1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "hidden_api.h"
18
19 #include <nativehelper/scoped_local_ref.h>
20 #include <atomic>
21
22 #include "art_field-inl.h"
23 #include "art_method-inl.h"
24 #include "compat_framework.h"
25 #include "base/dumpable.h"
26 #include "base/file_utils.h"
27 #include "dex/class_accessor-inl.h"
28 #include "dex/dex_file_loader.h"
29 #include "mirror/class_ext.h"
30 #include "oat_file.h"
31 #include "scoped_thread_state_change.h"
32 #include "thread-inl.h"
33 #include "well_known_classes.h"
34
35 namespace art {
36 namespace hiddenapi {
37
38 // Should be the same as dalvik.system.VMRuntime.HIDE_MAXTARGETSDK_P_HIDDEN_APIS,
39 // dalvik.system.VMRuntime.HIDE_MAXTARGETSDK_Q_HIDDEN_APIS, and
40 // dalvik.system.VMRuntime.ALLOW_TEST_API_ACCESS.
41 // Corresponds to bug ids.
42 static constexpr uint64_t kHideMaxtargetsdkPHiddenApis = 149997251;
43 static constexpr uint64_t kHideMaxtargetsdkQHiddenApis = 149994052;
44 static constexpr uint64_t kAllowTestApiAccess = 166236554;
45
46 static constexpr uint64_t kMaxLogWarnings = 100;
47
48 // Set to true if we should always print a warning in logcat for all hidden API accesses, not just
49 // conditionally and unconditionally blocked. This can be set to true for developer preview / beta
50 // builds, but should be false for public release builds.
51 // Note that when flipping this flag, you must also update the expectations of test 674-hiddenapi
52 // as it affects whether or not we warn for unsupported APIs that have been added to the exemptions
53 // list.
54 static constexpr bool kLogAllAccesses = false;
55
56 // Exemptions for logcat warning. Following signatures do not produce a warning as app developers
57 // should not be alerted on the usage of these unsupported APIs. See b/154851649.
58 static const std::vector<std::string> kWarningExemptions = {
59 "Ljava/nio/Buffer;",
60 "Llibcore/io/Memory;",
61 "Lsun/misc/Unsafe;",
62 };
63
operator <<(std::ostream & os,AccessMethod value)64 static inline std::ostream& operator<<(std::ostream& os, AccessMethod value) {
65 switch (value) {
66 case AccessMethod::kNone:
67 LOG(FATAL) << "Internal access to hidden API should not be logged";
68 UNREACHABLE();
69 case AccessMethod::kReflection:
70 os << "reflection";
71 break;
72 case AccessMethod::kJNI:
73 os << "JNI";
74 break;
75 case AccessMethod::kLinking:
76 os << "linking";
77 break;
78 }
79 return os;
80 }
81
operator <<(std::ostream & os,const AccessContext & value)82 static inline std::ostream& operator<<(std::ostream& os, const AccessContext& value)
83 REQUIRES_SHARED(Locks::mutator_lock_) {
84 if (!value.GetClass().IsNull()) {
85 std::string tmp;
86 os << value.GetClass()->GetDescriptor(&tmp);
87 } else if (value.GetDexFile() != nullptr) {
88 os << value.GetDexFile()->GetLocation();
89 } else {
90 os << "<unknown_caller>";
91 }
92 return os;
93 }
94
DetermineDomainFromLocation(const std::string & dex_location,ObjPtr<mirror::ClassLoader> class_loader)95 static Domain DetermineDomainFromLocation(const std::string& dex_location,
96 ObjPtr<mirror::ClassLoader> class_loader) {
97 // If running with APEX, check `path` against known APEX locations.
98 // These checks will be skipped on target buildbots where ANDROID_ART_ROOT
99 // is set to "/system".
