +143,92 @@
namespace.system.search.paths = /system/${LIB}
namespace.system.search.paths += /system_ext/${LIB}
namespace.system.search.paths += /product/${LIB}
+namespace.system.permitted.paths = /system/${LIB}/drm
+namespace.system.permitted.paths += /system/${LIB}/extractors
+namespace.system.permitted.paths += /system/${LIB}/hw
+namespace.system.permitted.paths += /system_ext/${LIB}
+namespace.system.permitted.paths += /system/framework
+namespace.system.permitted.paths += /system/app
+namespace.system.permitted.paths += /system/priv-app
+namespace.system.permitted.paths += /system_ext/framework
+namespace.system.permitted.paths += /system_ext/app
+namespace.system.permitted.paths += /system_ext/priv-app
+namespace.system.permitted.paths += /vendor/framework
+namespace.system.permitted.paths += /vendor/app
+namespace.system.permitted.paths += /vendor/priv-app
+namespace.system.permitted.paths += /system/vendor/framework
+namespace.system.permitted.paths += /system/vendor/app
+namespace.system.permitted.paths += /system/vendor/priv-app
+namespace.system.permitted.paths += /odm/framework
+namespace.system.permitted.paths += /odm/app
+namespace.system.permitted.paths += /odm/priv-app
+namespace.system.permitted.paths += /oem/app
+namespace.system.permitted.paths += /product/framework
+namespace.system.permitted.paths += /product/app
+namespace.system.permitted.paths += /product/priv-app
+namespace.system.permitted.paths += /data
+namespace.system.permitted.paths += /mnt/expand
+namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
namespace.system.asan.search.paths += /system_ext/${LIB}
namespace.system.asan.search.paths += /data/asan/product/${LIB}
namespace.system.asan.search.paths += /product/${LIB}
+namespace.system.asan.permitted.paths = /data/asan/system/${LIB}/drm
+namespace.system.asan.permitted.paths += /system/${LIB}/drm
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/hw
+namespace.system.asan.permitted.paths += /system/${LIB}/hw
+namespace.system.asan.permitted.paths += /data/asan/system_ext/${LIB}
+namespace.system.asan.permitted.paths += /system_ext/${LIB}
+namespace.system.asan.permitted.paths += /data/asan/system/framework
+namespace.system.asan.permitted.paths += /system/framework
+namespace.system.asan.permitted.paths += /data/asan/system/app
+namespace.system.asan.permitted.paths += /system/app
+namespace.system.asan.permitted.paths += /data/asan/system/priv-app
+namespace.system.asan.permitted.paths += /system/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/framework
+namespace.system.asan.permitted.paths += /system_ext/framework
+namespace.system.asan.permitted.paths += /data/asan/system_ext/app
+namespace.system.asan.permitted.paths += /system_ext/app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/priv-app
+namespace.system.asan.permitted.paths += /system_ext/priv-app
+namespace.system.asan.permitted.paths += /data/asan/vendor/framework
+namespace.system.asan.permitted.paths += /vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/vendor/app
+namespace.system.asan.permitted.paths += /vendor/app
+namespace.system.asan.permitted.paths += /data/asan/vendor/priv-app
+namespace.system.asan.permitted.paths += /vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/framework
+namespace.system.asan.permitted.paths += /system/vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/app
+namespace.system.asan.permitted.paths += /system/vendor/app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/priv-app
+namespace.system.asan.permitted.paths += /system/vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/odm/framework
+namespace.system.asan.permitted.paths += /odm/framework
+namespace.system.asan.permitted.paths += /data/asan/odm/app
+namespace.system.asan.permitted.paths += /odm/app
+namespace.system.asan.permitted.paths += /data/asan/odm/priv-app
+namespace.system.asan.permitted.paths += /odm/priv-app
+namespace.system.asan.permitted.paths += /data/asan/oem/app
+namespace.system.asan.permitted.paths += /oem/app
+namespace.system.asan.permitted.paths += /data/asan/product/framework
