Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b3a4aab3 authored by David Brazdil's avatar David Brazdil Committed by Nicolas Geoffray
Browse files

Refactor runtime hidden API flag from negative to positive 

There are only two situations in which we want to enable hidden API
access flag checks. Turning the flag from DISABLE_ to ENABLE_
simplifies logic in ART and reduces the number places where the flag
had to be passed down to ART.

Bug: 64382372
Test: boot device, install and run apps, check log messages

(cherry picked from commit f7e31c0a)

Change-Id: Ib2f70696d98c6e1500d1d419d6acf0a8d0487213
parent 0db84fcc

core/java/com/android/internal/os/Zygote.java

+2 −5
Original line number Diff line number Diff line
@@ -55,8 +55,8 @@ public final class Zygote { 
    public static final int DISABLE_VERIFIER = 1 << 9;

    /** Only use oat files located in /system. Otherwise use dex/jar/apk . */

    public static final int ONLY_USE_SYSTEM_OAT_FILES = 1 << 10;

    /** Do not enfore hidden API access restrictions. */

    public static final int DISABLE_HIDDEN_API_CHECKS = 1 << 11;

    /** Do enfore hidden API access restrictions. */

    public static final int ENABLE_HIDDEN_API_CHECKS = 1 << 11;

    /** Force generation of native debugging information for backtraces. */

    public static final int DEBUG_GENERATE_MINI_DEBUG_INFO = 1 << 12;
@@ -162,9 +162,6 @@ public final class Zygote { 
     */

    public static int forkSystemServer(int uid, int gid, int[] gids, int runtimeFlags,

            int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) {

        // SystemServer is always allowed to use hidden APIs.

        runtimeFlags |= DISABLE_HIDDEN_API_CHECKS;



        VM_HOOKS.preFork();

        // Resets nice priority for zygote process.

        resetNicePriority();

core/java/com/android/internal/os/ZygoteInit.java

+1 −8
Original line number Diff line number Diff line
@@ -98,10 +98,6 @@ public class ZygoteInit { 


    private static final String SOCKET_NAME_ARG = "--socket-name=";



    /* Dexopt flag to disable hidden API access checks when dexopting SystemServer.

     * Must be kept in sync with com.android.server.pm.Installer. */

    private static final int DEXOPT_DISABLE_HIDDEN_API_CHECKS = 1 << 10;



    /**

     * Used to pre-load resources.

     */
@@ -569,10 +565,7 @@ public class ZygoteInit { 
            if (dexoptNeeded != DexFile.NO_DEXOPT_NEEDED) {

                final String packageName = "*";

                final String outputPath = null;

                // Dexopt with a flag which lifts restrictions on hidden API usage.

                // Offending methods would otherwise be re-verified at runtime and

                // we want to avoid the performance overhead of that.

                final int dexFlags = DEXOPT_DISABLE_HIDDEN_API_CHECKS;

                final int dexFlags = 0;

                final String compilerFilter = systemServerFilter;

                final String uuid = StorageManager.UUID_PRIVATE_INTERNAL;

                final String seInfo = null;

services/core/java/com/android/server/am/ActivityManagerService.java

+4 −4
Original line number Diff line number Diff line
@@ -3891,10 +3891,10 @@ public class ActivityManagerService extends IActivityManager.Stub 
                runtimeFlags |= Zygote.ONLY_USE_SYSTEM_OAT_FILES;

            }













            if (app.info.isAllowedToUseHiddenApi()) {













                // This app is allowed to use undocumented and private APIs. Set













                // up its runtime with the appropriate flag.













                runtimeFlags |= Zygote.DISABLE_HIDDEN_API_CHECKS;













            if (!app.info.isAllowedToUseHiddenApi()) {













                // This app is not allowed to use undocumented and private APIs.