100 if (ArtModuleRootDistinctFromAndroidRoot()) {
101 if (LocationIsOnArtModule(dex_location.c_str()) ||
102 LocationIsOnConscryptModule(dex_location.c_str()) ||
103 LocationIsOnI18nModule(dex_location.c_str())) {
104 return Domain::kCorePlatform;
105 }
106
107 if (LocationIsOnApex(dex_location.c_str())) {
108 return Domain::kPlatform;
109 }
110 }
111
112 if (LocationIsOnSystemFramework(dex_location.c_str())) {
113 return Domain::kPlatform;
114 }
115
116 if (LocationIsOnSystemExtFramework(dex_location.c_str())) {
117 return Domain::kPlatform;
118 }
119
120 if (class_loader.IsNull()) {
121 if (kIsTargetBuild && !kIsTargetLinux) {
122 // This is unexpected only when running on Android.
123 LOG(WARNING) << "DexFile " << dex_location
124 << " is in boot class path but is not in a known location";
125 }
126 return Domain::kPlatform;
127 }
128
129 return Domain::kApplication;
130 }
131
InitializeDexFileDomain(const DexFile & dex_file,ObjPtr<mirror::ClassLoader> class_loader)132 void InitializeDexFileDomain(const DexFile& dex_file, ObjPtr<mirror::ClassLoader> class_loader) {
133 Domain dex_domain = DetermineDomainFromLocation(dex_file.GetLocation(), class_loader);
134
135 // Assign the domain unless a more permissive domain has already been assigned.
136 // This may happen when DexFile is initialized as trusted.
137 if (IsDomainMoreTrustedThan(dex_domain, dex_file.GetHiddenapiDomain())) {
138 dex_file.SetHiddenapiDomain(dex_domain);
139 }
140 }
141
InitializeCorePlatformApiPrivateFields()142 void InitializeCorePlatformApiPrivateFields() {
143 // The following fields in WellKnownClasses correspond to private fields in the Core Platform
144 // API that cannot be otherwise expressed and propagated through tooling (b/144502743).
145 jfieldID private_core_platform_api_fields[] = {
146 WellKnownClasses::java_io_FileDescriptor_descriptor,
147 WellKnownClasses::java_nio_Buffer_address,
148 WellKnownClasses::java_nio_Buffer_elementSizeShift,
149 WellKnownClasses::java_nio_Buffer_limit,
150 WellKnownClasses::java_nio_Buffer_position,
151 };
152
153 ScopedObjectAccess soa(Thread::Current());
154 for (const auto private_core_platform_api_field : private_core_platform_api_fields) {
155 ArtField* field = jni::DecodeArtField(private_core_platform_api_field);
156 const uint32_t access_flags = field->GetAccessFlags();
157 uint32_t new_access_flags = access_flags | kAccCorePlatformApi;
158 DCHECK(new_access_flags != access_flags);
159 field->SetAccessFlags(new_access_flags);
160 }
161 }
162
163 namespace detail {
164
165 // Do not change the values of items in this enum, as they are written to the
166 // event log for offline analysis. Any changes will interfere with that analysis.
167 enum AccessContextFlags {
168 // Accessed member is a field if this bit is set, else a method
169 kMemberIsField = 1 << 0,
170 // Indicates if access was denied to the member, instead of just printing a warning.
