Support for API exemptions from API blacklisting.
Add support to VMRuntime for setting a list of exemptions from the hidden
API enforcement. The list is used as a prefix match against the signature
of a field/method. Any signatures that match are treated as being on the
light grey list, rather than the dark grey list or blacklist.
Refactor some code in hidden_api.h that deals with field/method signatures,
to encapsulate the signature in a new class MemberSignature. This allows us
to avoid building the entire signature in member, instead just using its
constituent parts.
Test: $ make test-art-host-gtest-hidden_api_test
Test: $ adb shell settings put global hidden_api_blacklist_exemptions \
Test: Landroid/view/RemoteAnimationDefinition\\\;:Landroid/app/ActivityManager\\\$TaskDescription\\\;
Test: Manually verify logcat output from app which uses named APIs
Bug: 73337509
Change-Id: Id608743d1b5a7a37059875d8991d0d4d65f5fc36
diff --git a/build/Android.gtest.mk b/build/Android.gtest.mk
index 8681642..b342abe 100644
--- a/build/Android.gtest.mk
+++ b/build/Android.gtest.mk
@@ -37,6 +37,7 @@
ExceptionHandle \
GetMethodSignature \
HiddenApi \
+ HiddenApiSignatures \
ImageLayoutA \
ImageLayoutB \
IMTA \
@@ -160,6 +161,7 @@
ART_GTEST_dex2oat_image_test_DEX_DEPS := $(ART_GTEST_dex2oat_environment_tests_DEX_DEPS) Statics VerifierDeps
ART_GTEST_exception_test_DEX_DEPS := ExceptionHandle
ART_GTEST_hiddenapi_test_DEX_DEPS := HiddenApi
+ART_GTEST_hidden_api_test_DEX_DEPS := HiddenApiSignatures
ART_GTEST_image_test_DEX_DEPS := ImageLayoutA ImageLayoutB DefaultMethods
ART_GTEST_imtable_test_DEX_DEPS := IMTA IMTB
ART_GTEST_instrumentation_test_DEX_DEPS := Instrumentation
diff --git a/runtime/Android.bp b/runtime/Android.bp
index 590a399..aa5d12f 100644
--- a/runtime/Android.bp
+++ b/runtime/Android.bp
@@ -565,6 +565,7 @@
"gc/task_processor_test.cc",
"gtest_test.cc",
"handle_scope_test.cc",
+ "hidden_api_test.cc",
"imtable_test.cc",
"indenter_test.cc",
"indirect_reference_table_test.cc",
diff --git a/runtime/hidden_api.h b/runtime/hidden_api.h
index 5c6b4b5..bbedda0 100644
--- a/runtime/hidden_api.h
+++ b/runtime/hidden_api.h
@@ -19,6 +19,7 @@
#include "art_field-inl.h"
#include "art_method-inl.h"
+#include "base/dumpable.h"
#include "dex/hidden_api_access_flags.h"
#include "mirror/class-inl.h"
#include "reflection.h"
@@ -107,27 +108,78 @@
}
}
-// Issue a warning about field access.
-inline void WarnAboutMemberAccess(ArtField* field, AccessMethod access_method)
- REQUIRES_SHARED(Locks::mutator_lock_) {
- std::string tmp;
- LOG(WARNING) << "Accessing hidden field "
- << field->GetDeclaringClass()->GetDescriptor(&tmp) << "->"
- << field->GetName() << ":" << field->GetTypeDescriptor()
- << " (" << HiddenApiAccessFlags::DecodeFromRuntime(field->GetAccessFlags())
- << ", " << access_method << ")";
-}
-// Issue a warning about method access.
-inline void WarnAboutMemberAccess(ArtMethod* method, AccessMethod access_method)
- REQUIRES_SHARED(Locks::mutator_lock_) {
- std::string tmp;
- LOG(WARNING) << "Accessing hidden method "
- << method->GetDeclaringClass()->GetDescriptor(&tmp) << "->"
- << method->GetName() << method->GetSignature().ToString()
- << " (" << HiddenApiAccessFlags::DecodeFromRuntime(method->GetAccessFlags())
- << ", " << access_method << ")";
-}
+// Class to encapsulate the signature of a member (ArtField or ArtMethod). This
+// is used as a helper when matching prefixes, and when logging the signature.
