Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2018 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include "hidden_api.h" |
| 18 | |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 19 | #include <nativehelper/scoped_local_ref.h> |
| 20 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 21 | #include "base/dumpable.h" |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 22 | #include "thread-current-inl.h" |
| 23 | #include "well_known_classes.h" |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 24 | |
| 25 | namespace art { |
| 26 | namespace hiddenapi { |
| 27 | |
Mathew Inwood | 27199e6 | 2018-04-11 16:08:21 +0100 | [diff] [blame^] | 28 | // Set to true if we should always print a warning in logcat for all hidden API accesses, not just |
| 29 | // dark grey and black. This can be set to true for developer preview / beta builds, but should be |
| 30 | // false for public release builds. |
| 31 | static constexpr bool kLogAllAccesses = true; |
| 32 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 33 | static inline std::ostream& operator<<(std::ostream& os, AccessMethod value) { |
| 34 | switch (value) { |
David Brazdil | 54a99cf | 2018-04-05 16:57:32 +0100 | [diff] [blame] | 35 | case kNone: |
| 36 | LOG(FATAL) << "Internal access to hidden API should not be logged"; |
| 37 | UNREACHABLE(); |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 38 | case kReflection: |
| 39 | os << "reflection"; |
| 40 | break; |
| 41 | case kJNI: |
| 42 | os << "JNI"; |
| 43 | break; |
| 44 | case kLinking: |
| 45 | os << "linking"; |
| 46 | break; |
| 47 | } |
| 48 | return os; |
| 49 | } |
| 50 | |
| 51 | static constexpr bool EnumsEqual(EnforcementPolicy policy, HiddenApiAccessFlags::ApiList apiList) { |
| 52 | return static_cast<int>(policy) == static_cast<int>(apiList); |
| 53 | } |
| 54 | |
| 55 | // GetMemberAction-related static_asserts. |
| 56 | static_assert( |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 57 | EnumsEqual(EnforcementPolicy::kDarkGreyAndBlackList, HiddenApiAccessFlags::kDarkGreylist) && |
| 58 | EnumsEqual(EnforcementPolicy::kBlacklistOnly, HiddenApiAccessFlags::kBlacklist), |
| 59 | "Mismatch between EnforcementPolicy and ApiList enums"); |
| 60 | static_assert( |
Mathew Inwood | 6869369 | 2018-04-05 16:10:25 +0100 | [diff] [blame] | 61 | EnforcementPolicy::kJustWarn < EnforcementPolicy::kDarkGreyAndBlackList && |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 62 | EnforcementPolicy::kDarkGreyAndBlackList < EnforcementPolicy::kBlacklistOnly, |
| 63 | "EnforcementPolicy values ordering not correct"); |
| 64 | |
| 65 | namespace detail { |
| 66 | |
| 67 | MemberSignature::MemberSignature(ArtField* field) { |
| 68 | member_type_ = "field"; |
| 69 | signature_parts_ = { |
| 70 | field->GetDeclaringClass()->GetDescriptor(&tmp_), |
| 71 | "->", |
| 72 | field->GetName(), |
| 73 | ":", |
| 74 | field->GetTypeDescriptor() |
| 75 | }; |
| 76 | } |
| 77 | |
| 78 | MemberSignature::MemberSignature(ArtMethod* method) { |
| 79 | member_type_ = "method"; |
| 80 | signature_parts_ = { |
| 81 | method->GetDeclaringClass()->GetDescriptor(&tmp_), |
| 82 | "->", |
| 83 | method->GetName(), |
| 84 | method->GetSignature().ToString() |
| 85 | }; |
| 86 | } |
| 87 | |
| 88 | bool MemberSignature::DoesPrefixMatch(const std::string& prefix) const { |
| 89 | size_t pos = 0; |
| 90 | for (const std::string& part : signature_parts_) { |
| 91 | size_t count = std::min(prefix.length() - pos, part.length()); |
| 92 | if (prefix.compare(pos, count, part, 0, count) == 0) { |
| 93 | pos += count; |
| 94 | } else { |
| 95 | return false; |
| 96 | } |
| 97 | } |
