Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2018 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include "hidden_api.h" |
| 18 | |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 19 | #include <nativehelper/scoped_local_ref.h> |
| 20 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 21 | #include "base/dumpable.h" |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 22 | #include "thread-current-inl.h" |
| 23 | #include "well_known_classes.h" |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 24 | |
| 25 | namespace art { |
| 26 | namespace hiddenapi { |
| 27 | |
| 28 | static inline std::ostream& operator<<(std::ostream& os, AccessMethod value) { |
| 29 | switch (value) { |
David Brazdil | 54a99cf | 2018-04-05 16:57:32 +0100 | [diff] [blame] | 30 | case kNone: |
| 31 | LOG(FATAL) << "Internal access to hidden API should not be logged"; |
| 32 | UNREACHABLE(); |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 33 | case kReflection: |
| 34 | os << "reflection"; |
| 35 | break; |
| 36 | case kJNI: |
| 37 | os << "JNI"; |
| 38 | break; |
| 39 | case kLinking: |
| 40 | os << "linking"; |
| 41 | break; |
| 42 | } |
| 43 | return os; |
| 44 | } |
| 45 | |
| 46 | static constexpr bool EnumsEqual(EnforcementPolicy policy, HiddenApiAccessFlags::ApiList apiList) { |
| 47 | return static_cast<int>(policy) == static_cast<int>(apiList); |
| 48 | } |
| 49 | |
| 50 | // GetMemberAction-related static_asserts. |
| 51 | static_assert( |
| 52 | EnumsEqual(EnforcementPolicy::kAllLists, HiddenApiAccessFlags::kLightGreylist) && |
| 53 | EnumsEqual(EnforcementPolicy::kDarkGreyAndBlackList, HiddenApiAccessFlags::kDarkGreylist) && |
| 54 | EnumsEqual(EnforcementPolicy::kBlacklistOnly, HiddenApiAccessFlags::kBlacklist), |
| 55 | "Mismatch between EnforcementPolicy and ApiList enums"); |
| 56 | static_assert( |
| 57 | EnforcementPolicy::kAllLists < EnforcementPolicy::kDarkGreyAndBlackList && |
| 58 | EnforcementPolicy::kDarkGreyAndBlackList < EnforcementPolicy::kBlacklistOnly, |
| 59 | "EnforcementPolicy values ordering not correct"); |
| 60 | |
| 61 | namespace detail { |
| 62 | |
| 63 | MemberSignature::MemberSignature(ArtField* field) { |
| 64 | member_type_ = "field"; |
| 65 | signature_parts_ = { |
| 66 | field->GetDeclaringClass()->GetDescriptor(&tmp_), |
| 67 | "->", |
| 68 | field->GetName(), |
| 69 | ":", |
| 70 | field->GetTypeDescriptor() |
| 71 | }; |
| 72 | } |
| 73 | |
| 74 | MemberSignature::MemberSignature(ArtMethod* method) { |
| 75 | member_type_ = "method"; |
| 76 | signature_parts_ = { |
| 77 | method->GetDeclaringClass()->GetDescriptor(&tmp_), |
| 78 | "->", |
| 79 | method->GetName(), |
| 80 | method->GetSignature().ToString() |
| 81 | }; |
| 82 | } |
| 83 | |
| 84 | bool MemberSignature::DoesPrefixMatch(const std::string& prefix) const { |
| 85 | size_t pos = 0; |
| 86 | for (const std::string& part : signature_parts_) { |
| 87 | size_t count = std::min(prefix.length() - pos, part.length()); |
| 88 | if (prefix.compare(pos, count, part, 0, count) == 0) { |
| 89 | pos += count; |
| 90 | } else { |
| 91 | return false; |
| 92 | } |
| 93 | } |
| 94 | // We have a complete match if all parts match (we exit the loop without |
| 95 | // returning) AND we've matched the whole prefix. |
| 96 | return pos == prefix.length(); |
| 97 | } |
| 98 | |
| 99 | bool MemberSignature::IsExempted(const std::vector<std::string>& exemptions) { |
| 100 | for (const std::string& exemption : exemptions) { |
| 101 | if (DoesPrefixMatch(exemption)) { |
| 102 | return true; |
| 103 | } |
| 104 | } |
| 105 | return false; |
| 106 | } |
| 107 | |
| 108 | void MemberSignature::Dump(std::ostream& os) const { |
| 109 | for (std::string part : signature_parts_) { |
| 110 | os << part; |
| 111 | } |
| 112 | } |
| 113 | |
| 114 | void MemberSignature::WarnAboutAccess(AccessMethod access_method, |
| 115 | HiddenApiAccessFlags::ApiList list) { |
| 116 | LOG(WARNING) << "Accessing hidden " << member_type_ << " " << Dumpable<MemberSignature>(*this) |
| 117 | << " (" << list << ", " << access_method << ")"; |
| 118 | } |
| 119 | |
| 120 | template<typename T> |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 121 | Action GetMemberActionImpl(T* member, Action action, AccessMethod access_method) { |
David Brazdil | 54a99cf | 2018-04-05 16:57:32 +0100 | [diff] [blame] | 122 | DCHECK_NE(action, kAllow); |
| 123 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 124 | // Get the signature, we need it later. |
| 125 | MemberSignature member_signature(member); |
| 126 | |
| 127 | Runtime* runtime = Runtime::Current(); |
| 128 | |
Mathew Inwood | c8ce5f5 | 2018-04-05 13:58:55 +0100 | [diff] [blame^] | 129 | // Check for an exemption first. Exempted APIs are treated as white list. |
| 130 | // We only do this if we're about to deny, or if the app is debuggable. This is because: |
| 131 | // - we only print a warning for light greylist violations for debuggable apps |
| 132 | // - for non-debuggable apps, there is no distinction between light grey & whitelisted APIs. |
