diff options
31 files changed, 1091 insertions, 134 deletions
diff --git a/build/Android.gtest.mk b/build/Android.gtest.mk index 8681642c0e..b342abe17c 100644 --- a/build/Android.gtest.mk +++ b/build/Android.gtest.mk @@ -37,6 +37,7 @@ GTEST_DEX_DIRECTORIES := \ ExceptionHandle \ GetMethodSignature \ HiddenApi \ + HiddenApiSignatures \ ImageLayoutA \ ImageLayoutB \ IMTA \ @@ -160,6 +161,7 @@ ART_GTEST_dex2oat_test_DEX_DEPS := $(ART_GTEST_dex2oat_environment_tests_DEX_DEP ART_GTEST_dex2oat_image_test_DEX_DEPS := $(ART_GTEST_dex2oat_environment_tests_DEX_DEPS) Statics VerifierDeps ART_GTEST_exception_test_DEX_DEPS := ExceptionHandle ART_GTEST_hiddenapi_test_DEX_DEPS := HiddenApi +ART_GTEST_hidden_api_test_DEX_DEPS := HiddenApiSignatures ART_GTEST_image_test_DEX_DEPS := ImageLayoutA ImageLayoutB DefaultMethods ART_GTEST_imtable_test_DEX_DEPS := IMTA IMTB ART_GTEST_instrumentation_test_DEX_DEPS := Instrumentation diff --git a/libdexfile/dex/hidden_api_access_flags.h b/libdexfile/dex/hidden_api_access_flags.h index 441b3c14b5..b62d044c6a 100644 --- a/libdexfile/dex/hidden_api_access_flags.h +++ b/libdexfile/dex/hidden_api_access_flags.h @@ -18,6 +18,7 @@ #define ART_LIBDEXFILE_DEX_HIDDEN_API_ACCESS_FLAGS_H_ #include "base/bit_utils.h" +#include "base/macros.h" #include "dex/modifiers.h" namespace art { diff --git a/openjdkjvmti/ti_stack.cc b/openjdkjvmti/ti_stack.cc index 41a649b5e3..4526be4cbe 100644 --- a/openjdkjvmti/ti_stack.cc +++ b/openjdkjvmti/ti_stack.cc @@ -925,7 +925,9 @@ static jvmtiError GetOwnedMonitorInfoCommon(const art::ScopedObjectAccessAlready if (target != self) { called_method = true; // RequestSynchronousCheckpoint releases the thread_list_lock_ as a part of its execution. - if (!target->RequestSynchronousCheckpoint(&closure)) { + // Since this deals with object references we need to avoid going to sleep. + art::ScopedAssertNoThreadSuspension sants("Getting owned monitor usage"); + if (!target->RequestSynchronousCheckpoint(&closure, art::ThreadState::kRunnable)) { return ERR(THREAD_NOT_ALIVE); } } else { diff --git a/runtime/Android.bp b/runtime/Android.bp index 51fbb2ef30..c0f1c366b8 100644 --- a/runtime/Android.bp +++ b/runtime/Android.bp @@ -87,6 +87,7 @@ cc_defaults { "gc/space/zygote_space.cc", "gc/task_processor.cc", "gc/verification.cc", + "hidden_api.cc", "hprof/hprof.cc", "image.cc", "index_bss_mapping.cc", @@ -572,6 +573,7 @@ art_cc_test { "gc/task_processor_test.cc", "gtest_test.cc", "handle_scope_test.cc", + "hidden_api_test.cc", "imtable_test.cc", "indenter_test.cc", "indirect_reference_table_test.cc", diff --git a/runtime/class_linker.cc b/runtime/class_linker.cc index 6229822068..879301c4a0 100644 --- a/runtime/class_linker.cc +++ b/runtime/class_linker.cc @@ -72,6 +72,7 @@ #include "gc/space/space-inl.h" #include "gc_root-inl.h" #include "handle_scope-inl.h" +#include "hidden_api.h" #include "image-inl.h" #include "imt_conflict_table.h" #include "imtable-inl.h" diff --git a/runtime/gc/collector/concurrent_copying.cc b/runtime/gc/collector/concurrent_copying.cc index b10c504dd5..81e86d4b8d 100644 --- a/runtime/gc/collector/concurrent_copying.cc +++ b/runtime/gc/collector/concurrent_copying.cc @@ -2356,14 +2356,13 @@ mirror::Object* ConcurrentCopying::Copy(mirror::Object* from_ref, size_t non_moving_space_bytes_allocated = 0U; size_t bytes_allocated = 0U; size_t dummy; + bool fall_back_to_non_moving = false; mirror::Object* to_ref = region_space_->AllocNonvirtual</*kForEvac*/ true>( region_space_alloc_size, ®ion_space_bytes_allocated, nullptr, &dummy); bytes_allocated = region_space_bytes_allocated; - if (to_ref != nullptr) { + if (LIKELY(to_ref != nullptr)) { DCHECK_EQ(region_space_alloc_size, region_space_bytes_allocated); - } - bool fall_back_to_non_moving = false; - if (UNLIKELY(to_ref == nullptr)) { + } else { // Failed to allocate in the region space. Try the skipped blocks. to_ref = AllocateInSkippedBlock(region_space_alloc_size); if (to_ref != nullptr) { @@ -2373,6 +2372,9 @@ mirror::Object* ConcurrentCopying::Copy(mirror::Object* from_ref, region_space_->RecordAlloc(to_ref); } bytes_allocated = region_space_alloc_size; + heap_->num_bytes_allocated_.fetch_sub(bytes_allocated, std::memory_order_seq_cst); + to_space_bytes_skipped_.fetch_sub(bytes_allocated, std::memory_order_seq_cst); + to_space_objects_skipped_.fetch_sub(1, std::memory_order_seq_cst); } else { // Fall back to the non-moving space. fall_back_to_non_moving = true; @@ -2381,7 +2383,6 @@ mirror::Object* ConcurrentCopying::Copy(mirror::Object* from_ref, << to_space_bytes_skipped_.LoadSequentiallyConsistent() << " skipped_objects=" << to_space_objects_skipped_.LoadSequentiallyConsistent(); } - fall_back_to_non_moving = true; to_ref = heap_->non_moving_space_->Alloc(Thread::Current(), obj_size, &non_moving_space_bytes_allocated, nullptr, &dummy); if (UNLIKELY(to_ref == nullptr)) { diff --git a/runtime/hidden_api.cc b/runtime/hidden_api.cc new file mode 100644 index 0000000000..f0b36a090a --- /dev/null +++ b/runtime/hidden_api.cc @@ -0,0 +1,172 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "hidden_api.h" + +#include "base/dumpable.h" + +namespace art { +namespace hiddenapi { + +static inline std::ostream& operator<<(std::ostream& os, AccessMethod value) { + switch (value) { + case kReflection: + os << "reflection"; + break; + case kJNI: + os << "JNI"; + break; + case kLinking: + os << "linking"; + break; + } + return os; +} + +static constexpr bool EnumsEqual(EnforcementPolicy policy, HiddenApiAccessFlags::ApiList apiList) { + return static_cast<int>(policy) == static_cast<int>(apiList); +} + +// GetMemberAction-related static_asserts. +static_assert( + EnumsEqual(EnforcementPolicy::kAllLists, HiddenApiAccessFlags::kLightGreylist) && + EnumsEqual(EnforcementPolicy::kDarkGreyAndBlackList, HiddenApiAccessFlags::kDarkGreylist) && + EnumsEqual(EnforcementPolicy::kBlacklistOnly, HiddenApiAccessFlags::kBlacklist), + "Mismatch between EnforcementPolicy and ApiList enums"); +static_assert( + EnforcementPolicy::kAllLists < EnforcementPolicy::kDarkGreyAndBlackList && + EnforcementPolicy::kDarkGreyAndBlackList < EnforcementPolicy::kBlacklistOnly, + "EnforcementPolicy values ordering not correct"); + +namespace detail { + +MemberSignature::MemberSignature(ArtField* field) { + member_type_ = "field"; + signature_parts_ = { + field->GetDeclaringClass()->GetDescriptor(&tmp_), + "->", + field->GetName(), + ":", + field->GetTypeDescriptor() + }; +} + +MemberSignature::MemberSignature(ArtMethod* method) { + member_type_ = "method"; + signature_parts_ = { + method->GetDeclaringClass()->GetDescriptor(&tmp_), + "->", + method->GetName(), + method->GetSignature().ToString() + }; +} + +bool MemberSignature::DoesPrefixMatch(const std::string& prefix) const { + size_t pos = 0; + for (const std::string& part : signature_parts_) { + size_t count = std::min(prefix.length() - pos, part.length()); + if (prefix.compare(pos, count, part, 0, count) == 0) { + pos += count; + } else { + return false; + } + } + // We have a complete match if all parts match (we exit the loop without + // returning) AND we've matched the whole prefix. + return pos == prefix.length(); +} + +bool MemberSignature::IsExempted(const std::vector<std::string>& exemptions) { + for (const std::string& exemption : exemptions) { + if (DoesPrefixMatch(exemption)) { + return true; + } + } + return false; +} + +void MemberSignature::Dump(std::ostream& os) const { + for (std::string part : signature_parts_) { + os << part; + } +} + +void MemberSignature::WarnAboutAccess(AccessMethod access_method, + HiddenApiAccessFlags::ApiList list) { + LOG(WARNING) << "Accessing hidden " << member_type_ << " " << Dumpable<MemberSignature>(*this) + << " (" << list << ", " << access_method << ")"; +} + +template<typename T> +bool ShouldBlockAccessToMemberImpl(T* member, Action action, AccessMethod access_method) { + // Get the signature, we need it later. + MemberSignature member_signature(member); + + Runtime* runtime = Runtime::Current(); + + if (action == kDeny) { + // If we were about to deny, check for an exemption first. + // Exempted APIs are treated as light grey list. + if (member_signature.IsExempted(runtime->GetHiddenApiExemptions())) { + action = kAllowButWarn; + // Avoid re-examining the exemption list next time. + // Note this results in the warning below showing "light greylist", which + // seems like what one would expect. Exemptions effectively add new members to + // the light greylist. + member->SetAccessFlags(HiddenApiAccessFlags::EncodeForRuntime( + member->GetAccessFlags(), HiddenApiAccessFlags::kLightGreylist)); + } + } + + // Print a log message with information about this class member access. + // We do this regardless of whether we block the access or not. + member_signature.WarnAboutAccess(access_method, + HiddenApiAccessFlags::DecodeFromRuntime(member->GetAccessFlags())); + + if (action == kDeny) { + // Block access + return true; + } + + // Allow access to this member but print a warning. + DCHECK(action == kAllowButWarn || action == kAllowButWarnAndToast); + + // Depending on a runtime flag, we might move the member into whitelist and + // skip the warning the next time the member is accessed. + if (runtime->ShouldDedupeHiddenApiWarnings()) { + member->SetAccessFlags(HiddenApiAccessFlags::EncodeForRuntime( + member->GetAccessFlags(), HiddenApiAccessFlags::kWhitelist)); + } + + // If this action requires a UI warning, set the appropriate flag. + if (action == kAllowButWarnAndToast || runtime->ShouldAlwaysSetHiddenApiWarningFlag()) { + runtime->SetPendingHiddenApiWarning(true); + } + + return false; +} + +// Need to instantiate this. +template bool ShouldBlockAccessToMemberImpl<ArtField>(ArtField* member, + Action action, + AccessMethod access_method); +template bool ShouldBlockAccessToMemberImpl<ArtMethod>(ArtMethod* member, + Action action, + AccessMethod access_method); + +} // namespace detail +} // namespace hiddenapi +} // namespace art diff --git a/runtime/hidden_api.h b/runtime/hidden_api.h index dbe776e050..cc6c146f00 100644 --- a/runtime/hidden_api.h +++ b/runtime/hidden_api.h @@ -19,6 +19,7 @@ #include "art_field-inl.h" #include "art_method-inl.h" +#include "base/mutex.h" #include "dex/hidden_api_access_flags.h" #include "mirror/class-inl.h" #include "reflection.h" @@ -57,25 +58,6 @@ enum AccessMethod { kLinking, }; -inline std::ostream& operator<<(std::ostream& os, AccessMethod value) { - switch (value) { - case kReflection: - os << "reflection"; - break; - case kJNI: - os << "JNI"; - break; - case kLinking: - os << "linking"; - break; - } - return os; -} - -static constexpr bool EnumsEqual(EnforcementPolicy policy, HiddenApiAccessFlags::ApiList apiList) { - return static_cast<int>(policy) == static_cast<int>(apiList); -} - inline Action GetMemberAction(uint32_t access_flags) { EnforcementPolicy policy = Runtime::Current()->GetHiddenApiEnforcementPolicy(); if (policy == EnforcementPolicy::kNoChecks) { @@ -88,16 +70,7 @@ inline Action GetMemberAction(uint32_t access_flags) { return kAllow; } // The logic below relies on equality of values in the enums EnforcementPolicy and - // HiddenApiAccessFlags::ApiList, and their ordering. Assert that this is as expected. - static_assert( - EnumsEqual(EnforcementPolicy::kAllLists, HiddenApiAccessFlags::kLightGreylist) && - EnumsEqual(EnforcementPolicy::kDarkGreyAndBlackList, HiddenApiAccessFlags::kDarkGreylist) && - EnumsEqual(EnforcementPolicy::kBlacklistOnly, HiddenApiAccessFlags::kBlacklist), - "Mismatch between EnforcementPolicy and ApiList enums"); - static_assert( - EnforcementPolicy::kAllLists < EnforcementPolicy::kDarkGreyAndBlackList && - EnforcementPolicy::kDarkGreyAndBlackList < EnforcementPolicy::kBlacklistOnly, - "EnforcementPolicy values ordering not correct"); + // HiddenApiAccessFlags::ApiList, and their ordering. Assertions are in hidden_api.cc. if (static_cast<int>(policy) > static_cast<int>(api_list)) { return api_list == HiddenApiAccessFlags::kDarkGreylist ? kAllowButWarnAndToast @@ -107,28 +80,57 @@ inline Action GetMemberAction(uint32_t access_flags) { } } -// Issue a warning about field access. -inline void WarnAboutMemberAccess(ArtField* field, AccessMethod access_method) - REQUIRES_SHARED(Locks::mutator_lock_) { - std::string tmp; - LOG(WARNING) << "Accessing hidden field " - << field->GetDeclaringClass()->GetDescriptor(&tmp) << "->" - << field->GetName() << ":" << field->GetTypeDescriptor() - << " (" << HiddenApiAccessFlags::DecodeFromRuntime(field->GetAccessFlags()) - << ", " << access_method << ")"; -} +// Implementation details. DO NOT ACCESS DIRECTLY. +namespace detail { + +// Class to encapsulate the signature of a member (ArtField or ArtMethod). This +// is used as a helper when matching prefixes, and when logging the signature. +class MemberSignature { + private: + std::string member_type_; + std::vector<std::string> signature_parts_; + std::string tmp_; + + public: + explicit