                // Set up its runtime with the appropriate flag.













                runtimeFlags |= Zygote.ENABLE_HIDDEN_API_CHECKS;















            }





























            String invokeWith = null;

























services/core/java/com/android/server/pm/Installer.java



+2
−3




























Original line number
Diff line number
Diff line








@@ -58,9 +58,8 @@ public class Installer extends SystemService {













    public static final int DEXOPT_STORAGE_DE     = 1 << 8;















    /** Indicates that dexopt is invoked from the background service. */















    public static final int DEXOPT_IDLE_BACKGROUND_JOB = 1 << 9;













    /* Indicates that dexopt should not restrict access to private APIs.













     * Must be kept in sync with com.android.internal.os.ZygoteInit. */













    public static final int DEXOPT_DISABLE_HIDDEN_API_CHECKS = 1 << 10;













    /** Indicates that dexopt should restrict access to private APIs. */













    public static final int DEXOPT_ENABLE_HIDDEN_API_CHECKS = 1 << 10;































    // NOTE: keep in sync with installd















    public static final int FLAG_CLEAR_CACHE_ONLY = 1 << 8;

































services/core/java/com/android/server/pm/PackageDexOptimizer.java



+6
−8




























Original line number
Diff line number
Diff line








@@ -55,7 +55,7 @@ import static com.android.server.pm.Installer.DEXOPT_FORCE;













import static com.android.server.pm.Installer.DEXOPT_STORAGE_CE;















import static com.android.server.pm.Installer.DEXOPT_STORAGE_DE;















import static com.android.server.pm.Installer.DEXOPT_IDLE_BACKGROUND_JOB;













import static com.android.server.pm.Installer.DEXOPT_DISABLE_HIDDEN_API_CHECKS;













import static com.android.server.pm.Installer.DEXOPT_ENABLE_HIDDEN_API_CHECKS;















import static com.android.server.pm.InstructionSets.getAppDexInstructionSets;















import static com.android.server.pm.InstructionSets.getDexCodeInstructionSets;


























@@ -510,11 +510,9 @@ public class PackageDexOptimizer {













        boolean isProfileGuidedFilter = isProfileGuidedCompilerFilter(compilerFilter);















        boolean isPublic = !info.isForwardLocked() && !isProfileGuidedFilter;















        int profileFlag = isProfileGuidedFilter ? DEXOPT_PROFILE_GUIDED : 0;













        // System apps are invoked with a runtime flag which exempts them from













        // restrictions on hidden API usage. We dexopt with the same runtime flag













        // otherwise offending methods would have to be re-verified at runtime













        // and we want to avoid the performance overhead of that.













        int hiddenApiFlag = info.isAllowedToUseHiddenApi() ? DEXOPT_DISABLE_HIDDEN_API_CHECKS : 0;













        // Some apps are executed with restrictions on hidden API usage. If this app is one













        // of them, pass a flag to dexopt to enable the same restrictions during compilation.













        int hiddenApiFlag = info.isAllowedToUseHiddenApi() ? 0 : DEXOPT_ENABLE_HIDDEN_API_CHECKS;















        int dexFlags =















                (isPublic ? DEXOPT_PUBLIC : 0)















                | (debuggable ? DEXOPT_DEBUGGABLE : 0)










@@ -636,8 +634,8 @@ public class PackageDexOptimizer {













        if ((flags & DEXOPT_IDLE_BACKGROUND_JOB) == DEXOPT_IDLE_BACKGROUND_JOB) {















            flagsList.add("idle_background_job");















        }













        if ((flags & DEXOPT_DISABLE_HIDDEN_API_CHECKS) == DEXOPT_DISABLE_HIDDEN_API_CHECKS) {













            flagsList.add("disable_hidden_api_checks");













        if ((flags & DEXOPT_ENABLE_HIDDEN_API_CHECKS) == DEXOPT_ENABLE_HIDDEN_API_CHECKS) {













            flagsList.add("enable_hidden_api_checks");















        }































        return String.join(",", flagsList);