171 kAccessDenied = 1 << 1,
172 };
173
MemberSignature(ArtField * field)174 MemberSignature::MemberSignature(ArtField* field) {
175 class_name_ = field->GetDeclaringClass()->GetDescriptor(&tmp_);
176 member_name_ = field->GetName();
177 type_signature_ = field->GetTypeDescriptor();
178 type_ = kField;
179 }
180
MemberSignature(ArtMethod * method)181 MemberSignature::MemberSignature(ArtMethod* method) {
182 DCHECK(method == method->GetInterfaceMethodIfProxy(kRuntimePointerSize))
183 << "Caller should have replaced proxy method with interface method";
184 class_name_ = method->GetDeclaringClass()->GetDescriptor(&tmp_);
185 member_name_ = method->GetName();
186 type_signature_ = method->GetSignature().ToString();
187 type_ = kMethod;
188 }
189
MemberSignature(const ClassAccessor::Field & field)190 MemberSignature::MemberSignature(const ClassAccessor::Field& field) {
191 const DexFile& dex_file = field.GetDexFile();
192 const dex::FieldId& field_id = dex_file.GetFieldId(field.GetIndex());
193 class_name_ = dex_file.GetFieldDeclaringClassDescriptor(field_id);
194 member_name_ = dex_file.GetFieldName(field_id);
195 type_signature_ = dex_file.GetFieldTypeDescriptor(field_id);
196 type_ = kField;
197 }
198
MemberSignature(const ClassAccessor::Method & method)199 MemberSignature::MemberSignature(const ClassAccessor::Method& method) {
200 const DexFile& dex_file = method.GetDexFile();
201 const dex::MethodId& method_id = dex_file.GetMethodId(method.GetIndex());
202 class_name_ = dex_file.GetMethodDeclaringClassDescriptor(method_id);
203 member_name_ = dex_file.GetMethodName(method_id);
204 type_signature_ = dex_file.GetMethodSignature(method_id).ToString();
205 type_ = kMethod;
206 }
207
GetSignatureParts() const208 inline std::vector<const char*> MemberSignature::GetSignatureParts() const {
209 if (type_ == kField) {
210 return { class_name_.c_str(), "->", member_name_.c_str(), ":", type_signature_.c_str() };
211 } else {
212 DCHECK_EQ(type_, kMethod);
213 return { class_name_.c_str(), "->", member_name_.c_str(), type_signature_.c_str() };
214 }
215 }
216
DoesPrefixMatch(const std::string & prefix) const217 bool MemberSignature::DoesPrefixMatch(const std::string& prefix) const {
218 size_t pos = 0;
219 for (const char* part : GetSignatureParts()) {
220 size_t count = std::min(prefix.length() - pos, strlen(part));
221 if (prefix.compare(pos, count, part, 0, count) == 0) {
222 pos += count;
223 } else {
224 return false;
225 }
226 }
227 // We have a complete match if all parts match (we exit the loop without
228 // returning) AND we've matched the whole prefix.
229 return pos == prefix.length();
230 }
231
DoesPrefixMatchAny(const std::vector<std::string> & exemptions)232 bool MemberSignature::DoesPrefixMatchAny(const std::vector<std::string>& exemptions) {
233 for (const std::string& exemption : exemptions) {
234 if (DoesPrefixMatch(exemption)) {
235 return true;
236 }
237 }
238 return false;
239 }
240
Dump(std::ostream & os) const241 void MemberSignature::Dump(std::ostream& os) const {
242 for (const char* part : GetSignatureParts()) {
243 os << part;
244 }
245 }
246
WarnAboutAccess(AccessMethod access_method,hiddenapi::ApiList list,bool access_denied)247 void MemberSignature::WarnAboutAccess(AccessMethod access_method,
248 hiddenapi::ApiList list,
249 bool access_denied) {
250 static std::atomic<uint64_t> log_warning_count_ = 0;
251 if (log_warning_count_ > kMaxLogWarnings) {
252 return;
253 }
254 LOG(WARNING) << "Accessing hidden " << (type_ == kField ? "field " : "method ")
255 << Dumpable<MemberSignature>(*this) << " (" << list << ", " << access_method
256 << (access_denied ? ", denied)" : ", allowed)");
257 if (access_denied && list.IsTestApi()) {
258 // see b/177047045 for more details about test api access getting denied
259 LOG(WARNING) << "If this is a platform test consider enabling "
260 << "VMRuntime.ALLOW_TEST_API_ACCESS change id for this package.";
261 }
262 if (log_warning_count_ >= kMaxLogWarnings) {
263 LOG(WARNING) << "Reached maximum number of hidden api access warnings.";
264 }
265 ++log_warning_count_;
266 }
267
Equals(const MemberSignature & other)268 bool MemberSignature::Equals(const MemberSignature& other) {
269 return type_ == other.type_ &&
270 class_name_ == other.class_name_ &&
271 member_name_ == other.member_name_ &&
272 type_signature_ == other.type_signature_;
273 }
274
MemberNameAndTypeMatch(const MemberSignature & other)275 bool MemberSignature::MemberNameAndTypeMatch(const MemberSignature& other) {
276 return member_name_ == other.member_name_ && type_signature_ == other.type_signature_;
277 }
278
LogAccessToEventLog(uint32_t sampled_value,AccessMethod access_method,bool access_denied)279 void MemberSignature::LogAccessToEventLog(uint32_t sampled_value,
280 AccessMethod access_method,
281 bool access_denied) {
282 #ifdef ART_TARGET_ANDROID
283 if (access_method == AccessMethod::kLinking || access_method == AccessMethod::kNone) {
284 // Linking warnings come from static analysis/compilation of the bytecode
285 // and can contain false positives (i.e. code that is never run). We choose
286 // not to log these in the event log.
