This page describes the directory layout for devices running Android 8.0 and higher, VNDK rules, and associated sepolicy.
The Degenerated Directory Layout consists of the following directories:
/system/lib[64]
contains all framework shared libraries,
including LL-NDK, VNDK, and framework-only libraries (including
LL-NDK-Private and some libraries with the same names as the
ones in VNDK-SP)./system/lib[64]/vndk-sp
contains VNDK-SP libraries for
same-process HALs./vendor/lib[64]
contains the extended VNDK libraries (either
DXUA or DXUX VNDK libraries), same-process HAL implementations, and other vendor
shared libraries./vendor/lib[64]/vndk-sp
may contain extra libraries that are
used by VNDK-SP libraries.Vendor modules load the VNDK libraries from /system/lib[64]
.
This section provides a comprehensive list of VNDK rules:
libRS_internal.so
gets special
treatment in Android 8.0, but will be revisited in a future release.Framework processes described in this section correspond to
coredomain
in sepolicies while vendor processes correspond to
non-coredomain
. For example, /dev/binder
can be
accessed only in coredomain
and /dev/vndbinder
can be
accessed only in non-coredomain
.
Similar policies restrict the access to the shared libraries on system and vendor partitions. The following table shows the rights to access shared libraries of different categories:
Category | Partition | Accessible from coredomain |
Accessible from non-coredomain |
---|---|---|---|
LL-NDK | System | Y | Y |
LL-NDK-Private | System | Y | Y |
VNDK-SP/VNDK-SP-Private | System | Y | Y |
VNDK-SP-Ext | Vendor | Y | Y |
VNDK | System | Y | Y |
VNDK-Ext | Vendor | N | Y |
FWK-ONLY | System | Y | N |
FWK-ONLY-RS | System | Y | N |
SP-HAL | Vendor | Y | Y |
SP-HAL-Dep | Vendor | Y | Y |
VND-ONLY | Vendor | N | Y |
LL-NDK-Private and VNDK-SP-Private must be
accessible from both domains because non-coredomain
will
indirectly access them. Similarly, SP-HAL-Dep must be accessible from
coredomain
because SP-HAL relies on it.