Merge "[libbacktrace] Fix sign-compare warning"
diff --git a/adb/client/adb_install.cpp b/adb/client/adb_install.cpp
index 079a975..054cbac 100644
--- a/adb/client/adb_install.cpp
+++ b/adb/client/adb_install.cpp
@@ -331,11 +331,6 @@
error_exit("Attempting to use streaming install on unsupported device");
}
- if (use_fastdeploy == true && is_reinstall == false) {
- printf("Fast Deploy is only available with -r.\n");
- use_fastdeploy = false;
- }
-
if (use_fastdeploy == true && get_device_api_level() < kFastDeployMinApi) {
printf("Fast Deploy is only compatible with devices of API version %d or higher, "
"ignoring.\n",
@@ -350,10 +345,17 @@
passthrough_argv.push_back(argv[i]);
}
}
+ if (passthrough_argv.size() < 2) {
+ error_exit("install requires an apk argument");
+ }
if (use_fastdeploy == true) {
fastdeploy_set_local_agent(use_localagent);
update_agent(agent_update_strategy);
+
+ // The last argument must be the APK file
+ const char* file = passthrough_argv.back();
+ use_fastdeploy = find_package(file);
}
switch (installMode) {
diff --git a/adb/client/commandline.cpp b/adb/client/commandline.cpp
index c8e834e..8676214 100644
--- a/adb/client/commandline.cpp
+++ b/adb/client/commandline.cpp
@@ -154,8 +154,8 @@
" --instant: cause the app to be installed as an ephemeral install app\n"
" --no-streaming: always push APK to device and invoke Package Manager as separate steps\n"
" --streaming: force streaming APK directly into Package Manager\n"
- " --fastdeploy: use fast deploy (only valid with -r)\n"
- " --no-fastdeploy: prevent use of fast deploy (only valid with -r)\n"
+ " --fastdeploy: use fast deploy\n"
+ " --no-fastdeploy: prevent use of fast deploy\n"
" --force-agent: force update of deployment agent when using fast deploy\n"
" --date-check-agent: update deployment agent when local version is newer and using fast deploy\n"
" --version-check-agent: update deployment agent when local version has different version code and using fast deploy\n"
diff --git a/adb/client/fastdeploy.cpp b/adb/client/fastdeploy.cpp
index e82f15a..f4e8664 100644
--- a/adb/client/fastdeploy.cpp
+++ b/adb/client/fastdeploy.cpp
@@ -16,6 +16,7 @@
#include "fastdeploy.h"
+#include <string.h>
#include <algorithm>
#include <array>
#include <memory>
@@ -31,7 +32,7 @@
#include "adb_utils.h"
-static constexpr long kRequiredAgentVersion = 0x00000001;
+static constexpr long kRequiredAgentVersion = 0x00000002;
static constexpr const char* kDeviceAgentPath = "/data/local/tmp/";
@@ -313,9 +314,16 @@
std::vector<unsigned char> applyErrorBuffer;
std::string argsString;
+ bool rSwitchPresent = false;
for (int i = 0; i < argc; i++) {
argsString.append(argv[i]);
argsString.append(" ");
+ if (!strcmp(argv[i], "-r")) {
+ rSwitchPresent = true;
+ }
+ }
+ if (!rSwitchPresent) {
+ argsString.append("-r");
}
std::string applyPatchCommand =
@@ -326,3 +334,9 @@
error_exit("Executing %s returned %d", applyPatchCommand.c_str(), returnCode);
}
}
+
+bool find_package(const char* apkPath) {
+ const std::string findCommand =
+ "/data/local/tmp/deployagent find " + get_packagename_from_apk(apkPath);
+ return !send_shell_command(findCommand);
+}
diff --git a/adb/client/fastdeploy.h b/adb/client/fastdeploy.h
index a6b10d3..7b7f2ec 100644
--- a/adb/client/fastdeploy.h
+++ b/adb/client/fastdeploy.h
@@ -32,3 +32,4 @@
void apply_patch_on_device(const char* apkPath, const char* patchPath, const char* outputPath);
void install_patch(const char* apkPath, const char* patchPath, int argc, const char** argv);
std::string get_patch_path(const char* apkPath);
+bool find_package(const char* apkPath);
diff --git a/adb/fastdeploy/deployagent/src/com/android/fastdeploy/DeployAgent.java b/adb/fastdeploy/deployagent/src/com/android/fastdeploy/DeployAgent.java