+namespace.system.asan.permitted.paths += /product/framework
+namespace.system.asan.permitted.paths += /data/asan/product/app
+namespace.system.asan.permitted.paths += /product/app
+namespace.system.asan.permitted.paths += /data/asan/product/priv-app
+namespace.system.asan.permitted.paths += /product/priv-app
+namespace.system.asan.permitted.paths += /data/asan/data
+namespace.system.asan.permitted.paths += /data
+namespace.system.asan.permitted.paths += /data/asan/mnt/expand
+namespace.system.asan.permitted.paths += /mnt/expand
+namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
diff --git a/testdata/golden_output/stage1/com.android.art/ld.config.txt b/testdata/golden_output/stage1/com.android.art/ld.config.txt
index 8eaf515..947fa04 100644
--- a/testdata/golden_output/stage1/com.android.art/ld.config.txt
+++ b/testdata/golden_output/stage1/com.android.art/ld.config.txt
@@ -119,6 +119,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -178,6 +179,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/stage1/com.android.runtime/ld.config.txt b/testdata/golden_output/stage1/com.android.runtime/ld.config.txt
index b7ee7c5..596b72a 100644
--- a/testdata/golden_output/stage1/com.android.runtime/ld.config.txt
+++ b/testdata/golden_output/stage1/com.android.runtime/ld.config.txt
@@ -108,6 +108,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -167,6 +168,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/stage1/ld.config.txt b/testdata/golden_output/stage1/ld.config.txt
index 4ac1cc8..90f4e37 100644
--- a/testdata/golden_output/stage1/ld.config.txt
+++ b/testdata/golden_output/stage1/ld.config.txt
@@ -415,12 +415,95 @@
namespace.system.search.paths = /system/${LIB}
namespace.system.search.paths += /system_ext/${LIB}
namespace.system.search.paths += /product/${LIB}
+namespace.system.permitted.paths = /system/${LIB}/drm
+namespace.system.permitted.paths += /system/${LIB}/extractors
+namespace.system.permitted.paths += /system/${LIB}/hw
+namespace.system.permitted.paths += /system_ext/${LIB}
+namespace.system.permitted.paths += /system/framework
+namespace.system.permitted.paths += /system/app
+namespace.system.permitted.paths += /system/priv-app
+namespace.system.permitted.paths += /system_ext/framework
+namespace.system.permitted.paths += /system_ext/app
+namespace.system.permitted.paths += /system_ext/priv-app
+namespace.system.permitted.paths += /vendor/framework
+namespace.system.permitted.paths += /vendor/app
+namespace.system.permitted.paths += /vendor/priv-app
+namespace.system.permitted.paths += /system/vendor/framework
+namespace.system.permitted.paths += /system/vendor/app
+namespace.system.permitted.paths += /system/vendor/priv-app
+namespace.system.permitted.paths += /odm/framework
+namespace.system.permitted.paths += /odm/app
+namespace.system.permitted.paths += /odm/priv-app
+namespace.system.permitted.paths += /oem/app
+namespace.system.permitted.paths += /product/framework
+namespace.system.permitted.paths += /product/app
+namespace.system.permitted.paths += /product/priv-app
+namespace.system.permitted.paths += /data
+namespace.system.permitted.paths += /mnt/expand
+namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
namespace.system.asan.search.paths += /system_ext/${LIB}
namespace.system.asan.search.paths += /data/asan/product/${LIB}
namespace.system.asan.search.paths += /product/${LIB}
+namespace.system.asan.permitted.paths = /data/asan/system/${LIB}/drm
+namespace.system.asan.permitted.paths += /system/${LIB}/drm
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/hw
+namespace.system.asan.permitted.paths += /system/${LIB}/hw
+namespace.system.asan.permitted.paths += /data/asan/system_ext/${LIB}
+namespace.system.asan.permitted.paths += /system_ext/${LIB}
+namespace.system.asan.permitted.paths += /data/asan/system/framework
+namespace.system.asan.permitted.paths += /system/framework
+namespace.system.asan.permitted.paths += /data/asan/system/app
+namespace.system.asan.permitted.paths += /system/app
+namespace.system.asan.permitted.paths += /data/asan/system/priv-app
