From 8e1a7cb303d7c8f763dfb99ae311b820996b1ab4 Mon Sep 17 00:00:00 2001 From: David Brazdil Date: Tue, 27 Mar 2018 08:14:25 +0000 Subject: Revert "Revert "Allow hidden API access from system libraries"" Libraries like RemoteDisplay provide an APK that an app loads into its process and which accesses internal APIs on the app's behalf, without exposing the internals to the app. These libraries are considered part of the platform, but were not exempt from hidden API checks because they are not loaded with the boot strap class loader. This patch adds a new flag to DexFile class which the constructor sets to true of the canonical location of the newly loaded dex file starts with "${ANDROID_ROOT}/framework/". Hidden API enforcement then checks this flag when determining whether the caller of a hidden class member is allowed to access it or not. This reverts commit 0127b71a2588efcd1a53c192c5c267157878b010. Previous CL saw two issues: - buildbots would set non-existent ANDROID_ROOT for host-side builds - calling realpath on unquickened dex files would overflow the stack Bug: 64382372 Bug: 76138670 Bug: 76165623 Bug: 76112393 Bug: 76452688 Bug: 76429651 Test: art/test.py --target -r -b -t 674-hiddenapi Test: SystemUI APCT test Change-Id: Ie07a088509002593353965d3d24bf7362b643f40 --- runtime/base/file_utils.cc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'runtime/base/file_utils.cc') diff --git a/runtime/base/file_utils.cc b/runtime/base/file_utils.cc index 1cb3b9c380..2b3e360650 100644 --- a/runtime/base/file_utils.cc +++ b/runtime/base/file_utils.cc @@ -319,4 +319,21 @@ bool LocationIsOnSystem(const char* location) { return path != nullptr && android::base::StartsWith(path.get(), GetAndroidRoot().c_str()); } +bool LocationIsOnSystemFramework(const char* location) { + std::string error_msg; + std::string root_path = GetAndroidRootSafe(&error_msg); + if (root_path.empty()) { + // Could not find Android root. + // TODO(dbrazdil): change to stricter GetAndroidRoot() once b/76452688 is resolved. + return false; + } + std::string framework_path = root_path + "/framework/"; + + // Warning: Bionic implementation of realpath() allocates > 12KB on the stack. + // Do not run this code on a small stack, e.g. in signal handler. + UniqueCPtr path(realpath(location, nullptr)); + return path != nullptr && + android::base::StartsWith(path.get(), framework_path.c_str()); +} + } // namespace art -- cgit v1.2.3-59-g8ed1b