Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_art / 2e349167ebdaf10dee9d68f06bbe620ed9aa841b^! / .
commit2e349167ebdaf10dee9d68f06bbe620ed9aa841b[log] [tgz]
authorDavid Brazdil <dbrazdil@google.com>Wed Jan 24 19:52:24 2018 +0000
committerDavid Brazdil <dbrazdil@google.com>Thu Feb 01 13:55:12 2018 +0000
treea2b9fc1f37f2e68352d0c2475fd5373ebf481686
parentc7e546ff3963a1d51b1f100d308db735bd19f736 [diff]
Enable hidden API enforcement

Test: manual
Bug: 64382372
Change-Id: I4cbbfb83a2fb697e78a22858cfdd6a6779e6762d

diff --git a/runtime/native/dalvik_system_ZygoteHooks.cc b/runtime/native/dalvik_system_ZygoteHooks.cc
index 779a6a6..26496e8 100644
--- a/runtime/native/dalvik_system_ZygoteHooks.cc
+++ b/runtime/native/dalvik_system_ZygoteHooks.cc

@@ -277,6 +277,7 @@
   // Our system thread ID, etc, has changed so reset Thread state.
   thread->InitAfterFork();
   runtime_flags = EnableDebugFeatures(runtime_flags);
+  bool do_hidden_api_checks = true;
 
   if ((runtime_flags & DISABLE_VERIFIER) != 0) {
     Runtime::Current()->DisableVerifier();
@@ -289,7 +290,7 @@
   }
 
   if ((runtime_flags & DISABLE_HIDDEN_API_CHECKS) != 0) {
-    Runtime::Current()->SetHiddenApiChecksEnabled(false);
+    do_hidden_api_checks = false;
     runtime_flags &= ~DISABLE_HIDDEN_API_CHECKS;
   }
 
@@ -340,8 +341,9 @@
     }
   }
 
-  DCHECK(!is_system_server || !Runtime::Current()->AreHiddenApiChecksEnabled())
+  DCHECK(!is_system_server || !do_hidden_api_checks)
       << "SystemServer should be forked with DISABLE_HIDDEN_API_CHECKS";
+  Runtime::Current()->SetHiddenApiChecksEnabled(do_hidden_api_checks);
 
   if (instruction_set != nullptr && !is_system_server) {
     ScopedUtfChars isa_string(env, instruction_set);

diff --git a/runtime/runtime.cc b/runtime/runtime.cc
index b1286da..5a3a6f0 100644
--- a/runtime/runtime.cc
+++ b/runtime/runtime.cc

@@ -265,7 +265,7 @@
       oat_file_manager_(nullptr),
       is_low_memory_mode_(false),
       safe_mode_(false),
-      do_hidden_api_checks_(false),
+      do_hidden_api_checks_(true),
       pending_hidden_api_warning_(false),
       dedupe_hidden_api_warnings_(true),
       dump_native_stack_on_sig_quit_(true),
@@ -1171,7 +1171,9 @@
 
   target_sdk_version_ = runtime_options.GetOrDefault(Opt::TargetSdkVersion);
 
-  if (runtime_options.Exists(Opt::NoHiddenApiChecks)) {
+  // Check whether to enforce hidden API access checks. Zygote needs to be exempt
+  // but checks may be enabled for forked processes (see dalvik_system_ZygoteHooks).
+  if (is_zygote_ || runtime_options.Exists(Opt::NoHiddenApiChecks)) {
     do_hidden_api_checks_ = false;
   }