index 17845e2..2d3b135 100644
--- a/adb/fastdeploy/deployagent/src/com/android/fastdeploy/DeployAgent.java
+++ b/adb/fastdeploy/deployagent/src/com/android/fastdeploy/DeployAgent.java
@@ -35,7 +35,7 @@
public final class DeployAgent {
private static final int BUFFER_SIZE = 128 * 1024;
- private static final int AGENT_VERSION = 0x00000001;
+ private static final int AGENT_VERSION = 0x00000002;
public static void main(String[] args) {
int exitCode = 0;
@@ -53,6 +53,15 @@
String packageName = args[1];
extractMetaData(packageName);
+ } else if (commandString.equals("find")) {
+ if (args.length != 2) {
+ showUsage(1);
+ }
+
+ String packageName = args[1];
+ if (getFilenameFromPackageName(packageName) == null) {
+ exitCode = 3;
+ }
} else if (commandString.equals("apply")) {
if (args.length < 4) {
showUsage(1);
@@ -112,6 +121,7 @@
"usage: deployagent <command> [<args>]\n\n" +
"commands:\n" +
"version get the version\n" +
+ "find PKGNAME return zero if package found, else non-zero\n" +
"extract PKGNAME extract an installed package's metadata\n" +
"apply PKGNAME PATCHFILE [-o|-pm] apply a patch from PATCHFILE (- for stdin) to an installed package\n" +
" -o <FILE> directs output to FILE, default or - for stdout\n" +
@@ -134,7 +144,7 @@
return null;
}
- private static File getFileFromPackageName(String packageName) throws IOException {
+ private static String getFilenameFromPackageName(String packageName) throws IOException {
StringBuilder commandBuilder = new StringBuilder();
commandBuilder.append("pm list packages -f " + packageName);
@@ -153,10 +163,19 @@
int equalsIndex = line.lastIndexOf(packageSuffix);
String fileName =
line.substring(packageIndex + packagePrefix.length(), equalsIndex);
- return new File(fileName);
+ return fileName;
}
}
- throw new IOException("package not found");
+ return null;
+ }
+
+ private static File getFileFromPackageName(String packageName) throws IOException {
+ String filename = getFilenameFromPackageName(packageName);
+ if (filename == null) {
+ // Should not happen (function is only called when we know the package exists)
+ throw new IOException("package not found");
+ }
+ return new File(filename);
}
private static void extractMetaData(String packageName) throws IOException {
diff --git a/fs_mgr/README.overlayfs.md b/fs_mgr/README.overlayfs.md
index fbb5f5d..960410c 100644
--- a/fs_mgr/README.overlayfs.md
+++ b/fs_mgr/README.overlayfs.md
@@ -83,18 +83,19 @@
-------
- Space used in the backing storage is on a file by file basis
- and will require more space than if updated in place.
+ and will require more space than if updated in place. As such
+ it is important to be mindful of any wasted space, for instance
+ **BOARD_<partition>IMAGE_PARTITION_RESERVED_SIZE** being defined
+ will have a negative impact on the overall right-sizing of images
+ and thus free dynamic partition space.
- Kernel must have CONFIG_OVERLAY_FS=y and will need to be patched
with "*overlayfs: override_creds=off option bypass creator_cred*"
if higher than 4.6.
- *adb enable-verity* will free up overlayfs and as a bonus the
device will be reverted pristine to before any content was updated.
Update engine does not take advantage of this, will perform a full OTA.
-- Update engine will not run if *fs_mgr_overlayfs_is_setup*() reports
- true as adb remount overrides are incompatable with an OTA for
- multiple reasons.
- NB: This is not a problem for fastbootd or recovery as overrides are
- disabled for those special boot scenarios.
+- Update engine may not run if *fs_mgr_overlayfs_is_setup*() reports
+ true as adb remount overrides are incompatable with an OTA resources.
