diff options
| author | 2025-03-03 22:45:53 +0000 | |
|---|---|---|
| committer | 2025-03-11 06:45:45 -0700 | |
| commit | a6a75dba00303a88642a1c57ad2ed390797adf47 (patch) | |
| tree | dd5f1d90603c59d953dd58a7aa9fe281ed7c56c0 /libartservice | |
| parent | 4b88637ae7a8fa459bcd3a22452770ec4858772f (diff) | |
Remove SDM status from dump.
The SDM status has two fields: sdm-status and sdm-signature.
sdm-status can actually be inferred from the compiler filter and the
compilation reason, as SDM files should contain special compilation
reasons.
sdm-signature is no longer necessary after we added install-time check
on SDM files, making SDM files with the wrong signature rejected.
This change essentially reverts https://r.android.com/3342909.
Bug: 377474232
Test: atest ArtServiceTests
Change-Id: I079f21715afd4039bb801d3c8b79ec8a49b3c687
Diffstat (limited to 'libartservice')
4 files changed, 13 insertions, 269 deletions
diff --git a/libartservice/service/java/com/android/server/art/ArtManagerLocal.java b/libartservice/service/java/com/android/server/art/ArtManagerLocal.java index d8a508eb4e..735da25fbb 100644 --- a/libartservice/service/java/com/android/server/art/ArtManagerLocal.java +++ b/libartservice/service/java/com/android/server/art/ArtManagerLocal.java @@ -1002,19 +1002,8 @@ public final class ArtManagerLocal { @RequiresApi(Build.VERSION_CODES.UPSIDE_DOWN_CAKE) public void dump( @NonNull PrintWriter pw, @NonNull PackageManagerLocal.FilteredSnapshot snapshot) { - dump(pw, snapshot, false /* verifySdmSignatures */); - } - - /** - * Same as above, but allows to specify options. - * - * @hide - */ - @RequiresApi(Build.VERSION_CODES.UPSIDE_DOWN_CAKE) - public void dump(@NonNull PrintWriter pw, - @NonNull PackageManagerLocal.FilteredSnapshot snapshot, boolean verifySdmSignatures) { try (var pin = mInjector.createArtdPin()) { - new DumpHelper(this, verifySdmSignatures).dump(pw, snapshot); + new DumpHelper(this).dump(pw, snapshot); } } @@ -1030,21 +1019,9 @@ public final class ArtManagerLocal { @RequiresApi(Build.VERSION_CODES.UPSIDE_DOWN_CAKE) public void dumpPackage(@NonNull PrintWriter pw, @NonNull PackageManagerLocal.FilteredSnapshot snapshot, @NonNull String packageName) { - dumpPackage(pw, snapshot, packageName, false /* verifySdmSignatures */); - } - - /** - * Same as above, but allows to specify options. - * - * @hide - */ - @RequiresApi(Build.VERSION_CODES.UPSIDE_DOWN_CAKE) - public void dumpPackage(@NonNull PrintWriter pw, - @NonNull PackageManagerLocal.FilteredSnapshot snapshot, @NonNull String packageName, - boolean verifySdmSignatures) { try (var pin = mInjector.createArtdPin()) { - new DumpHelper(this, verifySdmSignatures) - .dumpPackage(pw, snapshot, Utils.getPackageStateOrThrow(snapshot, packageName)); + new DumpHelper(this).dumpPackage( + pw, snapshot, Utils.getPackageStateOrThrow(snapshot, packageName)); } } diff --git a/libartservice/service/java/com/android/server/art/ArtShellCommand.java b/libartservice/service/java/com/android/server/art/ArtShellCommand.java index 0bbb6213d2..f83f5cf083 100644 --- a/libartservice/service/java/com/android/server/art/ArtShellCommand.java +++ b/libartservice/service/java/com/android/server/art/ArtShellCommand.java @@ -171,23 +171,11 @@ public final class ArtShellCommand extends BasicShellCommandHandler { return 0; } case "dump": { - boolean verifySdmSignatures = false; - - String opt; - while ((opt = getNextOption()) != null) { - switch (opt) { - case "--verify-sdm-signatures": - verifySdmSignatures = true; - break; - } - } - String packageName = getNextArg(); if (packageName != null) { - mInjector.getArtManagerLocal().dumpPackage( - pw, snapshot, packageName, verifySdmSignatures); + mInjector.getArtManagerLocal().dumpPackage(pw, snapshot, packageName); } else { - mInjector.getArtManagerLocal().dump(pw, snapshot, verifySdmSignatures); + mInjector.getArtManagerLocal().dump(pw, snapshot); } return 0; } @@ -1084,13 +1072,10 @@ public final class ArtShellCommand extends BasicShellCommandHandler { pw.println(" Cleanup obsolete files, such as dexopt artifacts that are outdated or"); pw.println(" correspond to dex container files that no longer exist."); pw.println(); - pw.println(" dump [--verify-sdm-signatures] [PACKAGE_NAME]"); + pw.println(" dump [PACKAGE_NAME]"); pw.println(" Dump the dexopt state in text format to stdout."); pw.println(" If PACKAGE_NAME is empty, the command is for all packages. Otherwise, it"); pw.println(" is for the given package."); - pw.println(" Options:"); - pw.println(" --verify-sdm-signatures Also verify SDM file signatures and include"); - pw.println(" their statuses."); pw.println(); pw.println(" dexopt-packages -r REASON"); pw.println(" Run batch dexopt for the given reason."); diff --git a/libartservice/service/java/com/android/server/art/DumpHelper.java b/libartservice/service/java/com/android/server/art/DumpHelper.java index 77cc37f4b3..9c3bb3f087 100644 --- a/libartservice/service/java/com/android/server/art/DumpHelper.java +++ b/libartservice/service/java/com/android/server/art/DumpHelper.java @@ -20,12 +20,7 @@ import static com.android.server.art.DexUseManagerLocal.CheckedSecondaryDexInfo; import static com.android.server.art.DexUseManagerLocal.DexLoader; import static com.android.server.art.model.DexoptStatus.DexContainerFileDexoptStatus; -import android.annotation.FlaggedApi; import android.annotation.NonNull; -import android.annotation.SuppressLint; -import android.content.pm.PackageManager; -import android.content.pm.SigningInfo; -import android.content.pm.SigningInfoException; import android.os.Build; import android.os.RemoteException; import android.os.ServiceSpecificException; @@ -39,7 +34,6 @@ import com.android.server.pm.pkg.PackageState; import dalvik.system.VMRuntime; -import java.io.File; import java.io.PrintWriter; import java.util.ArrayList; import java.util.Comparator; @@ -60,16 +54,14 @@ import java.util.stream.Collectors; @RequiresApi(Build.VERSION_CODES.UPSIDE_DOWN_CAKE) public class DumpHelper { @NonNull private final Injector mInjector; - private final boolean mVerifySdmSignatures; - public DumpHelper(@NonNull ArtManagerLocal artManagerLocal, boolean verifySdmSignatures) { - this(new Injector(artManagerLocal), verifySdmSignatures); + public DumpHelper(@NonNull ArtManagerLocal artManagerLocal) { + this(new Injector(artManagerLocal)); } @VisibleForTesting - public DumpHelper(@NonNull Injector injector, boolean verifySdmSignatures) { + public DumpHelper(@NonNull Injector injector) { mInjector = injector; - mVerifySdmSignatures = verifySdmSignatures; } /** Handles {@link ArtManagerLocal#dump(PrintWriter, PackageManagerLocal.FilteredSnapshot)}. */ @@ -205,9 +197,6 @@ public class DumpHelper { fileStatus.isPrimaryAbi() ? " [primary-abi]" : ""); ipw.increaseIndent(); ipw.printf("[location is %s]\n", fileStatus.getLocationDebugString()); - if (fileStatus.isPrimaryDex()) { - dumpSdmStatus(ipw, fileStatus.getDexContainerFile(), isa); - } ipw.decreaseIndent(); } } @@ -228,69 +217,6 @@ public class DumpHelper { } } - private void dumpSdmStatus( - @NonNull IndentingPrintWriter ipw, @NonNull String dexPath, @NonNull String isa) { - if (!android.content.pm.Flags.cloudCompilationPm()) { - return; - } - - String sdmPath = getSdmPath(dexPath, isa); - String status = ""; - String signature = "skipped"; - if (mInjector.fileExists(sdmPath)) { - // "Pending" means yet to be picked up by dexopt. For now, "pending" is the only status - // because SDM files are not supported yet. - status = "pending"; - // This operation is expensive, so hide it behind a flag. - if (mVerifySdmSignatures) { - signature = getSdmSignatureStatus(dexPath, sdmPath); - } - } - if (!status.isEmpty()) { - ipw.printf("sdm: [sdm-status=%s] [sdm-signature=%s]\n", status, signature); - } - } - - // The new API usage is safe because it's guarded by a flag. The "NewApi" lint is wrong because - // it's meaningless (b/380891026). We have to work around the lint error because there is no - // `isAtLeastB` to check yet. - // TODO(jiakaiz): Remove this workaround, change @FlaggedApi to @RequiresApi here, and check - // `isAtLeastB` at the call site after B SDK is finalized. - @FlaggedApi(android.content.pm.Flags.FLAG_CLOUD_COMPILATION_PM) - @SuppressLint("NewApi") - @NonNull - private String getSdmSignatureStatus(@NonNull String dexPath, @NonNull String sdmPath) { - SigningInfo sdmSigningInfo; - try { - sdmSigningInfo = - mInjector.getVerifiedSigningInfo(sdmPath, SigningInfo.VERSION_SIGNING_BLOCK_V3); - } catch (SigningInfoException e) { - AsLog.w("Failed to verify SDM signature", e); - return "invalid-sdm-signature"; - } - - SigningInfo apkSigningInfo; - try { - apkSigningInfo = - mInjector.getVerifiedSigningInfo(dexPath, SigningInfo.VERSION_SIGNING_BLOCK_V3); - } catch (SigningInfoException e) { - AsLog.w("Failed to verify SDM signature", e); - return "invalid-apk-signature"; - } - - if (!sdmSigningInfo.signersMatchExactly(apkSigningInfo)) { - return "mismatched-signers"; - } - - return "verified"; - } - - @NonNull - private static String getSdmPath(@NonNull String dexPath, @NonNull String isa) { - return Utils.replaceFileExtension( - dexPath, "." + isa + ArtConstants.SECURE_DEX_METADATA_FILE_EXT); - } - @NonNull private String getLoaderState( @NonNull PackageManagerLocal.FilteredSnapshot snapshot, @NonNull DexLoader loader) { @@ -326,18 +252,5 @@ public class DumpHelper { public DexUseManagerLocal getDexUseManager() { return GlobalInjector.getInstance().getDexUseManager(); } - - public boolean fileExists(@NonNull String path) { - return new File(path).exists(); - } - - // TODO(jiakaiz): See another comment about "NewApi" above. - @FlaggedApi(android.content.pm.Flags.FLAG_CLOUD_COMPILATION_PM) - @SuppressLint("NewApi") - @NonNull - public SigningInfo getVerifiedSigningInfo( - @NonNull String path, int minAppSigningSchemeVersion) throws SigningInfoException { - return PackageManager.getVerifiedSigningInfo(path, minAppSigningSchemeVersion); - } } } diff --git a/libartservice/service/javatests/com/android/server/art/DumpHelperTest.java b/libartservice/service/javatests/com/android/server/art/DumpHelperTest.java index 9dbecaf49c..55224b93f7 100644 --- a/libartservice/service/javatests/com/android/server/art/DumpHelperTest.java +++ b/libartservice/service/javatests/com/android/server/art/DumpHelperTest.java @@ -24,19 +24,12 @@ import