287 // None does not correspond to actual access, so should also be ignored.
288 return;
289 }
290 Runtime* runtime = Runtime::Current();
291 if (runtime->IsAotCompiler()) {
292 return;
293 }
294 JNIEnvExt* env = Thread::Current()->GetJniEnv();
295 const std::string& package_name = Runtime::Current()->GetProcessPackageName();
296 ScopedLocalRef<jstring> package_str(env, env->NewStringUTF(package_name.c_str()));
297 if (env->ExceptionCheck()) {
298 env->ExceptionClear();
299 LOG(ERROR) << "Unable to allocate string for package name which called hidden api";
300 }
301 std::ostringstream signature_str;
302 Dump(signature_str);
303 ScopedLocalRef<jstring> signature_jstr(env,
304 env->NewStringUTF(signature_str.str().c_str()));
305 if (env->ExceptionCheck()) {
306 env->ExceptionClear();
307 LOG(ERROR) << "Unable to allocate string for hidden api method signature";
308 }
309 env->CallStaticVoidMethod(WellKnownClasses::dalvik_system_VMRuntime,
310 WellKnownClasses::dalvik_system_VMRuntime_hiddenApiUsed,
311 sampled_value,
312 package_str.get(),
313 signature_jstr.get(),
314 static_cast<jint>(access_method),
315 access_denied);
316 if (env->ExceptionCheck()) {
317 env->ExceptionClear();
318 LOG(ERROR) << "Unable to report hidden api usage";
319 }
320 #else
321 UNUSED(sampled_value);
322 UNUSED(access_method);
323 UNUSED(access_denied);
324 #endif
325 }
326
NotifyHiddenApiListener(AccessMethod access_method)327 void MemberSignature::NotifyHiddenApiListener(AccessMethod access_method) {
328 if (access_method != AccessMethod::kReflection && access_method != AccessMethod::kJNI) {
329 // We can only up-call into Java during reflection and JNI down-calls.
330 return;
331 }
332
333 Runtime* runtime = Runtime::Current();
334 if (!runtime->IsAotCompiler()) {
335 ScopedObjectAccessUnchecked soa(Thread::Current());
336
337 ScopedLocalRef<jobject> consumer_object(soa.Env(),
338 soa.Env()->GetStaticObjectField(
339 WellKnownClasses::dalvik_system_VMRuntime,
340 WellKnownClasses::dalvik_system_VMRuntime_nonSdkApiUsageConsumer));
341 // If the consumer is non-null, we call back to it to let it know that we
342 // have encountered an API that's in one of our lists.
343 if (consumer_object != nullptr) {
344 std::ostringstream member_signature_str;
345 Dump(member_signature_str);
346
347 ScopedLocalRef<jobject> signature_str(
348 soa.Env(),
349 soa.Env()->NewStringUTF(member_signature_str.str().c_str()));
350
351 // Call through to Consumer.accept(String memberSignature);
352 soa.Env()->CallVoidMethod(consumer_object.get(),
353 WellKnownClasses::java_util_function_Consumer_accept,
354 signature_str.get());
355 }
356 }
357 }
358
CanUpdateRuntimeFlags(ArtField *)359 static ALWAYS_INLINE bool CanUpdateRuntimeFlags(ArtField*) {
360 return true;
361 }
362
CanUpdateRuntimeFlags(ArtMethod * method)363 static ALWAYS_INLINE bool CanUpdateRuntimeFlags(ArtMethod* method) {
364 return !method->IsIntrinsic();
365 }
366
367 template<typename T>
MaybeUpdateAccessFlags(Runtime * runtime,T * member,uint32_t flag)368 static ALWAYS_INLINE void MaybeUpdateAccessFlags(Runtime* runtime, T* member, uint32_t flag)
369 REQUIRES_SHARED(Locks::mutator_lock_) {
370 // Update the access flags unless:
371 // (a) `member` is an intrinsic
372 // (b) this is AOT compiler, as we do not want the updated access flags in the boot/app image
373 // (c) deduping warnings has been explicitly switched off.