MemberSignature(ArtField* field) REQUIRES_SHARED(Locks::mutator_lock_); + explicit MemberSignature(ArtMethod* method) REQUIRES_SHARED(Locks::mutator_lock_); + + void Dump(std::ostream& os) const; + + // Performs prefix match on this member. Since the full member signature is + // composed of several parts, we match each part in turn (rather than + // building the entire thing in memory and performing a simple prefix match) + bool DoesPrefixMatch(const std::string& prefix) const; + + bool IsExempted(const std::vector<std::string>& exemptions); + + void WarnAboutAccess(AccessMethod access_method, HiddenApiAccessFlags::ApiList list); +}; -// Issue a warning about method access. -inline void WarnAboutMemberAccess(ArtMethod* method, AccessMethod access_method) +template<typename T> +bool ShouldBlockAccessToMemberImpl(T* member, + Action action, + AccessMethod access_method) + REQUIRES_SHARED(Locks::mutator_lock_); + +// Returns true if the caller is either loaded by the boot strap class loader or comes from +// a dex file located in ${ANDROID_ROOT}/framework/. +ALWAYS_INLINE +inline bool IsCallerInPlatformDex(ObjPtr<mirror::ClassLoader> caller_class_loader, + ObjPtr<mirror::DexCache> caller_dex_cache) REQUIRES_SHARED(Locks::mutator_lock_) { - std::string tmp; - LOG(WARNING) << "Accessing hidden method " - << method->GetDeclaringClass()->GetDescriptor(&tmp) << "->" - << method->GetName() << method->GetSignature().ToString() - << " (" << HiddenApiAccessFlags::DecodeFromRuntime(method->GetAccessFlags()) - << ", " << access_method << ")"; + if (caller_class_loader.IsNull()) { + return true; + } else if (caller_dex_cache.IsNull()) { + return false; + } else { + const DexFile* caller_dex_file = caller_dex_cache->GetDexFile(); + return caller_dex_file != nullptr && caller_dex_file->IsPlatformDexFile(); + } } +} // namespace detail + // Returns true if access to `member` should be denied to the caller of the // reflective query. The decision is based on whether the caller is in the // platform or not. Because different users of this function determine this @@ -157,54 +159,13 @@ inline bool ShouldBlockAccessToMember(T* member, } // Member is hidden and caller is not in the platform. - - // Print a log message with information about this class member access. - // We do this regardless of whether we block the access or not. - WarnAboutMemberAccess(member, access_method); - - if (action == kDeny) { - // Block access - return true; - } - - // Allow access to this member but print a warning. - DCHECK(action == kAllowButWarn || action == kAllowButWarnAndToast); - - Runtime* runtime = Runtime::Current(); - - // Depending on a runtime flag, we might move the member into whitelist and - // skip the warning the next time the member is accessed. - if (runtime->ShouldDedupeHiddenApiWarnings()) { - member->SetAccessFlags(HiddenApiAccessFlags::EncodeForRuntime( - member->GetAccessFlags(), HiddenApiAccessFlags::kWhitelist)); - } - - // If this action requires a UI warning, set the appropriate flag. - if (action == kAllowButWarnAndToast || runtime->ShouldAlwaysSetHiddenApiWarningFlag()) { - runtime->SetPendingHiddenApiWarning(true); - } - - return false; -} - -// Returns true if the caller is either loaded by the boot strap class loader or comes from -// a dex file located in ${ANDROID_ROOT}/framework/. -inline bool IsCallerInPlatformDex(ObjPtr<mirror::ClassLoader> caller_class_loader, - ObjPtr<mirror::DexCache> caller_dex_cache) - REQUIRES_SHARED(Locks::mutator_lock_) { - if (caller_class_loader.IsNull()) { - return true; - } else if (caller_dex_cache.IsNull()) { - return false; - } else { - const DexFile* caller_dex_file = caller_dex_cache->GetDexFile(); - return caller_dex_file != nullptr && caller_dex_file->IsPlatformDexFile(); - } + return detail::ShouldBlockAccessToMemberImpl(member, action, access_method); } inline bool IsCallerInPlatformDex(ObjPtr<mirror::Class> caller) REQUIRES_SHARED(Locks::mutator_lock_) { - return !caller.IsNull() && IsCallerInPlatformDex(caller->GetClassLoader(), caller->GetDexCache()); + return !caller.IsNull() && + detail::IsCallerInPlatformDex(caller->GetClassLoader(), caller->GetDexCache()); } // Returns true if access to `member` should be denied to a caller loaded with @@ -216,7 +177,7 @@ inline bool ShouldBlockAccessToMember(T* member, ObjPtr<mirror::DexCache> caller_dex_cache, AccessMethod access_method) REQUIRES_SHARED(Locks::mutator_lock_) { - bool caller_in_platform = IsCallerInPlatformDex(caller_class_loader, caller_dex_cache); + bool caller_in_platform = detail::IsCallerInPlatformDex(caller_class_loader, caller_dex_cache); return ShouldBlockAccessToMember(member, /* thread */ nullptr, [caller_in_platform] (Thread*) { return caller_in_platform; }, diff --git a/runtime/hidden_api_test.cc b/runtime/hidden_api_test.cc new file mode 100644 index 0000000000..5a31dd4972 --- /dev/null +++ b/runtime/hidden_api_test.cc @@ -0,0 +1,275 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "hidden_api.h" + +#include "common_runtime_test.h" +#include "jni_internal.h" + +namespace art { + +using hiddenapi::detail::MemberSignature; + +class HiddenApiTest : public CommonRuntimeTest { + protected: + void SetUp() OVERRIDE { + // Do the normal setup. + CommonRuntimeTest::SetUp(); + self_ = Thread::Current(); + self_->TransitionFromSuspendedToRunnable(); + LoadDex("HiddenApiSignatures"); + bool started = runtime_->Start(); + CHECK(started); + + class1_field1_ = getArtField("mypackage/packagea/Class1", "field1", "I"); + class1_field12_ = getArtField("mypackage/packagea/Class1", "field12", "I"); + class1_init_ = getArtMethod("mypackage/packagea/Class1", "<init>", "()V"); + class1_method1_ = getArtMethod("mypackage/packagea/Class1", "method1", "()V"); + class1_method1_i_ = getArtMethod("mypackage/packagea/Class1", "method1", "(I)V"); + class1_method12_ = getArtMethod("mypackage/packagea/Class1", "method12", "()V"); + class12_field1_ = getArtField("mypackage/packagea/Class12", "field1", "I"); + class12_method1_ = getArtMethod("mypackage/packagea/Class12", "method1", "()V"); + class2_field1_ = getArtField("mypackage/packagea/Class2", "field1", "I"); + class2_method1_ = getArtMethod("mypackage/packagea/Class2", "method1", "()V"); + class2_method1_i_ = getArtMethod("mypackage/packagea/Class2", "method1", "(I)V"); + class3_field1_ = getArtField("mypackage/packageb/Class3", "field1", "I"); + class3_method1_ = getArtMethod("mypackage/packageb/Class3", "method1", "()V"); + class3_method1_i_ = getArtMethod("mypackage/packageb/Class3", "method1", "(I)V"); + } + + ArtMethod* getArtMethod(const char* class_name, const char* name, const char* signature) { + JNIEnv* env = Thread::Current()->GetJniEnv(); + jclass klass = env->FindClass(class_name); + jmethodID method_id = env->GetMethodID(klass, name, signature); + ArtMethod* art_method = jni::DecodeArtMethod(method_id); + return art_method; + } + + ArtField* getArtField(const char* class_name, const char* name, const char* signature) { + JNIEnv* env = Thread::Current()->GetJniEnv(); + jclass klass = env->FindClass(class_name); + jfieldID field_id = env->GetFieldID(klass, name, signature); + ArtField* art_field = jni::DecodeArtField(field_id); + return art_field; + } + + protected: + Thread* self_; + ArtField* class1_field1_; + ArtField* class1_field12_; + ArtMethod* class1_init_; + ArtMethod* class1_method1_; + ArtMethod* class1_method1_i_; + ArtMethod* class1_method12_; + ArtField* class12_field1_; + ArtMethod* class12_method1_; + ArtField* class2_field1_; + ArtMethod* class2_method1_; + ArtMethod* class2_method1_i_; + ArtField* class3_field1_; + ArtMethod* class3_method1_; + ArtMethod* class3_method1_i_; +}; + +TEST_F(HiddenApiTest, CheckMembersRead) { + ASSERT_NE(nullptr, class1_field1_); + ASSERT_NE(nullptr, class1_field12_); + ASSERT_NE(nullptr, class1_init_); + ASSERT_NE(nullptr, class1_method1_); + ASSERT_NE(nullptr, class1_method1_i_); + ASSERT_NE(nullptr, class1_method12_); + ASSERT_NE(nullptr, class12_field1_); + ASSERT_NE(nullptr, class12_method1_); + ASSERT_NE(nullptr, class2_field1_); + ASSERT_NE(nullptr, class2_method1_); + ASSERT_NE(nullptr, class2_method1_i_); + ASSERT_NE(nullptr, class3_field1_); + ASSERT_NE(nullptr, class3_method1_); + ASSERT_NE(nullptr, class3_method1_i_); +} + +TEST_F(HiddenApiTest, CheckEverythingMatchesL) { + ScopedObjectAccess soa(self_); + std::string prefix("L"); + ASSERT_TRUE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_field12_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_init_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class12_field1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class12_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method12_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class2_field1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class2_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class2_method1_i_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class3_field1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class3_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class3_method1_i_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckPackageMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/"); + ASSERT_TRUE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_field12_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_init_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method12_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class12_field1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class12_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class2_field1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class2_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class2_method1_i_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class3_field1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class3_method1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class3_method1_i_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckClassMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1"); + ASSERT_TRUE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_field12_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_init_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method12_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class12_field1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class12_method1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class2_field1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class2_method1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class2_method1_i_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckClassExactMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;"); + ASSERT_TRUE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_field12_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_init_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class12_field1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class12_method1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class2_field1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class2_method1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class2_method1_i_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckMethodMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;->method1"); + ASSERT_FALSE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_field12_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_init_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method12_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class12_field1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class12_method1_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckMethodExactMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;->method1("); + ASSERT_FALSE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_field12_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_init_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method12_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckMethodSignatureMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;->method1(I)"); + ASSERT_FALSE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_field12_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method12_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckMethodSignatureAndReturnMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;->method1()V"); + ASSERT_FALSE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_field12_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method12_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckFieldMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;->field1"); + ASSERT_TRUE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); + ASSERT_TRUE(MemberSignature(class1_field12_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method1_i_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method12_