Revert "Revert "Allow hidden API access from system libraries""
Libraries like RemoteDisplay provide an APK that an app loads into
its process and which accesses internal APIs on the app's behalf,
without exposing the internals to the app. These libraries are
considered part of the platform, but were not exempt from hidden API
checks because they are not loaded with the boot strap class loader.
This patch adds a new flag to DexFile class which the constructor
sets to true of the canonical location of the newly loaded dex file
starts with "${ANDROID_ROOT}/framework/". Hidden API enforcement
then checks this flag when determining whether the caller of
a hidden class member is allowed to access it or not.
This reverts commit 0127b71a2588efcd1a53c192c5c267157878b010.
Previous CL saw two issues:
- buildbots would set non-existent ANDROID_ROOT for host-side builds
- calling realpath on unquickened dex files would overflow the stack
Bug: 64382372
Bug: 76138670
Bug: 76165623
Bug: 76112393
Bug: 76452688
Bug: 76429651
Test: art/test.py --target -r -b -t 674-hiddenapi
Test: SystemUI APCT test
Change-Id: Ie07a088509002593353965d3d24bf7362b643f40
diff --git a/runtime/dex/art_dex_file_loader.cc b/runtime/dex/art_dex_file_loader.cc
index 9802c69..f3e6a69 100644
--- a/runtime/dex/art_dex_file_loader.cc
+++ b/runtime/dex/art_dex_file_loader.cc
@@ -22,6 +22,7 @@
#include "android-base/stringprintf.h"
#include "base/file_magic.h"
+#include "base/file_utils.h"
#include "base/stl_util.h"
#include "base/systrace.h"
#include "base/unix_file/fd_file.h"
@@ -505,4 +506,39 @@
}
}
+std::unique_ptr<DexFile> ArtDexFileLoader::OpenCommon(const uint8_t* base,
+ size_t size,
+ const uint8_t* data_base,
+ size_t data_size,
+ const std::string& location,
+ uint32_t location_checksum,
+ const OatDexFile* oat_dex_file,
+ bool verify,
+ bool verify_checksum,
+ std::string* error_msg,
+ std::unique_ptr<DexFileContainer> container,
+ VerifyResult* verify_result) {
+ std::unique_ptr<DexFile> dex_file = DexFileLoader::OpenCommon(base,
+ size,
+ data_base,
+ data_size,
+ location,
+ location_checksum,
+ oat_dex_file,
+ verify,
+ verify_checksum,
+ error_msg,
+ std::move(container),
+ verify_result);
+
+ // Check if this dex file is located in the framework directory.
+ // If it is, set a flag on the dex file. This is used by hidden API
+ // policy decision logic.
+ if (dex_file != nullptr && LocationIsOnSystemFramework(location.c_str())) {
+ dex_file->SetIsPlatformDexFile();
+ }
+
+ return dex_file;
+}
+
} // namespace art