374 if (CanUpdateRuntimeFlags(member) &&
375 !runtime->IsAotCompiler() &&
376 runtime->ShouldDedupeHiddenApiWarnings()) {
377 member->SetAccessFlags(member->GetAccessFlags() | flag);
378 }
379 }
380
GetMemberDexIndex(ArtField * field)381 static ALWAYS_INLINE uint32_t GetMemberDexIndex(ArtField* field) {
382 return field->GetDexFieldIndex();
383 }
384
GetMemberDexIndex(ArtMethod * method)385 static ALWAYS_INLINE uint32_t GetMemberDexIndex(ArtMethod* method)
386 REQUIRES_SHARED(Locks::mutator_lock_) {
387 // Use the non-obsolete method to avoid DexFile mismatch between
388 // the method index and the declaring class.
389 return method->GetNonObsoleteMethod()->GetDexMethodIndex();
390 }
391
VisitMembers(const DexFile & dex_file,const dex::ClassDef & class_def,const std::function<void (const ClassAccessor::Field &)> & fn_visit)392 static void VisitMembers(const DexFile& dex_file,
393 const dex::ClassDef& class_def,
394 const std::function<void(const ClassAccessor::Field&)>& fn_visit) {
395 ClassAccessor accessor(dex_file, class_def, /* parse_hiddenapi_class_data= */ true);
396 accessor.VisitFields(fn_visit, fn_visit);
397 }
398
VisitMembers(const DexFile & dex_file,const dex::ClassDef & class_def,const std::function<void (const ClassAccessor::Method &)> & fn_visit)399 static void VisitMembers(const DexFile& dex_file,
400 const dex::ClassDef& class_def,
401 const std::function<void(const ClassAccessor::Method&)>& fn_visit) {
402 ClassAccessor accessor(dex_file, class_def, /* parse_hiddenapi_class_data= */ true);
403 accessor.VisitMethods(fn_visit, fn_visit);
404 }
405
406 template<typename T>
GetDexFlags(T * member)407 uint32_t GetDexFlags(T* member) REQUIRES_SHARED(Locks::mutator_lock_) {
408 static_assert(std::is_same<T, ArtField>::value || std::is_same<T, ArtMethod>::value);
409 constexpr bool kMemberIsField = std::is_same<T, ArtField>::value;
410 using AccessorType = typename std::conditional<std::is_same<T, ArtField>::value,
411 ClassAccessor::Field, ClassAccessor::Method>::type;
412
413 ObjPtr<mirror::Class> declaring_class = member->GetDeclaringClass();
414 DCHECK(!declaring_class.IsNull()) << "Attempting to access a runtime method";
415
416 ApiList flags;
417 DCHECK(!flags.IsValid());
418
419 // Check if the declaring class has ClassExt allocated. If it does, check if
420 // the pre-JVMTI redefine dex file has been set to determine if the declaring
421 // class has been JVMTI-redefined.
422 ObjPtr<mirror::ClassExt> ext(declaring_class->GetExtData());
423 const DexFile* original_dex = ext.IsNull() ? nullptr : ext->GetPreRedefineDexFile();
424 if (LIKELY(original_dex == nullptr)) {
425 // Class is not redefined. Find the class def, iterate over its members and
426 // find the entry corresponding to this `member`.
