Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_art / 70df8743fc0640a7c9fa46f401d2fb3e583ef841^! / .
commit70df8743fc0640a7c9fa46f401d2fb3e583ef841[log] [tgz]
authorNicolas Geoffray <ngeoffray@google.com>Tue Oct 11 14:39:24 2022 +0100
committerNicolas Geoffray <ngeoffray@google.com>Tue Oct 11 15:07:29 2022 +0000
treef60d73aec23c4151716b93fc4fe5841fb52a4cf0
parent90ebff4951dfea7a6448aa72931f19e87960a262 [diff]
Use kIsTargetAndroid for preventing loading writable dex files.

Test: m
Bug: 252967429
Change-Id: I1fabe056d6654889d2ddfa9e2e816fcd3dc49783

diff --git a/runtime/native/dalvik_system_DexFile.cc b/runtime/native/dalvik_system_DexFile.cc
index d763654..960a1f7 100644
--- a/runtime/native/dalvik_system_DexFile.cc
+++ b/runtime/native/dalvik_system_DexFile.cc

@@ -319,31 +319,29 @@
     return nullptr;
   }
 
-#ifdef __ANDROID__
-  const int uid = getuid();
-  // The following UIDs are exempted:
-  // * Root (0): root processes always have write access to files.
-  // * System (1000): /data/app/**.apk are owned by AID_SYSTEM;
-  //   loading installed APKs in system_server is allowed.
-  // * Shell (2000): directly calling dalvikvm/app_process in ADB shell
-  //   to run JARs with CLI is allowed.
-  if (uid != 0 && uid != 1000 && uid != 2000) {
-    Runtime* const runtime = Runtime::Current();
-    CompatFramework& compatFramework = runtime->GetCompatFramework();
-    if (compatFramework.IsChangeEnabled(kEnforceReadOnlyJavaDcl)) {
-      if (access(sourceName.c_str(), W_OK) == 0) {
-        LOG(ERROR) << "Attempt to load writable dex file: " << sourceName.c_str();
-        ScopedLocalRef<jclass> se(env, env->FindClass("java/lang/SecurityException"));
-        std::string message(
-            StringPrintf("Writable dex file '%s' is not allowed.", sourceName.c_str()));
-        env->ThrowNew(se.get(), message.c_str());
-        return nullptr;
+  if (kIsTargetAndroid) {
+    const int uid = getuid();
+    // The following UIDs are exempted:
+    // * Root (0): root processes always have write access to files.
+    // * System (1000): /data/app/**.apk are owned by AID_SYSTEM;
+    //   loading installed APKs in system_server is allowed.
+    // * Shell (2000): directly calling dalvikvm/app_process in ADB shell
+    //   to run JARs with CLI is allowed.
+    if (uid != 0 && uid != 1000 && uid != 2000) {
+      Runtime* const runtime = Runtime::Current();
+      CompatFramework& compatFramework = runtime->GetCompatFramework();
+      if (compatFramework.IsChangeEnabled(kEnforceReadOnlyJavaDcl)) {
+        if (access(sourceName.c_str(), W_OK) == 0) {
+          LOG(ERROR) << "Attempt to load writable dex file: " << sourceName.c_str();
+          ScopedLocalRef<jclass> se(env, env->FindClass("java/lang/SecurityException"));
+          std::string message(
+              StringPrintf("Writable dex file '%s' is not allowed.", sourceName.c_str()));
+          env->ThrowNew(se.get(), message.c_str());
+          return nullptr;
+        }
       }
     }
   }
-#else
-  (void) kEnforceReadOnlyJavaDcl;
-#endif
 
   std::vector<std::string> error_msgs;
   const OatFile* oat_file = nullptr;