Merge "Rename blacklist to denylist" into rvc-dev-plus-aosp am: 47c5c8d1ef am: bafa9fb77e (3df6c692) · Commits · e / os / android_frameworks_base

core/java/android/os/ZygoteProcess.java

+21 −21

Original line number	Diff line number	Diff line
		@@ -251,11 +251,11 @@ public class ZygoteProcess {
		private final Object mLock = new Object();

		/**
		* List of exemptions to the API blacklist. These are prefix matches on the runtime format
		* List of exemptions to the API deny list. These are prefix matches on the runtime format
		* symbol signature. Any matching symbol is treated by the runtime as being on the light grey
		* list.
		*/
		private List<String> mApiBlacklistExemptions = Collections.emptyList();
		private List<String> mApiDenylistExemptions = Collections.emptyList();

		/**
		* Proportion of hidden API accesses that should be logged to the event log; 0 - 0x10000.
		@@ -562,7 +562,7 @@ public class ZygoteProcess {
		"--preload-package",
		"--preload-app",
		"--start-child-zygote",
		"--set-api-blacklist-exemptions",
		"--set-api-denylist-exemptions",
		"--hidden-api-log-sampling-rate",
		"--hidden-api-statslog-sampling-rate",
		"--invoke-with"
		@@ -922,20 +922,20 @@ public class ZygoteProcess {
		}

		/**
		* Push hidden API blacklisting exemptions into the zygote process(es).
		* Push hidden API deny-listing exemptions into the zygote process(es).
		*
		* <p>The list of exemptions will take affect for all new processes forked from the zygote after
		* this call.
		*
		* @param exemptions List of hidden API exemption prefixes. Any matching members are treated as
		* whitelisted/public APIs (i.e. allowed, no logging of usage).
		* allowed/public APIs (i.e. allowed, no logging of usage).
		*/
		public boolean setApiBlacklistExemptions(List<String> exemptions) {
		public boolean setApiDenylistExemptions(List<String> exemptions) {
		synchronized (mLock) {
		mApiBlacklistExemptions = exemptions;
		boolean ok = maybeSetApiBlacklistExemptions(primaryZygoteState, true);
		mApiDenylistExemptions = exemptions;
		boolean ok = maybeSetApiDenylistExemptions(primaryZygoteState, true);
		if (ok) {
		ok = maybeSetApiBlacklistExemptions(secondaryZygoteState, true);
		ok = maybeSetApiDenylistExemptions(secondaryZygoteState, true);
		}
		return ok;
		}
		@@ -972,32 +972,32 @@ public class ZygoteProcess {
		}

		@GuardedBy("mLock")
		private boolean maybeSetApiBlacklistExemptions(ZygoteState state, boolean sendIfEmpty) {
		private boolean maybeSetApiDenylistExemptions(ZygoteState state, boolean sendIfEmpty) {
		if (state == null \|\| state.isClosed()) {
		Slog.e(LOG_TAG, "Can't set API blacklist exemptions: no zygote connection");
		Slog.e(LOG_TAG, "Can't set API denylist exemptions: no zygote connection");
		return false;
		} else if (!sendIfEmpty && mApiBlacklistExemptions.isEmpty()) {
		} else if (!sendIfEmpty && mApiDenylistExemptions.isEmpty()) {
		return true;
		}

		try {
		state.mZygoteOutputWriter.write(Integer.toString(mApiBlacklistExemptions.size() + 1));
		state.mZygoteOutputWriter.write(Integer.toString(mApiDenylistExemptions.size() + 1));
		state.mZygoteOutputWriter.newLine();
		state.mZygoteOutputWriter.write("--set-api-blacklist-exemptions");
		state.mZygoteOutputWriter.write("--set-api-denylist-exemptions");
		state.mZygoteOutputWriter.newLine();
		for (int i = 0; i < mApiBlacklistExemptions.size(); ++i) {
		state.mZygoteOutputWriter.write(mApiBlacklistExemptions.get(i));
		for (int i = 0; i < mApiDenylistExemptions.size(); ++i) {
		state.mZygoteOutputWriter.write(mApiDenylistExemptions.get(i));
		state.mZygoteOutputWriter.newLine();
		}
		state.mZygoteOutputWriter.flush();
		int status = state.mZygoteInputStream.readInt();
		if (status != 0) {
		Slog.e(LOG_TAG, "Failed to set API blacklist exemptions; status " + status);
		Slog.e(LOG_TAG, "Failed to set API denylist exemptions; status " + status);
		}
		return true;
		} catch (IOException ioe) {
		Slog.e(LOG_TAG, "Failed to set API blacklist exemptions", ioe);
		mApiBlacklistExemptions = Collections.emptyList();
		Slog.e(LOG_TAG, "Failed to set API denylist exemptions", ioe);
		mApiDenylistExemptions = Collections.emptyList();
		return false;
		}
		}
		@@ -1054,7 +1054,7 @@ public class ZygoteProcess {
		primaryZygoteState =
		ZygoteState.connect(mZygoteSocketAddress, mUsapPoolSocketAddress);

		maybeSetApiBlacklistExemptions(primaryZygoteState, false);
		maybeSetApiDenylistExemptions(primaryZygoteState, false);
		maybeSetHiddenApiAccessLogSampleRate(primaryZygoteState);
		}
		}
		@@ -1069,7 +1069,7 @@ public class ZygoteProcess {
		ZygoteState.connect(mZygoteSecondarySocketAddress,
		mUsapPoolSecondarySocketAddress);

		maybeSetApiBlacklistExemptions(secondaryZygoteState, false);
		maybeSetApiDenylistExemptions(secondaryZygoteState, false);
		maybeSetHiddenApiAccessLogSampleRate(secondaryZygoteState);
		}
		}

core/java/com/android/internal/os/ChildZygoteInit.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -116,7 +116,7 @@ public class ChildZygoteInit {
		try {
		server.registerServerSocketAtAbstractName(socketName);

