| c2cd2d0c7b233515342b6a585baaeeb952777be0 |
18-May-2018 |
Mathew Inwood <mathewi@google.com> |
Fix test 674-hiddenapi when debuggable.
The runtime warns for debuggable apps even when access to an API is
allowed. Update the expectations of this test accordingly.
This requires exposing Runtime::IsJavaDebuggable to the java code so
it knows what to expect.
Test: $ art/test.py -b --host --debuggable -t 674-hiddenapi
Bug: 79914966
(cherry picked from commit eef7757941f2681814462b0f55d29a562c0200da)
Merged-In: I339f205d7153cf7b1c12dc06813c768608921684
Change-Id: Ifd260a2886e99159162a3d05bdf0f5af0c8620d6
hildClass.java
|
| 015a7ec45bf874891ae57e972531aa5e72b489ae |
16-May-2018 |
Mathew Inwood <mathewi@google.com> |
Hidden API: only log what we deny.
Only print a "Accessing hidden ..." warning in logcat when we deny access
to any API, or if the app is debuggable. This reduces log spam.
Update test expectations accordingly.
Bug: 79914966
Test: $ art/test.py -b --host -t 674-hiddenapi
Change-Id: Ic6dfa0dd519a8854e3a40ba19c9a001c0c2a378b
hildClass.java
|
| 724e9c8cdb75cd606fe583fd2502783046d62796 |
12-Apr-2018 |
Mathew Inwood <mathewi@google.com> |
Fix test after ag/3881475.
A side effect of warning for light greylist accesses is that we also check
the API exemptions list for then, changing the return value for such APIs
from AllowButWarn to Allow.
Bug: 64382372
Test: art/test.py --host -t 674-hiddenapi
Change-Id: I45f50e5e2ab37b1c8adb09f198e268390dd84e55
hildClass.java
|
| 64ee8aeaeb70aa2d5d1c3ff57a682a5001869653 |
09-Apr-2018 |
Mathew Inwood <mathewi@google.com> |
Consider whitelist when listing class members.
Previously, only the enforcement policy was considered when getting
declared fields or members, meaning whitelisted APIs would still not be
discoverable. Fix this by calling hiddenapi::GetMemberAction from within
IsDiscoverable.
Bug: 77787686
Bug: 64382372
Test: cts/tests/signature/runSignatureTests.sh (with ag/3863796)
Test: art/test.py --host -t 674-hiddenapi
Change-Id: I234d274f47f377e3e105c81aae2d49072287992a
hildClass.java
|
| 198a27e92a529115a2db2a17ec11d8b52bd6a315 |
06-Apr-2018 |
Orion Hodson <oth@google.com> |
ART: Walk past j.l.i in stackwalk for Hidden API
Bug: 77631986
Test: art/test.py --host 674-hidden-api
Change-Id: I2e3e0399765da7f554259fe14247b45e42110ef4
hildClass.java
LI.java
|
| 54a99cfcf3d3463404fdf4152523dcc69b8648d7 |
05-Apr-2018 |
David Brazdil <dbrazdil@google.com> |
Fix verifier/linker IncompatibleClassChangeError with hidden API
The verifier and class linker will attempt to find a method with
the wrong type if it could not be found with the original type,
i.e an interface method on a regular class and vice versa.
This logic did not previously take hidden API restrictions into
account and would result in bogus error messages to the user or
debug crashes.
Bug: 64382372
Bug: 77464273
Test: art/test.py -r -t 674-hiddenapi
Change-Id: If8327a70dd73b90249da3d9e505f0c6f89838f8e
hildClass.java
inking.java
|
| e453a8dd87731f4b37b86a1284f7655d86c2a809 |
03-Apr-2018 |
Narayan Kamath <narayan@google.com> |
Revert^2 "hidden_api: Call back into libcore on hidden api detection""
This reverts commit bbe60d58496991c16e2943e174e26ab8a096b3d0.
This CL deviates from the approach of the original change. Instead of
calling back every time ShouldBlock.. was called, we explicitly call
back in cases where it's safe to do so.
Note that we only call back on reflective accesses for now, and not
link time accesses. Coverage for the latter will be added in a follow up
change.
Bug: 73896556
Test: test-art-host
Test: art/test.py --host -t test-art-host-run-test-debug-prebuild-\
interpreter-no-relocate-ntrace-gcstress-checkjni-picimage-pictest-\
ndebuggable-no-jvmti-cdex-fast-674-hiddenapi64
Change-Id: Ie99ac268a083af167accbdf955639da068bea950
hildClass.java
|
| 9e68ade384abdb15714054feaed06cb38eb5432f |
03-Apr-2018 |
Orion Hodson <oth@google.com> |
Revert "hidden_api: Call back into libcore on hidden api detection"
This reverts commit 757a9d0a2e97d43bafeb8a95cc3c51102be99586.
Reason for revert: Test failures with "art/test.py --host -t test-art-host-run-test-debug-prebuild-interpreter-no-relocate-ntrace-gcstress-checkjni-picimage-pictest-ndebuggable-no-jvmti-cdex-fast-674-hiddenapi64"
Bug: 73896556
Test: art/test.py --host -t test-art-host-run-test-debug-prebuild-interpreter-no-relocate-ntrace-gcstress-checkjni-picimage-pictest-ndebuggable-no-jvmti-cdex-fast-674-hiddenapi64
Change-Id: Ib2ad89c16ad797c37f6212bc7e5c0b6b92ce56b5
hildClass.java
|
| 757a9d0a2e97d43bafeb8a95cc3c51102be99586 |
29-Mar-2018 |
Narayan Kamath <narayan@google.com> |
hidden_api: Call back into libcore on hidden api detection
This change also removes some unnecessary RI specific logic for
building src-ex since it isn't required.