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckFieldExactMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;->field1:"); + ASSERT_TRUE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_field12_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckFieldTypeMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;->field1:I"); + ASSERT_TRUE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_field12_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckConstructorMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;-><init>"); + ASSERT_TRUE(MemberSignature(class1_init_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckConstructorExactMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;-><init>()V"); + ASSERT_TRUE(MemberSignature(class1_init_).DoesPrefixMatch(prefix)); + ASSERT_FALSE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckMethodSignatureTrailingCharsNoMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;->method1()Vfoo"); + ASSERT_FALSE(MemberSignature(class1_method1_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckConstructorTrailingCharsNoMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;-><init>()Vfoo"); + ASSERT_FALSE(MemberSignature(class1_init_).DoesPrefixMatch(prefix)); +} + +TEST_F(HiddenApiTest, CheckFieldTrailingCharsNoMatch) { + ScopedObjectAccess soa(self_); + std::string prefix("Lmypackage/packagea/Class1;->field1:Ifoo"); + ASSERT_FALSE(MemberSignature(class1_field1_).DoesPrefixMatch(prefix)); +} + +} // namespace art diff --git a/runtime/mirror/class-inl.h b/runtime/mirror/class-inl.h index f0898f49d3..72b31790f0 100644 --- a/runtime/mirror/class-inl.h +++ b/runtime/mirror/class-inl.h @@ -31,7 +31,6 @@ #include "dex/invoke_type.h" #include "dex_cache.h" #include "gc/heap-inl.h" -#include "hidden_api.h" #include "iftable.h" #include "subtype_check.h" #include "object-inl.h" diff --git a/runtime/native/dalvik_system_VMRuntime.cc b/runtime/native/dalvik_system_VMRuntime.cc index 505b745200..a5ade6f30f 100644 --- a/runtime/native/dalvik_system_VMRuntime.cc +++ b/runtime/native/dalvik_system_VMRuntime.cc @@ -78,6 +78,21 @@ static jboolean VMRuntime_hasUsedHiddenApi(JNIEnv*, jobject) { return Runtime::Current()->HasPendingHiddenApiWarning() ? JNI_TRUE : JNI_FALSE; } +static void VMRuntime_setHiddenApiExemptions(JNIEnv* env, + jclass, + jobjectArray exemptions) { + std::vector<std::string> exemptions_vec; + int exemptions_length = env->GetArrayLength(exemptions); + for (int i = 0; i < exemptions_length; i++) { + jstring exemption = reinterpret_cast<jstring>(env->GetObjectArrayElement(exemptions, i)); + const char* raw_exemption = env->GetStringUTFChars(exemption, nullptr); + exemptions_vec.push_back(raw_exemption); + env->ReleaseStringUTFChars(exemption, raw_exemption); + } + + Runtime::Current()->SetHiddenApiExemptions(exemptions_vec); +} + static jobject VMRuntime_newNonMovableArray(JNIEnv* env, jobject, jclass javaElementClass, jint length) { ScopedFastNativeObjectAccess soa(env); @@ -672,6 +687,7 @@ static JNINativeMethod gMethods[] = { NATIVE_METHOD(VMRuntime, concurrentGC, "()V"), NATIVE_METHOD(VMRuntime, disableJitCompilation, "()V"), NATIVE_METHOD(VMRuntime, hasUsedHiddenApi, "()Z"), + NATIVE_METHOD(VMRuntime, setHiddenApiExemptions, "([Ljava/lang/String;)V"), NATIVE_METHOD(VMRuntime, getTargetHeapUtilization, "()F"), FAST_NATIVE_METHOD(VMRuntime, isDebuggerActive, "()Z"), FAST_NATIVE_METHOD(VMRuntime, isNativeDebuggable, "()Z"), diff --git a/runtime/native/dalvik_system_ZygoteHooks.cc b/runtime/native/dalvik_system_ZygoteHooks.cc index 163a1a8f5c..51fd2df312 100644 --- a/runtime/native/dalvik_system_ZygoteHooks.cc +++ b/runtime/native/dalvik_system_ZygoteHooks.cc @@ -27,6 +27,7 @@ #include "base/mutex.h" #include "base/runtime_debug.h" #include "debugger.h" +#include "hidden_api.h" #include "java_vm_ext.h" #include "jit/jit.h" #include "jni_internal.h" diff --git a/runtime/runtime.cc b/runtime/runtime.cc index 53982ae833..d02652e793 100644 --- a/runtime/runtime.cc +++ b/runtime/runtime.cc @@ -86,6 +86,7 @@ #include "gc/space/space-inl.h" #include "gc/system_weak.h" #include "handle_scope-inl.h" +#include "hidden_api.h" #include "image-inl.h" #include "instrumentation.h" #include "intern_table.h" diff --git a/runtime/runtime.h b/runtime/runtime.h index dba31b2939..03f17bc04a 100644 --- a/runtime/runtime.h +++ b/runtime/runtime.h @@ -536,6 +536,14 @@ class Runtime { pending_hidden_api_warning_ = value; } + void SetHiddenApiExemptions(const std::vector<std::string>& exemptions) { + hidden_api_exemptions_ = exemptions; + } + + const std::vector<std::string>& GetHiddenApiExemptions() { + return hidden_api_exemptions_; + } + bool HasPendingHiddenApiWarning() const { return pending_hidden_api_warning_; } @@ -996,6 +1004,9 @@ class Runtime { // Whether access checks on hidden API should be performed. hiddenapi::EnforcementPolicy hidden_api_policy_; + // List of signature prefixes of methods that have been removed from the blacklist + std::vector<std::string> hidden_api_exemptions_; + // Whether the application has used an API which is not restricted but we // should issue a warning about it. bool pending_hidden_api_warning_; diff --git a/runtime/thread.cc b/runtime/thread.cc index c0deda82db..ea6c071fa7 100644 --- a/runtime/thread.cc +++ b/runtime/thread.cc @@ -2881,6 +2881,17 @@ jobjectArray Thread::CreateAnnotatedStackTrace(const ScopedObjectAccessAlreadyRu Handle<mirror::Class> h_aste_class(hs.NewHandle<mirror::Class>( h_aste_array_class->GetComponentType())); + + // Make sure the AnnotatedStackTraceElement.class is initialized, b/76208924 . + class_linker->EnsureInitialized(soa.Self(), + h_aste_class, + /* can_init_fields */ true, + /* can_init_parents */ true); + if (soa.Self()->IsExceptionPending()) { + // This should not fail in a healthy runtime. + return nullptr; + } + ArtField* stack_trace_element_field = h_aste_class->FindField( soa.Self(), h_aste_class.Get(), "stackTraceElement", "Ljava/lang/StackTraceElement;"); DCHECK(stack_trace_element_field != nullptr); diff --git a/test/171-init-aste/expected.txt b/test/171-init-aste/expected.txt new file mode 100644 index 0000000000..b0aad4deb5 --- /dev/null +++ b/test/171-init-aste/expected.txt @@ -0,0 +1 @@ +passed diff --git a/test/171-init-aste/info.txt b/test/171-init-aste/info.txt new file mode 100644 index 0000000000..201e8ada57 --- /dev/null +++ b/test/171-init-aste/info.txt @@ -0,0 +1 @@ +Regression test for failure to initialize dalvik.system.AnnotatedStackTraceElement. diff --git a/test/171-init-aste/src-art/Main.java b/test/171-init-aste/src-art/Main.java new file mode 100644 index 0000000000..9d3661022e --- /dev/null +++ b/test/171-init-aste/src-art/Main.java @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import java.lang.reflect.Method; +import dalvik.system.AnnotatedStackTraceElement; + +public class Main { + public static void main(String args[]) throws Exception { + Class<?