- For implementation simplicity on retrofit dynamic partition devices,
take the whole alternate super (eg: if "*a*" slot, then the whole of
"*system_b*").
diff --git a/fs_mgr/tests/adb-remount-test.sh b/fs_mgr/tests/adb-remount-test.sh
index 5957e30..9e211e3 100755
--- a/fs_mgr/tests/adb-remount-test.sh
+++ b/fs_mgr/tests/adb-remount-test.sh
@@ -92,7 +92,7 @@
Returns: true if device is (likely) a debug build" ]
isDebuggable() {
- if inAdb && [ 1 -ne `get_property ro.debuggable` ]; then
+ if inAdb && [ 1 -ne "`get_property ro.debuggable`" ]; then
false
fi
}
@@ -389,16 +389,16 @@
die -t "${T}" "disable-verity"
fi
rebooted=false
-if [ X"${D}" != X"${H}" -a X"${D}" = X"${D##*using overlayfs}" ]; then
+if [ X"${D}" != X"${H}" ]; then
echo "${H}"
if [ X"${D}" != X"${D##*setup failed}" ]; then
echo "${ORANGE}[ WARNING ]${NORMAL} overlayfs setup whined" >&2
fi
D=`adb_sh df -k </dev/null` &&
H=`echo "${D}" | head -1` &&
- D=`echo "${D}" | grep "^overlay "` &&
- [ -n "${D}" ] &&
- ( echo "${H}" && echo "${D}" ) &&
+ D=`echo "${D}" | grep "^overlay " || true` &&
+ [ -z "${D}" ] ||
+ ( echo "${H}" && echo "${D}" && false ) ||
die -t ${T} "overlay takeover unexpected at this phase"
echo "${GREEN}[ INFO ]${NORMAL} rebooting as requested" >&2
L=`adb_logcat -b all -v nsec -t ${T} 2>&1`
@@ -426,12 +426,12 @@
die -t "${T}" "setup for overlay"
fi
if [ X"${D}" != X"${D##*Successfully disabled verity}" ]; then
- echo "${D}"
+ echo "${H}"
D=`adb_sh df -k </dev/null` &&
H=`echo "${D}" | head -1` &&
- D=`echo "${D}" | grep "^overlay " | true` &&
- [ -n "${D}" ] &&
- ( echo "${H}" && echo "${D}" ) &&
+ D=`echo "${D}" | grep "^overlay " || true` &&
+ [ -z "${D}" ] ||
+ ( echo "${H}" && echo "${D}" && false ) ||
( [ -n "${L}" ] && echo "${L}" && false ) ||
die -t "${T}" "overlay takeover unexpected"
[ -n "${L}" ] && echo "${L}"
@@ -504,17 +504,17 @@
# Check something
-echo "${GREEN}[ RUN ]${NORMAL} push content to system and vendor" >&2
+echo "${GREEN}[ RUN ]${NORMAL} push content to /system and /vendor" >&2
A="Hello World! $(date)"
echo "${A}" | adb_sh "cat - > /system/hello"
echo "${A}" | adb_sh "cat - > /vendor/hello"
B="`adb_cat /system/hello`" ||
die "sytem hello"
-check_eq "${A}" "${B}" system before reboot
+check_eq "${A}" "${B}" /system before reboot
B="`adb_cat /vendor/hello`" ||
die "vendor hello"
-check_eq "${A}" "${B}" vendor before reboot
+check_eq "${A}" "${B}" /vendor before reboot
echo "${GREEN}[ RUN ]${NORMAL} reboot to confirm content persistent" >&2
@@ -537,18 +537,21 @@
fi
B="`adb_cat /system/hello`" ||
- die "re-read system hello after reboot"
-check_eq "${A}" "${B}" system after reboot
+ die "re-read /system/hello after reboot"
+check_eq "${A}" "${B}" /system after reboot
+echo "${GREEN}[ OK ]${NORMAL} /system content remains after reboot" >&2
# Only root can read vendor if sepolicy permissions are as expected
if ${enforcing}; then
B="`adb_cat /vendor/hello`" &&
- die "re-read vendor hello after reboot w/o root"
+ die "re-read /vendor/hello after reboot w/o root"
check_eq "cat: /vendor/hello: Permission denied" "${B}" vendor after reboot w/o root
+ echo "${GREEN}[ OK ]${NORMAL} /vendor content correct MAC after reboot" >&2
fi
adb_root &&
B="`adb_cat /vendor/hello`" ||
- die "re-read vendor hello after reboot"
+ die "re-read /vendor/hello after reboot"