+class MemberSignature {
+ private:
+ std::string member_type_;
+ std::vector<std::string> signature_parts_;
+ std::string tmp_;
+
+ public:
+ explicit MemberSignature(ArtField* field) REQUIRES_SHARED(Locks::mutator_lock_) {
+ member_type_ = "field";
+ signature_parts_ = {
+ field->GetDeclaringClass()->GetDescriptor(&tmp_),
+ "->",
+ field->GetName(),
+ ":",
+ field->GetTypeDescriptor()
+ };
+ }
+
+ explicit MemberSignature(ArtMethod* method) REQUIRES_SHARED(Locks::mutator_lock_) {
+ member_type_ = "method";
+ signature_parts_ = {
+ method->GetDeclaringClass()->GetDescriptor(&tmp_),
+ "->",
+ method->GetName(),
+ method->GetSignature().ToString()
+ };
+ }
+
+ const std::vector<std::string>& Parts() const {
+ return signature_parts_;
+ }
+
+ void Dump(std::ostream& os) const {
+ for (std::string part : signature_parts_) {
+ os << part;
+ }
+ }
+ // Performs prefix match on this member. Since the full member signature is
+ // composed of several parts, we match each part in turn (rather than
+ // building the entire thing in memory and performing a simple prefix match)
+ bool DoesPrefixMatch(const std::string& prefix) const {
+ size_t pos = 0;
+ for (const std::string& part : signature_parts_) {
+ size_t count = std::min(prefix.length() - pos, part.length());
+ if (prefix.compare(pos, count, part, 0, count) == 0) {
+ pos += count;
+ } else {
+ return false;
+ }
+ }
+ // We have a complete match if all parts match (we exit the loop without
+ // returning) AND we've matched the whole prefix.
+ return pos == prefix.length();
+ }
+
+ bool IsExempted(const std::vector<std::string>& exemptions) {
+ for (const std::string& exemption : exemptions) {
+ if (DoesPrefixMatch(exemption)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ void WarnAboutAccess(AccessMethod access_method, HiddenApiAccessFlags::ApiList list) {
+ LOG(WARNING) << "Accessing hidden " << member_type_ << " " << Dumpable<MemberSignature>(*this)
+ << " (" << list << ", " << access_method << ")";
+ }
+};
// Returns true if access to `member` should be denied to the caller of the
// reflective query. The decision is based on whether the caller is in boot
@@ -158,9 +210,29 @@
// Member is hidden and we are not in the boot class path.
+ // Get the signature, we need it later.
+ MemberSignature member_signature(member);
+
+ Runtime* runtime = Runtime::Current();
+
+ if (action == kDeny) {
+ // If we were about to deny, check for an exemption first.
+ // Exempted APIs are treated as light grey list.
+ if (member_signature.IsExempted(runtime->GetHiddenApiExemptions())) {
+ action = kAllowButWarn;
+ // Avoid re-examining the exemption list next time.
+ // Note this results in the warning below showing "light greylist", which
+ // seems like what one would expect. Exemptions effectively add new members to
+ // the light greylist.
+ member->SetAccessFlags(HiddenApiAccessFlags::EncodeForRuntime(
+ member->GetAccessFlags(), HiddenApiAccessFlags::kLightGreylist));
+ }
+ }
+
// Print a log message with information about this class member access.
// We do this regardless of whether we block the access or not.
- WarnAboutMemberAccess(member, access_method);
+ member_signature.WarnAboutAccess(access_method,
+ HiddenApiAccessFlags::DecodeFromRuntime(member->GetAccessFlags()));
if (action == kDeny) {
// Block access
@@ -170,8 +242,6 @@
// Allow access to this member but print a warning.
