diff options
| author | 2025-02-18 15:19:48 +0000 | |
|---|---|---|
| committer | 2025-02-25 10:20:24 -0800 | |
| commit | 4fddbcf3da7baab7e4f1cc977459e65dd94cacf9 (patch) | |
| tree | e2ca674256f881f1371f66e1cc68a773774bf9bc | |
| parent | 8b75fafb8160d29e228e569bfeeeedf462f19899 (diff) | |
I18n isn't updatable, so don't treat it as a core platform component.
Exempt intra-core APIs that aren't already core platform (@SystemApi(client = MODULE_LIBRARIES)) as well - some of them are
de-facto used by core-icu4j.jar which is shipped in the platform. They
should be explicitly marked as module APIs, but leave that for later.
Test: atest art_standalone_libartbase_tests \
art_standalone_runtime_tests art_standalone_compiler_tests
Test: 674-hiddenapi with core platform API enforcement enabled
(https://r.android.com/3500993)
Bug: 377676642
Change-Id: Ife0e7f21a907a304c76c493645bd16c4a669b864
| -rw-r--r-- | libartbase/base/file_utils.cc | 5 | ||||
| -rw-r--r-- | libartbase/base/file_utils.h | 3 | ||||
| -rw-r--r-- | runtime/hidden_api.cc | 32 |
3 files changed, 30 insertions, 10 deletions
diff --git a/libartbase/base/file_utils.cc b/libartbase/base/file_utils.cc index 0b3811e5e4..2acebb9b4f 100644 --- a/libartbase/base/file_utils.cc +++ b/libartbase/base/file_utils.cc @@ -88,7 +88,6 @@ static constexpr const char* kAndroidExpandEnvVar = "ANDROID_EXPAND"; static constexpr const char* kAndroidExpandDefaultPath = "/mnt/expand"; static constexpr const char* kAndroidArtRootEnvVar = "ANDROID_ART_ROOT"; static constexpr const char* kAndroidConscryptRootEnvVar = "ANDROID_CONSCRYPT_ROOT"; -static constexpr const char* kAndroidI18nRootEnvVar = "ANDROID_I18N_ROOT"; static constexpr const char* kApexDefaultPath = "/apex/"; static constexpr const char* kArtApexDataEnvVar = "ART_APEX_DATA"; static constexpr const char* kBootImageStem = "boot"; @@ -855,10 +854,6 @@ bool LocationIsOnConscryptModule(std::string_view full_path) { return IsLocationOn(full_path, kAndroidConscryptRootEnvVar, kAndroidConscryptApexDefaultPath); } -bool LocationIsOnI18nModule(std::string_view full_path) { - return IsLocationOn(full_path, kAndroidI18nRootEnvVar, kAndroidI18nApexDefaultPath); -} - bool LocationIsOnApex(std::string_view full_path) { return full_path.starts_with(kApexDefaultPath); } diff --git a/libartbase/base/file_utils.h b/libartbase/base/file_utils.h index 7f52d03497..e8aa5f663a 100644 --- a/libartbase/base/file_utils.h +++ b/libartbase/base/file_utils.h @@ -197,9 +197,6 @@ bool LocationIsOnArtApexData(std::string_view location); // Return whether the location is on /apex/com.android.conscrypt bool LocationIsOnConscryptModule(std::string_view location); -// Return whether the location is on /apex/com.android.i18n -bool LocationIsOnI18nModule(std::string_view location); - // Return whether the location is on system (i.e. android root). bool LocationIsOnSystem(const std::string& location); diff --git a/runtime/hidden_api.cc b/runtime/hidden_api.cc index 0dc0b352f9..5c385e6b31 100644 --- a/runtime/hidden_api.cc +++ b/runtime/hidden_api.cc @@ -68,6 +68,26 @@ static const std::vector<std::string> kWarningExemptions = { "Lsun/misc/Unsafe;", }; +// Intra-core APIs that aren't also core platform APIs. These may be used by the +// non-updatable ICU module and hence are effectively de-facto core platform +// APIs. +// TODO(b/377676642): Fix API annotations and delete this. +static const std::vector<std::string> kCorePlatformApiExemptions = { + "Ldalvik/annotation/compat/VersionCodes;", + "Ldalvik/annotation/optimization/ReachabilitySensitive;", + "Ldalvik/system/BlockGuard/Policy;->onNetwork", + "Ljava/nio/charset/CharsetEncoder;-><init>(Ljava/nio/charset/Charset;FF[BZ)V", + "Ljava/security/spec/ECParameterSpec;->getCurveName", + "Ljava/security/spec/ECParameterSpec;->setCurveName", + "Llibcore/api/CorePlatformApi;", + "Llibcore/io/AsynchronousCloseMonitor;", + "Llibcore/util/NonNull;", + "Llibcore/util/Nullable;", + "Lsun/security/util/DerEncoder;", + "Lsun/security/x509/AlgorithmId;->derEncode", + "Lsun/security/x509/AlgorithmId;->get", +}; + static inline std::ostream& operator<<(std::ostream& os, AccessMethod value) { switch (value) { case AccessMethod::kCheck: @@ -134,8 +154,7 @@ static Domain DetermineDomainFromLocation(const std::string& dex_location, // These checks will be skipped on target buildbots where ANDROID_ART_ROOT // is set to "/system". if (ArtModuleRootDistinctFromAndroidRoot()) { - if (LocationIsOnArtModule(dex_location) || LocationIsOnConscryptModule(dex_location) || - LocationIsOnI18nModule(dex_location)) { + if (LocationIsOnArtModule(dex_location) || LocationIsOnConscryptModule(dex_location)) { return Domain::kCorePlatform; } @@ -835,6 +854,15 @@ bool ShouldDenyAccessToMember(T* member, // If this is a proxy method, look at the interface method instead. member = detail::GetInterfaceMemberIfProxy(member); + // Check for exemptions. + // TODO(b/377676642): Fix API annotations and delete this. + detail::MemberSignature member_signature(member); + if (member_signature.DoesPrefixMatchAny(kCorePlatformApiExemptions)) { + // Avoid re-examining the exemption list next time. + detail::MaybeUpdateAccessFlags(Runtime::Current(), member, kAccCorePlatformApi); + return false; + } + // Access checks are not disabled, report the violation. // This may also add kAccCorePlatformApi to the access flags of `member` // so as to not warn again on next access. |