Starting March 27, 2025, we recommend using android-latest-release instead of aosp-main to build and contribute to AOSP. For more information, see Changes to AOSP.
Stay organized with collections
Save and categorize content based on your preferences.
This page describes the directory layout for devices running Android 8.0 and
higher, VNDK rules, and associated sepolicy.
Directory layout
The Degenerated Directory Layout consists of the following
directories:
/system/lib[64] contains all framework shared libraries,
including LL-NDK, VNDK, and framework-only libraries (including
LL-NDK-Private and some libraries with the same names as the
ones in VNDK-SP).
/system/lib[64]/vndk-sp contains VNDK-SP libraries for
same-process HALs.
/vendor/lib[64] contains the VNDK libraries extended by the vendor (either
DXUA or DXUX VNDK libraries), same-process HAL implementations, and other vendor
shared libraries.
/vendor/lib[64]/vndk-sp may contain the VNDK-SP libraries extended by the
vendor.
Vendor modules load the VNDK libraries from /system/lib[64].
VNDK rules
This section provides a comprehensive list of VNDK rules:
Framework processes must not load non-SP-HAL shared libraries from vendor
partitions (strictly enforced starting from Android 8.1).
Vendor processes must not load non-LL-NDK, non-VNDK-SP, and
non-VNDK libraries from the system partition. (not strictly enforced in Android
O but will be in a future release).
Installed VNDK libraries must be a subset of Google-defined eligible VNDK
libraries.
The outer dependencies of SP-HAL and SP-HAL-Dep must be restricted to
LL-NDK or Google-defined VNDK-SP libraries.
The dependencies of an SP-HAL shared library must be restricted to LL-NDK
libraries, Google-defined VNDK-SP libraries, other SP-HAL libraries, and/or
other vendor shared libraries that can be labeled as SP-HAL-Dep
libraries.
A vendor shared library can be labeled as a SP-HAL-Dep library only if it
is not an AOSP library and its dependencies are restricted to LL-NDK libraries,
Google-defined VNDK-SP libraries, SP-HAL libraries, and/or other SP-HAL-Dep
libraries.
VNDK-SP must be self-contained. libRS_internal.so gets special
treatment in Android 8.0, but will be revisited in a future release.
No framework-vendor communication through non-HIDL interfaces, including
(but not limited to) binder, sockets, shared memories, files, etc.
The size of the system partition must be large enough to contain two copies
of all eligible VNDK libraries and a copy of ineligible framework shared
libraries.
sepolicy
Framework processes described in this section correspond to
coredomain in sepolicies while vendor processes correspond to
non-coredomain. For example, /dev/binder can be
accessed only in coredomain and /dev/vndbinder can be
accessed only in non-coredomain.
Similar policies restrict the access to the shared libraries on system and
vendor partitions. The following table shows the rights to access shared
libraries of different categories:
Category
Partition
Accessible from coredomain
Accessible from non-coredomain
LL-NDK
System
Y
Y
LL-NDK-Private
System
Y
Y
VNDK-SP/VNDK-SP-Private
System
Y
Y
VNDK-SP-Ext
Vendor
Y
Y
VNDK
System
Y
Y
VNDK-Ext
Vendor
N
Y
FWK-ONLY
System
Y
N
FWK-ONLY-RS
System
Y
N
SP-HAL
Vendor
Y
Y
SP-HAL-Dep
Vendor
Y
Y
VND-ONLY
Vendor
N
Y
LL-NDK-Private and VNDK-SP-Private must be
accessible from both domains because non-coredomain will
indirectly access them. Similarly, SP-HAL-Dep must be accessible from
coredomain because SP-HAL relies on it.
same_process_hal_file label
The following libraries exist in the vendor partition. Make these libraries accessible from both
coredomain and non-coredomain.
VNDK-SP-Ext in /vendor/lib[64]/vndk-sp
SP-HAL in /vendor/lib[64] or /vendor/lib[64]/hw
SP-HAL-Dep in /vendor/lib[64] or /vendor/lib[64]/hw
Explicitly label these files as same_process_hal_file, because anything
in vendor partition is by default not accessible to coredomain. Add lines similar to
the following to the vendor-specific file_contexts file.
