diff options
| -rw-r--r-- | runtime/hidden_api.cc | 13 | ||||
| -rw-r--r-- | runtime/parsed_options.cc | 1 | ||||
| -rw-r--r-- | runtime/runtime.cc | 38 |
3 files changed, 42 insertions, 10 deletions
diff --git a/runtime/hidden_api.cc b/runtime/hidden_api.cc index dfa4cfb496..0474361f1c 100644 --- a/runtime/hidden_api.cc +++ b/runtime/hidden_api.cc @@ -68,11 +68,11 @@ static const std::vector<std::string> kWarningExemptions = { "Lsun/misc/Unsafe;", }; -// Intra-core APIs that aren't also core platform APIs. These may be used by the -// non-updatable ICU module and hence are effectively de-facto core platform -// APIs. // TODO(b/377676642): Fix API annotations and delete this. static const std::vector<std::string> kCorePlatformApiExemptions = { + // Intra-core APIs that aren't also core platform APIs. These may be used by + // the non-updatable ICU module and hence are effectively de-facto core + // platform APIs. "Ldalvik/annotation/compat/VersionCodes;", "Ldalvik/annotation/optimization/ReachabilitySensitive;", "Ldalvik/system/BlockGuard/Policy;->onNetwork", @@ -86,6 +86,13 @@ static const std::vector<std::string> kCorePlatformApiExemptions = { "Lsun/security/util/DerEncoder;", "Lsun/security/x509/AlgorithmId;->derEncode", "Lsun/security/x509/AlgorithmId;->get", + // These are new system module APIs that are accessed unflagged (cf. + // b/400041178 and b/400041556). + "Ldalvik/system/VMDebug;->setCurrentProcessName", + "Ldalvik/system/VMDebug;->addApplication", + "Ldalvik/system/VMDebug;->removeApplication", + "Ldalvik/system/VMDebug;->setUserId", + "Ldalvik/system/VMDebug;->setWaitingForDebugger", }; static inline std::ostream& operator<<(std::ostream& os, AccessMethod value) { diff --git a/runtime/parsed_options.cc b/runtime/parsed_options.cc index ab07ea0f02..d574f8e139 100644 --- a/runtime/parsed_options.cc +++ b/runtime/parsed_options.cc @@ -427,6 +427,7 @@ std::unique_ptr<RuntimeParser> ParsedOptions::MakeParser(bool ignore_unrecognize .WithValueMap(hiddenapi_policy_valuemap) .IntoKey(M::HiddenApiPolicy) .Define("-Xcore-platform-api-policy:_") + .WithHelp("Ignored for SDK level 36+.") .WithType<hiddenapi::EnforcementPolicy>() .WithValueMap(hiddenapi_policy_valuemap) .IntoKey(M::CorePlatformApiPolicy) diff --git a/runtime/runtime.cc b/runtime/runtime.cc index 23e06ab792..6f2822fda0 100644 --- a/runtime/runtime.cc +++ b/runtime/runtime.cc @@ -1725,13 +1725,37 @@ bool Runtime::Init(RuntimeArgumentMap&& runtime_options_in) { hidden_api_policy_ = runtime_options.GetOrDefault(Opt::HiddenApiPolicy); DCHECK_IMPLIES(is_zygote_, hidden_api_policy_ == hiddenapi::EnforcementPolicy::kDisabled); - // Set core platform API enforcement policy. The checks are disabled by default and - // can be enabled with a command line flag. AndroidRuntime will pass the flag if - // a system property is set. - core_platform_api_policy_ = runtime_options.GetOrDefault(Opt::CorePlatformApiPolicy); - if (core_platform_api_policy_ != hiddenapi::EnforcementPolicy::kDisabled) { - LOG(INFO) << "Core platform API reporting enabled, enforcing=" - << (core_platform_api_policy_ == hiddenapi::EnforcementPolicy::kEnabled ? "true" : "false"); + // Set core platform API enforcement policy. Always enabled if the platform + // SDK level is 36+, otherwise the checks are disabled by default and can be + // enabled with a command line flag. AndroidRuntime will pass the flag if a + // system property is set. + { + bool always_enable = false; +#ifdef ART_TARGET_ANDROID + int device_sdk_version = android_get_device_api_level(); + if (device_sdk_version >= 36) { + always_enable = true; + } else if (device_sdk_version == 35) { + std::string codename = + android::base::GetProperty("ro.build.version.codename", /*default_value=*/""); + always_enable = (codename == "Baklava"); + } +#endif + const char* reason; + if (always_enable) { + core_platform_api_policy_ = hiddenapi::EnforcementPolicy::kEnabled; + reason = "for Android 16+"; + } else { + core_platform_api_policy_ = runtime_options.GetOrDefault(Opt::CorePlatformApiPolicy); + reason = "by runtime option"; + } + if (core_platform_api_policy_ != hiddenapi::EnforcementPolicy::kDisabled) { + LOG(INFO) << "Core platform API " + << (core_platform_api_policy_ == hiddenapi::EnforcementPolicy::kEnabled + ? "enforcement" + : "reporting") + << " enabled " << reason; + } } // Dex2Oat's Runtime does not need the signal chain or the fault handler |