Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2018 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include "hidden_api.h" |
| 18 | |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 19 | #include <nativehelper/scoped_local_ref.h> |
| 20 | |
David Brazdil | 8586569 | 2018-10-30 17:26:20 +0000 | [diff] [blame] | 21 | #include "art_field-inl.h" |
| 22 | #include "art_method-inl.h" |
Andrei Onea | 037d282 | 2020-11-19 00:20:04 +0000 | [diff] [blame] | 23 | #include "compat_framework.h" |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 24 | #include "base/dumpable.h" |
David Brazdil | a5c3a80 | 2019-03-08 14:59:41 +0000 | [diff] [blame] | 25 | #include "base/file_utils.h" |
David Brazdil | 8586569 | 2018-10-30 17:26:20 +0000 | [diff] [blame] | 26 | #include "dex/class_accessor-inl.h" |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 27 | #include "dex/dex_file_loader.h" |
| 28 | #include "mirror/class_ext.h" |
David Brazdil | a5c3a80 | 2019-03-08 14:59:41 +0000 | [diff] [blame] | 29 | #include "oat_file.h" |
David Brazdil | 8586569 | 2018-10-30 17:26:20 +0000 | [diff] [blame] | 30 | #include "scoped_thread_state_change.h" |
| 31 | #include "thread-inl.h" |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 32 | #include "well_known_classes.h" |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 33 | |
| 34 | namespace art { |
| 35 | namespace hiddenapi { |
| 36 | |
Pedro Loureiro | f7fcb98 | 2020-11-24 16:44:12 +0000 | [diff] [blame^] | 37 | // Should be the same as dalvik.system.VMRuntime.HIDE_MAXTARGETSDK_P_HIDDEN_APIS, |
| 38 | // dalvik.system.VMRuntime.HIDE_MAXTARGETSDK_Q_HIDDEN_APIS, and |
| 39 | // dalvik.system.VMRuntime.EXEMPT_TEST_API_ACCESS_VERIFICATION. |
atrost | 2dea079 | 2020-02-25 20:11:47 +0000 | [diff] [blame] | 40 | // Corresponds to bug ids. |
| 41 | static constexpr uint64_t kHideMaxtargetsdkPHiddenApis = 149997251; |
| 42 | static constexpr uint64_t kHideMaxtargetsdkQHiddenApis = 149994052; |
Pedro Loureiro | f7fcb98 | 2020-11-24 16:44:12 +0000 | [diff] [blame^] | 43 | static constexpr uint64_t kAllowTestApiAccess = 166236554; |
atrost | 2dea079 | 2020-02-25 20:11:47 +0000 | [diff] [blame] | 44 | |
Mathew Inwood | 27199e6 | 2018-04-11 16:08:21 +0100 | [diff] [blame] | 45 | // Set to true if we should always print a warning in logcat for all hidden API accesses, not just |
Andrei Onea | fc12a6c | 2020-07-29 19:52:34 +0100 | [diff] [blame] | 46 | // conditionally and unconditionally blocked. This can be set to true for developer preview / beta |
| 47 | // builds, but should be false for public release builds. |
Mathew Inwood | 6d6012e | 2018-04-12 15:43:11 +0100 | [diff] [blame] | 48 | // Note that when flipping this flag, you must also update the expectations of test 674-hiddenapi |
Andrei Onea | fc12a6c | 2020-07-29 19:52:34 +0100 | [diff] [blame] | 49 | // as it affects whether or not we warn for unsupported APIs that have been added to the exemptions |
Mathew Inwood | 6d6012e | 2018-04-12 15:43:11 +0100 | [diff] [blame] | 50 | // list. |
Mathew Inwood | 015a7ec | 2018-05-16 11:18:10 +0100 | [diff] [blame] | 51 | static constexpr bool kLogAllAccesses = false; |
Mathew Inwood | 27199e6 | 2018-04-11 16:08:21 +0100 | [diff] [blame] | 52 | |
Artur Satayev | 4a1e4dd | 2020-04-23 22:28:59 +0100 | [diff] [blame] | 53 | // Exemptions for logcat warning. Following signatures do not produce a warning as app developers |
Andrei Onea | fc12a6c | 2020-07-29 19:52:34 +0100 | [diff] [blame] | 54 | // should not be alerted on the usage of these unsupported APIs. See b/154851649. |
Artur Satayev | 4a1e4dd | 2020-04-23 22:28:59 +0100 | [diff] [blame] | 55 | static const std::vector<std::string> kWarningExemptions = { |
| 56 | "Ljava/nio/Buffer;", |
| 57 | "Llibcore/io/Memory;", |
| 58 | "Lsun/misc/Unsafe;", |
| 59 | }; |
| 60 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 61 | static inline std::ostream& operator<<(std::ostream& os, AccessMethod value) { |
| 62 | switch (value) { |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 63 | case AccessMethod::kNone: |
David Brazdil | 54a99cf | 2018-04-05 16:57:32 +0100 | [diff] [blame] | 64 | LOG(FATAL) << "Internal access to hidden API should not be logged"; |
| 65 | UNREACHABLE(); |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 66 | case AccessMethod::kReflection: |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 67 | os << "reflection"; |
| 68 | break; |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 69 | case AccessMethod::kJNI: |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 70 | os << "JNI"; |
| 71 | break; |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 72 | case AccessMethod::kLinking: |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 73 | os << "linking"; |
| 74 | break; |
| 75 | } |
| 76 | return os; |
| 77 | } |
| 78 | |