+namespace.system.asan.permitted.paths += /system/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/framework
+namespace.system.asan.permitted.paths += /system_ext/framework
+namespace.system.asan.permitted.paths += /data/asan/system_ext/app
+namespace.system.asan.permitted.paths += /system_ext/app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/priv-app
+namespace.system.asan.permitted.paths += /system_ext/priv-app
+namespace.system.asan.permitted.paths += /data/asan/vendor/framework
+namespace.system.asan.permitted.paths += /vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/vendor/app
+namespace.system.asan.permitted.paths += /vendor/app
+namespace.system.asan.permitted.paths += /data/asan/vendor/priv-app
+namespace.system.asan.permitted.paths += /vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/framework
+namespace.system.asan.permitted.paths += /system/vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/app
+namespace.system.asan.permitted.paths += /system/vendor/app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/priv-app
+namespace.system.asan.permitted.paths += /system/vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/odm/framework
+namespace.system.asan.permitted.paths += /odm/framework
+namespace.system.asan.permitted.paths += /data/asan/odm/app
+namespace.system.asan.permitted.paths += /odm/app
+namespace.system.asan.permitted.paths += /data/asan/odm/priv-app
+namespace.system.asan.permitted.paths += /odm/priv-app
+namespace.system.asan.permitted.paths += /data/asan/oem/app
+namespace.system.asan.permitted.paths += /oem/app
+namespace.system.asan.permitted.paths += /data/asan/product/framework
+namespace.system.asan.permitted.paths += /product/framework
+namespace.system.asan.permitted.paths += /data/asan/product/app
+namespace.system.asan.permitted.paths += /product/app
+namespace.system.asan.permitted.paths += /data/asan/product/priv-app
+namespace.system.asan.permitted.paths += /product/priv-app
+namespace.system.asan.permitted.paths += /data/asan/data
+namespace.system.asan.permitted.paths += /data
+namespace.system.asan.permitted.paths += /data/asan/mnt/expand
+namespace.system.asan.permitted.paths += /mnt/expand
+namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
@@ -757,12 +840,95 @@
namespace.system.search.paths = /system/${LIB}
namespace.system.search.paths += /system_ext/${LIB}
namespace.system.search.paths += /product/${LIB}
+namespace.system.permitted.paths = /system/${LIB}/drm
+namespace.system.permitted.paths += /system/${LIB}/extractors
+namespace.system.permitted.paths += /system/${LIB}/hw
+namespace.system.permitted.paths += /system_ext/${LIB}
+namespace.system.permitted.paths += /system/framework
+namespace.system.permitted.paths += /system/app
+namespace.system.permitted.paths += /system/priv-app
+namespace.system.permitted.paths += /system_ext/framework
+namespace.system.permitted.paths += /system_ext/app
+namespace.system.permitted.paths += /system_ext/priv-app
+namespace.system.permitted.paths += /vendor/framework
+namespace.system.permitted.paths += /vendor/app
+namespace.system.permitted.paths += /vendor/priv-app
+namespace.system.permitted.paths += /system/vendor/framework
+namespace.system.permitted.paths += /system/vendor/app
+namespace.system.permitted.paths += /system/vendor/priv-app
+namespace.system.permitted.paths += /odm/framework
+namespace.system.permitted.paths += /odm/app
+namespace.system.permitted.paths += /odm/priv-app
+namespace.system.permitted.paths += /oem/app
+namespace.system.permitted.paths += /product/framework
+namespace.system.permitted.paths += /product/app
+namespace.system.permitted.paths += /product/priv-app
+namespace.system.permitted.paths += /data
+namespace.system.permitted.paths += /mnt/expand
+namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
namespace.system.asan.search.paths += /system_ext/${LIB}
namespace.system.asan.search.paths += /data/asan/product/${LIB}
namespace.system.asan.search.paths += /product/${LIB}
+namespace.system.asan.permitted.paths = /data/asan/system/${LIB}/drm
