c2cd2d0c7b233515342b6a585baaeeb952777be0 |
18-May-2018 |
Mathew Inwood <mathewi@google.com> |
Fix test 674-hiddenapi when debuggable. The runtime warns for debuggable apps even when access to an API is allowed. Update the expectations of this test accordingly. This requires exposing Runtime::IsJavaDebuggable to the java code so it knows what to expect. Test: $ art/test.py -b --host --debuggable -t 674-hiddenapi Bug: 79914966 (cherry picked from commit eef7757941f2681814462b0f55d29a562c0200da) Merged-In: I339f205d7153cf7b1c12dc06813c768608921684 Change-Id: Ifd260a2886e99159162a3d05bdf0f5af0c8620d6
hildClass.java
|
015a7ec45bf874891ae57e972531aa5e72b489ae |
16-May-2018 |
Mathew Inwood <mathewi@google.com> |
Hidden API: only log what we deny. Only print a "Accessing hidden ..." warning in logcat when we deny access to any API, or if the app is debuggable. This reduces log spam. Update test expectations accordingly. Bug: 79914966 Test: $ art/test.py -b --host -t 674-hiddenapi Change-Id: Ic6dfa0dd519a8854e3a40ba19c9a001c0c2a378b
hildClass.java
|
724e9c8cdb75cd606fe583fd2502783046d62796 |
12-Apr-2018 |
Mathew Inwood <mathewi@google.com> |
Fix test after ag/3881475. A side effect of warning for light greylist accesses is that we also check the API exemptions list for then, changing the return value for such APIs from AllowButWarn to Allow. Bug: 64382372 Test: art/test.py --host -t 674-hiddenapi Change-Id: I45f50e5e2ab37b1c8adb09f198e268390dd84e55
hildClass.java
|
64ee8aeaeb70aa2d5d1c3ff57a682a5001869653 |
09-Apr-2018 |
Mathew Inwood <mathewi@google.com> |
Consider whitelist when listing class members. Previously, only the enforcement policy was considered when getting declared fields or members, meaning whitelisted APIs would still not be discoverable. Fix this by calling hiddenapi::GetMemberAction from within IsDiscoverable. Bug: 77787686 Bug: 64382372 Test: cts/tests/signature/runSignatureTests.sh (with ag/3863796) Test: art/test.py --host -t 674-hiddenapi Change-Id: I234d274f47f377e3e105c81aae2d49072287992a
hildClass.java
|
198a27e92a529115a2db2a17ec11d8b52bd6a315 |
06-Apr-2018 |
Orion Hodson <oth@google.com> |
ART: Walk past j.l.i in stackwalk for Hidden API Bug: 77631986 Test: art/test.py --host 674-hidden-api Change-Id: I2e3e0399765da7f554259fe14247b45e42110ef4
hildClass.java
LI.java
|
54a99cfcf3d3463404fdf4152523dcc69b8648d7 |
05-Apr-2018 |
David Brazdil <dbrazdil@google.com> |
Fix verifier/linker IncompatibleClassChangeError with hidden API The verifier and class linker will attempt to find a method with the wrong type if it could not be found with the original type, i.e an interface method on a regular class and vice versa. This logic did not previously take hidden API restrictions into account and would result in bogus error messages to the user or debug crashes. Bug: 64382372 Bug: 77464273 Test: art/test.py -r -t 674-hiddenapi Change-Id: If8327a70dd73b90249da3d9e505f0c6f89838f8e
hildClass.java
inking.java
|
e453a8dd87731f4b37b86a1284f7655d86c2a809 |
03-Apr-2018 |
Narayan Kamath <narayan@google.com> |
Revert^2 "hidden_api: Call back into libcore on hidden api detection"" This reverts commit bbe60d58496991c16e2943e174e26ab8a096b3d0. This CL deviates from the approach of the original change. Instead of calling back every time ShouldBlock.. was called, we explicitly call back in cases where it's safe to do so. Note that we only call back on reflective accesses for now, and not link time accesses. Coverage for the latter will be added in a follow up change. Bug: 73896556 Test: test-art-host Test: art/test.py --host -t test-art-host-run-test-debug-prebuild-\ interpreter-no-relocate-ntrace-gcstress-checkjni-picimage-pictest-\ ndebuggable-no-jvmti-cdex-fast-674-hiddenapi64 Change-Id: Ie99ac268a083af167accbdf955639da068bea950
hildClass.java
|
9e68ade384abdb15714054feaed06cb38eb5432f |
03-Apr-2018 |
Orion Hodson <oth@google.com> |
Revert "hidden_api: Call back into libcore on hidden api detection" This reverts commit 757a9d0a2e97d43bafeb8a95cc3c51102be99586. Reason for revert: Test failures with "art/test.py --host -t test-art-host-run-test-debug-prebuild-interpreter-no-relocate-ntrace-gcstress-checkjni-picimage-pictest-ndebuggable-no-jvmti-cdex-fast-674-hiddenapi64" Bug: 73896556 Test: art/test.py --host -t test-art-host-run-test-debug-prebuild-interpreter-no-relocate-ntrace-gcstress-checkjni-picimage-pictest-ndebuggable-no-jvmti-cdex-fast-674-hiddenapi64 Change-Id: Ib2ad89c16ad797c37f6212bc7e5c0b6b92ce56b5
hildClass.java
|
757a9d0a2e97d43bafeb8a95cc3c51102be99586 |
29-Mar-2018 |
Narayan Kamath <narayan@google.com> |