> vmStack = Class.forName("dalvik.system.VMStack"); + Method getAnnotatedThreadStackTrace = + vmStack.getDeclaredMethod("getAnnotatedThreadStackTrace", Thread.class); + Object[] annotatedStackTrace = + (Object[]) getAnnotatedThreadStackTrace.invoke(null, Thread.currentThread()); + AnnotatedStackTraceElement annotatedElement = + (AnnotatedStackTraceElement) annotatedStackTrace[0]; + // This used to fail an assertion that the AnnotatedStackTraceElement.class + // is at least initializing (i.e. initializing, initialized or resolved-erroneous). + // Note: We cannot use reflection for this test because getDeclaredMethod() would + // initialize the class and hide the failure. + annotatedElement.getStackTraceElement(); + + System.out.println("passed"); + } +} diff --git a/test/171-init-aste/src/Main.java b/test/171-init-aste/src/Main.java new file mode 100644 index 0000000000..4479cb4373 --- /dev/null +++ b/test/171-init-aste/src/Main.java @@ -0,0 +1,24 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +public class Main { + // Note: This file is used for the RI which does not support + // dalvik.system.AnnotatedStackTraceElement (see src-art/Main.java), + // so that we do not need an exclusion in known failures. + public static void main(String args[]) throws Exception { + System.out.println("passed"); + } +} diff --git a/test/HiddenApiSignatures/Class1.java b/test/HiddenApiSignatures/Class1.java new file mode 100644 index 0000000000..a9004dcd99 --- /dev/null +++ b/test/HiddenApiSignatures/Class1.java @@ -0,0 +1,35 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package mypackage.packagea; + +public class Class1 { + public int field1; + public int field12; + + public Class1() { + } + + public void method1() { + } + + public void method1(int i) { + } + + public void method12() { + } + +}
\ No newline at end of file diff --git a/test/HiddenApiSignatures/Class12.java b/test/HiddenApiSignatures/Class12.java new file mode 100644 index 0000000000..82b22e365f --- /dev/null +++ b/test/HiddenApiSignatures/Class12.java @@ -0,0 +1,24 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package mypackage.packagea; + +public class Class12 { + public int field1; + + public void method1() { + } +}
\ No newline at end of file diff --git a/test/HiddenApiSignatures/Class2.java b/test/HiddenApiSignatures/Class2.java new file mode 100644 index 0000000000..dc92b9cfd8 --- /dev/null +++ b/test/HiddenApiSignatures/Class2.java @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package mypackage.packagea; + +public class Class2 { + public int field1; + + public void method1() { + } + + public void method1(int i) { + } +}
\ No newline at end of file diff --git a/test/HiddenApiSignatures/Class3.java b/test/HiddenApiSignatures/Class3.java new file mode 100644 index 0000000000..fbf04071a4 --- /dev/null +++ b/test/HiddenApiSignatures/Class3.java @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package mypackage.packageb; + +public class Class3 { + public int field1; + + public void method1() { + } + + public void method1(int i) { + } +}
\ No newline at end of file diff --git a/tools/veridex/Android.bp b/tools/veridex/Android.bp index a74bf3d7f9..cbf62d9e9c 100644 --- a/tools/veridex/Android.bp +++ b/tools/veridex/Android.bp @@ -17,6 +17,7 @@ cc_binary { host_supported: true, srcs: [ "hidden_api.cc", + "hidden_api_finder.cc", "resolver.cc", "veridex.cc", ], diff --git a/tools/veridex/hidden_api.cc b/tools/veridex/hidden_api.cc index 33e499bfc3..93f921a25f 100644 --- a/tools/veridex/hidden_api.cc +++ b/tools/veridex/hidden_api.cc @@ -44,17 +44,6 @@ std::string HiddenApi::GetApiFieldName(const DexFile& dex_file, uint32_t field_i return ss.str(); } -bool HiddenApi::LogIfIn(const std::string& name, - const std::set<std::string>& list, - const std::string& log, - const std::string& access_kind) { - if (list.find(name) != list.end()) { - LOG(WARNING) << std::string(log) << " usage found " << name << " (" << access_kind << ")"; - return true; - } - return false; -} - void HiddenApi::FillList(const char* filename, std::set<std::string>& entries) { if (filename == nullptr) { return; diff --git a/tools/veridex/hidden_api.h b/tools/veridex/hidden_api.h index 282e7cf8e8..5893b8ae33 100644 --- a/tools/veridex/hidden_api.h +++ b/tools/veridex/hidden_api.h @@ -17,6 +17,9 @@ #ifndef ART_TOOLS_VERIDEX_HIDDEN_API_H_ #define ART_TOOLS_VERIDEX_HIDDEN_API_H_ +#include "dex/hidden_api_access_flags.h" + +#include <ostream> #include <set> #include <string> @@ -35,10 +38,20 @@ class HiddenApi { FillList(blacklist, blacklist_); } - bool LogIfInList(const std::string& name, const char* access_kind) const { - return LogIfIn(name, blacklist_, "Blacklist", access_kind) || - LogIfIn(name, dark_greylist_, "Dark greylist", access_kind) || - LogIfIn(name, light_greylist_, "Light greylist", access_kind); + HiddenApiAccessFlags::ApiList GetApiList(const std::string& name) const { + if (IsInList(name, blacklist_)) { + return HiddenApiAccessFlags::kBlacklist; + } else if (IsInList(name, dark_greylist_)) { + return HiddenApiAccessFlags::kDarkGreylist; + } else if (IsInList(name, light_greylist_)) { + return HiddenApiAccessFlags::kLightGreylist; + } else { + return HiddenApiAccessFlags::kWhitelist; + } + } + + bool IsInRestrictionList(const std::string& name) const { + return GetApiList(name) != HiddenApiAccessFlags::kWhitelist; } static std::string GetApiMethodName(const DexFile& dex_file, uint32_t method_index); @@ -46,10 +59,9 @@ class HiddenApi { static std::string GetApiFieldName(const DexFile& dex_file, uint32_t field_index); private: - static bool LogIfIn(const std::string& name, - const std::set<std::string>& list, - const std::string& log, - const std::string& access_kind); + static bool IsInList(const std::string& name, const std::set<std::string>& list) { + return list.find(name) != list.end(); + } static void FillList(const char* filename, std::set<std::string>& entries); diff --git a/tools/veridex/hidden_api_finder.cc b/tools/veridex/hidden_api_finder.cc new file