+namespace.system.asan.permitted.paths += /system/${LIB}/drm
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/hw
+namespace.system.asan.permitted.paths += /system/${LIB}/hw
+namespace.system.asan.permitted.paths += /data/asan/system_ext/${LIB}
+namespace.system.asan.permitted.paths += /system_ext/${LIB}
+namespace.system.asan.permitted.paths += /data/asan/system/framework
+namespace.system.asan.permitted.paths += /system/framework
+namespace.system.asan.permitted.paths += /data/asan/system/app
+namespace.system.asan.permitted.paths += /system/app
+namespace.system.asan.permitted.paths += /data/asan/system/priv-app
+namespace.system.asan.permitted.paths += /system/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/framework
+namespace.system.asan.permitted.paths += /system_ext/framework
+namespace.system.asan.permitted.paths += /data/asan/system_ext/app
+namespace.system.asan.permitted.paths += /system_ext/app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/priv-app
+namespace.system.asan.permitted.paths += /system_ext/priv-app
+namespace.system.asan.permitted.paths += /data/asan/vendor/framework
+namespace.system.asan.permitted.paths += /vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/vendor/app
+namespace.system.asan.permitted.paths += /vendor/app
+namespace.system.asan.permitted.paths += /data/asan/vendor/priv-app
+namespace.system.asan.permitted.paths += /vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/framework
+namespace.system.asan.permitted.paths += /system/vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/app
+namespace.system.asan.permitted.paths += /system/vendor/app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/priv-app
+namespace.system.asan.permitted.paths += /system/vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/odm/framework
+namespace.system.asan.permitted.paths += /odm/framework
+namespace.system.asan.permitted.paths += /data/asan/odm/app
+namespace.system.asan.permitted.paths += /odm/app
+namespace.system.asan.permitted.paths += /data/asan/odm/priv-app
+namespace.system.asan.permitted.paths += /odm/priv-app
+namespace.system.asan.permitted.paths += /data/asan/oem/app
+namespace.system.asan.permitted.paths += /oem/app
+namespace.system.asan.permitted.paths += /data/asan/product/framework
+namespace.system.asan.permitted.paths += /product/framework
+namespace.system.asan.permitted.paths += /data/asan/product/app
+namespace.system.asan.permitted.paths += /product/app
+namespace.system.asan.permitted.paths += /data/asan/product/priv-app
+namespace.system.asan.permitted.paths += /product/priv-app
+namespace.system.asan.permitted.paths += /data/asan/data
+namespace.system.asan.permitted.paths += /data
+namespace.system.asan.permitted.paths += /data/asan/mnt/expand
+namespace.system.asan.permitted.paths += /mnt/expand
+namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/stage2/com.android.adbd/ld.config.txt b/testdata/golden_output/stage2/com.android.adbd/ld.config.txt
index 321f2fc..d1301e6 100644
--- a/testdata/golden_output/stage2/com.android.adbd/ld.config.txt
+++ b/testdata/golden_output/stage2/com.android.adbd/ld.config.txt
@@ -204,6 +204,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -263,6 +264,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/stage2/com.android.art/ld.config.txt b/testdata/golden_output/stage2/com.android.art/ld.config.txt
index 52b9d00..dfd03ea 100644
--- a/testdata/golden_output/stage2/com.android.art/ld.config.txt
+++ b/testdata/golden_output/stage2/com.android.art/ld.config.txt
@@ -268,6 +268,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -327,6 +328,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/stage2/com.android.conscrypt/ld.config.txt b/testdata/golden_output/stage2/com.android.conscrypt/ld.config.txt
index 7342e03..f26a7e2 100644
--- a/testdata/golden_output/stage2/com.android.conscrypt/ld.config.txt
+++ b/testdata/golden_output/stage2/com.android.conscrypt/ld.config.txt
