| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Fixes current flakes where there is a race between tests on when
directories get created.
Test: hidden_api_test
Change-Id: I25301bf73bae76d5622e97ab231224cf5b329918
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When devices ship without a /system_ext partition, we create
/system/system_ext and add a symlink from /system_ext. However, the path
ART gets is the full resolved path, so we need to account for it.
Also rename LocationIsOnModule to LocationIsOn, as the method has
nothing to do with modules (anymore?).
Cleanup hidden_api_test.cc
Bug: 180943021
Test: hidden_api_test
Change-Id: Ib3bf65da73248a80f76b8a8a5ed5e004c8716851
|
| |
|
|
|
|
|
|
| |
This reverts commit d8b153b7c2026f45db97a7fd5804957becc5cfdf.
Reason for revert: cts tests on -user builds is broken
Change-Id: I7528fb6d1606f08d2398bc4cbb27519424cf1b51
|
| |
|
|
|
|
|
|
| |
Access to TestApis is now gated by @ChangeId ALLOW_TEST_API_ACCESS.
Bug: 147113465
Test: presubmit
Change-Id: I4c5e336069bce3bccfcde0bcd84b6c1f539635e9
|
| |
|
|
|
|
|
|
|
|
| |
Allow apps with the change id ALLOW_TEST_API_ACCESS enabled to
access methods annotated with @TestAPi
Test: m test-art-host-gtest-art_runtime_tests
Fixes: 166236554
Change-Id: I78776443dd0b76d8cba24ddfbfb83c3b50b346ab
|
| |
|
|
|
|
|
|
|
| |
Log first call for every change id in ART to logcat.
Test: manual
Bug: 153061480
Change-Id: I37ff5b88572478ae6c24b0b7dec2020da03b2172
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use a more inclusive terminology for the API lists. This change focuses
specifically on the ApiList::Value enum values. The string equivalents
will be changed separately, as they have multiple extra dependencies.
Bug: 162326106
Test: m
Test: m test-art-host-gtest-art_hiddenapi_tests
Test: art/tools/run-gtests.sh
Change-Id: I1dccf59ecc9e08b60dbd1bfed6ce438b5ce081d0
|
| |
|
|
|
|
| |
Bug: 161687281
Test: art_runtime_tests
Change-Id: I1d68b1dd6382b6873c33aa2c09bb25c3b6fe5c30
|
| |
|
|
|
|
| |
Bug: 147817558
Test: art/art-host-gtest on forrest
Change-Id: I0ecfbc81fe6998d4c8c69ce6fbeb35bdd5908b55
|
| |
|
|
|
|
| |
Bug: 156307884
Test: m
Change-Id: I838e348af7c0ca1b3933a8a6e012cddfa6c209aa
|
| |
|
|
|
|
|
|
| |
Bug: 148385042
Test: Built and booted Pixel 3a both with and without a boot jar in system_ext.
Test: m test-art-host-gtest-hidden_api_test32
Test: m test-art-host-gtest-hidden_api_test64
Change-Id: I10ef0340b92aa60579ff39f888cb556dc2953f2a
|
| |
|
|
|
|
|
|
|
|
|
| |
Replace targetSDK checks for those APIs, keep it for greylist-max-o.
This will allow toggling access to APIs that are in greylist-max-p and
greylist-max-q (two separate toggles).
Bug: 149994052
Bug: 149997251
Test: mma test-art-host-gtest-hidden_api_test64
Change-Id: I00777bbeefba50a0863a6645b77e60d48e9bb768
|
| |
|
|
|
|
|
|
| |
Note that the check is for "pure" @TestApi signatures, i.e. those that are on blacklist. If the signature is also annotated with @SystemApi or @UnsupportedApiUsage then it would not be on blacklist.
Bug: 133832325
Test: manual
Change-Id: I546fb42495331efd638d9def924ef33da0c80182
|
| |
|
|
|
|
| |
Test: mma test-art-host-gtest-hidden_api_test64
Bug: 133832325
Change-Id: I1a91bcea501325fd4e79e25db1ed0be6e1028b49
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Target buildbots set /system to be the runtime module root because they
are running without an apex. The test assumes that /system dex files are assigned
to the application domain but here they get assigned to the core-platform domain.
Adjust the domain setting logic to check if the runtime module root is
distict from the android root (as a proxy for 'is running with apex').
If not (as is the case with the buildbots), skip checks against apex
locations.
