diff options
| author | 2018-03-22 16:27:18 +0000 | |
|---|---|---|
| committer | 2018-03-26 08:05:33 +0000 | |
| commit | eefabd28c21e6ae02ca05e97bd22f9e23cbf98a5 (patch) | |
| tree | 58e4c2635e0d5682c3385bed639664ccfdd44f6a /runtime/native/java_lang_Class.cc | |
| parent | e8a4e378c5a928d5de07bee6db99150a57dabcd8 (diff) | |
Allow hidden API access from system libraries
Libraries like RemoteDisplay provide an APK that an app loads into
its process and which accesses internal APIs on the app's behalf,
without exposing the internals to the app. These libraries are
considered part of the platform, but were not exempt from hidden API
checks because they are not loaded with the boot strap class loader.
This patch adds a new flag to DexFile class which the constructor
sets to true of the canonical location of the newly loaded dex file
starts with "${ANDROID_ROOT}/framework/". Hidden API enforcement
then checks this flag when determining whether the caller of
a hidden class member is allowed to access it or not.
Bug: 64382372
Bug: 76138670
Bug: 76165623
Bug: 76112393
Test: art_dex_file_loader_test gtest
Test: art/test.py --gtest
Change-Id: If062bd668d7ba494bbb7b828e40932748d173b9a
Diffstat (limited to 'runtime/native/java_lang_Class.cc')
| -rw-r--r-- | runtime/native/java_lang_Class.cc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/runtime/native/java_lang_Class.cc b/runtime/native/java_lang_Class.cc index fc61c9597e..ad05856eaf 100644 --- a/runtime/native/java_lang_Class.cc +++ b/runtime/native/java_lang_Class.cc @@ -49,8 +49,8 @@ namespace art { -// Returns true if the first non-ClassClass caller up the stack is in boot class path. -static bool IsCallerInBootClassPath(Thread* self) REQUIRES_SHARED(Locks::mutator_lock_) { +// Returns true if the first non-ClassClass caller up the stack is in a platform dex file. +static bool IsCallerInPlatformDex(Thread* self) REQUIRES_SHARED(Locks::mutator_lock_) { // Walk the stack and find the first frame not from java.lang.Class. // This is very expensive. Save this till the last. struct FirstNonClassClassCallerVisitor : public StackVisitor { @@ -82,7 +82,7 @@ static bool IsCallerInBootClassPath(Thread* self) REQUIRES_SHARED(Locks::mutator FirstNonClassClassCallerVisitor visitor(self); visitor.WalkStack(); return visitor.caller != nullptr && - visitor.caller->GetDeclaringClass()->IsBootStrapClassLoaded(); + hiddenapi::IsCallerInPlatformDex(visitor.caller->GetDeclaringClass()); } // Returns true if the first non-ClassClass caller up the stack is not allowed to @@ -90,7 +90,7 @@ static bool IsCallerInBootClassPath(Thread* self) REQUIRES_SHARED(Locks::mutator ALWAYS_INLINE static bool ShouldEnforceHiddenApi(Thread* self) REQUIRES_SHARED(Locks::mutator_lock_) { hiddenapi::EnforcementPolicy policy = Runtime::Current()->GetHiddenApiEnforcementPolicy(); - return policy != hiddenapi::EnforcementPolicy::kNoChecks && !IsCallerInBootClassPath(self); + return policy != hiddenapi::EnforcementPolicy::kNoChecks && !IsCallerInPlatformDex(self); } // Returns true if the first non-ClassClass caller up the stack should not be @@ -99,7 +99,7 @@ template<typename T> ALWAYS_INLINE static bool ShouldBlockAccessToMember(T* member, Thread* self) REQUIRES_SHARED(Locks::mutator_lock_) { return hiddenapi::ShouldBlockAccessToMember( - member, self, IsCallerInBootClassPath, hiddenapi::kReflection); + member, self, IsCallerInPlatformDex, hiddenapi::kReflection); } // Returns true if a class member should be discoverable with reflection given |