mode 100644 index 0000000000..d611f78eed --- /dev/null +++ b/tools/veridex/hidden_api_finder.cc @@ -0,0 +1,266 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "hidden_api_finder.h" + +#include "dex/code_item_accessors-inl.h" +#include "dex/dex_instruction-inl.h" +#include "dex/dex_file.h" +#include "dex/method_reference.h" +#include "hidden_api.h" +#include "resolver.h" +#include "veridex.h" + +#include <iostream> + +namespace art { + +void HiddenApiFinder::CheckMethod(uint32_t method_id, + VeridexResolver* resolver, + MethodReference ref) { + // Cheap check that the method is resolved. If it is, we know it's not in + // a restricted list. + if (resolver->GetMethod(method_id) != nullptr) { + return; + } + std::string name = HiddenApi::GetApiMethodName(resolver->GetDexFile(), method_id); + if (hidden_api_.IsInRestrictionList(name)) { + method_locations_[name].push_back(ref); + } +} + +void HiddenApiFinder::CheckField(uint32_t field_id, + VeridexResolver* resolver, + MethodReference ref) { + // Cheap check that the field is resolved. If it is, we know it's not in + // a restricted list. + if (resolver->GetField(field_id) != nullptr) { + return; + } + std::string name = HiddenApi::GetApiFieldName(resolver->GetDexFile(), field_id); + if (hidden_api_.IsInRestrictionList(name)) { + field_locations_[name].push_back(ref); + } +} + +void HiddenApiFinder::CollectAccesses(VeridexResolver* resolver) { + const DexFile& dex_file = resolver->GetDexFile(); + size_t class_def_count = dex_file.NumClassDefs(); + for (size_t class_def_index = 0; class_def_index < class_def_count; ++class_def_index) { + const DexFile::ClassDef& class_def = dex_file.GetClassDef(class_def_index); + const uint8_t* class_data = dex_file.GetClassData(class_def); + if (class_data == nullptr) { + // Empty class. + continue; + } + ClassDataItemIterator it(dex_file, class_data); + it.SkipAllFields(); + for (; it.HasNextMethod(); it.Next()) { + const DexFile::CodeItem* code_item = it.GetMethodCodeItem(); + if (code_item == nullptr) { + continue; + } + CodeItemDataAccessor code_item_accessor(dex_file, code_item); + for (const DexInstructionPcPair& inst : code_item_accessor) { + switch (inst->Opcode()) { + case Instruction::CONST_CLASS: { + dex::TypeIndex type_index(inst->VRegB_21c()); + std::string name = dex_file.StringByTypeIdx(type_index); + // Only keep classes that are in a restriction list. + if (hidden_api_.IsInRestrictionList(name)) { + classes_.insert(name); + } + break; + } + case Instruction::CONST_STRING: { + dex::StringIndex string_index(inst->VRegB_21c()); + std::string name = std::string(dex_file.StringDataByIdx(string_index)); + // Cheap filtering on the string literal. We know it cannot be a field/method/class + // if it contains a space. + if (name.find(' ') == std::string::npos) { + // Class names at the Java level are of the form x.y.z, but the list encodes + // them of the form Lx/y/z;. Inner classes have '$' for both Java level class + // names in strings, and hidden API lists. + std::string str = name; + std::replace(str.begin(), str.end(), '.', '/'); + str = "L" + str + ";"; + // Note: we can query the lists directly, as HiddenApi added classes that own + // private methods and fields in them. + // We don't add class names to the `strings_` set as we know method/field names + // don't have '.' or '/'. All hidden API class names have a '/'. + if (hidden_api_.IsInRestrictionList(str)) { + classes_.insert(str); + } else if (hidden_api_.IsInRestrictionList(name)) { + // Could be something passed to JNI. + classes_.insert(name); + } else { + // We only keep track of the location for strings, as these will be the + // field/method names the user is interested in. + strings_.insert(name); + reflection_locations_[name].push_back( + MethodReference(&dex_file, it.GetMemberIndex())); + } + } + break; + } + case Instruction::INVOKE_DIRECT: + case Instruction::INVOKE_INTERFACE: + case Instruction::INVOKE_STATIC: + case Instruction::INVOKE_SUPER: + case Instruction::INVOKE_VIRTUAL: { + CheckMethod( + inst->VRegB_35c(), resolver, MethodReference(&dex_file, it.GetMemberIndex())); + break; + } + + case Instruction::INVOKE_DIRECT_RANGE: + case Instruction::INVOKE_INTERFACE_RANGE: + case Instruction::INVOKE_STATIC_RANGE: + case Instruction::INVOKE_SUPER_RANGE: + case Instruction::INVOKE_VIRTUAL_RANGE: { + CheckMethod( + inst->VRegB_3rc(), resolver, MethodReference(&dex_file, it.GetMemberIndex())); + break; + } + + case Instruction::IGET: + case Instruction::IGET_WIDE: + case Instruction::IGET_OBJECT: + case Instruction::IGET_BOOLEAN: + case Instruction::IGET_BYTE: + case Instruction::IGET_CHAR: + case Instruction::IGET_SHORT: { + CheckField( + inst->VRegC_22c(), resolver, MethodReference(&dex_file, it.GetMemberIndex())); + break; + } + + case Instruction::IPUT: + case Instruction::IPUT_WIDE: + case Instruction::IPUT_OBJECT: + case Instruction::IPUT_BOOLEAN: + case Instruction::IPUT_BYTE: + case Instruction::IPUT_CHAR: + case Instruction::IPUT_SHORT: { + CheckField( + inst->VRegC_22c(), resolver, MethodReference(&dex_file, it.GetMemberIndex())); + break; + } + + case Instruction::SGET: + case Instruction::SGET_WIDE: + case Instruction::SGET_OBJECT: + case Instruction::SGET_BOOLEAN: + case Instruction::SGET_BYTE: + case Instruction::SGET_CHAR: + case Instruction::SGET_SHORT: { + CheckField( + inst->VRegB_21c(), resolver, MethodReference(&dex_file, it.GetMemberIndex())); + break; + } + + case Instruction::SPUT: + case Instruction::SPUT_WIDE: + case Instruction::SPUT_OBJECT: + case Instruction::SPUT_BOOLEAN: + case Instruction::SPUT_BYTE: + case Instruction::SPUT_CHAR: + case Instruction::SPUT_SHORT: { + CheckField( + inst->VRegB_21c(), resolver, MethodReference(&dex_file, it.GetMemberIndex())); + break; + } + + default: + break; + } + } + } + } +} + +static std::string GetApiMethodName(MethodReference ref) { + return HiddenApi::GetApiMethodName(*ref.dex_file, ref.index); +} + +void HiddenApiFinder::Run(const std::vector<std::unique_ptr<VeridexResolver>>& resolvers) { + for (const std::unique_ptr<VeridexResolver>& resolver : resolvers) { + CollectAccesses(resolver.get()); + } + + Dump(std::cout); +} + +void HiddenApiFinder::Dump(std::ostream& os) { + static const char* kPrefix = " "; + uint32_t count = 0; + uint32_t linking_count = method_locations_.size() + field_locations_.size(); + uint32_t api_counts[4] = {0, 0, 0, 0}; + + // Dump methods from hidden APIs linked against. + for (const