hidden_api: Call back into libcore on hidden api detection This change also removes some unnecessary RI specific logic for building src-ex since it isn't required. Bug: 73896556 Test: run-test --host 674-hiddenapi Test: StrictModeTest Co-Authored-By: Andreas Gampe <agampe@google.com> Change-Id: Ib2b4dfad55c5d829630bfe2adb4a468124bea61c
hildClass.java
|
3ae89978ebf11d3aed60f2828bd2b9c699fb738f |
21-Mar-2018 |
David Brazdil <dbrazdil@google.com> |
Revert "Warn on overriding of hidden methods" This reverts commit a11ea9ac8a46d2b09f1b568c0e2e849a29dd2046. Reason for revert: This would just confuse people Bug: 64382372 Change-Id: I69bdc0fb79831b5ce546205fd40a3300d039de71
hildClass.java
inking.java
verrideClass.java
|
a11ea9ac8a46d2b09f1b568c0e2e849a29dd2046 |
14-Mar-2018 |
David Brazdil <dbrazdil@google.com> |
Warn on overriding of hidden methods We could prevent apps from overriding hidden methods in the same manner they cannot override a package-private method - by creating a separate vtable entry for the child method. For now, start by printing a warning when a hidden method is being overridden but do not change the semantics. Bug: 64382372 Test: art/test.py -r -t 674-hiddenapi Change-Id: I9d5bfa6b833a4c0f5aaffa5f82dbe9b1e1f03f1f (cherry picked from commit fc66129b478d49f493b8262f81f8813a5f41459e)
hildClass.java
inking.java
verrideClass.java
|
6ca80d2ed68857c75002038f52a5d054c30619ad |
12-Mar-2018 |
David Brazdil <dbrazdil@google.com> |
Refactor enforcement of hidden API policy when linking Hidden API enforcement when linking was sub-optimal for two reasons: a) it was based on Class::CanAccessMember and would throw IllegalAccessError instead of NoSuchMethodError/NoSuchFieldError, and b) no warnings were printed in the code path. This patch moves the checks into ClassLinker's resolution routines and uses a code path which prints warning. Bug: 64382372 Test: art/test.py -r -t 674-hiddenapi Change-Id: I8a0fbdca58ce5803c1588b644a3e627a0a9a6504 (cherry picked from commit 8ce3bfaf1da2139a70b67e6b53c0110489801d40)
hildClass.java
inking.java
|
ee7d2fd16d47b54d7fb5b9d5ec772fbc315faf4b |
20-Jan-2018 |
David Brazdil <dbrazdil@google.com> |
Start warning on hidden API greylist Insert checks into reflection, JNI and the verifier to print a warning when greylisted methods are invoked and fields accessed. We do this on actual access, because reflection allows to list all methods/fields and simply listing a greylisted member would print too many false positives. Issuing a warning also sets a boolean flag in Runtime. This will be made accessible through VMRuntime to the framework which will issue a Toast on Activity start. The change was tested with internal microbenchmarks of reflection and those flagged one issue. Microbenchmark invoking a field getter has regressed by 35%. We will profile this benchmark in detail and consider options for improvement. Bug b/72482474 was created to track progress. Test: art/test.py -b -r -t 674-hiddenapi Bug: 64382372 Bug: 72482474 Change-Id: I323244935e9091a2f8d012385cefaac6b1fe3777
hildClass.java
|
5a61bb7969347ffe8e0bf4f4dff841cc6c21ed85 |
19-Jan-2018 |
David Brazdil <dbrazdil@google.com> |
Start enforcing hidden API blacklist Insert checks into reflection, JNI and Class::CanAccessMember to make blacklisted hidden APIs undiscoverable. The change was tested with internal microbenchmarks of reflection and those showed no measurable performance impact. Test: art/test.py -b -r -t 674-hiddenapi Bug: 64382372 Change-Id: I9e39804b837ae9ffeba926f2a5b1e8e9986c472b
hildClass.java
|
11b67b201adb173d5f6f1b7a3fd337fda91e200f |
18-Jan-2018 |
David Brazdil <dbrazdil@google.com> |
Set up a test for hidden API enforcement Submitting the test first for easier review. The expected outcome is that all currently class members are discoverable and accessible. Future CLs will implement the enforcement and change the expected outcome. The test itself has two JARs - parent declares classes and child tries to access them using reflection, JNI and static linking. The test driver ("Main" class) loads these JARs as follows: (a) both with class loaders (b) parent in boot class path, child with class loader (c) both in boot class path In (a), there should be no enforcement as the JAR does not have hidden API access flags (would not load otherwise). In situation(b), child should only be allowed to access parent's public, non-hidden members. And in (c), parent contains hidden API access flags but child is exempt from access checks. Bug: 64382372 Test: art/test.py -b -r -t 674-hiddenapi Change-Id: I19f5f7c30c0c7913703209817d36006b161c6778
hildClass.java
NI.java
inking.java
eflection.java
|