This page describes the directory layout for devices running Android 8.0 and higher, VNDK rules, and associated sepolicy.
The Degenerated Directory Layout consists of the following directories:
/system/libcontains all framework shared libraries, including LL-NDK, VNDK, and framework-only libraries (including LL-NDK-Indirect and some libraries with the same names as the ones in VNDK-SP).
/system/lib/vndk-spcontains VNDK-SP libraries for same-process HALs.
/vendor/libcontains the extended VNDK libraries (either DXUA or DXUX VNDK libraries), same-process HAL implementations, and other vendor shared libraries.
/vendor/lib/vndk-spmay contain extra libraries that are used by VNDK-SP libraries.
Vendor modules load the VNDK libraries from
This section provides a comprehensive list of VNDK rules:
- Framework processes must not load non-SP-HAL shared libraries from vendor partitions (not strictly enforced in Android O but will be in a future release).
- Vendor processes must not load non-LL-NDK, non-VNDK-SP, and non-VNDK libraries from the system partition. (not strictly enforced in Android O but will be in a future release).
- Installed VNDK libraries must be a subset of Google-defined eligible VNDK libraries.
- The outer dependencies of SP-HAL and SP-HAL-Dep must be restricted to
LL-NDK or Google-defined VNDK-SP libraries.
- The dependencies of an SP-HAL shared library must be restricted to LL-NDK libraries, Google-defined VNDK-SP libraries, other SP-HAL libraries, and/or other vendor shared libraries that can be labeled as SP-HAL-Dep libraries.
- A vendor shared library can be labeled as a SP-HAL-Dep library only if it is not an AOSP library and its dependencies are restricted to LL-NDK libraries, Google-defined VNDK-SP libraries, SP-HAL libraries, and/or other SP-HAL-Dep libraries.
- VNDK-SP must be self-contained.
libRS_internal.sogets special treatment in Android 8.0, but will be revisited in a future release.
- No framework-vendor communication through non-HIDL interfaces, including (but not limited to) binder, sockets, shared memories, files, etc.
- The size of the system partition must be large enough to contain two copies of all eligible VNDK libraries and a copy of ineligible framework shared libraries.
Framework processes described in this section correspond to
coredomain in sepolicies while vendor processes correspond to
non-coredomain. For example,
/dev/binder can be
accessed only in
/dev/vndbinder can be
accessed only in non-
Similar policies restrict the access to the shared libraries on system and vendor partitions. The following table shows the rights to access shared libraries of different categories:
LL-NDK-Indirect, VNDK-SP-Indirect, and VNDK-SP-Indirect-Private must be
accessible from both domains because non-
indirectly access them. Similarly, SP-HAL-Dep must be accessible from
coredomain because SP-HAL relies on it.