		// Add the abstract socket to the FD whitelist so that the native zygote code
		// Add the abstract socket to the FD allow list so that the native zygote code
		// can properly detach it after forking.
		Zygote.nativeAllowFileAcrossFork("ABSTRACT/" + socketName);

core/java/com/android/internal/os/Zygote.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -816,9 +816,9 @@ public final class Zygote {
		throw new IllegalArgumentException(USAP_ERROR_PREFIX + "--preload-app");
		} else if (args.mStartChildZygote) {
		throw new IllegalArgumentException(USAP_ERROR_PREFIX + "--start-child-zygote");
		} else if (args.mApiBlacklistExemptions != null) {
		} else if (args.mApiDenylistExemptions != null) {
		throw new IllegalArgumentException(
		USAP_ERROR_PREFIX + "--set-api-blacklist-exemptions");
		USAP_ERROR_PREFIX + "--set-api-denylist-exemptions");
		} else if (args.mHiddenApiAccessLogSampleRate != -1) {
		throw new IllegalArgumentException(
		USAP_ERROR_PREFIX + "--hidden-api-log-sampling-rate=");

core/java/com/android/internal/os/ZygoteArguments.java

+5 −5

Original line number	Diff line number	Diff line
		@@ -192,10 +192,10 @@ class ZygoteArguments {
		boolean mBootCompleted;

		/**
		* Exemptions from API blacklisting. These are sent to the pre-forked zygote at boot time, or
		* when they change, via --set-api-blacklist-exemptions.
		* Exemptions from API deny-listing. These are sent to the pre-forked zygote at boot time, or
		* when they change, via --set-api-denylist-exemptions.
		*/
		String[] mApiBlacklistExemptions;
		String[] mApiDenylistExemptions;

		/**
		* Sampling rate for logging hidden API accesses to the event log. This is sent to the
		@@ -416,10 +416,10 @@ class ZygoteArguments {
		expectRuntimeArgs = false;
		} else if (arg.equals("--start-child-zygote")) {
		mStartChildZygote = true;
		} else if (arg.equals("--set-api-blacklist-exemptions")) {
		} else if (arg.equals("--set-api-denylist-exemptions")) {
		// consume all remaining args; this is a stand-alone command, never included
		// with the regular fork command.
		mApiBlacklistExemptions = Arrays.copyOfRange(args, curArg + 1, args.length);
		mApiDenylistExemptions = Arrays.copyOfRange(args, curArg + 1, args.length);
		curArg = args.length;
		expectRuntimeArgs = false;
		} else if (arg.startsWith("--hidden-api-log-sampling-rate=")) {

core/java/com/android/internal/os/ZygoteConnection.java

+6 −6

Original line number	Diff line number	Diff line
		@@ -185,8 +185,8 @@ class ZygoteConnection {
		return null;
		}

		if (parsedArgs.mApiBlacklistExemptions != null) {
		return handleApiBlacklistExemptions(zygoteServer, parsedArgs.mApiBlacklistExemptions);
		if (parsedArgs.mApiDenylistExemptions != null) {
		return handleApiDenylistExemptions(zygoteServer, parsedArgs.mApiDenylistExemptions);
		}

		if (parsedArgs.mHiddenApiAccessLogSampleRate != -1
		@@ -367,11 +367,11 @@ class ZygoteConnection {
		}

		/**
		* Makes the necessary changes to implement a new API blacklist exemption policy, and then
		* Makes the necessary changes to implement a new API deny list exemption policy, and then
		* responds to the system server, letting it know that the task has been completed.
		*
		* This necessitates a change to the internal state of the Zygote. As such, if the USAP
		* pool is enabled all existing USAPs have an incorrect API blacklist exemption list. To
		* pool is enabled all existing USAPs have an incorrect API deny list exemption list. To
		* properly handle this request the pool must be emptied and refilled. This process can return
		* a Runnable object that must be returned to ZygoteServer.runSelectLoop to be invoked.
		*
		@@ -380,9 +380,9 @@ class ZygoteConnection {
		* @return A Runnable object representing a new app in any USAPs spawned from here; the
		* zygote process will always receive a null value from this function.
		*/
		private Runnable handleApiBlacklistExemptions(ZygoteServer zygoteServer, String[] exemptions) {
		private Runnable handleApiDenylistExemptions(ZygoteServer zygoteServer, String[] exemptions) {
		return stateChangeWithUsapPoolReset(zygoteServer,
		() -> ZygoteInit.setApiBlacklistExemptions(exemptions));
		() -> ZygoteInit.setApiDenylistExemptions(exemptions));
		}

		private Runnable handleUsapPoolStatusChange(ZygoteServer zygoteServer, boolean newStatus) {