David Brazdil | e768182 | 2018-12-14 16:25:33 +0000 | [diff] [blame] | 79 | static inline std::ostream& operator<<(std::ostream& os, const AccessContext& value) |
| 80 | REQUIRES_SHARED(Locks::mutator_lock_) { |
| 81 | if (!value.GetClass().IsNull()) { |
| 82 | std::string tmp; |
| 83 | os << value.GetClass()->GetDescriptor(&tmp); |
| 84 | } else if (value.GetDexFile() != nullptr) { |
| 85 | os << value.GetDexFile()->GetLocation(); |
| 86 | } else { |
| 87 | os << "<unknown_caller>"; |
| 88 | } |
| 89 | return os; |
| 90 | } |
| 91 | |
Nicolas Geoffray | e3e0f70 | 2019-03-12 07:02:02 +0000 | [diff] [blame] | 92 | static Domain DetermineDomainFromLocation(const std::string& dex_location, |
| 93 | ObjPtr<mirror::ClassLoader> class_loader) { |
David Brazdil | bfaba28 | 2019-03-15 11:35:51 +0000 | [diff] [blame] | 94 | // If running with APEX, check `path` against known APEX locations. |
Martin Stjernholm | e58624f | 2019-09-20 15:53:40 +0100 | [diff] [blame] | 95 | // These checks will be skipped on target buildbots where ANDROID_ART_ROOT |
David Brazdil | bfaba28 | 2019-03-15 11:35:51 +0000 | [diff] [blame] | 96 | // is set to "/system". |
Martin Stjernholm | e58624f | 2019-09-20 15:53:40 +0100 | [diff] [blame] | 97 | if (ArtModuleRootDistinctFromAndroidRoot()) { |
| 98 | if (LocationIsOnArtModule(dex_location.c_str()) || |
Victor Chang | d20e51d | 2020-05-05 16:01:19 +0100 | [diff] [blame] | 99 | LocationIsOnConscryptModule(dex_location.c_str()) || |
| 100 | LocationIsOnI18nModule(dex_location.c_str())) { |
Nicolas Geoffray | e3e0f70 | 2019-03-12 07:02:02 +0000 | [diff] [blame] | 101 | return Domain::kCorePlatform; |
David Brazdil | bfaba28 | 2019-03-15 11:35:51 +0000 | [diff] [blame] | 102 | } |
| 103 | |
Nicolas Geoffray | e3e0f70 | 2019-03-12 07:02:02 +0000 | [diff] [blame] | 104 | if (LocationIsOnApex(dex_location.c_str())) { |
David Brazdil | bfaba28 | 2019-03-15 11:35:51 +0000 | [diff] [blame] | 105 | return Domain::kPlatform; |
| 106 | } |
| 107 | } |
| 108 | |
Nicolas Geoffray | e3e0f70 | 2019-03-12 07:02:02 +0000 | [diff] [blame] | 109 | if (LocationIsOnSystemFramework(dex_location.c_str())) { |
David Brazdil | a5c3a80 | 2019-03-08 14:59:41 +0000 | [diff] [blame] | 110 | return Domain::kPlatform; |
| 111 | } |
| 112 | |
Chris Gross | 5477b8e | 2020-04-24 09:36:45 -0700 | [diff] [blame] | 113 | if (LocationIsOnSystemExtFramework(dex_location.c_str())) { |
| 114 | return Domain::kPlatform; |
| 115 | } |
| 116 | |
David Brazdil | a5c3a80 | 2019-03-08 14:59:41 +0000 | [diff] [blame] | 117 | if (class_loader.IsNull()) { |
Nicolas Geoffray | 5158d4a | 2020-05-27 08:50:06 +0100 | [diff] [blame] | 118 | if (kIsTargetBuild && !kIsTargetLinux) { |
| 119 | // This is unexpected only when running on Android. |
| 120 | LOG(WARNING) << "DexFile " << dex_location |
| 121 | << " is in boot class path but is not in a known location"; |
| 122 | } |
David Brazdil | a5c3a80 | 2019-03-08 14:59:41 +0000 | [diff] [blame] | 123 | return Domain::kPlatform; |
| 124 | } |
| 125 | |
| 126 | return Domain::kApplication; |
| 127 | } |
| 128 | |
David Brazdil | a5c3a80 | 2019-03-08 14:59:41 +0000 | [diff] [blame] | 129 | void InitializeDexFileDomain(const DexFile& dex_file, ObjPtr<mirror::ClassLoader> class_loader) { |
Nicolas Geoffray | e3e0f70 | 2019-03-12 07:02:02 +0000 | [diff] [blame] | 130 | Domain dex_domain = DetermineDomainFromLocation(dex_file.GetLocation(), class_loader); |
David Brazdil | a5c3a80 | 2019-03-08 14:59:41 +0000 | [diff] [blame] | 131 | |
| 132 | // Assign the domain unless a more permissive domain has already been assigned. |
| 133 | // This may happen when DexFile is initialized as trusted. |
| 134 | if (IsDomainMoreTrustedThan(dex_domain, dex_file.GetHiddenapiDomain())) { |
| 135 | dex_file.SetHiddenapiDomain(dex_domain); |
| 136 | } |
| 137 | } |
| 138 | |
Orion Hodson | 814b928 | 2020-02-19 16:37:11 +0000 | [diff] [blame] | 139 | void InitializeCorePlatformApiPrivateFields() { |
| 140 | // The following fields in WellKnownClasses correspond to private fields in the Core Platform |
| 141 | // API that cannot be otherwise expressed and propagated through tooling (b/144502743). |
| 142 | jfieldID private_core_platform_api_fields[] = { |
Orion Hodson | eb070f0 | 2020-03-10 14:00:18 +0000 | [diff] [blame] | 143 | WellKnownClasses::java_io_FileDescriptor_descriptor, |
Orion Hodson | 814b928 | 2020-02-19 16:37:11 +0000 | [diff] [blame] | 144 | WellKnownClasses::java_nio_Buffer_address, |
| 145 | WellKnownClasses::java_nio_Buffer_elementSizeShift, |
| 146 | WellKnownClasses::java_nio_Buffer_limit, |
| 147 | WellKnownClasses::java_nio_Buffer_position, |
| 148 | }; |
| 149 | |
| 150 | ScopedObjectAccess soa(Thread::Current()); |
| 151 | for (const auto private_core_platform_api_field : private_core_platform_api_fields) { |