Bug: 73896556
Test: run-test --host 674-hiddenapi
Test: StrictModeTest
Co-Authored-By: Andreas Gampe <agampe@google.com>
Change-Id: Ib2b4dfad55c5d829630bfe2adb4a468124bea61c
hildClass.java
|
| 3ae89978ebf11d3aed60f2828bd2b9c699fb738f |
21-Mar-2018 |
David Brazdil <dbrazdil@google.com> |
Revert "Warn on overriding of hidden methods"
This reverts commit a11ea9ac8a46d2b09f1b568c0e2e849a29dd2046.
Reason for revert: This would just confuse people
Bug: 64382372
Change-Id: I69bdc0fb79831b5ce546205fd40a3300d039de71
hildClass.java
inking.java
verrideClass.java
|
| a11ea9ac8a46d2b09f1b568c0e2e849a29dd2046 |
14-Mar-2018 |
David Brazdil <dbrazdil@google.com> |
Warn on overriding of hidden methods
We could prevent apps from overriding hidden methods in the same
manner they cannot override a package-private method - by creating
a separate vtable entry for the child method. For now, start by
printing a warning when a hidden method is being overridden but do
not change the semantics.
Bug: 64382372
Test: art/test.py -r -t 674-hiddenapi
Change-Id: I9d5bfa6b833a4c0f5aaffa5f82dbe9b1e1f03f1f
(cherry picked from commit fc66129b478d49f493b8262f81f8813a5f41459e)
hildClass.java
inking.java
verrideClass.java
|
| 6ca80d2ed68857c75002038f52a5d054c30619ad |
12-Mar-2018 |
David Brazdil <dbrazdil@google.com> |
Refactor enforcement of hidden API policy when linking
Hidden API enforcement when linking was sub-optimal for two reasons:
a) it was based on Class::CanAccessMember and would throw
IllegalAccessError instead of NoSuchMethodError/NoSuchFieldError, and
b) no warnings were printed in the code path.
This patch moves the checks into ClassLinker's resolution routines and
uses a code path which prints warning.
Bug: 64382372
Test: art/test.py -r -t 674-hiddenapi
Change-Id: I8a0fbdca58ce5803c1588b644a3e627a0a9a6504
(cherry picked from commit 8ce3bfaf1da2139a70b67e6b53c0110489801d40)
hildClass.java
inking.java
|
| ee7d2fd16d47b54d7fb5b9d5ec772fbc315faf4b |
20-Jan-2018 |
David Brazdil <dbrazdil@google.com> |
Start warning on hidden API greylist
Insert checks into reflection, JNI and the verifier to print
a warning when greylisted methods are invoked and fields accessed.
We do this on actual access, because reflection allows to list
all methods/fields and simply listing a greylisted member would
print too many false positives.
Issuing a warning also sets a boolean flag in Runtime. This will
be made accessible through VMRuntime to the framework which will
issue a Toast on Activity start.
The change was tested with internal microbenchmarks of reflection
and those flagged one issue. Microbenchmark invoking a field getter
has regressed by 35%. We will profile this benchmark in detail and
consider options for improvement. Bug b/72482474 was created to track
progress.
Test: art/test.py -b -r -t 674-hiddenapi
Bug: 64382372
Bug: 72482474
Change-Id: I323244935e9091a2f8d012385cefaac6b1fe3777
hildClass.java
|
| 5a61bb7969347ffe8e0bf4f4dff841cc6c21ed85 |
19-Jan-2018 |
David Brazdil <dbrazdil@google.com> |
Start enforcing hidden API blacklist
Insert checks into reflection, JNI and Class::CanAccessMember to
make blacklisted hidden APIs undiscoverable.
The change was tested with internal microbenchmarks of reflection
and those showed no measurable performance impact.
Test: art/test.py -b -r -t 674-hiddenapi
Bug: 64382372
Change-Id: I9e39804b837ae9ffeba926f2a5b1e8e9986c472b
hildClass.java
|
| 11b67b201adb173d5f6f1b7a3fd337fda91e200f |
18-Jan-2018 |
David Brazdil <dbrazdil@google.com> |
Set up a test for hidden API enforcement
Submitting the test first for easier review. The expected outcome
is that all currently class members are discoverable and accessible.
Future CLs will implement the enforcement and change the expected
outcome.
The test itself has two JARs - parent declares classes and child
tries to access them using reflection, JNI and static linking.
The test driver ("Main" class) loads these JARs as follows:
(a) both with class loaders
(b) parent in boot class path, child with class loader
(c) both in boot class path
In (a), there should be no enforcement as the JAR does not have
hidden API access flags (would not load otherwise). In situation(b),
child should only be allowed to access parent's public, non-hidden
members. And in (c), parent contains hidden API access flags but
child is exempt from access checks.
Bug: 64382372
Test: art/test.py -b -r -t 674-hiddenapi
Change-Id: I19f5f7c30c0c7913703209817d36006b161c6778
hildClass.java
NI.java
inking.java
eflection.java
|