DCHECK(action == kAllowButWarn || action == kAllowButWarnAndToast);
- Runtime* runtime = Runtime::Current();
-
// Depending on a runtime flag, we might move the member into whitelist and
// skip the warning the next time the member is accessed.
if (runtime->ShouldDedupeHiddenApiWarnings()) {
diff --git a/runtime/hidden_api_test.cc b/runtime/hidden_api_test.cc
new file mode 100644
index 0000000..190d2cb
--- /dev/null
+++ b/runtime/hidden_api_test.cc
@@ -0,0 +1,273 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "hidden_api.h"
+
+#include "common_runtime_test.h"
+#include "jni_internal.h"
+
+namespace art {
+
+class HiddenApiTest : public CommonRuntimeTest {
+ protected:
+ void SetUp() OVERRIDE {
+ // Do the normal setup.
+ CommonRuntimeTest::SetUp();
+ self_ = Thread::Current();
+ self_->TransitionFromSuspendedToRunnable();
+ LoadDex("HiddenApiSignatures");
+ bool started = runtime_->Start();
+ CHECK(started);
+
+ class1_field1_ = getArtField("mypackage/packagea/Class1", "field1", "I");
+ class1_field12_ = getArtField("mypackage/packagea/Class1", "field12", "I");
+ class1_init_ = getArtMethod("mypackage/packagea/Class1", "<init>", "()V");
+ class1_method1_ = getArtMethod("mypackage/packagea/Class1", "method1", "()V");
+ class1_method1_i_ = getArtMethod("mypackage/packagea/Class1", "method1", "(I)V");
+ class1_method12_ = getArtMethod("mypackage/packagea/Class1", "method12", "()V");
+ class12_field1_ = getArtField("mypackage/packagea/Class12", "field1", "I");
+ class12_method1_ = getArtMethod("mypackage/packagea/Class12", "method1", "()V");
+ class2_field1_ = getArtField("mypackage/packagea/Class2", "field1", "I");
+ class2_method1_ = getArtMethod("mypackage/packagea/Class2", "method1", "()V");
+ class2_method1_i_ = getArtMethod("mypackage/packagea/Class2", "method1", "(I)V");
+ class3_field1_ = getArtField("mypackage/packageb/Class3", "field1", "I");
+ class3_method1_ = getArtMethod("mypackage/packageb/Class3", "method1", "()V");
+ class3_method1_i_ = getArtMethod("mypackage/packageb/Class3", "method1", "(I)V");
+ }
+
+ ArtMethod* getArtMethod(const char* class_name, const char* name, const char* signature) {
+ JNIEnv* env = Thread::Current()->GetJniEnv();
+ jclass klass = env->FindClass(class_name);
+ jmethodID method_id = env->GetMethodID(klass, name, signature);
+ ArtMethod* art_method = jni::DecodeArtMethod(method_id);
+ return art_method;
+ }
+
+ ArtField* getArtField(const char* class_name, const char* name, const char* signature) {
+ JNIEnv* env = Thread::Current()->GetJniEnv();
+ jclass klass = env->FindClass(class_name);
+ jfieldID field_id = env->GetFieldID(klass, name, signature);
+ ArtField* art_field = jni::DecodeArtField(field_id);
+ return art_field;
+ }
+
+ protected:
+ Thread* self_;
+ ArtField* class1_field1_;
+ ArtField* class1_field12_;
+ ArtMethod* class1_init_;
+ ArtMethod* class1_method1_;
+ ArtMethod* class1_method1_i_;
+ ArtMethod* class1_method12_;
+ ArtField* class12_field1_;
+ ArtMethod* class12_method1_;
+ ArtField* class2_field1_;
+ ArtMethod* class2_method1_;
+ ArtMethod* class2_method1_i_;
+ ArtField* class3_field1_;
+ ArtMethod* class3_method1_;
+ ArtMethod* class3_method1_i_;
+};
+
+TEST_F(HiddenApiTest, CheckMembersRead) {
+ ASSERT_NE(nullptr, class1_field1_);
+ ASSERT_NE(nullptr, class1_field12_);
+ ASSERT_NE(nullptr, class1_init_);
+ ASSERT_NE(nullptr, class1_method1_);
+ ASSERT_NE(nullptr, class1_method1_i_);
+ ASSERT_NE(nullptr, class1_method12_);
+ ASSERT_NE(nullptr, class12_field1_);
+ ASSERT_NE(nullptr, class12_method1_);
+ ASSERT_NE(nullptr, class2_field1_);
+ ASSERT_NE(nullptr, class2_method1_);
+ ASSERT_NE(nullptr, class2_method1_i_);
+ ASSERT_NE(nullptr, class3_field1_);
+ ASSERT_NE(nullptr, class3_method1_);
+ ASSERT_NE(nullptr, class3_method1_i_);
+}
+
+TEST_F(HiddenApiTest, CheckEverythingMatchesL) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("L");
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field12_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_init_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class12_field1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class12_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method12_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class2_field1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class2_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class2_method1_i_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class3_field1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class3_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class3_method1_i_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckPackageMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/");