@@ -223,6 +223,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -282,6 +283,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/stage2/com.android.media.swcodec/ld.config.txt b/testdata/golden_output/stage2/com.android.media.swcodec/ld.config.txt
index f5b5b96..20040f6 100644
--- a/testdata/golden_output/stage2/com.android.media.swcodec/ld.config.txt
+++ b/testdata/golden_output/stage2/com.android.media.swcodec/ld.config.txt
@@ -258,6 +258,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -317,6 +318,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/stage2/com.android.runtime/ld.config.txt b/testdata/golden_output/stage2/com.android.runtime/ld.config.txt
index 49ef611..a50167f 100644
--- a/testdata/golden_output/stage2/com.android.runtime/ld.config.txt
+++ b/testdata/golden_output/stage2/com.android.runtime/ld.config.txt
@@ -213,6 +213,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -272,6 +273,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/stage2/com.android.sdkext/ld.config.txt b/testdata/golden_output/stage2/com.android.sdkext/ld.config.txt
index 4d9215a..d5a303b 100644
--- a/testdata/golden_output/stage2/com.android.sdkext/ld.config.txt
+++ b/testdata/golden_output/stage2/com.android.sdkext/ld.config.txt
@@ -218,6 +218,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -277,6 +278,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/stage2/com.vendor.service1/ld.config.txt b/testdata/golden_output/stage2/com.vendor.service1/ld.config.txt
index 31fe63d..61afb31 100644
--- a/testdata/golden_output/stage2/com.vendor.service1/ld.config.txt
+++ b/testdata/golden_output/stage2/com.vendor.service1/ld.config.txt
@@ -225,6 +225,7 @@
namespace.system.permitted.paths += /mnt/expand
namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
@@ -284,6 +285,8 @@
namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
diff --git a/testdata/golden_output/stage2/ld.config.txt b/testdata/golden_output/stage2/ld.config.txt
index a66d4dd..1462d3b 100644
--- a/testdata/golden_output/stage2/ld.config.txt
+++ b/testdata/golden_output/stage2/ld.config.txt
@@ -676,12 +676,95 @@
namespace.system.search.paths = /system/${LIB}
namespace.system.search.paths += /system_ext/${LIB}
namespace.system.search.paths += /product/${LIB}
+namespace.system.permitted.paths = /system/${LIB}/drm
+namespace.system.permitted.paths += /system/${LIB}/extractors
+namespace.system.permitted.paths += /system/${LIB}/hw
+namespace.system.permitted.paths += /system_ext/${LIB}
+namespace.system.permitted.paths += /system/framework
+namespace.system.permitted.paths += /system/app
+namespace.system.permitted.paths += /system/priv-app
+namespace.system.permitted.paths += /system_ext/framework
+namespace.system.permitted.paths += /system_ext/app
+namespace.system.permitted.paths += /system_ext/priv-app
+namespace.system.permitted.paths += /vendor/framework
+namespace.system.permitted.paths += /vendor/app
+namespace.system.permitted.paths += /vendor/priv-app
+namespace.system.permitted.paths += /system/vendor/framework
+namespace.system.permitted.paths += /system/vendor/app
+namespace.system.permitted.paths += /system/vendor/priv-app
+namespace.system.permitted.paths += /odm/framework
+namespace.system.permitted.paths += /odm/app
+namespace.system.permitted.paths += /odm/priv-app
+namespace.system.permitted.paths += /oem/app
+namespace.system.permitted.paths += /product/framework
+namespace.system.permitted.paths += /product/app
+namespace.system.permitted.paths += /product/priv-app
+namespace.system.permitted.paths += /data
+namespace.system.permitted.paths += /mnt/expand
+namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
namespace.system.asan.search.paths += /system_ext/${LIB}
namespace.system.asan.search.paths += /data/asan/product/${LIB}
namespace.system.asan.search.paths += /product/${LIB}
+namespace.system.asan.permitted.paths = /data/asan/system/${LIB}/drm
+namespace.system.asan.permitted.paths += /system/${LIB}/drm
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/hw
+namespace.system.asan.permitted.paths += /system/${LIB}/hw
+namespace.system.asan.permitted.paths += /data/asan/system_ext/${LIB}