| 98 | // We have a complete match if all parts match (we exit the loop without |
| 99 | // returning) AND we've matched the whole prefix. |
| 100 | return pos == prefix.length(); |
| 101 | } |
| 102 | |
| 103 | bool MemberSignature::IsExempted(const std::vector<std::string>& exemptions) { |
| 104 | for (const std::string& exemption : exemptions) { |
| 105 | if (DoesPrefixMatch(exemption)) { |
| 106 | return true; |
| 107 | } |
| 108 | } |
| 109 | return false; |
| 110 | } |
| 111 | |
| 112 | void MemberSignature::Dump(std::ostream& os) const { |
| 113 | for (std::string part : signature_parts_) { |
| 114 | os << part; |
| 115 | } |
| 116 | } |
| 117 | |
| 118 | void MemberSignature::WarnAboutAccess(AccessMethod access_method, |
| 119 | HiddenApiAccessFlags::ApiList list) { |
| 120 | LOG(WARNING) << "Accessing hidden " << member_type_ << " " << Dumpable<MemberSignature>(*this) |
| 121 | << " (" << list << ", " << access_method << ")"; |
| 122 | } |
| 123 | |
| 124 | template<typename T> |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 125 | Action GetMemberActionImpl(T* member, Action action, AccessMethod access_method) { |
David Brazdil | 54a99cf | 2018-04-05 16:57:32 +0100 | [diff] [blame] | 126 | DCHECK_NE(action, kAllow); |
| 127 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 128 | // Get the signature, we need it later. |
| 129 | MemberSignature member_signature(member); |
| 130 | |
| 131 | Runtime* runtime = Runtime::Current(); |
| 132 | |
Mathew Inwood | c8ce5f5 | 2018-04-05 13:58:55 +0100 | [diff] [blame] | 133 | // Check for an exemption first. Exempted APIs are treated as white list. |
| 134 | // We only do this if we're about to deny, or if the app is debuggable. This is because: |
| 135 | // - we only print a warning for light greylist violations for debuggable apps |
| 136 | // - for non-debuggable apps, there is no distinction between light grey & whitelisted APIs. |
| 137 | // - we want to avoid the overhead of checking for exemptions for light greylisted APIs whenever |
| 138 | // possible. |
Mathew Inwood | 27199e6 | 2018-04-11 16:08:21 +0100 | [diff] [blame^] | 139 | if (kLogAllAccesses || action == kDeny || runtime->IsJavaDebuggable()) { |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 140 | if (member_signature.IsExempted(runtime->GetHiddenApiExemptions())) { |
Mathew Inwood | c8ce5f5 | 2018-04-05 13:58:55 +0100 | [diff] [blame] | 141 | action = kAllow; |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 142 | // Avoid re-examining the exemption list next time. |
Mathew Inwood | c8ce5f5 | 2018-04-05 13:58:55 +0100 | [diff] [blame] | 143 | // Note this results in no warning for the member, which seems like what one would expect. |
| 144 | // Exemptions effectively adds new members to the whitelist. |
Mathew Inwood | 64ee8ae | 2018-04-09 12:24:55 +0100 | [diff] [blame] | 145 | if (runtime->ShouldDedupeHiddenApiWarnings()) { |
| 146 | member->SetAccessFlags(HiddenApiAccessFlags::EncodeForRuntime( |
| 147 | member->GetAccessFlags(), HiddenApiAccessFlags::kWhitelist)); |
| 148 | } |
Mathew Inwood | c8ce5f5 | 2018-04-05 13:58:55 +0100 | [diff] [blame] | 149 | return kAllow; |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 150 | } |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 151 | |
Mathew Inwood | c8ce5f5 | 2018-04-05 13:58:55 +0100 | [diff] [blame] | 152 | if (access_method != kNone) { |
| 153 | // Print a log message with information about this class member access. |
| 154 | // We do this if we're about to block access, or the app is debuggable. |
| 155 | member_signature.WarnAboutAccess(access_method, |
| 156 | HiddenApiAccessFlags::DecodeFromRuntime(member->GetAccessFlags())); |
| 157 | } |