427 const dex::ClassDef* class_def = declaring_class->GetClassDef();
428 if (class_def == nullptr) {
429 // ClassDef is not set for proxy classes. Only their fields can ever be inspected.
430 DCHECK(declaring_class->IsProxyClass())
431 << "Only proxy classes are expected not to have a class def";
432 DCHECK(kMemberIsField)
433 << "Interface methods should be inspected instead of proxy class methods";
434 flags = ApiList::Unsupported();
435 } else {
436 uint32_t member_index = GetMemberDexIndex(member);
437 auto fn_visit = [&](const AccessorType& dex_member) {
438 if (dex_member.GetIndex() == member_index) {
439 flags = ApiList(dex_member.GetHiddenapiFlags());
440 }
441 };
442 VisitMembers(declaring_class->GetDexFile(), *class_def, fn_visit);
443 }
444 } else {
445 // Class was redefined using JVMTI. We have a pointer to the original dex file
446 // and the class def index of this class in that dex file, but the field/method
447 // indices are lost. Iterate over all members of the class def and find the one
448 // corresponding to this `member` by name and type string comparison.
449 // This is obviously very slow, but it is only used when non-exempt code tries
450 // to access a hidden member of a JVMTI-redefined class.
451 uint16_t class_def_idx = ext->GetPreRedefineClassDefIndex();
452 DCHECK_NE(class_def_idx, DexFile::kDexNoIndex16);
453 const dex::ClassDef& original_class_def = original_dex->GetClassDef(class_def_idx);
454 MemberSignature member_signature(member);
455 auto fn_visit = [&](const AccessorType& dex_member) {
456 MemberSignature cur_signature(dex_member);
457 if (member_signature.MemberNameAndTypeMatch(cur_signature)) {
458 DCHECK(member_signature.Equals(cur_signature));
459 flags = ApiList(dex_member.GetHiddenapiFlags());
460 }
461 };
462 VisitMembers(*original_dex, original_class_def, fn_visit);
463 }
464
465 CHECK(flags.IsValid()) << "Could not find hiddenapi flags for "
466 << Dumpable<MemberSignature>(MemberSignature(member));
467 return flags.GetDexFlags();
468 }
469
470 template<typename T>
HandleCorePlatformApiViolation(T * member,const AccessContext & caller_context,AccessMethod access_method,EnforcementPolicy policy)471 bool HandleCorePlatformApiViolation(T* member,
472 const AccessContext& caller_context,
473 AccessMethod access_method,
474 EnforcementPolicy policy) {
475 DCHECK(policy != EnforcementPolicy::kDisabled)
476 << "Should never enter this function when access checks are completely disabled";
477
478 if (access_method != AccessMethod::kNone) {
479 LOG(WARNING) << "Core platform API violation: "
480 << Dumpable<MemberSignature>(MemberSignature(member))
481 << " from " << caller_context << " using " << access_method;
482
483 // If policy is set to just warn, add kAccCorePlatformApi to access flags of
484 // `member` to avoid reporting the violation again next time.
485 if (policy == EnforcementPolicy::kJustWarn) {
486 MaybeUpdateAccessFlags(Runtime::Current(), member, kAccCorePlatformApi);
487 }
488 }
489
490 // Deny access if enforcement is enabled.
491 return policy == EnforcementPolicy::kEnabled;
492 }
493
494 template<typename T>
ShouldDenyAccessToMemberImpl(T * member,ApiList api_list,AccessMethod access_method)495 bool ShouldDenyAccessToMemberImpl(T* member, ApiList api_list, AccessMethod access_method) {
496 DCHECK(member != nullptr);
497 Runtime* runtime = Runtime::Current();
498 CompatFramework& compatFramework = runtime->GetCompatFramework();
499
500 EnforcementPolicy hiddenApiPolicy = runtime->GetHiddenApiEnforcementPolicy();
501 DCHECK(hiddenApiPolicy != EnforcementPolicy::kDisabled)
502 << "Should never enter this function when access checks are completely disabled";
503
504 MemberSignature member_signature(member);
505
506 // Check for an exemption first. Exempted APIs are treated as SDK.