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field12_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_init_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method12_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class12_field1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class12_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class2_field1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class2_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class2_method1_i_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class3_field1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class3_method1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class3_method1_i_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckClassMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1");
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field12_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_init_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method12_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class12_field1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class12_method1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class2_field1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class2_method1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class2_method1_i_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckClassExactMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;");
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field12_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_init_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class12_field1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class12_method1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class2_field1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class2_method1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class2_method1_i_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckMethodMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;->method1");
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_field12_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_init_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method12_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class12_field1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class12_method1_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckMethodExactMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;->method1(");
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_field12_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_init_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method12_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckMethodSignatureMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;->method1(I)");
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_field12_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method12_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckMethodSignatureAndReturnMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;->method1()V");
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_field12_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method12_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckFieldMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;->field1");
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field12_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method12_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckFieldExactMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;->field1:");
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_field12_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckFieldTypeMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;->field1:I");
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_field12_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckConstructorMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;-><init>");
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_init_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckConstructorExactMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;-><init>()V");
+ ASSERT_TRUE(hiddenapi::MemberSignature(class1_init_).DoesPrefixMatch(prefix));
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckMethodSignatureTrailingCharsNoMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;->method1()Vfoo");
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_method1_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckConstructorTrailingCharsNoMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;-><init>()Vfoo");
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_init_).DoesPrefixMatch(prefix));
+}
+
+TEST_F(HiddenApiTest, CheckFieldTrailingCharsNoMatch) {
+ ScopedObjectAccess soa(self_);
+ std::string prefix("Lmypackage/packagea/Class1;->field1:Ifoo");
+ ASSERT_FALSE(hiddenapi::MemberSignature(class1_field1_).DoesPrefixMatch(prefix));
+}
+
+} // namespace art
diff --git a/runtime/native/dalvik_system_VMRuntime.cc b/runtime/native/dalvik_system_VMRuntime.cc
index 505b745..a5ade6f 100644
--- a/runtime/native/dalvik_system_VMRuntime.cc
+++ b/runtime/native/dalvik_system_VMRuntime.cc
@@ -78,6 +78,21 @@
return Runtime::Current()->HasPendingHiddenApiWarning() ? JNI_TRUE : JNI_FALSE;
}
+static void VMRuntime_setHiddenApiExemptions(JNIEnv* env,
+ jclass,
+ jobjectArray exemptions) {
+ std::vector<std::string> exemptions_vec;
+ int exemptions_length = env->GetArrayLength(exemptions);
+ for (int i = 0; i < exemptions_length; i++) {
+ jstring exemption = reinterpret_cast<jstring>(env->GetObjectArrayElement(exemptions, i));
+ const char* raw_exemption = env->GetStringUTFChars(exemption, nullptr);
+ exemptions_vec.push_back(raw_exemption);
+ env->ReleaseStringUTFChars(exemption, raw_exemption);
+ }
+
+ Runtime::Current()->SetHiddenApiExemptions(exemptions_vec);
+}
+
static jobject VMRuntime_newNonMovableArray(JNIEnv* env, jobject, jclass javaElementClass,
jint length) {
ScopedFastNativeObjectAccess soa(env);
@@ -672,6 +687,7 @@
NATIVE_METHOD(VMRuntime, concurrentGC, "()V"),
NATIVE_METHOD(VMRuntime, disableJitCompilation, "()V"),
NATIVE_METHOD(VMRuntime, hasUsedHiddenApi, "()Z"),
+ NATIVE_METHOD(VMRuntime, setHiddenApiExemptions, "([Ljava/lang/String;)V"),
NATIVE_METHOD(VMRuntime, getTargetHeapUtilization, "()F"),
FAST_NATIVE_METHOD(VMRuntime, isDebuggerActive, "()Z"),
FAST_NATIVE_METHOD(VMRuntime, isNativeDebuggable, "()Z"),
diff --git a/runtime/runtime.h b/runtime/runtime.h
index dba31b2..03f17bc 100644
--- a/runtime/runtime.h
+++ b/runtime/runtime.h
@@ -536,6 +536,14 @@
pending_hidden_api_warning_ = value;
}
+ void SetHiddenApiExemptions(const std::vector<std::string>& exemptions) {
+ hidden_api_exemptions_ = exemptions;
+ }
+
+ const std::vector<std::string>& GetHiddenApiExemptions() {
+ return hidden_api_exemptions_;
+ }
+
bool HasPendingHiddenApiWarning() const {
return pending_hidden_api_warning_;
}
@@ -996,6 +1004,9 @@
// Whether access checks on hidden API should be performed.
hiddenapi::EnforcementPolicy hidden_api_policy_;
+ // List of signature prefixes of methods that have been removed from the blacklist
+ std::vector<std::string> hidden_api_exemptions_;
+
// Whether the application has used an API which is not restricted but we
// should issue a warning about it.
bool pending_hidden_api_warning_;
diff --git a/test/HiddenApiSignatures/Class1.java b/test/HiddenApiSignatures/Class1.java
new file mode 100644
index 0000000..a9004dc
--- /dev/null
+++ b/test/HiddenApiSignatures/Class1.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package mypackage.packagea;
+
+public class Class1 {
+ public int field1;
+ public int field12;
+
+ public Class1() {
+ }
+
+ public void method1() {
+ }
+
+ public void method1(int i) {
+ }
+
+ public void method12() {
+ }
+
+}
\ No newline at end of file
diff --git a/test/HiddenApiSignatures/Class12.java b/test/HiddenApiSignatures/Class12.java
new file mode 100644
index 0000000..82b22e3
--- /dev/null
+++ b/test/HiddenApiSignatures/Class12.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package mypackage.packagea;
+
+public class Class12 {
+ public int field1;
+
+ public void method1() {
+ }
+}
\ No newline at end of file
diff --git a/test/HiddenApiSignatures/Class2.java b/test/HiddenApiSignatures/Class2.java
new file mode 100644
index 0000000..dc92b9c
--- /dev/null
+++ b/test/HiddenApiSignatures/Class2.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package mypackage.packagea;
+
+public class Class2 {
+ public int field1;
+
+ public void method1() {
+ }
+
+ public void method1(int i) {
+ }
+}
\ No newline at end of file
diff --git a/test/HiddenApiSignatures/Class3.java b/test/HiddenApiSignatures/Class3.java
new file mode 100644
index 0000000..fbf0407
--- /dev/null
+++ b/test/HiddenApiSignatures/Class3.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package mypackage.packageb;
+
+public class Class3 {
+ public int field1;
+
+ public void method1() {
+ }
+
+ public void method1(int i) {
+ }
+}
\ No newline at end of file