check_eq "${A}" "${B}" vendor after reboot
+echo "${GREEN}[ OK ]${NORMAL} /vendor content remains after reboot" >&2
echo "${GREEN}[ RUN ]${NORMAL} flash vendor, confirm its content disappears" >&2
@@ -608,17 +611,17 @@
echo "${H}" &&
echo "${D}" &&
echo "${D}" | grep "^overlay .* /system\$" >/dev/null ||
- die "overlay system takeover after flash vendor"
+ die "overlay /system takeover after flash vendor"
echo "${D}" | grep "^overlay .* /vendor\$" >/dev/null &&
- die "overlay minus vendor takeover after flash vendor"
+ die "overlay supposed to be minus /vendor takeover after flash vendor"
fi
B="`adb_cat /system/hello`" ||
- die "re-read system hello after flash vendor"
+ die "re-read /system/hello after flash vendor"
check_eq "${A}" "${B}" system after flash vendor
adb_root ||
die "adb root"
B="`adb_cat /vendor/hello`" &&
- die "re-read vendor hello after flash vendor"
+ die "re-read /vendor/hello after flash vendor"
check_eq "cat: /vendor/hello: No such file or directory" "${B}" vendor after flash vendor
fi
@@ -630,10 +633,10 @@
adb_sh rm /system/hello </dev/null ||
die -t ${T} "cleanup hello"
B="`adb_cat /system/hello`" &&
- die "re-read system hello after rm"
+ die "re-read /system/hello after rm"
check_eq "cat: /system/hello: No such file or directory" "${B}" after flash rm
B="`adb_cat /vendor/hello`" &&
- die "re-read vendor hello after rm"
+ die "re-read /vendor/hello after rm"
check_eq "cat: /vendor/hello: No such file or directory" "${B}" after flash rm
if [ -n "${scratch_partition}" ]; then
diff --git a/llkd/README.md b/llkd/README.md
index 3da7a2f..224e184 100644
--- a/llkd/README.md
+++ b/llkd/README.md
@@ -160,7 +160,7 @@
NB: false is a very very very unlikely process to want to blacklist.
#### ro.llk.blacklist.parent
-default 0,2 (kernel and [kthreadd]).
+default 0,2,adbd (kernel, [kthreadd] and adbd).
The string "*false*" is the equivalent to an *empty* list.
Do not watch processes that have this parent.
A parent process can be comm, cmdline or pid reference.
diff --git a/llkd/include/llkd.h b/llkd/include/llkd.h
index b16b1d8..1efa32b 100644
--- a/llkd/include/llkd.h
+++ b/llkd/include/llkd.h
@@ -55,7 +55,11 @@
#define LLK_BLACKLIST_PROCESS_DEFAULT \
"0,1,2,init,[kthreadd],[khungtaskd],lmkd,llkd,watchdogd,[watchdogd],[watchdogd/0]"
#define LLK_BLACKLIST_PARENT_PROPERTY "ro.llk.blacklist.parent"
+#ifdef __PTRACE_ENABLED__ // defined if userdebug build
+#define LLK_BLACKLIST_PARENT_DEFAULT "0,2,[kthreadd],adbd"
+#else
#define LLK_BLACKLIST_PARENT_DEFAULT "0,2,[kthreadd]"
+#endif
#define LLK_BLACKLIST_UID_PROPERTY "ro.llk.blacklist.uid"
#define LLK_BLACKLIST_UID_DEFAULT ""
#define LLK_BLACKLIST_STACK_PROPERTY "ro.llk.blacklist.process.stack"
diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt
index 264c612..d3e80c9 100644
--- a/rootdir/etc/ld.config.txt
+++ b/rootdir/etc/ld.config.txt
@@ -28,7 +28,7 @@
dir.postinstall = /postinstall
[system]
-additional.namespaces = runtime,sphal,vndk,rs
+additional.namespaces = sphal,vndk,rs
###############################################################################
# "default" namespace
@@ -105,28 +105,6 @@
namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/priv-app
namespace.default.asan.permitted.paths += /mnt/expand
-# Keep in sync with ld.config.txt in the com.android.runtime APEX.