| 152 | ArtField* field = jni::DecodeArtField(private_core_platform_api_field); |
| 153 | const uint32_t access_flags = field->GetAccessFlags(); |
| 154 | uint32_t new_access_flags = access_flags | kAccCorePlatformApi; |
| 155 | DCHECK(new_access_flags != access_flags); |
| 156 | field->SetAccessFlags(new_access_flags); |
| 157 | } |
| 158 | } |
| 159 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 160 | namespace detail { |
| 161 | |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 162 | // Do not change the values of items in this enum, as they are written to the |
| 163 | // event log for offline analysis. Any changes will interfere with that analysis. |
| 164 | enum AccessContextFlags { |
| 165 | // Accessed member is a field if this bit is set, else a method |
| 166 | kMemberIsField = 1 << 0, |
| 167 | // Indicates if access was denied to the member, instead of just printing a warning. |
| 168 | kAccessDenied = 1 << 1, |
| 169 | }; |
| 170 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 171 | MemberSignature::MemberSignature(ArtField* field) { |
Mathew Inwood | 73ddda4 | 2018-04-03 15:32:32 +0100 | [diff] [blame] | 172 | class_name_ = field->GetDeclaringClass()->GetDescriptor(&tmp_); |
| 173 | member_name_ = field->GetName(); |
| 174 | type_signature_ = field->GetTypeDescriptor(); |
| 175 | type_ = kField; |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 176 | } |
| 177 | |
| 178 | MemberSignature::MemberSignature(ArtMethod* method) { |
David Brazdil | 6a1dab4 | 2019-02-28 18:45:15 +0000 | [diff] [blame] | 179 | DCHECK(method == method->GetInterfaceMethodIfProxy(kRuntimePointerSize)) |
| 180 | << "Caller should have replaced proxy method with interface method"; |
Mathew Inwood | 73ddda4 | 2018-04-03 15:32:32 +0100 | [diff] [blame] | 181 | class_name_ = method->GetDeclaringClass()->GetDescriptor(&tmp_); |
| 182 | member_name_ = method->GetName(); |
| 183 | type_signature_ = method->GetSignature().ToString(); |
| 184 | type_ = kMethod; |
| 185 | } |
| 186 | |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 187 | MemberSignature::MemberSignature(const ClassAccessor::Field& field) { |
| 188 | const DexFile& dex_file = field.GetDexFile(); |
Andreas Gampe | 3f1dcd3 | 2018-12-28 09:39:56 -0800 | [diff] [blame] | 189 | const dex::FieldId& field_id = dex_file.GetFieldId(field.GetIndex()); |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 190 | class_name_ = dex_file.GetFieldDeclaringClassDescriptor(field_id); |
| 191 | member_name_ = dex_file.GetFieldName(field_id); |
| 192 | type_signature_ = dex_file.GetFieldTypeDescriptor(field_id); |
| 193 | type_ = kField; |
| 194 | } |
| 195 | |
| 196 | MemberSignature::MemberSignature(const ClassAccessor::Method& method) { |
| 197 | const DexFile& dex_file = method.GetDexFile(); |
Andreas Gampe | 3f1dcd3 | 2018-12-28 09:39:56 -0800 | [diff] [blame] | 198 | const dex::MethodId& method_id = dex_file.GetMethodId(method.GetIndex()); |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 199 | class_name_ = dex_file.GetMethodDeclaringClassDescriptor(method_id); |
| 200 | member_name_ = dex_file.GetMethodName(method_id); |
| 201 | type_signature_ = dex_file.GetMethodSignature(method_id).ToString(); |
| 202 | type_ = kMethod; |
| 203 | } |
| 204 | |
Mathew Inwood | 73ddda4 | 2018-04-03 15:32:32 +0100 | [diff] [blame] | 205 | inline std::vector<const char*> MemberSignature::GetSignatureParts() const { |
| 206 | if (type_ == kField) { |
| 207 | return { class_name_.c_str(), "->", member_name_.c_str(), ":", type_signature_.c_str() }; |
| 208 | } else { |
| 209 | DCHECK_EQ(type_, kMethod); |
| 210 | return { class_name_.c_str(), "->", member_name_.c_str(), type_signature_.c_str() }; |
| 211 | } |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 212 | } |
| 213 | |
| 214 | bool MemberSignature::DoesPrefixMatch(const std::string& prefix) const { |
| 215 | size_t pos = 0; |
Mathew Inwood | 73ddda4 | 2018-04-03 15:32:32 +0100 | [diff] [blame] | 216 | for (const char* part : GetSignatureParts()) { |
| 217 | size_t count = std::min(prefix.length() - pos, strlen(part)); |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 218 | if (prefix.compare(pos, count, part, 0, count) == 0) { |
| 219 | pos += count; |
| 220 | } else { |
| 221 | return false; |
| 222 | } |
| 223 | } |
| 224 | // We have a complete match if all parts match (we exit the loop without |
| 225 | // returning) AND we've matched the whole prefix. |
| 226 | return pos == prefix.length(); |
| 227 | } |
| 228 | |
Artur Satayev | 4a1e4dd | 2020-04-23 22:28:59 +0100 | [diff] [blame] | 229 | bool MemberSignature::DoesPrefixMatchAny(const std::vector<std::string>& exemptions) { |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 230 | for (const std::string& exemption : exemptions) { |
| 231 | if (DoesPrefixMatch(exemption)) { |
| 232 | return true; |
| 233 | } |
| 234 | } |
