Make default namespace an "alias" for runtime rather than the other way
around.
There isn't a way to make a namespace properly an alias for another - just
adding a link with allow_all_shared_libs true doesn't quite do it since
links aren't transitive. That meant that "runtime" in the previous setup did
not pass on links to "default" when "classloader-namespace" in
libnativeloader added links to "runtime".
With this we link from "default" to "runtime" instead, and only APEX
binaries will start in "default" - nothing else should create links to that
namespace when this config is in use.
This also ensures no libraries are actually loaded in "default", which could
otherwise create duplicate instances with libraries loaded in "runtime".
Also make the "platform" namespace visible, to work with
android_link_namespace() in the classloader-namespace setup, and update the
reason why those namespaces need visibility.
Test: Flash and boot
Test: Run a target run test similar to art/test/run-test:
Push libarttest.so to the test directory, then
ANDROID_ADDITIONAL_PUBLIC_LIBRARIES=libc++.so:libbacktrace.so:libbase.so:libnativehelper.so:libart.so:libdexfile.so:libprofile.so:libartbase.so \
dalvikvm -Djava.library.path=. -cp 203-multi-checkpoint.jar Main arttest
Bug: 130293232
Bug: 121117762
Change-Id: I0f0b58aac3ec869b42510f9ef6af7cb26667de96
diff --git a/build/apex/ld.config.txt b/build/apex/ld.config.txt
index b1d7fec..7b2bc26 100644
--- a/build/apex/ld.config.txt
+++ b/build/apex/ld.config.txt
@@ -10,36 +10,69 @@
[runtime]
additional.namespaces = platform,conscrypt,runtime
-# Keep in sync with the runtime namespace in /system/etc/ld.config.txt.
+# The default namespace here only links to other namespaces, in particular
+# "runtime" where the real library loading takes place. Any outgoing links from
+# "runtime" also need to be present here.
namespace.default.isolated = true
-# Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by
-# libart.
-namespace.default.visible = true
-namespace.default.search.paths = /apex/com.android.runtime/${LIB}
-namespace.default.asan.search.paths = /apex/com.android.runtime/${LIB}
+namespace.default.links = runtime,platform
+namespace.default.link.runtime.allow_all_shared_libs = true
+namespace.default.link.platform.allow_all_shared_libs = true
+
+###############################################################################
+# "runtime" APEX namespace
+#
+# This is the local namespace of this APEX, with the proper name "runtime" to
+# make links created e.g. through android_link_namespace work consistently with
+# the platform linker config.
+###############################################################################
+namespace.runtime.isolated = true
+# Visible to allow links to be created at runtime, e.g. through
+# android_link_namespaces in libnativeloader.
+namespace.runtime.visible = true
+
+# Keep in sync with the "runtime" namespace in system/core/rootdir/etc/ld.config*.txt.
+namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
+namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB}
# odex files are in /system/framework. dalvikvm has to be able to dlopen the
# files for CTS.
-namespace.default.permitted.paths = /system/framework
-namespace.default.links = platform
+namespace.runtime.permitted.paths = /system/framework
+namespace.runtime.links = platform
# Need allow_all_shared_libs because libart.so can dlopen oat files in
# /system/framework and /data.
# TODO(b/130340935): Use a dynamically created linker namespace similar to
# classloader-namespace for oat files, and tighten this up.
-namespace.default.link.platform.allow_all_shared_libs = true
+namespace.runtime.link.platform.allow_all_shared_libs = true
-# Keep in sync with the default namespace in /system/etc/ld.config.txt.
+###############################################################################
+# "platform" namespace
+#
+# Corresponds to the default namespace in /system/etc/ld.config.txt. Please keep
+# in sync with linker config files in system/core/rootdir/etc.
+###############################################################################
namespace.platform.isolated = true
+# Visible to allow links to be created at runtime, e.g. through
+# android_link_namespaces in libnativeloader.
+namespace.platform.visible = true
+
namespace.platform.search.paths = /system/${LIB}
namespace.platform.asan.search.paths = /data/asan/system/${LIB}
-namespace.platform.links = default
-namespace.platform.link.default.shared_libs = libdexfile_external.so
-namespace.platform.link.default.shared_libs += libnativebridge.so
-namespace.platform.link.default.shared_libs += libnativehelper.so
-namespace.platform.link.default.shared_libs += libnativeloader.so
-namespace.platform.link.default.shared_libs += libandroidicu.so
+
+# This is only a subset of platform default namespace permitted paths, and might
+# need extension.
+namespace.default.permitted.paths = /data
+namespace.default.permitted.paths += /system/framework
+namespace.default.asan.permitted.paths = /data
+namespace.default.asan.permitted.paths += /system/framework
+
+namespace.platform.links = runtime
+namespace.platform.link.runtime.shared_libs = libdexfile_external.so
+namespace.platform.link.runtime.shared_libs += libnativebridge.so
+namespace.platform.link.runtime.shared_libs += libnativehelper.so
+namespace.platform.link.runtime.shared_libs += libnativeloader.so
+namespace.platform.link.runtime.shared_libs += libandroidicu.so
# TODO(b/122876336): Remove libpac.so once it's migrated to Webview
-namespace.platform.link.default.shared_libs += libpac.so
+namespace.platform.link.runtime.shared_libs += libpac.so
# /system/lib/libc.so, etc are symlinks to
# /apex/com.android.runtime/lib/bionic/libc.so, etc. Add the path to the
@@ -53,7 +86,7 @@
namespace.platform.permitted.paths = /apex/com.android.runtime/${LIB}/bionic
namespace.platform.asan.permitted.paths = /apex/com.android.runtime/${LIB}/bionic
-# Note that we don't need to link the default namespace with conscrypt:
+# Note that we don't need to link the runtime namespace with conscrypt:
# the runtime Java code and binaries do not explicitly load native libraries
# from it.
@@ -63,7 +96,7 @@
# This namespace is for libraries within the conscrypt APEX.
###############################################################################
-# Keep in sync with conscrypt namespace in /system/etc/ld.config.txt.
+# Keep in sync with the "conscrypt" namespace in system/core/rootdir/etc/ld.config*.txt.
namespace.conscrypt.isolated = true
namespace.conscrypt.visible = true
@@ -75,16 +108,3 @@
namespace.conscrypt.link.platform.shared_libs += libm.so
namespace.conscrypt.link.platform.shared_libs += libdl.so
namespace.conscrypt.link.platform.shared_libs += liblog.so
-
-###############################################################################
-# "runtime" APEX namespace
-#
-# This namespace is an alias for the default namespace.
-###############################################################################
-namespace.runtime.isolated = true
-namespace.runtime.visible = true
-namespace.runtime.links = default
-namespace.runtime.link.default.allow_all_shared_libs = true
-namespace.runtime.links += platform
-# TODO(b/119867084): Restrict fallback to platform namespace to PALette library.
-namespace.runtime.link.platform.allow_all_shared_libs = true