-namespace.default.links = runtime
-namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-namespace.default.link.runtime.shared_libs += libart.so:libartd.so
-namespace.default.link.runtime.shared_libs += libnativebridge.so
-namespace.default.link.runtime.shared_libs += libnativehelper.so
-namespace.default.link.runtime.shared_libs += libnativeloader.so
-
-###############################################################################
-# "runtime" APEX namespace
-#
-# This namespace exposes externally accessible libraries from the Runtime APEX.
-###############################################################################
-namespace.runtime.isolated = true
-
-# Keep in sync with ld.config.txt in the com.android.runtime APEX.
-namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
-namespace.runtime.links = default
-# TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library
-# when it exists.
-namespace.runtime.link.default.allow_all_shared_libs = true
-
###############################################################################
# "sphal" namespace
#
@@ -161,12 +139,8 @@
# Once in this namespace, access to libraries in /system/lib is restricted. Only
# libs listed here can be used.
-namespace.sphal.links = runtime,default,vndk,rs
+namespace.sphal.links = default,vndk,rs
-namespace.sphal.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-
-# LLNDK_LIBRARIES includes the runtime libs above, but the order here ensures
-# that they are loaded from the runtime namespace.
namespace.sphal.link.default.shared_libs = %LLNDK_LIBRARIES%
namespace.sphal.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
@@ -213,11 +187,9 @@
namespace.rs.asan.permitted.paths += /vendor/${LIB}
namespace.rs.asan.permitted.paths += /data
-namespace.rs.links = runtime,default,vndk
+namespace.rs.links = default,vndk
-namespace.rs.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-
-namespace.rs.link.default.shared_libs = %LLNDK_LIBRARIES%
+namespace.rs.link.default.shared_libs = %LLNDK_LIBRARIES%
namespace.rs.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
# Private LLNDK libs (e.g. libft2.so) are exceptionally allowed to this
# namespace because RS framework libs are using them.
@@ -263,13 +235,10 @@
namespace.vndk.asan.permitted.paths += /data/asan/system/${LIB}/vndk-sp%VNDK_VER%/hw
namespace.vndk.asan.permitted.paths += /system/${LIB}/vndk-sp%VNDK_VER%/hw
-# The "vndk" namespace links to "runtime" for Bionic libs, "default" namespace
-# for LLNDK libs, and links to "sphal" namespace for vendor libs. The ordering
-# matters. The "default" namespace has higher priority than the "sphal"
-# namespace.
-namespace.vndk.links = runtime,default,sphal
-
-namespace.vndk.link.runtime.shared_libs = libc.so:libdl.so:libm.so
+# The "vndk" namespace links to "default" namespace for LLNDK libs and links to
+# "sphal" namespace for vendor libs. The ordering matters. The "default"
+# namespace has higher priority than the "sphal" namespace.
+namespace.vndk.links = default,sphal
# When these NDK libs are required inside this namespace, then it is redirected
# to the default namespace. This is possible since their ABI is stable across
@@ -280,7 +249,6 @@
# Allow VNDK-SP extensions to use vendor libraries
namespace.vndk.link.sphal.allow_all_shared_libs = true
-
###############################################################################
# Namespace config for vendor processes. In O, no restriction is enforced for
# them. However, in O-MR1, access to /system/${LIB} will not be allowed to
@@ -288,7 +256,7 @@
# (LL-NDK only) access.
###############################################################################
[vendor]
-additional.namespaces = runtime,system,vndk
+additional.namespaces = system,vndk
###############################################################################
# "default" namespace
@@ -319,24 +287,12 @@
namespace.default.asan.permitted.paths += /data/asan/vendor
namespace.default.asan.permitted.paths += /vendor
-namespace.default.links = runtime,system,vndk
-namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so
+namespace.default.links = system,vndk
namespace.default.link.system.shared_libs = %LLNDK_LIBRARIES%
namespace.default.link.vndk.shared_libs = %VNDK_SAMEPROCESS_LIBRARIES%
namespace.default.link.vndk.shared_libs += %VNDK_CORE_LIBRARIES%
###############################################################################
-# "runtime" APEX namespace
-#
-# This namespace pulls in externally accessible libs from the Runtime APEX.