| 235 | return false; |
| 236 | } |
| 237 | |
| 238 | void MemberSignature::Dump(std::ostream& os) const { |
Mathew Inwood | 73ddda4 | 2018-04-03 15:32:32 +0100 | [diff] [blame] | 239 | for (const char* part : GetSignatureParts()) { |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 240 | os << part; |
| 241 | } |
| 242 | } |
| 243 | |
David Brazdil | 4de9bb6 | 2019-04-03 13:06:17 +0100 | [diff] [blame] | 244 | void MemberSignature::WarnAboutAccess(AccessMethod access_method, |
| 245 | hiddenapi::ApiList list, |
| 246 | bool access_denied) { |
Mathew Inwood | 73ddda4 | 2018-04-03 15:32:32 +0100 | [diff] [blame] | 247 | LOG(WARNING) << "Accessing hidden " << (type_ == kField ? "field " : "method ") |
David Brazdil | 4de9bb6 | 2019-04-03 13:06:17 +0100 | [diff] [blame] | 248 | << Dumpable<MemberSignature>(*this) << " (" << list << ", " << access_method |
| 249 | << (access_denied ? ", denied)" : ", allowed)"); |
Mathew Inwood | 73ddda4 | 2018-04-03 15:32:32 +0100 | [diff] [blame] | 250 | } |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 251 | |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 252 | bool MemberSignature::Equals(const MemberSignature& other) { |
| 253 | return type_ == other.type_ && |
| 254 | class_name_ == other.class_name_ && |
| 255 | member_name_ == other.member_name_ && |
| 256 | type_signature_ == other.type_signature_; |
| 257 | } |
| 258 | |
| 259 | bool MemberSignature::MemberNameAndTypeMatch(const MemberSignature& other) { |
| 260 | return member_name_ == other.member_name_ && type_signature_ == other.type_signature_; |
| 261 | } |
| 262 | |
Andrei Onea | 6ad020d | 2019-02-18 12:15:51 +0000 | [diff] [blame] | 263 | void MemberSignature::LogAccessToEventLog(uint32_t sampled_value, |
| 264 | AccessMethod access_method, |
| 265 | bool access_denied) { |
Nicolas Geoffray | 8a22907 | 2018-05-10 16:34:14 +0100 | [diff] [blame] | 266 | #ifdef ART_TARGET_ANDROID |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 267 | if (access_method == AccessMethod::kLinking || access_method == AccessMethod::kNone) { |
Mathew Inwood | 73ddda4 | 2018-04-03 15:32:32 +0100 | [diff] [blame] | 268 | // Linking warnings come from static analysis/compilation of the bytecode |
| 269 | // and can contain false positives (i.e. code that is never run). We choose |
| 270 | // not to log these in the event log. |
Mathew Inwood | f59ca61 | 2018-05-03 11:30:01 +0100 | [diff] [blame] | 271 | // None does not correspond to actual access, so should also be ignored. |
Mathew Inwood | 73ddda4 | 2018-04-03 15:32:32 +0100 | [diff] [blame] | 272 | return; |
| 273 | } |
Andrei Onea | a2d2bc2 | 2019-01-25 16:18:53 +0000 | [diff] [blame] | 274 | Runtime* runtime = Runtime::Current(); |
| 275 | if (runtime->IsAotCompiler()) { |
| 276 | return; |
Mathew Inwood | 73ddda4 | 2018-04-03 15:32:32 +0100 | [diff] [blame] | 277 | } |
Andrei Onea | a2d2bc2 | 2019-01-25 16:18:53 +0000 | [diff] [blame] | 278 | JNIEnvExt* env = Thread::Current()->GetJniEnv(); |
Mathew Inwood | 5bcef17 | 2018-05-01 14:40:12 +0100 | [diff] [blame] | 279 | const std::string& package_name = Runtime::Current()->GetProcessPackageName(); |
Andrei Onea | a2d2bc2 | 2019-01-25 16:18:53 +0000 | [diff] [blame] | 280 | ScopedLocalRef<jstring> package_str(env, env->NewStringUTF(package_name.c_str())); |
| 281 | if (env->ExceptionCheck()) { |
| 282 | env->ExceptionClear(); |
| 283 | LOG(ERROR) << "Unable to allocate string for package name which called hidden api"; |
Mathew Inwood | 5bcef17 | 2018-05-01 14:40:12 +0100 | [diff] [blame] | 284 | } |
Mathew Inwood | 2d4d62f | 2018-04-12 13:56:37 +0100 | [diff] [blame] | 285 | std::ostringstream signature_str; |
| 286 | Dump(signature_str); |
Andrei Onea | a2d2bc2 | 2019-01-25 16:18:53 +0000 | [diff] [blame] | 287 | ScopedLocalRef<jstring> signature_jstr(env, |
| 288 | env->NewStringUTF(signature_str.str().c_str())); |
| 289 | if (env->ExceptionCheck()) { |
| 290 | env->ExceptionClear(); |
| 291 | LOG(ERROR) << "Unable to allocate string for hidden api method signature"; |
| 292 | } |
| 293 | env->CallStaticVoidMethod(WellKnownClasses::dalvik_system_VMRuntime, |
Andrei Onea | 6ad020d | 2019-02-18 12:15:51 +0000 | [diff] [blame] | 294 | WellKnownClasses::dalvik_system_VMRuntime_hiddenApiUsed, |
| 295 | sampled_value, |
| 296 | package_str.get(), |
| 297 | signature_jstr.get(), |
| 298 | static_cast<jint>(access_method), |
| 299 | access_denied); |
Andrei Onea | a2d2bc2 | 2019-01-25 16:18:53 +0000 | [diff] [blame] | 300 | if (env->ExceptionCheck()) { |
| 301 | env->ExceptionClear(); |
| 302 | LOG(ERROR) << "Unable to report hidden api usage"; |
| 303 | } |
Nicolas Geoffray | 8a22907 | 2018-05-10 16:34:14 +0100 | [diff] [blame] | 304 | #else |
Andrei Onea | 6ad020d | 2019-02-18 12:15:51 +0000 | [diff] [blame] | 305 | UNUSED(sampled_value); |
