Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_art / 33787687f52798fd5b584edb4c88717d134c367a^! / . / runtime / class_linker.cc
commit33787687f52798fd5b584edb4c88717d134c367a[log] [tgz]
authorCalin Juravle <calin@google.com>Fri Jul 26 14:27:18 2019 -0700
committerCalin Juravle <calin@google.com>Tue Dec 08 23:29:58 2020 +0000
treed55000cc678080980e6f4dd99d4acbe032119408
parent858cfd81c4fddbc950f9be2e3599b15aabaa501a [diff] [blame]
SDK-stub controlled dex2oat verification

Allow dex2oat to further limit the resolved (boot classpath) symbols
during verification according to an additional list of public SDK files.

The additional SDKs can be specified as regular classpath (a list
of dex files) and has the effect of limiting what can be resolved from
the boot classpath. The extra checks are performed by comparing the
symbol descriptors and do not replace common verification access-checks
flow.

Bug: 111442216
Test: test-art-host
Change-Id: Idc13722f34b591d7f858ebeb94bd6f568102b458

diff --git a/runtime/class_linker.cc b/runtime/class_linker.cc
index ee64eda..7595699 100644
--- a/runtime/class_linker.cc
+++ b/runtime/class_linker.cc

@@ -3140,6 +3140,21 @@
     return sdc.Finish(nullptr);
   }
 
+  // For AOT-compilation of an app, we may use only a public SDK to resolve symbols. If the SDK
+  // checks are configured (a non null SdkChecker) and the descriptor is not in the provided
+  // public class path then we prevent the definition of the class.
+  //
+  // NOTE that we only do the checks for the boot classpath APIs. Anything else, like the app
+  // classpath is not checked.
+  if (class_loader == nullptr &&
+      Runtime::Current()->IsAotCompiler() &&
+      DenyAccessBasedOnPublicSdk(descriptor)) {
+    ObjPtr<mirror::Throwable> pre_allocated =
+        Runtime::Current()->GetPreAllocatedNoClassDefFoundError();
+    self->SetException(pre_allocated);
+    return sdc.Finish(nullptr);
+  }
+
   // This is to prevent the calls to ClassLoad and ClassPrepare which can cause java/user-supplied
   // code to be executed. We put it up here so we can avoid all the allocations associated with
   // creating the class. This can happen with (eg) jit threads.
@@ -9792,6 +9807,26 @@
   UNREACHABLE();
 }
 
+bool ClassLinker::DenyAccessBasedOnPublicSdk(ArtMethod* art_method ATTRIBUTE_UNUSED) const
+    REQUIRES_SHARED(Locks::mutator_lock_) {
+  // Should not be called on ClassLinker, only on AotClassLinker that overrides this.
+  LOG(FATAL) << "UNREACHABLE";
+  UNREACHABLE();
+}
+
+bool ClassLinker::DenyAccessBasedOnPublicSdk(ArtField* art_field ATTRIBUTE_UNUSED) const
+    REQUIRES_SHARED(Locks::mutator_lock_) {
+  // Should not be called on ClassLinker, only on AotClassLinker that overrides this.
+  LOG(FATAL) << "UNREACHABLE";
+  UNREACHABLE();
+}
+
+bool ClassLinker::DenyAccessBasedOnPublicSdk(const char* type_descriptor ATTRIBUTE_UNUSED) const {
+  // Should not be called on ClassLinker, only on AotClassLinker that overrides this.
+  LOG(FATAL) << "UNREACHABLE";
+  UNREACHABLE();
+}
+
 // Instantiate ClassLinker::ResolveMethod.
 template ArtMethod* ClassLinker::ResolveMethod<ClassLinker::ResolveMode::kCheckICCEAndIAE>(
     uint32_t method_idx,