-###############################################################################
-namespace.runtime.isolated = true
-namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
-namespace.runtime.links = default
-# TODO(b/119867084): Restrict to Bionic dlopen dependencies.
-namespace.runtime.link.default.allow_all_shared_libs = true
-
-###############################################################################
# "vndk" namespace
#
# This namespace is where VNDK and VNDK-SP libraries are loaded for
@@ -367,10 +323,7 @@
# When these NDK libs are required inside this namespace, then it is redirected
# to the system namespace. This is possible since their ABI is stable across
# Android releases.
-namespace.vndk.links = runtime,system,default
-
-namespace.vndk.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-
+namespace.vndk.links = system,default
namespace.vndk.link.system.shared_libs = %LLNDK_LIBRARIES%
namespace.vndk.link.system.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
@@ -395,36 +348,16 @@
namespace.system.asan.search.paths += /data/asan/product_services/${LIB}
namespace.system.asan.search.paths += /%PRODUCT_SERVICES%/${LIB}
-namespace.system.links = runtime
-namespace.system.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-
-
###############################################################################
# Namespace config for binaries under /postinstall.
-# Only default and runtime namespaces are defined and default has no directories
-# other than /system/lib in the search paths. This is because linker calls
-# realpath on the search paths and this causes selinux denial if the paths
-# (/vendor, /odm) are not allowed to the postinstall binaries. There is no
-# reason to allow the binaries to access the paths.
+# Only one default namespace is defined and it has no directories other than
+# /system/lib in the search paths. This is because linker calls realpath on the
+# search paths and this causes selinux denial if the paths (/vendor, /odm) are
+# not allowed to the poinstall binaries. There is no reason to allow the
+# binaries to access the paths.
###############################################################################
[postinstall]
-additional.namespaces = runtime
-
namespace.default.isolated = false
namespace.default.search.paths = /system/${LIB}
namespace.default.search.paths += /%PRODUCT%/${LIB}
namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
-
-namespace.default.links = runtime
-namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-
-###############################################################################
-# "runtime" APEX namespace
-#
-# This namespace pulls in externally accessible libs from the Runtime APEX.
-###############################################################################
-namespace.runtime.isolated = true
-namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
-namespace.runtime.links = default
-# TODO(b/119867084): Restrict to Bionic dlopen dependencies.
-namespace.runtime.link.default.allow_all_shared_libs = true
diff --git a/rootdir/etc/ld.config.vndk_lite.txt b/rootdir/etc/ld.config.vndk_lite.txt
index 7ca45ff..7e354ac 100644
--- a/rootdir/etc/ld.config.vndk_lite.txt
+++ b/rootdir/etc/ld.config.vndk_lite.txt
@@ -28,7 +28,7 @@
dir.postinstall = /postinstall
[system]
-additional.namespaces = runtime,sphal,vndk,rs
+additional.namespaces = sphal,vndk,rs
###############################################################################
# "default" namespace
@@ -55,27 +55,6 @@
namespace.default.asan.search.paths += /data/asan/product_services/${LIB}
namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB}
-# Keep in sync with ld.config.txt in the com.android.runtime APEX.
-namespace.default.links = runtime
-namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-namespace.default.link.runtime.shared_libs += libart.so:libartd.so
-namespace.default.link.runtime.shared_libs += libnativehelper.so
-namespace.default.link.runtime.shared_libs += libnativeloader.so
-
-###############################################################################
-# "runtime" APEX namespace
-#
-# This namespace pulls in externally accessible libs from the Runtime APEX.
-###############################################################################
-namespace.runtime.isolated = true
-
-# Keep in sync with ld.config.txt in the com.android.runtime APEX.
-namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
-namespace.runtime.links = default
-# TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library
-# when it exists.