Nicolas Geoffray | 8a22907 | 2018-05-10 16:34:14 +0100 | [diff] [blame] | 306 | UNUSED(access_method); |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 307 | UNUSED(access_denied); |
Nicolas Geoffray | 8a22907 | 2018-05-10 16:34:14 +0100 | [diff] [blame] | 308 | #endif |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 309 | } |
| 310 | |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 311 | void MemberSignature::NotifyHiddenApiListener(AccessMethod access_method) { |
| 312 | if (access_method != AccessMethod::kReflection && access_method != AccessMethod::kJNI) { |
| 313 | // We can only up-call into Java during reflection and JNI down-calls. |
| 314 | return; |
| 315 | } |
| 316 | |
| 317 | Runtime* runtime = Runtime::Current(); |
| 318 | if (!runtime->IsAotCompiler()) { |
| 319 | ScopedObjectAccessUnchecked soa(Thread::Current()); |
| 320 | |
| 321 | ScopedLocalRef<jobject> consumer_object(soa.Env(), |
| 322 | soa.Env()->GetStaticObjectField( |
| 323 | WellKnownClasses::dalvik_system_VMRuntime, |
| 324 | WellKnownClasses::dalvik_system_VMRuntime_nonSdkApiUsageConsumer)); |
| 325 | // If the consumer is non-null, we call back to it to let it know that we |
| 326 | // have encountered an API that's in one of our lists. |
| 327 | if (consumer_object != nullptr) { |
| 328 | std::ostringstream member_signature_str; |
| 329 | Dump(member_signature_str); |
| 330 | |
| 331 | ScopedLocalRef<jobject> signature_str( |
| 332 | soa.Env(), |
| 333 | soa.Env()->NewStringUTF(member_signature_str.str().c_str())); |
| 334 | |
| 335 | // Call through to Consumer.accept(String memberSignature); |
| 336 | soa.Env()->CallVoidMethod(consumer_object.get(), |
| 337 | WellKnownClasses::java_util_function_Consumer_accept, |
| 338 | signature_str.get()); |
| 339 | } |
| 340 | } |
| 341 | } |
| 342 | |
David Brazdil | 8586569 | 2018-10-30 17:26:20 +0000 | [diff] [blame] | 343 | static ALWAYS_INLINE bool CanUpdateRuntimeFlags(ArtField*) { |
David Brazdil | 8a6b2f3 | 2018-04-26 16:52:11 +0100 | [diff] [blame] | 344 | return true; |
| 345 | } |
| 346 | |
David Brazdil | 8586569 | 2018-10-30 17:26:20 +0000 | [diff] [blame] | 347 | static ALWAYS_INLINE bool CanUpdateRuntimeFlags(ArtMethod* method) { |
David Brazdil | 8a6b2f3 | 2018-04-26 16:52:11 +0100 | [diff] [blame] | 348 | return !method->IsIntrinsic(); |
| 349 | } |
| 350 | |
| 351 | template<typename T> |
David Brazdil | d51e574 | 2019-02-28 14:47:32 +0000 | [diff] [blame] | 352 | static ALWAYS_INLINE void MaybeUpdateAccessFlags(Runtime* runtime, T* member, uint32_t flag) |
David Brazdil | 8a6b2f3 | 2018-04-26 16:52:11 +0100 | [diff] [blame] | 353 | REQUIRES_SHARED(Locks::mutator_lock_) { |
David Brazdil | 0039bc5 | 2019-04-10 10:22:26 +0100 | [diff] [blame] | 354 | // Update the access flags unless: |
| 355 | // (a) `member` is an intrinsic |
| 356 | // (b) this is AOT compiler, as we do not want the updated access flags in the boot/app image |
| 357 | // (c) deduping warnings has been explicitly switched off. |
| 358 | if (CanUpdateRuntimeFlags(member) && |
| 359 | !runtime->IsAotCompiler() && |
| 360 | runtime->ShouldDedupeHiddenApiWarnings()) { |
David Brazdil | d51e574 | 2019-02-28 14:47:32 +0000 | [diff] [blame] | 361 | member->SetAccessFlags(member->GetAccessFlags() | flag); |
David Brazdil | 8a6b2f3 | 2018-04-26 16:52:11 +0100 | [diff] [blame] | 362 | } |
| 363 | } |
| 364 | |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 365 | static ALWAYS_INLINE uint32_t GetMemberDexIndex(ArtField* field) { |
| 366 | return field->GetDexFieldIndex(); |
David Brazdil | 8586569 | 2018-10-30 17:26:20 +0000 | [diff] [blame] | 367 | } |
| 368 | |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 369 | static ALWAYS_INLINE uint32_t GetMemberDexIndex(ArtMethod* method) |
| 370 | REQUIRES_SHARED(Locks::mutator_lock_) { |
| 371 | // Use the non-obsolete method to avoid DexFile mismatch between |
| 372 | // the method index and the declaring class. |
| 373 | return method->GetNonObsoleteMethod()->GetDexMethodIndex(); |
| 374 | } |
David Brazdil | 8586569 | 2018-10-30 17:26:20 +0000 | [diff] [blame] | 375 | |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 376 | static void VisitMembers(const DexFile& dex_file, |
Andreas Gampe | 3f1dcd3 | 2018-12-28 09:39:56 -0800 | [diff] [blame] | 377 | const dex::ClassDef& class_def, |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 378 | const std::function<void(const ClassAccessor::Field&)>& fn_visit) { |
| 379 | ClassAccessor accessor(dex_file, class_def, /* parse_hiddenapi_class_data= */ true); |
| 380 | accessor.VisitFields(fn_visit, fn_visit); |
| 381 | } |
| 382 | |
| 383 | static void VisitMembers(const DexFile& dex_file, |
Andreas Gampe | 3f1dcd3 | 2018-12-28 09:39:56 -0800 | [diff] [blame] | 384 | const dex::ClassDef& class_def, |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 385 | const std::function<void(const ClassAccessor::Method&)>& fn_visit) { |