507 if (member_signature.DoesPrefixMatchAny(runtime->GetHiddenApiExemptions())) {
508 // Avoid re-examining the exemption list next time.
509 // Note this results in no warning for the member, which seems like what one would expect.
510 // Exemptions effectively adds new members to the public API list.
511 MaybeUpdateAccessFlags(runtime, member, kAccPublicApi);
512 return false;
513 }
514
515 EnforcementPolicy testApiPolicy = runtime->GetTestApiEnforcementPolicy();
516
517 bool deny_access = false;
518 if (hiddenApiPolicy == EnforcementPolicy::kEnabled) {
519 if (api_list.IsTestApi() &&
520 (testApiPolicy == EnforcementPolicy::kDisabled ||
521 compatFramework.IsChangeEnabled(kAllowTestApiAccess))) {
522 deny_access = false;
523 } else {
524 switch (api_list.GetMaxAllowedSdkVersion()) {
525 case SdkVersion::kP:
526 deny_access = compatFramework.IsChangeEnabled(kHideMaxtargetsdkPHiddenApis);
527 break;
528 case SdkVersion::kQ:
529 deny_access = compatFramework.IsChangeEnabled(kHideMaxtargetsdkQHiddenApis);
530 break;
531 default:
532 deny_access = IsSdkVersionSetAndMoreThan(runtime->GetTargetSdkVersion(),
533 api_list.GetMaxAllowedSdkVersion());
534 }
535 }
536 }
537
538 if (access_method != AccessMethod::kNone) {
539 // Warn if blocked signature is being accessed or it is not exempted.
540 if (deny_access || !member_signature.DoesPrefixMatchAny(kWarningExemptions)) {
541 // Print a log message with information about this class member access.
542 // We do this if we're about to deny access, or the app is debuggable.
543 if (kLogAllAccesses || deny_access || runtime->IsJavaDebuggable()) {
544 member_signature.WarnAboutAccess(access_method, api_list, deny_access);
545 }
546
547 // If there is a StrictMode listener, notify it about this violation.
548 member_signature.NotifyHiddenApiListener(access_method);
549 }
550
551 // If event log sampling is enabled, report this violation.
552 if (kIsTargetBuild && !kIsTargetLinux) {
553 uint32_t eventLogSampleRate = runtime->GetHiddenApiEventLogSampleRate();
554 // Assert that RAND_MAX is big enough, to ensure sampling below works as expected.
555 static_assert(RAND_MAX >= 0xffff, "RAND_MAX too small");
556 if (eventLogSampleRate != 0) {
557 const uint32_t sampled_value = static_cast<uint32_t>(std::rand()) & 0xffff;
558 if (sampled_value < eventLogSampleRate) {
559 member_signature.LogAccessToEventLog(sampled_value, access_method, deny_access);
560 }
561 }
562 }
563
564 // If this access was not denied, flag member as SDK and skip
565 // the warning the next time the member is accessed.
566 if (!deny_access) {
567 MaybeUpdateAccessFlags(runtime, member, kAccPublicApi);
568 }
569 }
570
571 return deny_access;
572 }
573
574 // Need to instantiate these.
575 template uint32_t GetDexFlags<ArtField>(ArtField* member);
576 template uint32_t GetDexFlags<ArtMethod>(ArtMethod* member);
577 template bool HandleCorePlatformApiViolation(ArtField* member,
578 const AccessContext& caller_context,
579 AccessMethod access_method,
580 EnforcementPolicy policy);
581 template bool HandleCorePlatformApiViolation(ArtMethod* member,
582 const AccessContext& caller_context,
583 AccessMethod access_method,
584 EnforcementPolicy policy);
585 template bool ShouldDenyAccessToMemberImpl<ArtField>(ArtField* member,
586 ApiList api_list,
587 AccessMethod access_method);
588 template bool ShouldDenyAccessToMemberImpl<ArtMethod>(ArtMethod* member,
589 ApiList api_list,
590 AccessMethod access_method);
591 } // namespace detail
592
593 } // namespace hiddenapi
594 } // namespace art
595