diff --git a/services/sandbox/chipset-sandbox.json b/services/sandbox/chipset-sandbox.json index da8534005ba4d15047c456a45d65d802d9c72ddd..f0ab32eed4e74f32d28ee318a2007ab804084eba 100644 --- a/services/sandbox/chipset-sandbox.json +++ b/services/sandbox/chipset-sandbox.json @@ -1,36 +1,26 @@ { "sandbox-root" : "/mnt/sandbox/chipset", - "mount-bind-paths" : [{ + "mount-bind-paths" : [ + { "src-path" : "/system/bin", "sandbox-path" : "/system/bin", "sandbox-flags" : [ "bind", "rec", "private" ] }, { - "src-path" : "/system/etc", - "sandbox-path" : "/system/etc", + "src-path" : "/system/etc/selinux", + "sandbox-path" : "/system/etc/selinux", "sandbox-flags" : [ "bind", "rec", "private" ] }, { - "src-path" : "/system/lib", - "sandbox-path" : "/system/lib", + "src-path" : "/system/lib/chipset-pub-sdk", + "sandbox-path" : "/system/lib/chipset-pub-sdk", "sandbox-flags" : [ "bind", "rec", "private" ] }, { - "src-path" : "/system/profile", - "sandbox-path" : "/system/profile", + "src-path" : "/system/lib/chipset-sdk", + "sandbox-path" : "/system/lib/chipset-sdk", "sandbox-flags" : [ "bind", "rec", "private" ] }, { - "src-path" : "/system/app", - "sandbox-path" : "/system/app", - "sandbox-flags" : [ "bind", "rec", "private" ], - "ignore": 1 - }, { - "src-path" : "/system/fonts", - "sandbox-path" : "/system/fonts", - "sandbox-flags" : [ "bind", "rec", "private" ], - "ignore": 1 - }, { - "src-path" : "/system/usr", - "sandbox-path" : "/system/usr", - "sandbox-flags" : [ "bind", "rec", "private" ], - "ignore": 1 + "src-path" : "/system/lib/ndk", + "sandbox-path" : "/system/lib/ndk", + "sandbox-flags" : [ "bind", "rec", "private" ] }, { "src-path" : "/vendor", "sandbox-path" : "/vendor", @@ -72,18 +62,43 @@ "src-path" : "/storage", "sandbox-path" : "/storage", "sandbox-flags" : [ "bind", "rec", "private" ] - }, { - "src-path" : "/sys_prod", - "sandbox-path" : "/sys_prod", - "sandbox-flags" : [ "bind", "rec", "private" ] }, { "src-path" : "/chip_prod", "sandbox-path" : "/chip_prod", "sandbox-flags" : [ "bind", "rec", "private" ] } ], - "mount-bind-files" : [{ - }], + "mount-bind-files" : [ + { + "src-path" : "/system/etc/ld-musl-arm.path", + "sandbox-path" : "/system/etc/ld-musl-arm.path", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/system/etc/ld-musl-namespace-arm.ini", + "sandbox-path" : "/system/etc/ld-musl-namespace-arm.ini", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/system/lib/ld-musl-arm.so.1", + "sandbox-path" : "/system/lib/ld-musl-arm.so.1", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/system/lib/libc.so", + "sandbox-path" : "/system/lib/libc.so", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/system/lib/libc++.so", + "sandbox-path" : "/system/lib/libc++.so", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/system/lib/libdisplay_buffer_proxy_1.0.z.so", + "sandbox-path" : "/system/lib/libdisplay_buffer_proxy_1.0.z.so", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/system/lib/libclang_rt.ubsan_minimal.so", + "sandbox-path" : "/system/lib/libclang_rt.ubsan_minimal.so", + "sandbox-flags" : [ "bind", "rec", "private" ] + } + ], "symbol-links" : [{ "target-name" : "/system/lib", "link-name" : "/lib" diff --git a/services/sandbox/system-sandbox.json b/services/sandbox/system-sandbox.json index be331edfa520ecc95b34d7cda7bc08b24322b3c5..6229bcec83cceb6302f2e3b4f84da723e39ad593 100644 --- a/services/sandbox/system-sandbox.json +++ b/services/sandbox/system-sandbox.json @@ -32,8 +32,12 @@ "sandbox-flags" : [ "bind", "rec", "private" ], "ignore": 1 }, { - "src-path" : "/vendor", - "sandbox-path" : "/vendor", + "src-path" : "/vendor/lib/chipsetsdk", + "sandbox-path" : "/vendor/lib/chipsetsdk", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/vendor/lib/chipset-sdk", + "sandbox-path" : "/vendor/lib/chipset-sdk", "sandbox-flags" : [ "bind", "rec", "private" ] }, { "src-path" : "/dev", @@ -74,17 +78,21 @@ "sandbox-path" : "/sys_prod", "sandbox-flags" : [ "bind", "rec", "private" ] }, { - "src-path" : "/vendor", - "sandbox-path" : "/chipset", + "src-path" : "/vendor/etc", + "sandbox-path" : "/vendor/etc", + "sandbox-flags" : [ "bind", "rec", "private" ] + } + ], + "mount-bind-files" : [{ + "src-path" : "/vendor/lib/libmapper_service_1.0.z.so", + "sandbox-path" : "/vendor/lib/libmapper_service_1.0.z.so", "sandbox-flags" : [ "bind", "rec", "private" ] }, { - "src-path" : "/chip_prod", - "sandbox-path" : "/chip_prod", + "src-path" : "/vendor/lib/libinput_interfaces_service_1.0.z.so", + "sandbox-path" : "/vendor/lib/libinput_interfaces_service_1.0.z.so", "sandbox-flags" : [ "bind", "rec", "private" ] } ], - "mount-bind-files" : [{ - }], "symbol-links" : [{ "target-name" : "/system/lib", "link-name" : "/lib"