| 386 | ClassAccessor accessor(dex_file, class_def, /* parse_hiddenapi_class_data= */ true); |
| 387 | accessor.VisitMethods(fn_visit, fn_visit); |
| 388 | } |
| 389 | |
| 390 | template<typename T> |
| 391 | uint32_t GetDexFlags(T* member) REQUIRES_SHARED(Locks::mutator_lock_) { |
| 392 | static_assert(std::is_same<T, ArtField>::value || std::is_same<T, ArtMethod>::value); |
David Brazdil | 6a1dab4 | 2019-02-28 18:45:15 +0000 | [diff] [blame] | 393 | constexpr bool kMemberIsField = std::is_same<T, ArtField>::value; |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 394 | using AccessorType = typename std::conditional<std::is_same<T, ArtField>::value, |
| 395 | ClassAccessor::Field, ClassAccessor::Method>::type; |
| 396 | |
| 397 | ObjPtr<mirror::Class> declaring_class = member->GetDeclaringClass(); |
David Brazdil | 90faceb | 2018-12-14 14:36:15 +0000 | [diff] [blame] | 398 | DCHECK(!declaring_class.IsNull()) << "Attempting to access a runtime method"; |
David Brazdil | 8586569 | 2018-10-30 17:26:20 +0000 | [diff] [blame] | 399 | |
David Brazdil | 90faceb | 2018-12-14 14:36:15 +0000 | [diff] [blame] | 400 | ApiList flags; |
| 401 | DCHECK(!flags.IsValid()); |
David Brazdil | 8586569 | 2018-10-30 17:26:20 +0000 | [diff] [blame] | 402 | |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 403 | // Check if the declaring class has ClassExt allocated. If it does, check if |
| 404 | // the pre-JVMTI redefine dex file has been set to determine if the declaring |
| 405 | // class has been JVMTI-redefined. |
| 406 | ObjPtr<mirror::ClassExt> ext(declaring_class->GetExtData()); |
| 407 | const DexFile* original_dex = ext.IsNull() ? nullptr : ext->GetPreRedefineDexFile(); |
| 408 | if (LIKELY(original_dex == nullptr)) { |
| 409 | // Class is not redefined. Find the class def, iterate over its members and |
| 410 | // find the entry corresponding to this `member`. |
Andreas Gampe | 3f1dcd3 | 2018-12-28 09:39:56 -0800 | [diff] [blame] | 411 | const dex::ClassDef* class_def = declaring_class->GetClassDef(); |
David Brazdil | 6a1dab4 | 2019-02-28 18:45:15 +0000 | [diff] [blame] | 412 | if (class_def == nullptr) { |
| 413 | // ClassDef is not set for proxy classes. Only their fields can ever be inspected. |
| 414 | DCHECK(declaring_class->IsProxyClass()) |
| 415 | << "Only proxy classes are expected not to have a class def"; |
| 416 | DCHECK(kMemberIsField) |
| 417 | << "Interface methods should be inspected instead of proxy class methods"; |
Andrei Onea | fc12a6c | 2020-07-29 19:52:34 +0100 | [diff] [blame] | 418 | flags = ApiList::Unsupported(); |
David Brazdil | 6a1dab4 | 2019-02-28 18:45:15 +0000 | [diff] [blame] | 419 | } else { |
| 420 | uint32_t member_index = GetMemberDexIndex(member); |
| 421 | auto fn_visit = [&](const AccessorType& dex_member) { |
| 422 | if (dex_member.GetIndex() == member_index) { |
| 423 | flags = ApiList(dex_member.GetHiddenapiFlags()); |
| 424 | } |
| 425 | }; |
| 426 | VisitMembers(declaring_class->GetDexFile(), *class_def, fn_visit); |
| 427 | } |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 428 | } else { |
| 429 | // Class was redefined using JVMTI. We have a pointer to the original dex file |
| 430 | // and the class def index of this class in that dex file, but the field/method |
| 431 | // indices are lost. Iterate over all members of the class def and find the one |
| 432 | // corresponding to this `member` by name and type string comparison. |
| 433 | // This is obviously very slow, but it is only used when non-exempt code tries |
| 434 | // to access a hidden member of a JVMTI-redefined class. |
| 435 | uint16_t class_def_idx = ext->GetPreRedefineClassDefIndex(); |
| 436 | DCHECK_NE(class_def_idx, DexFile::kDexNoIndex16); |
Andreas Gampe | 3f1dcd3 | 2018-12-28 09:39:56 -0800 | [diff] [blame] | 437 | const dex::ClassDef& original_class_def = original_dex->GetClassDef(class_def_idx); |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 438 | MemberSignature member_signature(member); |
| 439 | auto fn_visit = [&](const AccessorType& dex_member) { |
| 440 | MemberSignature cur_signature(dex_member); |
| 441 | if (member_signature.MemberNameAndTypeMatch(cur_signature)) { |
| 442 | DCHECK(member_signature.Equals(cur_signature)); |
David Brazdil | 90faceb | 2018-12-14 14:36:15 +0000 | [diff] [blame] | 443 | flags = ApiList(dex_member.GetHiddenapiFlags()); |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 444 | } |
| 445 | }; |
| 446 | VisitMembers(*original_dex, original_class_def, fn_visit); |
| 447 | } |
David Brazdil | 8586569 | 2018-10-30 17:26:20 +0000 | [diff] [blame] | 448 | |
David Brazdil | 90faceb | 2018-12-14 14:36:15 +0000 | [diff] [blame] | 449 | CHECK(flags.IsValid()) << "Could not find hiddenapi flags for " |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 450 | << Dumpable<MemberSignature>(MemberSignature(member)); |