Test: m test-art-target-gtest-hidden_api_test
Change-Id: Iff3890ec69cb04a1e4ed5bc2a3b5c652ada05f36
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To determine the caller and callee domains of a hidden API access check,
the logic will test the dex location against several known system
locations. However, DexFile instances backed by an OatFile have relative
dex locations to avoid need to rewrite the .oat file when moving files
between folders. The canonical dex location is stored in the OatDexFile
instead.
Because the OatDexFile data structure is not available in libdexfile,
move the domain resolution logic to hidden_api.cc and resolve when dex
files is first registered with the class linker.
Test: m test-art-gtest
Test: camera does not crash
Bug: 126901248
Bug: 127852529
Change-Id: Id494b1c47a2199c227dec046174e08320b9cbc3b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inspecting proxy classes with reflection/JNI could result in an ART
crash because hiddenapi::detail::GetDexFlags() assumed that all classes
have a class def index and can be iterated over. This actually revealed
a more general issue with proxy classes.
This patch replaces a proxy method with the interface method at the
beginning of ShouldDenyAccessToMember. This takes care of all proxy
methods and will instead look at hidden API flags of the interface
methods. What's left is proxy fields - both synthetic implementation
details. Special case those and assign to greylist for now.
Bug: 124218696
Test: art/test.py -r -t 691-hiddenapi-proxy
Change-Id: I36c961cd4ffb196641db162818a0f9659aed8a32
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After a recent refactor the hidden API access check logic would enter
slow path when the enforcement policy is set to kDisabled. This did
not affect correctness but could have a performance impact. Moreover,
a debuggable process would see logcat warnings printed for every such
access despite it being granted. This caused occasional logcat buffer
overflows in killswitch CTS tests and their resulting flakiness.
The patch exits from ShouldDenyAccessToMember early if policy is
kDisabled and adds a DCHECK in ShouldDenyAccessToMemberImpl to assert
slow path is not entered under the policy.
Test: m test-art-host-gtest-hidden_api_test
Change-Id: I217d9914d2645af11ce84c03a0ed778a82bc760f
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add a new hiddenapi::ApiList constant for a greylist only accessible to
apps targeting SDK version < Q.
The patch also removes SdkVersion::kP_MR1 which is invalid.
Test: m, phone boots
Test: m test-art
Test: atest art/tools/class2greylist/test
Change-Id: I48f3d1a4703166168fd8e0d1c3337aa2957b66ce
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change values of ApiList flags to make them easier to extend in the
future and unify naming across all components. Light greylist is now
just "Greylist", dark greylist becomes "GreylistMaxO".
Note that the version code in "GreylistMaxO" must also include any
maintenance releases, i.e. entries on "GreylistMaxO" are accessible
to apps with targetSdkVersion<=27 (O MR1).
Test: m, phone boots
Test: m test-art
Change-Id: I9622e0646eb265008a8bb2652270876ae95dac84
|
| |
|
|
|
|
|
|
|
|
| |
Creates a new SdkVersion enum with integer codes of known
Android SDK versions, together with helper functions for common
predicates. Also converts target_sdk_version_ in Runtime to
uint32_t and cleans up its uses.
Test: m test-art
Change-Id: Idc6e518c8675068bf952d0256686c88bb0eb833e
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor GetMemberAction to return a boolean whether access to a class
member should be denied. This also moves StrictMode consumer
notification into hidden_api.cc and removes notifications for toasts.
Tests are changed accordingly.
Test: phone boots
Test: m test-art
Merged-In: I02902143de0ff91d402ba79c83f28226b1822a6f
Change-Id: I02902143de0ff91d402ba79c83f28226b1822a6f
(cherry picked from commit 51995f90adaa0e5047dee56d22f15e4225e70517)
|
| |
|
|
|
|
|
|
|
|
| |
Hiddenapi code in runtime/ has all code in the hiddenapi:: namespace
instead of using a class as a wrapper. Refactor HiddenApiAccessFlags
for consistency. Also turn ApiList into `enum class` for stricter
type checks.
Test: m test-art
Change-Id: Ifb3c443ea43860476abd4fd3d4934cd14e2cdcc1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove all uses of macros 'FINAL' and 'OVERRIDE' and replace them with
'final' and 'override' specifiers. Remove all definitions of these
macros as well, which were located in these files:
- libartbase/base/macros.h
- test/913-heaps/heaps.cc
- test/ti-agent/ti_macros.h
ART is now using C++14; the 'final' and 'override' specifiers have
been introduced in C++11.