static com.android.server.art.model.DexoptStatus.DexContainerFileDexoptSt import static com.google.common.truth.Truth.assertThat; import static org.mockito.Mockito.any; -import static org.mockito.Mockito.anyInt; import static org.mockito.Mockito.argThat; -import static org.mockito.Mockito.doReturn; -import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.eq; import static org.mockito.Mockito.lenient; import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; import android.annotation.NonNull; -import android.annotation.SuppressLint; -import android.content.pm.SigningInfo; -import android.content.pm.SigningInfoException; import android.os.SystemProperties; import androidx.test.filters.SmallTest; @@ -77,8 +70,8 @@ public class DumpHelperTest { @Mock private ArtManagerLocal mArtManagerLocal; @Mock private DexUseManagerLocal mDexUseManagerLocal; @Mock private PackageManagerLocal.FilteredSnapshot mSnapshot; - @Mock private SigningInfo mSigningInfoA; - @Mock private SigningInfo mSigningInfoB; + + private DumpHelper mDumpHelper; @Before public void setUp() throws Exception { @@ -106,10 +99,7 @@ public class DumpHelperTest { setUpForBar(); setUpForSdk(); - lenient().when(mSigningInfoA.signersMatchExactly(mSigningInfoA)).thenReturn(true); - lenient().when(mSigningInfoA.signersMatchExactly(mSigningInfoB)).thenReturn(false); - lenient().when(mSigningInfoB.signersMatchExactly(mSigningInfoB)).thenReturn(true); - lenient().when(mSigningInfoB.signersMatchExactly(mSigningInfoA)).thenReturn(false); + mDumpHelper = new DumpHelper(mInjector); } @Test @@ -157,122 +147,10 @@ public class DumpHelperTest { + "Current GC: CollectorTypeCMC\n"; var stringWriter = new StringWriter(); - createDumpHelper(false /* verifySdmSignatures */) - .dump(new PrintWriter(stringWriter), mSnapshot); + mDumpHelper.dump(new PrintWriter(stringWriter), mSnapshot); assertThat(stringWriter.toString()).isEqualTo(expected); } - @Test - public void testDumpSdmStatusNotFound() throws Exception { - when(mInjector.fileExists(any())).thenReturn(false); - - var stringWriter = new StringWriter(); - createDumpHelper(true /* verifySdmSignatures */) - .dumpPackage( - new PrintWriter(stringWriter), mSnapshot, getPackageState(PKG_NAME_BAR)); - assertThat(stringWriter.toString()).doesNotContain("sdm:"); - } - - @Test - public void testDumpSdmStatusInvalidSdmSignature() throws Exception { - doReturn(false).when(mInjector).fileExists("/somewhere/app/bar/base.arm.sdm"); - doReturn(true).when(mInjector).fileExists("/somewhere/app/bar/base.arm64.sdm"); - when(mInjector.getVerifiedSigningInfo(eq("/somewhere/app/bar/base.arm64.sdm"), anyInt())) - .thenThrow(SigningInfoException.class); - - var stringWriter = new StringWriter(); - createDumpHelper(true /* verifySdmSignatures */) - .dumpPackage( - new PrintWriter(stringWriter), mSnapshot, getPackageState(PKG_NAME_BAR)); - assertThat(stringWriter.toString()) - .contains("sdm: [sdm-status=pending] [sdm-signature=invalid-sdm-signature]"); - } - - @Test - public void testDumpSdmStatusInvalidApkSignature() throws Exception { - doReturn(false).when(mInjector).fileExists("/somewhere/app/bar/base.arm.sdm"); - doReturn(true).when(mInjector).fileExists("/somewhere/app/bar/base.arm64.sdm"); - doReturn(mSigningInfoA) - .when(mInjector) - .getVerifiedSigningInfo(eq("/somewhere/app/bar/base.arm64.sdm"), anyInt()); - doThrow(SigningInfoException.class) - .when(mInjector) - .getVerifiedSigningInfo(eq("/somewhere/app/bar/base.apk"), anyInt()); - - var