David Brazdil | 90faceb | 2018-12-14 14:36:15 +0000 | [diff] [blame] | 451 | return flags.GetDexFlags(); |
David Brazdil | 8586569 | 2018-10-30 17:26:20 +0000 | [diff] [blame] | 452 | } |
| 453 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 454 | template<typename T> |
David Brazdil | d51e574 | 2019-02-28 14:47:32 +0000 | [diff] [blame] | 455 | bool HandleCorePlatformApiViolation(T* member, |
| 456 | const AccessContext& caller_context, |
| 457 | AccessMethod access_method, |
| 458 | EnforcementPolicy policy) { |
| 459 | DCHECK(policy != EnforcementPolicy::kDisabled) |
| 460 | << "Should never enter this function when access checks are completely disabled"; |
| 461 | |
David Brazdil | e768182 | 2018-12-14 16:25:33 +0000 | [diff] [blame] | 462 | if (access_method != AccessMethod::kNone) { |
David Brazdil | d51e574 | 2019-02-28 14:47:32 +0000 | [diff] [blame] | 463 | LOG(WARNING) << "Core platform API violation: " |
| 464 | << Dumpable<MemberSignature>(MemberSignature(member)) |
| 465 | << " from " << caller_context << " using " << access_method; |
| 466 | |
| 467 | // If policy is set to just warn, add kAccCorePlatformApi to access flags of |
| 468 | // `member` to avoid reporting the violation again next time. |
| 469 | if (policy == EnforcementPolicy::kJustWarn) { |
| 470 | MaybeUpdateAccessFlags(Runtime::Current(), member, kAccCorePlatformApi); |
| 471 | } |
David Brazdil | e768182 | 2018-12-14 16:25:33 +0000 | [diff] [blame] | 472 | } |
David Brazdil | d51e574 | 2019-02-28 14:47:32 +0000 | [diff] [blame] | 473 | |
| 474 | // Deny access if enforcement is enabled. |
| 475 | return policy == EnforcementPolicy::kEnabled; |
David Brazdil | e768182 | 2018-12-14 16:25:33 +0000 | [diff] [blame] | 476 | } |
| 477 | |
| 478 | template<typename T> |
| 479 | bool ShouldDenyAccessToMemberImpl(T* member, ApiList api_list, AccessMethod access_method) { |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 480 | DCHECK(member != nullptr); |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 481 | Runtime* runtime = Runtime::Current(); |
Andrei Onea | 037d282 | 2020-11-19 00:20:04 +0000 | [diff] [blame] | 482 | CompatFramework& compatFramework = runtime->GetCompatFramework(); |
David Brazdil | c5a96e4 | 2019-01-09 10:04:45 +0000 | [diff] [blame] | 483 | |
Artur Satayev | 267366c | 2019-10-31 14:59:26 +0000 | [diff] [blame] | 484 | EnforcementPolicy hiddenApiPolicy = runtime->GetHiddenApiEnforcementPolicy(); |
| 485 | DCHECK(hiddenApiPolicy != EnforcementPolicy::kDisabled) |
David Brazdil | c5a96e4 | 2019-01-09 10:04:45 +0000 | [diff] [blame] | 486 | << "Should never enter this function when access checks are completely disabled"; |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 487 | |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 488 | MemberSignature member_signature(member); |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 489 | |
Andrei Onea | fc12a6c | 2020-07-29 19:52:34 +0100 | [diff] [blame] | 490 | // Check for an exemption first. Exempted APIs are treated as SDK. |
Artur Satayev | 4a1e4dd | 2020-04-23 22:28:59 +0100 | [diff] [blame] | 491 | if (member_signature.DoesPrefixMatchAny(runtime->GetHiddenApiExemptions())) { |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 492 | // Avoid re-examining the exemption list next time. |
| 493 | // Note this results in no warning for the member, which seems like what one would expect. |
Andrei Onea | fc12a6c | 2020-07-29 19:52:34 +0100 | [diff] [blame] | 494 | // Exemptions effectively adds new members to the public API list. |
David Brazdil | d51e574 | 2019-02-28 14:47:32 +0000 | [diff] [blame] | 495 | MaybeUpdateAccessFlags(runtime, member, kAccPublicApi); |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 496 | return false; |
| 497 | } |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 498 | |
Artur Satayev | 267366c | 2019-10-31 14:59:26 +0000 | [diff] [blame] | 499 | EnforcementPolicy testApiPolicy = runtime->GetTestApiEnforcementPolicy(); |
| 500 | |
| 501 | bool deny_access = false; |
| 502 | if (hiddenApiPolicy == EnforcementPolicy::kEnabled) { |
Pedro Loureiro | f7fcb98 | 2020-11-24 16:44:12 +0000 | [diff] [blame^] | 503 | if (api_list.IsTestApi() && |
| 504 | (testApiPolicy == EnforcementPolicy::kDisabled || |
| 505 | compatFramework.IsChangeEnabled(kAllowTestApiAccess))) { |
Artur Satayev | 267366c | 2019-10-31 14:59:26 +0000 | [diff] [blame] | 506 | deny_access = false; |
| 507 | } else { |
atrost | 2dea079 | 2020-02-25 20:11:47 +0000 | [diff] [blame] | 508 | switch (api_list.GetMaxAllowedSdkVersion()) { |
| 509 | case SdkVersion::kP: |
Andrei Onea | 037d282 | 2020-11-19 00:20:04 +0000 | [diff] [blame] | 510 | deny_access = compatFramework.IsChangeEnabled(kHideMaxtargetsdkPHiddenApis); |