David Brazdil | 54a99cf | 2018-04-05 16:57:32 +0100 | [diff] [blame] | 158 | } |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 159 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 160 | if (action == kDeny) { |
| 161 | // Block access |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 162 | return action; |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 163 | } |
| 164 | |
| 165 | // Allow access to this member but print a warning. |
| 166 | DCHECK(action == kAllowButWarn || action == kAllowButWarnAndToast); |
| 167 | |
David Brazdil | 54a99cf | 2018-04-05 16:57:32 +0100 | [diff] [blame] | 168 | if (access_method != kNone) { |
| 169 | // Depending on a runtime flag, we might move the member into whitelist and |
| 170 | // skip the warning the next time the member is accessed. |
| 171 | if (runtime->ShouldDedupeHiddenApiWarnings()) { |
| 172 | member->SetAccessFlags(HiddenApiAccessFlags::EncodeForRuntime( |
| 173 | member->GetAccessFlags(), HiddenApiAccessFlags::kWhitelist)); |
| 174 | } |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 175 | |
David Brazdil | 54a99cf | 2018-04-05 16:57:32 +0100 | [diff] [blame] | 176 | // If this action requires a UI warning, set the appropriate flag. |
| 177 | if (action == kAllowButWarnAndToast || runtime->ShouldAlwaysSetHiddenApiWarningFlag()) { |
| 178 | runtime->SetPendingHiddenApiWarning(true); |
| 179 | } |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 180 | } |
| 181 | |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 182 | return action; |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 183 | } |
| 184 | |
| 185 | // Need to instantiate this. |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 186 | template Action GetMemberActionImpl<ArtField>(ArtField* member, |
| 187 | Action action, |
| 188 | AccessMethod access_method); |
| 189 | template Action GetMemberActionImpl<ArtMethod>(ArtMethod* member, |
| 190 | Action action, |
| 191 | AccessMethod access_method); |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 192 | } // namespace detail |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 193 | |
| 194 | template<typename T> |
| 195 | void NotifyHiddenApiListener(T* member) { |
| 196 | Runtime* runtime = Runtime::Current(); |
| 197 | if (!runtime->IsAotCompiler()) { |
| 198 | ScopedObjectAccessUnchecked soa(Thread::Current()); |
| 199 | |
| 200 | ScopedLocalRef<jobject> consumer_object(soa.Env(), |
| 201 | soa.Env()->GetStaticObjectField( |
| 202 | WellKnownClasses::dalvik_system_VMRuntime, |
| 203 | WellKnownClasses::dalvik_system_VMRuntime_nonSdkApiUsageConsumer)); |
| 204 | // If the consumer is non-null, we call back to it to let it know that we |
| 205 | // have encountered an API that's in one of our lists. |
| 206 | if (consumer_object != nullptr) { |
| 207 | detail::MemberSignature member_signature(member); |
| 208 | std::ostringstream member_signature_str; |
| 209 | member_signature.Dump(member_signature_str); |
| 210 | |
| 211 | ScopedLocalRef<jobject> signature_str( |
| 212 | soa.Env(), |
| 213 | soa.Env()->NewStringUTF(member_signature_str.str().c_str())); |
| 214 | |
| 215 | // Call through to Consumer.accept(String memberSignature); |
| 216 | soa.Env()->CallVoidMethod(consumer_object.get(), |
| 217 | WellKnownClasses::java_util_function_Consumer_accept, |
| 218 | signature_str.get()); |
| 219 | } |
| 220 | } |
| 221 | } |
| 222 | |
| 223 | template void NotifyHiddenApiListener<ArtMethod>(ArtMethod* member); |
| 224 | template void NotifyHiddenApiListener<ArtField>(ArtField* member); |
| 225 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 226 | } // namespace hiddenapi |
| 227 | } // namespace art |