stringWriter = new StringWriter(); - createDumpHelper(true /* verifySdmSignatures */) - .dumpPackage( - new PrintWriter(stringWriter), mSnapshot, getPackageState(PKG_NAME_BAR)); - assertThat(stringWriter.toString()) - .contains("sdm: [sdm-status=pending] [sdm-signature=invalid-apk-signature]"); - } - - @Test - public void testDumpSdmStatusSignersNotMatch() throws Exception { - doReturn(false).when(mInjector).fileExists("/somewhere/app/bar/base.arm.sdm"); - doReturn(true).when(mInjector).fileExists("/somewhere/app/bar/base.arm64.sdm"); - doReturn(mSigningInfoA) - .when(mInjector) - .getVerifiedSigningInfo(eq("/somewhere/app/bar/base.arm64.sdm"), anyInt()); - doReturn(mSigningInfoB) - .when(mInjector) - .getVerifiedSigningInfo(eq("/somewhere/app/bar/base.apk"), anyInt()); - - var stringWriter = new StringWriter(); - createDumpHelper(true /* verifySdmSignatures */) - .dumpPackage( - new PrintWriter(stringWriter), mSnapshot, getPackageState(PKG_NAME_BAR)); - assertThat(stringWriter.toString()) - .contains("sdm: [sdm-status=pending] [sdm-signature=mismatched-signers]"); - } - - @Test - public void testDumpSdmStatusVerified() throws Exception { - doReturn(false).when(mInjector).fileExists("/somewhere/app/bar/base.arm.sdm"); - doReturn(true).when(mInjector).fileExists("/somewhere/app/bar/base.arm64.sdm"); - doReturn(mSigningInfoA) - .when(mInjector) - .getVerifiedSigningInfo(eq("/somewhere/app/bar/base.arm64.sdm"), anyInt()); - doReturn(mSigningInfoA) - .when(mInjector) - .getVerifiedSigningInfo(eq("/somewhere/app/bar/base.apk"), anyInt()); - - var stringWriter = new StringWriter(); - createDumpHelper(true /* verifySdmSignatures */) - .dumpPackage( - new PrintWriter(stringWriter), mSnapshot, getPackageState(PKG_NAME_BAR)); - assertThat(stringWriter.toString()) - .containsMatch(" \\Qpath: /somewhere/app/bar/base.apk\\E\n" - + " arm:.*\n" - + " .*\n" - + " arm64:.*\n" - + " .*\n" - + " \\Qsdm: [sdm-status=pending] " - + "[sdm-signature=verified]\\E\n"); - } - - @Test - public void testDumpSdmStatusMultiArch() throws Exception { - doReturn(true).when(mInjector).fileExists("/somewhere/app/bar/base.arm.sdm"); - doReturn(true).when(mInjector).fileExists("/somewhere/app/bar/base.arm64.sdm"); - doReturn(mSigningInfoA).when(mInjector).getVerifiedSigningInfo(any(), anyInt()); - - var stringWriter = new StringWriter(); - createDumpHelper(true /* verifySdmSignatures */) - .dumpPackage( - new PrintWriter(stringWriter), mSnapshot, getPackageState(PKG_NAME_BAR)); - assertThat(stringWriter.toString()) - .containsMatch(" \\Qpath: /somewhere/app/bar/base.apk\\E\n" - + " arm:.*\n" - + " .*\n" - + " \\Qsdm: [sdm-status=pending] " - + "[sdm-signature=verified]\\E\n" - + " arm64:.*\n" - + " .*\n" - + " \\Qsdm: [sdm-status=pending] " - + "[sdm-signature=verified]\\E\n"); - } - private PackageState createPackageState(@NonNull String packageName, int appId, boolean isApex, boolean hasPackage, @NonNull String primaryAbi, @NonNull String secondaryAbi) { var pkgState = mock(PackageState.class); @@ -440,13 +318,4 @@ public class DumpHelperTest { PKG_NAME_SDK, "/somewhere/app/sdk/base.apk")) .thenReturn(Set.of()); } - - @SuppressLint("DirectInvocationOnMock") - private PackageState getPackageState(String packageName) { - return mSnapshot.getPackageState(packageName); - } - - private DumpHelper createDumpHelper(boolean verifySdmSignatures) { - return new DumpHelper(mInjector, verifySdmSignatures); - } } |