atrost | 2dea079 | 2020-02-25 20:11:47 +0000 | [diff] [blame] | 511 | break; |
| 512 | case SdkVersion::kQ: |
Andrei Onea | 037d282 | 2020-11-19 00:20:04 +0000 | [diff] [blame] | 513 | deny_access = compatFramework.IsChangeEnabled(kHideMaxtargetsdkQHiddenApis); |
atrost | 2dea079 | 2020-02-25 20:11:47 +0000 | [diff] [blame] | 514 | break; |
| 515 | default: |
| 516 | deny_access = IsSdkVersionSetAndMoreThan(runtime->GetTargetSdkVersion(), |
| 517 | api_list.GetMaxAllowedSdkVersion()); |
| 518 | } |
Artur Satayev | 267366c | 2019-10-31 14:59:26 +0000 | [diff] [blame] | 519 | } |
| 520 | } |
| 521 | |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 522 | if (access_method != AccessMethod::kNone) { |
Andrei Onea | fc12a6c | 2020-07-29 19:52:34 +0100 | [diff] [blame] | 523 | // Warn if blocked signature is being accessed or it is not exempted. |
Artur Satayev | 4a1e4dd | 2020-04-23 22:28:59 +0100 | [diff] [blame] | 524 | if (deny_access || !member_signature.DoesPrefixMatchAny(kWarningExemptions)) { |
| 525 | // Print a log message with information about this class member access. |
| 526 | // We do this if we're about to deny access, or the app is debuggable. |
| 527 | if (kLogAllAccesses || deny_access || runtime->IsJavaDebuggable()) { |
| 528 | member_signature.WarnAboutAccess(access_method, api_list, deny_access); |
| 529 | } |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 530 | |
Artur Satayev | 4a1e4dd | 2020-04-23 22:28:59 +0100 | [diff] [blame] | 531 | // If there is a StrictMode listener, notify it about this violation. |
| 532 | member_signature.NotifyHiddenApiListener(access_method); |
| 533 | } |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 534 | |
| 535 | // If event log sampling is enabled, report this violation. |
| 536 | if (kIsTargetBuild && !kIsTargetLinux) { |
| 537 | uint32_t eventLogSampleRate = runtime->GetHiddenApiEventLogSampleRate(); |
| 538 | // Assert that RAND_MAX is big enough, to ensure sampling below works as expected. |
| 539 | static_assert(RAND_MAX >= 0xffff, "RAND_MAX too small"); |
Andrei Onea | 6ad020d | 2019-02-18 12:15:51 +0000 | [diff] [blame] | 540 | if (eventLogSampleRate != 0) { |
| 541 | const uint32_t sampled_value = static_cast<uint32_t>(std::rand()) & 0xffff; |
| 542 | if (sampled_value < eventLogSampleRate) { |
| 543 | member_signature.LogAccessToEventLog(sampled_value, access_method, deny_access); |
| 544 | } |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 545 | } |
| 546 | } |
| 547 | |
Andrei Onea | fc12a6c | 2020-07-29 19:52:34 +0100 | [diff] [blame] | 548 | // If this access was not denied, flag member as SDK and skip |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 549 | // the warning the next time the member is accessed. |
| 550 | if (!deny_access) { |
David Brazdil | d51e574 | 2019-02-28 14:47:32 +0000 | [diff] [blame] | 551 | MaybeUpdateAccessFlags(runtime, member, kAccPublicApi); |
Mathew Inwood | 73ddda4 | 2018-04-03 15:32:32 +0100 | [diff] [blame] | 552 | } |
| 553 | } |
| 554 | |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 555 | return deny_access; |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 556 | } |
| 557 | |
David Brazdil | e768182 | 2018-12-14 16:25:33 +0000 | [diff] [blame] | 558 | // Need to instantiate these. |
David Brazdil | 1a65863 | 2018-12-01 17:54:26 +0000 | [diff] [blame] | 559 | template uint32_t GetDexFlags<ArtField>(ArtField* member); |
| 560 | template uint32_t GetDexFlags<ArtMethod>(ArtMethod* member); |
David Brazdil | d51e574 | 2019-02-28 14:47:32 +0000 | [diff] [blame] | 561 | template bool HandleCorePlatformApiViolation(ArtField* member, |
| 562 | const AccessContext& caller_context, |
| 563 | AccessMethod access_method, |
| 564 | EnforcementPolicy policy); |
| 565 | template bool HandleCorePlatformApiViolation(ArtMethod* member, |
| 566 | const AccessContext& caller_context, |
| 567 | AccessMethod access_method, |
| 568 | EnforcementPolicy policy); |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 569 | template bool ShouldDenyAccessToMemberImpl<ArtField>(ArtField* member, |
David Brazdil | e768182 | 2018-12-14 16:25:33 +0000 | [diff] [blame] | 570 | ApiList api_list, |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 571 | AccessMethod access_method); |
| 572 | template bool ShouldDenyAccessToMemberImpl<ArtMethod>(ArtMethod* member, |
David Brazdil | e768182 | 2018-12-14 16:25:33 +0000 | [diff] [blame] | 573 | ApiList api_list, |
David Brazdil | f50ac10 | 2018-10-17 18:00:06 +0100 | [diff] [blame] | 574 | AccessMethod access_method); |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 575 | } // namespace detail |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 576 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 577 | } // namespace hiddenapi |
| 578 | } // namespace art |