Beruflich Dokumente
Kultur Dokumente
Treble VNDK
Design Principles and Practical Migration
Proprietary + Confidential
Treble Training Module 3
Version 1.0
Proprietary + Confidential
Status
● VNDK is partially implemented in Android Oreo
● In the future, VNDK will be fully enforced and ineligible libraries won’t be accessible by vendor
modules at build-time and run-time
Proprietary + Confidential
VNDK overview
Proprietary + Confidential
Proprietary + Confidential
VNDK overview
Proprietary + Confidential
Proprietary + Confidential
SYSTEM
● Vendor modules should not depend Framework libandroid_runtime.so
on system modules
libGLESv2 libcamera_metadata.so
○ Except: VNDK (VNDK)
(LLNDK)
● Framework do not depend on vendor
modules
libvendor_opt.so
VENDOR
○ Except:
Same-process HAL (SP-HAL) camera.provider@2.4-impl.so
libGLES_${chipset}.so
(SP-HAL)
Depends on
Proprietary + Confidential
What is VNDK?
● VNDK is a set of shared libraries for
System
vendors to implement vendor Framework-26 Upgrade Framework-27
modules.
VNDK-26 VNDK-26
○ Part of VINTF
○ Versioned, stable
Vendor-26
Proprietary + Confidential
Same-Process HAL
Framework
SYSTEM
● SP-HAL -- Several time-critical HALs are not
binderized libGLESv2
○ android.hardware.renderscript@1.0-impl (LLNDK)
○ android.hardware.graphics.mapper@1.0-impl
Dependencies
○ android.hidl.memory@1.0-impl
○ libEGL_${chipset}
○ libGLES_${chipset}
○ vulkan.${chipset}
VENDOR
libGLES_${chipset}.so (SP-HAL)
libvendor_gpu.so
● What about its dependency?
Depends on
*
To be precise, both SP-HAL and their dependencies applies.
Proprietary + Confidential
VNDK categories
SYSTEM
● LLNDK (LL-NDK + SP-NDK) Framework libcamera_metadata.so (FWK-ONLY)
○ Shared libraries with stable APIs and
loosely coupled with the framework
libc.so libcamera_metadata.so (VNDK)
○ Both system and vendor share the same file (LLNDK)
● VNDK
○ A specialized variant built for vendor
modules.
VENDOR
○ There may be a FWK-ONLY counterpart with camera.provider@2.4-impl.so
the same name.
● VNDK-SP camera.provider@2.4.so-service
○ Same as VNDK
○ Can be used by SP-HALs
○ May be loaded into framework process (to Depends on
SYSTEM
● SP-HAL must only depend on LLNDK or
VNDK-SP* libGLESv2 libcutils.so (FWK-ONLY)
(LLNDK)
○ VNDK-SP and its FWK-ONLY counterpart
(shared lib with same name) may be loaded libcutils.so (VNDK-SP)
into the same process.
VENDOR
libGLES_${chipset}.so (SP-HAL)
libvendor_gpu.so
Depends on
Proprietary + Confidential
Other categories
SYSTEM
● FWK-ONLY Framework libandroid_runtime.so
○ Other shared libraries on the system
partition
○ Vendor modules must not depend on
these libraries
● VND-ONLY
libvendor_opt.so
VENDOR
○ Other (i.e., non-SP-HAL) shared
libraries on the vendor partition
○ Framework modules must not depend camera.provider@2.4-impl.so
on these libraries
1/3
Glimpse of categories
System Partition Vendor Partition
VNDK
VND-ONLY
VNDK
FWK-ONLY
-SP
NDK
SP-HAL-
SP-HAL
Deps
LLNDK
Proprietary + Confidential
3/4
Glimpse of categories
4/4
Glimpse of categories
Some NDK libs not visible to vendor modules
libandroid.so
libaaudio.so These libraries are highly coupled with
libcamera2ndk.so the framework, thus they do not
libicui18n.so belong to LLNDK.
libicuuc.so
libjnigraphics.so Vendor modules must not depend on
libmediandk.so these shared libraries.
libneuralnetworks.so VNDK
libOpenMAXAL.so FWK-ONLY -SP
libOpenSLES.so NDK
libstdc++.so*
libvulkan.so LLND
libwebviewchromium_plat_support.so K
SEARCH ORDER
○ Otherwise, vendor modules will fail VTS /vendor/lib[64]/vndk
tests on GSI, which is required to pass
compliance. /system/lib[64]/vndk
○ Use this as a last resort because extended
VNDK shared libraries are not /vendor/lib[64]/vndk-sp
framework-only OTA updatable.