Test: mmma art
Change-Id: I256c7758155a71a2940ef2574925a44076feeebf
|
| |
|
|
|
|
|
|
|
|
| |
Thread::CreateAnnotatedStackTrace() was using a stale
reference `aste_array_class`.
Test: m test-art-host-gtest
Test: testrunner.py --host --optimizing
Bug: 31113334
Change-Id: I191907c0053456bb57de425aa6ccd9668df818a2
|
| |
|
|
|
| |
Test: Rely on TreeHugger.
Change-Id: I9cae11191ef1567ae9453be498882a7767285140
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Proxy classes are classes generated at runtime which implement
a given interface. Because they do not inherit the associated
dex file form the interface(s), names/signatures of methods cannot
be requested directly, but rather through the original interface
method. Calling getName() on a proxy mirror::Class also triggers
a DCHECK.
This patch will refer to the interface method when printing the
signature instead of the proxy method.
This fixes the warning printed for the proxy method, printing
even the class name of the interface instead of the name of the
proxy class. This is meant to provide useful info to the devloper.
Proxies do not define fields except for the synthetic 'interfaces'
and 'throws' fields. Their signatures remain unchanged.
This patch also continues to check the access flags of the proxy
method for performance reasons. De-proxying the method would
introduce two new memory accesses into the fast path. That means
deduplication of warnings remains independent between the original
and proxy methods.
Bug: 78327881
Test: make test-art-host-gtest-hidden_api_test
Merged-In: I8f334e5e2b62ca38691c94524edaf198eb73574b
Change-Id: I8f334e5e2b62ca38691c94524edaf198eb73574b
(cherry picked from commit 73a64f6a2a475c2fe018c7ab1151e3f44d316533)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hidden API decision logic would try to decode the access flags of
intrinsics directly, bypassing the override in ArtMethod. This patch
get hidden_api.h to use the same code path.
This also fixes CtsHiddenApiDiscoveryTestCases where the access flags
of blacklisted APIs are tested. VarHandle intrinsics would not pass.
Bug: 64382372
Bug: 72430785
Bug: 78230396
Test: cts-tradefed run cts --module CtsHiddenApiDiscoveryTestCases
Merged-In: I080313dd91bbee2d7d98b00c02e224974b344c01
Change-Id: I080313dd91bbee2d7d98b00c02e224974b344c01
(cherry picked from commit 14c212a44ac9a3ad12025ebf30836129669fa949)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems pretty unlikely that we'd ever want to disallow access to the
light greylist in P, since doing do would break do many apps. We don't need
this policy here as an opt-in for apps now, since the StrictMode work will
achieve the same thing.
Instead, make a kJustWarn policy which allows access to all APIs, but
leaves the detection and logging logic in place. This gives us the option
of disabling enforcement, but still gathering logs to find out which apps
use which APIs.
Add some tests for GetActionFromAccessFlags since the logic is getting
more complex.
Bug: 77517571
Test: make test-art-host-gtest-hidden_api_test
Test: boot device
Merged-In: I2e6824d7ef53532d0836a2b6b1930cbbed196d0c
Change-Id: I2e6824d7ef53532d0836a2b6b1930cbbed196d0c
(cherry picked from commit 68693699d62bc7a2192f51be191ae81defcf4388)
|
| |
|
|
|
|
|
|
|
|
|
| |
Add hidden_api.cc, move handling of hidden fields there. Also
remove an unnecessary include that meant hidden_api was imported
into too many compilation units, and fix transitive includes.
Bug: 73896556
Test: mmma art
Test: m test-art-host
Change-Id: Ie47e11abcea68e326c410bab215ebbfbf049051b
|
|
|
Add support to VMRuntime for setting a list of exemptions from the hidden
API enforcement. The list is used as a prefix match against the signature
of a field/method. Any signatures that match are treated as being on the
light grey list, rather than the dark grey list or blacklist.
Refactor some code in hidden_api.h that deals with field/method signatures,
to encapsulate the signature in a new class MemberSignature. This allows us
to avoid building the entire signature in member, instead just using its
constituent parts.
Test: $ make test-art-host-gtest-hidden_api_test
Test: $ adb shell settings put global hidden_api_blacklist_exemptions \
Test: Landroid/view/RemoteAnimationDefinition\\\;:Landroid/app/ActivityManager\\\$TaskDescription\\\;
Test: Manually verify logcat output from app which uses named APIs
Bug: 73337509
Change-Id: Id608743d1b5a7a37059875d8991d0d4d65f5fc36
|