+namespace.system.asan.permitted.paths += /system_ext/${LIB}
+namespace.system.asan.permitted.paths += /data/asan/system/framework
+namespace.system.asan.permitted.paths += /system/framework
+namespace.system.asan.permitted.paths += /data/asan/system/app
+namespace.system.asan.permitted.paths += /system/app
+namespace.system.asan.permitted.paths += /data/asan/system/priv-app
+namespace.system.asan.permitted.paths += /system/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/framework
+namespace.system.asan.permitted.paths += /system_ext/framework
+namespace.system.asan.permitted.paths += /data/asan/system_ext/app
+namespace.system.asan.permitted.paths += /system_ext/app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/priv-app
+namespace.system.asan.permitted.paths += /system_ext/priv-app
+namespace.system.asan.permitted.paths += /data/asan/vendor/framework
+namespace.system.asan.permitted.paths += /vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/vendor/app
+namespace.system.asan.permitted.paths += /vendor/app
+namespace.system.asan.permitted.paths += /data/asan/vendor/priv-app
+namespace.system.asan.permitted.paths += /vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/framework
+namespace.system.asan.permitted.paths += /system/vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/app
+namespace.system.asan.permitted.paths += /system/vendor/app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/priv-app
+namespace.system.asan.permitted.paths += /system/vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/odm/framework
+namespace.system.asan.permitted.paths += /odm/framework
+namespace.system.asan.permitted.paths += /data/asan/odm/app
+namespace.system.asan.permitted.paths += /odm/app
+namespace.system.asan.permitted.paths += /data/asan/odm/priv-app
+namespace.system.asan.permitted.paths += /odm/priv-app
+namespace.system.asan.permitted.paths += /data/asan/oem/app
+namespace.system.asan.permitted.paths += /oem/app
+namespace.system.asan.permitted.paths += /data/asan/product/framework
+namespace.system.asan.permitted.paths += /product/framework
+namespace.system.asan.permitted.paths += /data/asan/product/app
+namespace.system.asan.permitted.paths += /product/app
+namespace.system.asan.permitted.paths += /data/asan/product/priv-app
+namespace.system.asan.permitted.paths += /product/priv-app
+namespace.system.asan.permitted.paths += /data/asan/data
+namespace.system.asan.permitted.paths += /data
+namespace.system.asan.permitted.paths += /data/asan/mnt/expand
+namespace.system.asan.permitted.paths += /mnt/expand
+namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
@@ -1324,12 +1407,95 @@
namespace.system.search.paths = /system/${LIB}
namespace.system.search.paths += /system_ext/${LIB}
namespace.system.search.paths += /product/${LIB}
+namespace.system.permitted.paths = /system/${LIB}/drm
+namespace.system.permitted.paths += /system/${LIB}/extractors
+namespace.system.permitted.paths += /system/${LIB}/hw
+namespace.system.permitted.paths += /system_ext/${LIB}
+namespace.system.permitted.paths += /system/framework
+namespace.system.permitted.paths += /system/app
+namespace.system.permitted.paths += /system/priv-app
+namespace.system.permitted.paths += /system_ext/framework
+namespace.system.permitted.paths += /system_ext/app
+namespace.system.permitted.paths += /system_ext/priv-app
+namespace.system.permitted.paths += /vendor/framework
+namespace.system.permitted.paths += /vendor/app
+namespace.system.permitted.paths += /vendor/priv-app
+namespace.system.permitted.paths += /system/vendor/framework
+namespace.system.permitted.paths += /system/vendor/app
+namespace.system.permitted.paths += /system/vendor/priv-app
+namespace.system.permitted.paths += /odm/framework
+namespace.system.permitted.paths += /odm/app
+namespace.system.permitted.paths += /odm/priv-app
+namespace.system.permitted.paths += /oem/app
+namespace.system.permitted.paths += /product/framework
+namespace.system.permitted.paths += /product/app
+namespace.system.permitted.paths += /product/priv-app
+namespace.system.permitted.paths += /data