/system/lib[64]/vndk-sp
○ VNDK definition tool can provide some
LAST
preliminary set (will be introduced later)
Proprietary + Confidential
● Both framework and vendor modules are using shared libraries in /system/lib[64]
Directory layout
Android O Android O-MR1 Independent system updates
Proprietary + Confidential
Proprietary + Confidential
SYSTEM
● SP-HAL may depend on VNDK-SP. libGLESv2 libcutils.so (FWK-ONLY)
(LLNDK)
VENDOR
● Loading two shared libraries with the same libGLES_${chipset}.so (SP-HAL)
soname causes some problems.
libvendor_gpu.so
○ They may have different symbols
after updates.
Depends on
● Enforced in Android Oreo
(PRODUCT_FULL_TREBLE:=true)
Proprietary + Confidential
SYSTEM
● Isolate the shared library dependencies Framework libandroid_runtime.so
○ Dynamic linker should not load shared
libraries from the other partition except libcamera_metadata.so
libGLESv2
VNDK or SP-HAL. (LLNDK) (VNDK)
● Requirement
○ Not in Oreo libvendor_opt.so
VENDOR
○ Recommended in Oreo-MR1
○ Enforced in Pi camera.provider@2.4-impl.so
● Dynamic linker namespace is the underlying mechanism to isolate SP-HALs and VNDK-SP.
Proprietary + Confidential
VNDK-SP
LLNDK + rs namespace
libmediandk + <<search.paths>>
android_dlopen_ext()
libft2 /system/lib[64]/vndk-sp
/vendor/lib[64]/vndk-sp Note: In Android O-MR1, /vendor/lib[64] is removed from the default linker
/vendor/lib[64] namespace when BOARD_VNDK_RUNTIME_DISABLE is not defined.
Proprietary + Confidential
default namespace
<<search.paths>>
/vendor/lib[64]
/system/lib[64]
default namespace
<<search.paths>>
LLNDK system namespace
/vendor/lib[64]
/vendor/lib[64]/vndk <<search.paths>>
/system/lib[64]/vndk /system/lib[64]
/vendor/lib[64]/vndk-sp
/system/lib[64]/vndk-sp
1/4
ld.config.txt
● Dynamic linker namespace is configured by /system/etc/ld.config.txt
○ However, learning the file format can help understanding how does VNDK work.
Proprietary + Confidential
2/4
ld.config.txt: General structure
dir.system = /system/bin
● dir.name assignments specify the section which will be dir.vendor = /vendor/bin
chosen.
[system]
○ For example, [system] section will be chosen if additional.namespaces = sphal,vndk,rs
the main executable of the process resides in
namespace.default.isolated = true
/system/bin. namespace.default.search.paths = …
namespace.default.permitted.paths = …
● Each section represents a graph with (1) several linker
namespaces as nodes and (2) several links for fallback namespace.sphal.isolated = true
namespace.sphal.visible = true
lookups.
namespace.sphal.search.paths = …
namespace.sphal.permitted.paths = …
namespace.sphal.link.default.shared_libs =
[vendor]
Proprietary + Confidential
3/4
ld.config.txt: Namespace properties
dir.system = /system/bin
For each section dir.vendor = /vendor/bin
● additional.namespaces specifies the names of other
linker namespace in addition to the default namespace. [system]
additional.namespaces = sphal,vndk,rs
For each linker namespace
namespace.default.isolated = true
● isolated specifies whether permitted.paths is namespace.default.search.paths = …
enforced namespace.default.permitted.paths = …
● permitted.paths specifies the permitted path (in
namespace.sphal.isolated = true
addition to search.paths) when isolated is true. namespace.sphal.visible = true
● search.paths specifies the directories which will be namespace.sphal.search.paths = …
namespace.sphal.permitted.paths = …
search for when dynamic linker is resolving an soname*. namespace.sphal.link.default.shared_libs =
● visible specifies whether the namespace can be found
by android_get_exported_namespace() [vendor]
4/4
ld.config.txt: Fallback links
● namespace.${name}.link.${another}.shared_libs
dir.system = /system/bin
specifies the soname that can go through the fallback
link to the linker namespace ${another}. [system]
additional.namespaces = sphal,vndk,rs
○ If an soname cannot be resolved in linker namespace
${name} and the soname is one of the property value, then namespace.default.search.paths =
the dynamic linker will try to resolve the soname in the /system/${LIB}
linker namespace ${another}.
namespace.sphal.search.paths =
○ For example, if /vendor/lib/hw/vulkan.${chipset}.so /vendor/${LIB}/hw:/vendor/${LIB}
depends on libc.so but libc.so is neither in
namespace.sphal.link.default.shared_libs =
/vendor/lib/hw nor /vendor/lib, thus the dynamic libc.so:libm.so
linker will try to find libc.so in the default namespace.
