SDK-stub controlled dex2oat verification
Allow dex2oat to further limit the resolved (boot classpath) symbols
during verification according to an additional list of public SDK files.
The additional SDKs can be specified as regular classpath (a list
of dex files) and has the effect of limiting what can be resolved from
the boot classpath. The extra checks are performed by comparing the
symbol descriptors and do not replace common verification access-checks
flow.
Bug: 111442216
Test: test-art-host
Change-Id: Idc13722f34b591d7f858ebeb94bd6f568102b458
diff --git a/runtime/class_linker.h b/runtime/class_linker.h
index df9c209..3d1d5fd 100644
--- a/runtime/class_linker.h
+++ b/runtime/class_linker.h
@@ -58,6 +58,7 @@
template<class T> class ObjectLock;
class Runtime;
class ScopedObjectAccessAlreadyRunnable;
+class SdkChecker;
template<size_t kNumReferences> class PACKED(4) StackHandleScope;
class Thread;
@@ -825,6 +826,15 @@
REQUIRES_SHARED(Locks::mutator_lock_)
REQUIRES(!Locks::dex_lock_, !Roles::uninterruptible_);
+ // Verifies if the method is accesible according to the SdkChecker (if installed).
+ virtual bool DenyAccessBasedOnPublicSdk(ArtMethod* art_method ATTRIBUTE_UNUSED) const
+ REQUIRES_SHARED(Locks::mutator_lock_);
+ // Verifies if the field is accesible according to the SdkChecker (if installed).
+ virtual bool DenyAccessBasedOnPublicSdk(ArtField* art_field ATTRIBUTE_UNUSED) const
+ REQUIRES_SHARED(Locks::mutator_lock_);
+ // Verifies if the descriptor is accesible according to the SdkChecker (if installed).
+ virtual bool DenyAccessBasedOnPublicSdk(const char* type_descriptor ATTRIBUTE_UNUSED) const;
+
protected:
virtual bool InitializeClass(Thread* self,
Handle<mirror::Class> klass,