-namespace.runtime.link.default.allow_all_shared_libs = true
-
###############################################################################
# "sphal" namespace
#
@@ -110,12 +89,8 @@
# Once in this namespace, access to libraries in /system/lib is restricted. Only
# libs listed here can be used.
-namespace.sphal.links = runtime,default,vndk,rs
+namespace.sphal.links = default,vndk,rs
-namespace.sphal.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-
-# LLNDK_LIBRARIES includes the runtime libs above, but the order here ensures
-# that they are loaded from the runtime namespace.
namespace.sphal.link.default.shared_libs = %LLNDK_LIBRARIES%
namespace.sphal.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
@@ -162,11 +137,9 @@
namespace.rs.asan.permitted.paths += /vendor/${LIB}
namespace.rs.asan.permitted.paths += /data
-namespace.rs.links = runtime,default,vndk
+namespace.rs.links = default,vndk
-namespace.rs.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-
-namespace.rs.link.default.shared_libs = %LLNDK_LIBRARIES%
+namespace.rs.link.default.shared_libs = %LLNDK_LIBRARIES%
namespace.rs.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
# Private LLNDK libs (e.g. libft2.so) are exceptionally allowed to this
# namespace because RS framework libs are using them.
@@ -215,14 +188,10 @@
# When these NDK libs are required inside this namespace, then it is redirected
# to the default namespace. This is possible since their ABI is stable across
# Android releases.
-namespace.vndk.links = runtime,default
-
-namespace.vndk.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-
+namespace.vndk.links = default
namespace.vndk.link.default.shared_libs = %LLNDK_LIBRARIES%
namespace.vndk.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
-
###############################################################################
# Namespace config for vendor processes. In O, no restriction is enforced for
# them. However, in O-MR1, access to /system/${LIB} will not be allowed to
@@ -230,7 +199,6 @@
# (LL-NDK only) access.
###############################################################################
[vendor]
-additional.namespaces = runtime
namespace.default.isolated = false
namespace.default.search.paths = /odm/${LIB}
@@ -240,7 +208,7 @@
namespace.default.search.paths += /vendor/${LIB}/vndk
namespace.default.search.paths += /vendor/${LIB}/vndk-sp
-# Access to system libraries is allowed
+# Access to system libraries are allowed
namespace.default.search.paths += /system/${LIB}/vndk%VNDK_VER%
namespace.default.search.paths += /system/${LIB}/vndk-sp%VNDK_VER%
namespace.default.search.paths += /system/${LIB}
@@ -270,47 +238,16 @@
namespace.default.asan.search.paths += /data/asan/product_services/${LIB}
namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB}
-namespace.default.links = runtime
-namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-
-###############################################################################
-# "runtime" APEX namespace
-#
-# This namespace pulls in externally accessible libs from the Runtime APEX.
-###############################################################################
-namespace.runtime.isolated = true
-namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
-namespace.runtime.links = default
-# TODO(b/119867084): Restrict to Bionic dlopen dependencies.
-namespace.runtime.link.default.allow_all_shared_libs = true
-
-
###############################################################################
# Namespace config for binaries under /postinstall.
-# Only default and runtime namespaces are defined and default has no directories
-# other than /system/lib in the search paths. This is because linker calls
-# realpath on the search paths and this causes selinux denial if the paths
-# (/vendor, /odm) are not allowed to the postinstall binaries. There is no
-# reason to allow the binaries to access the paths.
+# Only one default namespace is defined and it has no directories other than
+# /system/lib in the search paths. This is because linker calls realpath on the
+# search paths and this causes selinux denial if the paths (/vendor, /odm) are
+# not allowed to the poinstall binaries. There is no reason to allow the
+# binaries to access the paths.
###############################################################################
[postinstall]
-additional.namespaces = runtime
-
namespace.default.isolated = false
namespace.default.search.paths = /system/${LIB}
namespace.default.search.paths += /%PRODUCT%/${LIB}
namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
-
-namespace.default.links = runtime
-namespace.default.link.runtime.shared_libs = libc.so:libdl.so:libm.so
-
-###############################################################################
-# "runtime" APEX namespace
-#
-# This namespace pulls in externally accessible libs from the Runtime APEX.
-###############################################################################
-namespace.runtime.isolated = true
-namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
-namespace.runtime.links = default
-# TODO(b/119867084): Restrict to Bionic dlopen dependencies.