std::pair<std::string, std::vector<MethodReference>>& pair : method_locations_) { + HiddenApiAccessFlags::ApiList api_list = hidden_api_.GetApiList(pair.first); + api_counts[api_list]++; + os << "#" << ++count << ": Linking " << api_list << " " << pair.first << " use(s):"; + os << std::endl; + for (const MethodReference& ref : pair.second) { + os << kPrefix << GetApiMethodName(ref) << std::endl; + } + os << std::endl; + } + + // Dump fields from hidden APIs linked against. + for (const std::pair<std::string, std::vector<MethodReference>>& pair : field_locations_) { + HiddenApiAccessFlags::ApiList api_list = hidden_api_.GetApiList(pair.first); + api_counts[api_list]++; + os << "#" << ++count << ": Linking " << api_list << " " << pair.first << " use(s):"; + os << std::endl; + for (const MethodReference& ref : pair.second) { + os << kPrefix << GetApiMethodName(ref) << std::endl; + } + os << std::endl; + } + + // Dump potential reflection uses. + for (const std::string& cls : classes_) { + for (const std::string& name : strings_) { + std::string full_name = cls + "->" + name; + HiddenApiAccessFlags::ApiList api_list = hidden_api_.GetApiList(full_name); + api_counts[api_list]++; + if (api_list != HiddenApiAccessFlags::kWhitelist) { + os << "#" << ++count << ": Reflection " << api_list << " " << full_name + << " potential use(s):"; + os << std::endl; + for (const MethodReference& ref : reflection_locations_[name]) { + os << kPrefix << GetApiMethodName(ref) << std::endl; + } + os << std::endl; + } + } + } + + os << count << " hidden API(s) used: " + << linking_count << " linked against, " + << count - linking_count << " potentially through reflection" << std::endl; + os << kPrefix << api_counts[HiddenApiAccessFlags::kBlacklist] + << " in blacklist" << std::endl; + os << kPrefix << api_counts[HiddenApiAccessFlags::kDarkGreylist] + << " in dark greylist" << std::endl; + os << kPrefix << api_counts[HiddenApiAccessFlags::kLightGreylist] + << " in light greylist" << std::endl; +} + +} // namespace art diff --git a/tools/veridex/hidden_api_finder.h b/tools/veridex/hidden_api_finder.h new file mode 100644 index 0000000000..243079c187 --- /dev/null +++ b/tools/veridex/hidden_api_finder.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ART_TOOLS_VERIDEX_HIDDEN_API_FINDER_H_ +#define ART_TOOLS_VERIDEX_HIDDEN_API_FINDER_H_ + +#include "dex/method_reference.h" + +#include <iostream> +#include <map> +#include <set> +#include <string> + +namespace art { + +class HiddenApi; +class VeridexResolver; + +/** + * Reports potential uses of hidden APIs from static linking and reflection. + */ +class HiddenApiFinder { + public: + explicit HiddenApiFinder(const HiddenApi& hidden_api) : hidden_api_(hidden_api) {} + + // Iterate over the dex files associated with the passed resolvers to report + // hidden API uses. + void Run(const std::vector<std::unique_ptr<VeridexResolver>>& app_resolvers); + + private: + void CollectAccesses(VeridexResolver* resolver); + void CheckMethod(uint32_t method_idx, VeridexResolver* resolver, MethodReference ref); + void CheckField(uint32_t field_idx, VeridexResolver* resolver, MethodReference ref); + void Dump(std::ostream& os); + + const HiddenApi& hidden_api_; + std::set<std::string> classes_; + std::set<std::string> strings_; + std::map<std::string, std::vector<MethodReference>> reflection_locations_; + std::map<std::string, std::vector<MethodReference>> method_locations_; + std::map<std::string, std::vector<MethodReference>> field_locations_; +}; + +} // namespace art + +#endif // ART_TOOLS_VERIDEX_HIDDEN_API_FINDER_H_ diff --git a/tools/veridex/resolver.cc b/tools/veridex/resolver.cc index 6ab872ed6f..13dda5c199 100644 --- a/tools/veridex/resolver.cc +++ b/tools/veridex/resolver.cc @@ -277,10 +277,8 @@ VeriField VeridexResolver::GetField(uint32_t field_index) { return field_info; } -void VeridexResolver::ResolveAll(const HiddenApi& hidden_api) { +void VeridexResolver::ResolveAll() { for (uint32_t i = 0; i < dex_file_.NumTypeIds(); ++i) { - // Note: we don't look at HiddenApi for types, as the lists don't contain - // classes. if (GetVeriClass(dex::TypeIndex(i)) == nullptr) { LOG(WARNING) << "Unresolved " << dex_file_.PrettyType(dex::TypeIndex(i)); } @@ -288,17 +286,13 @@ void VeridexResolver::ResolveAll(const HiddenApi& hidden_api) { for (uint32_t i = 0; i < dex_file_.NumMethodIds(); ++i) { if (GetMethod(i) == nullptr) { - if (!hidden_api.LogIfInList(HiddenApi::GetApiMethodName(dex_file_, i), "Linking")) { - LOG(WARNING) << "Unresolved: " << dex_file_.PrettyMethod(i); - } + LOG(WARNING) << "Unresolved: " << dex_file_.PrettyMethod(i); } } for (uint32_t i = 0; i < dex_file_.NumFieldIds(); ++i) { if (GetField(i) == nullptr) { - if (!hidden_api.LogIfInList(HiddenApi::GetApiFieldName(dex_file_, i), "Linking")) { - LOG(WARNING) << "Unresolved: " << dex_file_.PrettyField(i); - } + LOG(WARNING) << "Unresolved: " << dex_file_.PrettyField(i); } } } diff --git a/tools/veridex/resolver.h b/tools/veridex/resolver.h index 82f6aaeddd..06c8aa70c5 100644 --- a/tools/veridex/resolver.h +++ b/tools/veridex/resolver.h @@ -66,9 +66,13 @@ class VeridexResolver { const char* field_name, const char* field_type); - // Resolve all type_id/method_id/field_id. Log for unresolved - // entities, or entities part of a hidden API list. - void ResolveAll(const HiddenApi& hidden_api); + // Resolve all type_id/method_id/field_id. + void ResolveAll(); + + // The dex file this resolver is associated to. + const DexFile& GetDexFile() const { + return dex_file_; + } private: // Return the resolver where `kls` is from. diff --git a/tools/veridex/veridex.cc b/tools/veridex/veridex.cc index c5203fea66..16e9f0e55b 100644 --- a/tools/veridex/veridex.cc +++ b/tools/veridex/veridex.cc @@ -21,6 +21,7 @@ #include "dex/dex_file.h" #include "dex/dex_file_loader.h" #include "hidden_api.h" +#include "hidden_api_finder.h" #include "resolver.h" #include <sstream> @@ -162,11 +163,10 @@ class Veridex { std::vector<std::unique_ptr<VeridexResolver>> app_resolvers; Resolve(app_dex_files, resolver_map, type_map, &app_resolvers); - // Resolve all type_id/method_id/field_id of app dex files. + // Find and log uses of hidden APIs. HiddenApi hidden_api(options.blacklist, options.dark_greylist, options.light_greylist); - for (const std::unique_ptr<VeridexResolver>& resolver : app_resolvers) { - resolver->ResolveAll(hidden_api); - } + HiddenApiFinder api_finder(hidden_api); + api_finder.Run(app_resolvers); return 0; } |