Allow /data odex files to be already loaded when creating app zygotes.
Only allow odex files that don't have AOT or DEX code within.
Test: atest android.appsecurity.cts.UseEmbeddedDexTest
Bug: 179915231
Change-Id: I063c32ac6a9ffb36e908aa9861e275e35d7d23b6
diff --git a/runtime/oat_file_manager.cc b/runtime/oat_file_manager.cc
index 7a82899..74fe110 100644
--- a/runtime/oat_file_manager.cc
+++ b/runtime/oat_file_manager.cc
@@ -845,7 +845,14 @@
for (const std::unique_ptr<const OatFile>& oat_file : oat_files_) {
if (boot_set.find(oat_file.get()) == boot_set.end()) {
- CHECK(LocationIsOnSystem(oat_file->GetLocation().c_str())) << oat_file->GetLocation();
+ if (!LocationIsOnSystem(oat_file->GetLocation().c_str())) {
+ // When the file is not on system, we check whether the oat file has any
+ // AOT or DEX code. It is a fatal error if it has.
+ if (CompilerFilter::IsAotCompilationEnabled(oat_file->GetCompilerFilter()) ||
+ oat_file->ContainsDexCode()) {
+ LOG(FATAL) << "Executing untrusted code from " << oat_file->GetLocation();
+ }
+ }
}
}
only_use_system_oat_files_ = true;