-namespace.runtime.link.default.allow_all_shared_libs = true
diff --git a/rootdir/ueventd.rc b/rootdir/ueventd.rc
index a9658a4..35f469a 100644
--- a/rootdir/ueventd.rc
+++ b/rootdir/ueventd.rc
@@ -1,9 +1,6 @@
firmware_directories /etc/firmware/ /odm/firmware/ /vendor/firmware/ /firmware/image/
uevent_socket_rcvbuf_size 16M
-subsystem adf
- devname uevent_devname
-
subsystem graphics
devname uevent_devpath
dirname /dev/graphics
@@ -12,26 +9,10 @@
devname uevent_devpath
dirname /dev/dri
-subsystem oncrpc
- devname uevent_devpath
- dirname /dev/oncrpc
-
-subsystem adsp
- devname uevent_devpath
- dirname /dev/adsp
-
-subsystem msm_camera
- devname uevent_devpath
- dirname /dev/msm_camera
-
subsystem input
devname uevent_devpath
dirname /dev/input
-subsystem mtd
- devname uevent_devpath
- dirname /dev/mtd
-
subsystem sound
devname uevent_devpath
dirname /dev/snd
@@ -59,73 +40,27 @@
/dev/pmsg0 0222 root log
-# the msm hw3d client device node is world writable/readable.
-/dev/msm_hw3dc 0666 root root
-
-# gpu driver for adreno200 is globally accessible
-/dev/kgsl 0666 root root
-
# kms driver for drm based gpu
/dev/dri/* 0666 root graphics
# these should not be world writable
/dev/diag 0660 radio radio
-/dev/diag_arm9 0660 radio radio
/dev/ttyMSM0 0600 bluetooth bluetooth
/dev/uhid 0660 uhid uhid
/dev/uinput 0660 uhid uhid
-/dev/alarm 0664 system radio
/dev/rtc0 0640 system system
/dev/tty0 0660 root system
/dev/graphics/* 0660 root graphics
-/dev/msm_hw3dm 0660 system graphics
/dev/input/* 0660 root input
/dev/v4l-touch* 0660 root input
-/dev/eac 0660 root audio
-/dev/cam 0660 root camera
-/dev/pmem 0660 system graphics
-/dev/pmem_adsp* 0660 system audio
-/dev/pmem_camera* 0660 system camera
-/dev/oncrpc/* 0660 root system
-/dev/adsp/* 0660 system audio
/dev/snd/* 0660 system audio
-/dev/mt9t013 0660 system system
-/dev/msm_camera/* 0660 system system
-/dev/akm8976_daemon 0640 compass system
-/dev/akm8976_aot 0640 compass system
-/dev/akm8973_daemon 0640 compass system
-/dev/akm8973_aot 0640 compass system
-/dev/bma150 0640 compass system
-/dev/cm3602 0640 compass system
-/dev/akm8976_pffd 0640 compass system
-/dev/lightsensor 0640 system system
-/dev/msm_pcm_out* 0660 system audio
-/dev/msm_pcm_in* 0660 system audio
-/dev/msm_pcm_ctl* 0660 system audio
-/dev/msm_snd* 0660 system audio
/dev/msm_mp3* 0660 system audio
-/dev/audience_a1026* 0660 system audio
-/dev/tpa2018d1* 0660 system audio
-/dev/msm_audpre 0660 system audio
-/dev/msm_audio_ctl 0660 system audio
-/dev/htc-acoustic 0660 system audio
-/dev/vdec 0660 system audio
-/dev/q6venc 0660 system audio
-/dev/snd/dsp 0660 system audio
-/dev/snd/dsp1 0660 system audio
-/dev/snd/mixer 0660 system audio
-/dev/smd0 0640 radio radio
-/dev/qmi 0640 radio radio
-/dev/qmi0 0640 radio radio
-/dev/qmi1 0640 radio radio
-/dev/qmi2 0640 radio radio
/dev/bus/usb/* 0660 root usb
/dev/mtp_usb 0660 root mtp
/dev/usb_accessory 0660 root usb
/dev/tun 0660 system vpn
# CDMA radio interface MUX
-/dev/ts0710mux* 0640 radio radio
/dev/ppp 0660 radio vpn
# sysfs properties
@@ -135,6 +70,3 @@
/sys/devices/virtual/usb_composite/* enable 0664 root system
/sys/devices/system/cpu/cpu* cpufreq/scaling_max_freq 0664 system system
/sys/devices/system/cpu/cpu* cpufreq/scaling_min_freq 0664 system system
-
-# DVB API device nodes
-/dev/dvb* 0660 root system