+namespace.system.permitted.paths += /mnt/expand
+namespace.system.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.permitted.paths += /product/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
namespace.system.asan.search.paths += /data/asan/system_ext/${LIB}
namespace.system.asan.search.paths += /system_ext/${LIB}
namespace.system.asan.search.paths += /data/asan/product/${LIB}
namespace.system.asan.search.paths += /product/${LIB}
+namespace.system.asan.permitted.paths = /data/asan/system/${LIB}/drm
+namespace.system.asan.permitted.paths += /system/${LIB}/drm
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /system/${LIB}/extractors
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/hw
+namespace.system.asan.permitted.paths += /system/${LIB}/hw
+namespace.system.asan.permitted.paths += /data/asan/system_ext/${LIB}
+namespace.system.asan.permitted.paths += /system_ext/${LIB}
+namespace.system.asan.permitted.paths += /data/asan/system/framework
+namespace.system.asan.permitted.paths += /system/framework
+namespace.system.asan.permitted.paths += /data/asan/system/app
+namespace.system.asan.permitted.paths += /system/app
+namespace.system.asan.permitted.paths += /data/asan/system/priv-app
+namespace.system.asan.permitted.paths += /system/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/framework
+namespace.system.asan.permitted.paths += /system_ext/framework
+namespace.system.asan.permitted.paths += /data/asan/system_ext/app
+namespace.system.asan.permitted.paths += /system_ext/app
+namespace.system.asan.permitted.paths += /data/asan/system_ext/priv-app
+namespace.system.asan.permitted.paths += /system_ext/priv-app
+namespace.system.asan.permitted.paths += /data/asan/vendor/framework
+namespace.system.asan.permitted.paths += /vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/vendor/app
+namespace.system.asan.permitted.paths += /vendor/app
+namespace.system.asan.permitted.paths += /data/asan/vendor/priv-app
+namespace.system.asan.permitted.paths += /vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/framework
+namespace.system.asan.permitted.paths += /system/vendor/framework
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/app
+namespace.system.asan.permitted.paths += /system/vendor/app
+namespace.system.asan.permitted.paths += /data/asan/system/vendor/priv-app
+namespace.system.asan.permitted.paths += /system/vendor/priv-app
+namespace.system.asan.permitted.paths += /data/asan/odm/framework
+namespace.system.asan.permitted.paths += /odm/framework
+namespace.system.asan.permitted.paths += /data/asan/odm/app
+namespace.system.asan.permitted.paths += /odm/app
+namespace.system.asan.permitted.paths += /data/asan/odm/priv-app
+namespace.system.asan.permitted.paths += /odm/priv-app
+namespace.system.asan.permitted.paths += /data/asan/oem/app
+namespace.system.asan.permitted.paths += /oem/app
+namespace.system.asan.permitted.paths += /data/asan/product/framework
+namespace.system.asan.permitted.paths += /product/framework
+namespace.system.asan.permitted.paths += /data/asan/product/app
+namespace.system.asan.permitted.paths += /product/app
+namespace.system.asan.permitted.paths += /data/asan/product/priv-app
+namespace.system.asan.permitted.paths += /product/priv-app
+namespace.system.asan.permitted.paths += /data/asan/data
+namespace.system.asan.permitted.paths += /data
+namespace.system.asan.permitted.paths += /data/asan/mnt/expand
+namespace.system.asan.permitted.paths += /mnt/expand
+namespace.system.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
+namespace.system.asan.permitted.paths += /data/asan/system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /system/${LIB}/bootstrap
+namespace.system.asan.permitted.paths += /data/asan/product/${LIB}
+namespace.system.asan.permitted.paths += /product/${LIB}
namespace.system.links = com_android_i18n,com_android_art,com_android_resolv,com_android_neuralnetworks,com_android_os_statsd
namespace.system.link.com_android_i18n.shared_libs = libandroidicu.so
namespace.system.link.com_android_i18n.shared_libs += libicu.so