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2024-08-26 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-08-26 UTC."],[],[],null,["# Directories, rules, and sepolicy\n\nThis page describes the directory layout for devices running Android 8.0 and\nhigher, VNDK rules, and associated sepolicy.\n\nDirectory layout\n----------------\n\nThe *Degenerated Directory Layout* consists of the following\ndirectories:\n\n- `/system/lib[64]` contains all framework shared libraries, including LL-NDK, VNDK, and framework-only libraries (including LL-NDK-Private and some libraries with the same names as the ones in VNDK-SP).\n- `/system/lib[64]/vndk-sp` contains VNDK-SP libraries for same-process HALs.\n- `/vendor/lib[64]` contains the VNDK libraries extended by the vendor (either DXUA or DXUX VNDK libraries), same-process HAL implementations, and other vendor shared libraries.\n- `/vendor/lib[64]/vndk-sp` may contain the VNDK-SP libraries extended by the vendor.\n\nVendor modules load the VNDK libraries from `/system/lib[64]`.\n\nVNDK rules\n----------\n\nThis section provides a comprehensive list of VNDK rules:\n\n- Framework processes must not load non-SP-HAL shared libraries from vendor partitions (strictly enforced starting from Android 8.1).\n- Vendor processes must not load non-LL-NDK, non-VNDK-SP, and non-VNDK libraries from the system partition. (not strictly enforced in Android O but will be in a future release).\n| **Note**: To benefit from the framework-only OTA beyond Android 8.0, this rule must not be violated in devices launched with Android 8.0.\n- Installed VNDK libraries must be a subset of Google-defined eligible VNDK libraries.\n- The outer dependencies of SP-HAL and SP-HAL-Dep must be restricted to LL-NDK or Google-defined VNDK-SP libraries.\n - The dependencies of an SP-HAL shared library must be restricted to LL-NDK libraries, Google-defined VNDK-SP libraries, other SP-HAL libraries, and/or other vendor shared libraries that can be labeled as SP-HAL-Dep libraries.\n - A vendor shared library can be labeled as a SP-HAL-Dep library only if it is not an AOSP library and its dependencies are restricted to LL-NDK libraries, Google-defined VNDK-SP libraries, SP-HAL libraries, and/or other SP-HAL-Dep libraries.\n- VNDK-SP must be self-contained. `libRS_internal.so` gets special treatment in Android 8.0, but will be revisited in a future release.\n- No framework-vendor communication through non-HIDL interfaces, including (but not limited to) binder, sockets, shared memories, files, etc.\n- The size of the system partition must be large enough to contain two copies of all eligible VNDK libraries and a copy of ineligible framework shared libraries.\n\nsepolicy\n--------\n\nFramework processes described in this section correspond to\n`coredomain` in sepolicies while vendor processes correspond to\n`non-coredomain`. For example, `/dev/binder` can be\naccessed only in `coredomain` and `/dev/vndbinder` can be\naccessed only in non-`coredomain`.\n\nSimilar policies restrict the access to the shared libraries on system and\nvendor partitions. The following table shows the rights to access shared\nlibraries of different categories:\n\n| Category | Partition | Accessible from coredomain | Accessible from non-coredomain |\n|-------------------------|-----------|----------------------------|--------------------------------|\n| LL-NDK | System | Y | Y |\n| LL-NDK-Private | System | Y | Y |\n| VNDK-SP/VNDK-SP-Private | System | Y | Y |\n| VNDK-SP-Ext | Vendor | Y | Y |\n| VNDK | System | Y | Y |\n| VNDK-Ext | Vendor | N | Y |\n| FWK-ONLY | System | Y | N |\n| FWK-ONLY-RS | System | Y | N |\n| SP-HAL | Vendor | Y | Y |\n| SP-HAL-Dep | Vendor | Y | Y |\n| VND-ONLY | Vendor | N | Y |\n\nLL-NDK-Private and VNDK-SP-Private must be\naccessible from both domains because non-`coredomain` will\nindirectly access them. Similarly, SP-HAL-Dep must be accessible from\n`coredomain` because SP-HAL relies on it.\n\nsame_process_hal_file label\n---------------------------\n\nThe following libraries exist in the vendor partition. Make these libraries accessible from both\n`coredomain` and non-`coredomain`.\n\n- VNDK-SP-Ext in `/vendor/lib[64]/vndk-sp`\n- SP-HAL in `/vendor/lib[64]` or `/vendor/lib[64]/hw`\n- SP-HAL-Dep in `/vendor/lib[64]` or `/vendor/lib[64]/hw`\n\nExplicitly label these files as `same_process_hal_file`, because anything\nin `vendor` partition is by default not accessible to `coredomain`. Add lines similar to\nthe following to the vendor-specific `file_contexts` file. \n\n```scdoc\n/vendor/lib(64)?/hw/libMySpHal\\.so u:object_r:same_process_hal_file:s0\n/vendor/lib(64)?/vndk-sp/libBase\\.so u:object_r:same_process_hal_file:s0\n/vendor/lib(64)?/libBaseInternal\\.so u:object_r:same_process_hal_file:s0\n```"]]
