Add /system/lib to the permitted paths for ns of APEXes

With b/144533348, there will be symlinks from libs in APEXes to the libs in the system partition. This is to reduce the size of APEXes when the APEX is bundled with the platform. Adding the /system/lib to the permitted paths so that the realpaths of the symlinks are allowed for the namespaces. Note that this however does not open all libs in the system partition to the APEX namespaces, because searching of the libs are NOT done in /system/lib, but in /apex/<module>/lib directory. Bug: 144533348 Test: m Change-Id: I959d4312a7bc5427c4d84885fbac4bc235cffa86
5 years ago · bb8f985d77
parent 0bab538b5c
commit bb8f985d77
1 changed files with 6 additions and 0 deletions
--- a/apex/ld.config.txt
+++ b/apex/ld.config.txt
@ -22,6 +22,12 @@ namespace.default.visible = true
 namespace.default.search.paths      = /apex/com.android.media.swcodec/${LIB}
 namespace.default.asan.search.paths = /apex/com.android.media.swcodec/${LIB}

+# Below lines are required to be able to access libs in APEXes which are
+# actually symlinks to the files under /system/lib. The symlinks exist for
+# bundled APEXes to reduce space.
+namespace.default.permitted.paths   = /system/${LIB}
+namespace.default.asan.permitted.paths = /system/${LIB}
+
 namespace.default.links = platform

 # TODO: replace the following when apex has a way to auto-generate this list