Proprietary + Confidential
Proprietary + Confidential
Proprietary + Confidential
Motivations
● Duplicate shared libraries when necessary
SYSTEM
● LLNDK (LL-NDK + SP-NDK) Framework libcamera_metadata.so (FWK-ONLY)
○ Shared libraries with stable APIs and
loosely coupled with the framework
libc.so libcamera_metadata.so (VNDK)
○ Both system and vendor share the same file (LLNDK)
● VNDK
○ A specialized variant built for vendor
modules.
VENDOR
○ There may be a FWK-ONLY counterpart with camera.provider@2.4-impl.so
the same name.
● VNDK-SP camera.provider@2.4.so-service
○ Same as VNDK
○ Can be used by SP-HALs
○ May be loaded into framework process (to Depends on
1/4
Build system support (Oreo-MR1)
● “BOARD_VNDK_VERSION := current” enables full VNDK support.
2/4
Build system support (Oreo-MR1)
● vendor specifies whether an Android.bp module is an vendor module or not.
○ If this value is false, then it can not depend on the module with vendor equals to true.
○ If this value is true, then it can only depend on LLNDK or the module with vendor_available equals to true.
● vendor_available specifies whether an Android.bp module (header lib, static lib, or shared lib) is
available to vendor.
○ If this value is true and a framework module uses this module, then this module will be installed into the system
partition.
○ If this value is true and a vendor module uses this module, then the vendor variant will be built. If vndk.enabled is
false (or not defined), then this will be installed to /vendor/lib[64]; otherwise, this module will be installed to
/system/lib[64]/vndk or /system/lib[64]/vndk-sp.
Proprietary + Confidential
3/4
Build system support (Oreo-MR1)
cc_library {
name: "libvendor_available",
● vndk section vendor_available: true,
}
○ vndk.enabled specifies whether an cc_library {
Android.bp module is a VNDK library or name: "libvndk",
vendor_available: true,
not. It is a prerequisite to set vndk: {
vendor_available to true. enabled: true,
},
○ vndk.support_system_process }
specifies whether an Android.bp module is cc_library {
name: "libvndksp",
a VNDK-SP library or not. Both vendor_available: true,
vendor_available and vndk.enabled vndk: {
enabled: true,
are prerequisites. support_system_process: true,
},
}
Proprietary + Confidential
4/4
Build system support (Oreo-MR1)
cc_library {
● target.vendor specifies vendor-specific build
name: "libvnd_specific_example",
options. vendor_available: true,
target: {
○ Use the exclude_srcs property if you
vendor: {
would like to exclude framework-specific exclude_srcs: ["framework_only.c"],
source files. exclude_shared_libs: ["libfwk_only"],
cflags: ["-DEXTRA_VND_C_FLAGS"],
○ Use the exclude_shared_libs property if
cppflags: ["-DEXTRA_VND_CPP_FLAGS"],
you would like to exclude },
framework-specific shared libraries. },
}
Proprietary + Confidential
Sum up
● Define a vendor module which must be installed to vendor partition
○ LOCAL_VENDOR_MODULE := true (Android.mk)
○ vendor: true (Android.bp)
● Disable run-time dynamic linker isolation between framework and vendor (O-MR1)
○ BOARD_VNDK_RUNTIME_DISABLE := true (BoardConfig.mk)
Proprietary + Confidential
Proprietary + Confidential
Proprietary + Confidential
● VNDK definition tool scans the shared library dependencies, computes VNDK sets, and
checks the existence of dependency violations.
○ Source:
${AOSP}/development/vndk/tools/definition-tool/vndk_definition_tool.p
y
Proprietary + Confidential
● check-dep -- Check whether there are violations in the shared library dependencies.
Proprietary + Confidential
Proprietary + Confidential
Shared libraries location Bundled system app Bundled vendor app Downloaded app
/system/app /vendor/app /data/app
/system/lib[64]/vndk x x x
Proprietary + Confidential
Q&A
Full Documentation:
https://source.android.com/devices/architecture/vndk/
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
Q&A
If you have more questions, please talk to your Technical Account
Manager, 3PL or SoC POC. You may also contact us at:
android-treble-questions@google.com
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem