diff options
Diffstat (limited to 'en/devices/tech/config')
| -rw-r--r-- | en/devices/tech/config/filesystem.html | 3 | ||||
| -rw-r--r-- | en/devices/tech/config/namespaces_libraries.html | 20 | ||||
| -rw-r--r-- | en/devices/tech/config/perms-whitelist.html | 6 | ||||
| -rw-r--r-- | en/devices/tech/config/uicc.html | 2 |
4 files changed, 26 insertions, 5 deletions
diff --git a/en/devices/tech/config/filesystem.html b/en/devices/tech/config/filesystem.html index 10b7f0b4..73633943 100644 --- a/en/devices/tech/config/filesystem.html +++ b/en/devices/tech/config/filesystem.html @@ -244,7 +244,8 @@ the autogenerated header file by adding to your module's <code>Android.mk</code> and including the empty faux library. For example, in <code>Android.mk</code>, add the following:</p> -<pre class="prettyprint"> LOCAL_STATIC_LIBRARIES := liboemaids</pre> +<pre class="prettyprint">LOCAL_HEADER_LIBRARIES := oemaids_headers</pre> + <p>In your C code, <code>#include "generated_oem_aid.h"</code> and start using the declared identifiers. For example, in <code>my_file.c</code>, add the following: </p> diff --git a/en/devices/tech/config/namespaces_libraries.html b/en/devices/tech/config/namespaces_libraries.html index b91cbe23..1e94bf1b 100644 --- a/en/devices/tech/config/namespaces_libraries.html +++ b/en/devices/tech/config/namespaces_libraries.html @@ -61,6 +61,26 @@ additional native libraries accessible to apps by putting them under the <code>/vendor/etc/public.libraries.txt</code> </p> +<p> +Starting from Android 8.0, vendor public libraries have the following additional +restrictions and required setups: +</p> + +<ol> + <li>The native library in vendor must be properly labeled so it can be + accessible to apps. If access is required by any apps (including third + party apps), the library must be labeled as <code>same_process_hal_file</code> + in a vendor-specific <code>file_contexts</code> file as follows: + <pre class="devsite-click-to-copy">/vendor/lib(64)?/libnative.so u:object_r:same_process_hal_file:s0</pre> + where <code>libnative.so</code> is the name of the native library. + </li> + <li>The library, either directly or transitively via its dependencies, must not + depend on system libraries other than VNDK-SP and LLNDK libraries. The list of + VNDK-SP and LLNDK libraries can be found at + <code>development/vndk/tools/definition/tool/datasets/eligible-list-<version>-release.csv</code>. + </li> +</ol> + <h2 id="updating-app-non-public">Updating apps to not use non-public native libraries</h2> <p> diff --git a/en/devices/tech/config/perms-whitelist.html b/en/devices/tech/config/perms-whitelist.html index c3de0de0..918f89eb 100644 --- a/en/devices/tech/config/perms-whitelist.html +++ b/en/devices/tech/config/perms-whitelist.html @@ -135,7 +135,7 @@ transitional log-mode: </p> -<pre class="devsite-click-to-copy">ro.control_privapp_permission=log</pre> +<pre class="devsite-click-to-copy">ro.control_privapp_permissions=log</pre> <p> Violations are reported in the log file, but permissions are still granted. @@ -158,11 +158,11 @@ PackageManager: Privileged permission {PERMISSION_NAME} for package {PACKAGE_NAM <p> After whitelists are in place, enable runtime enforcement by setting the build - property <code>ro.control_privapp_permission=enforce</code>. + property <code>ro.control_privapp_permissions=enforce</code>. </p> <aside class="note"><strong>Note:</strong> The - <code>ro.control_privapp_permission</code> property state must adhere to + <code>ro.control_privapp_permissions</code> property state must adhere to <a href="/compatibility/android-cdd#9_1_permissions">CDD section 9.1 requirements</a>.</aside> diff --git a/en/devices/tech/config/uicc.html b/en/devices/tech/config/uicc.html index 1fa6952c..96c1d360 100644 --- a/en/devices/tech/config/uicc.html +++ b/en/devices/tech/config/uicc.html @@ -29,7 +29,7 @@ Android platform loads certificates stored on a UICC and grants permission to apps signed by these certificates to make calls to a handful of special APIs. </p> <p>Android 7.0 extends this feature to support other storage sources, such as -Access File Rule (ARF), for UICC carrier privilege rules, dramatically +Access Rule File (ARF), for UICC carrier privilege rules, dramatically increasing the number of carriers that can use the APIs. For an API reference, see <a href="#carrierconfigmanager">CarrierConfigManager</a>; for instructions, see <a href="/devices/tech/config/carrier.html">Carrier |