| 133 | // - we want to avoid the overhead of checking for exemptions for light greylisted APIs whenever |
| 134 | // possible. |
| 135 | if (action == kDeny || runtime->IsJavaDebuggable()) { |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 136 | if (member_signature.IsExempted(runtime->GetHiddenApiExemptions())) { |
Mathew Inwood | c8ce5f5 | 2018-04-05 13:58:55 +0100 | [diff] [blame^] | 137 | action = kAllow; |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 138 | // Avoid re-examining the exemption list next time. |
Mathew Inwood | c8ce5f5 | 2018-04-05 13:58:55 +0100 | [diff] [blame^] | 139 | // Note this results in no warning for the member, which seems like what one would expect. |
| 140 | // Exemptions effectively adds new members to the whitelist. |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 141 | member->SetAccessFlags(HiddenApiAccessFlags::EncodeForRuntime( |
Mathew Inwood | c8ce5f5 | 2018-04-05 13:58:55 +0100 | [diff] [blame^] | 142 | member->GetAccessFlags(), HiddenApiAccessFlags::kWhitelist)); |
| 143 | return kAllow; |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 144 | } |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 145 | |
Mathew Inwood | c8ce5f5 | 2018-04-05 13:58:55 +0100 | [diff] [blame^] | 146 | if (access_method != kNone) { |
| 147 | // Print a log message with information about this class member access. |
| 148 | // We do this if we're about to block access, or the app is debuggable. |
| 149 | member_signature.WarnAboutAccess(access_method, |
| 150 | HiddenApiAccessFlags::DecodeFromRuntime(member->GetAccessFlags())); |
| 151 | } |
David Brazdil | 54a99cf | 2018-04-05 16:57:32 +0100 | [diff] [blame] | 152 | } |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 153 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 154 | if (action == kDeny) { |
| 155 | // Block access |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 156 | return action; |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 157 | } |
| 158 | |
| 159 | // Allow access to this member but print a warning. |
| 160 | DCHECK(action == kAllowButWarn || action == kAllowButWarnAndToast); |
| 161 | |
David Brazdil | 54a99cf | 2018-04-05 16:57:32 +0100 | [diff] [blame] | 162 | if (access_method != kNone) { |
| 163 | // Depending on a runtime flag, we might move the member into whitelist and |
| 164 | // skip the warning the next time the member is accessed. |
| 165 | if (runtime->ShouldDedupeHiddenApiWarnings()) { |
| 166 | member->SetAccessFlags(HiddenApiAccessFlags::EncodeForRuntime( |
| 167 | member->GetAccessFlags(), HiddenApiAccessFlags::kWhitelist)); |
| 168 | } |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 169 | |
David Brazdil | 54a99cf | 2018-04-05 16:57:32 +0100 | [diff] [blame] | 170 | // If this action requires a UI warning, set the appropriate flag. |
| 171 | if (action == kAllowButWarnAndToast || runtime->ShouldAlwaysSetHiddenApiWarningFlag()) { |
| 172 | runtime->SetPendingHiddenApiWarning(true); |
| 173 | } |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 174 | } |
| 175 | |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 176 | return action; |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 177 | } |
| 178 | |
| 179 | // Need to instantiate this. |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 180 | template Action GetMemberActionImpl<ArtField>(ArtField* member, |
| 181 | Action action, |
| 182 | AccessMethod access_method); |
| 183 | template Action GetMemberActionImpl<ArtMethod>(ArtMethod* member, |
| 184 | Action action, |
| 185 | AccessMethod access_method); |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 186 | } // namespace detail |
Narayan Kamath | e453a8d | 2018-04-03 15:23:46 +0100 | [diff] [blame] | 187 | |
| 188 | template<typename T> |
| 189 | void NotifyHiddenApiListener(T* member) { |
| 190 | Runtime* runtime = Runtime::Current(); |
| 191 | if (!runtime->IsAotCompiler()) { |
| 192 | ScopedObjectAccessUnchecked soa(Thread::Current()); |
| 193 | |
| 194 | ScopedLocalRef<jobject> consumer_object(soa.Env(), |
| 195 | soa.Env()->GetStaticObjectField( |
| 196 | WellKnownClasses::dalvik_system_VMRuntime, |
| 197 | WellKnownClasses::dalvik_system_VMRuntime_nonSdkApiUsageConsumer)); |
| 198 | // If the consumer is non-null, we call back to it to let it know that we |
| 199 | // have encountered an API that's in one of our lists. |
| 200 | if (consumer_object != nullptr) { |
| 201 | detail::MemberSignature member_signature(member); |
| 202 | std::ostringstream member_signature_str; |
| 203 | member_signature.Dump(member_signature_str); |
| 204 | |
| 205 | ScopedLocalRef<jobject> signature_str( |
| 206 | soa.Env(), |
| 207 | soa.Env()->NewStringUTF(member_signature_str.str().c_str())); |
| 208 | |
| 209 | // Call through to Consumer.accept(String memberSignature); |
| 210 | soa.Env()->CallVoidMethod(consumer_object.get(), |
| 211 | WellKnownClasses::java_util_function_Consumer_accept, |
| 212 | signature_str.get()); |
| 213 | } |
| 214 | } |
| 215 | } |
| 216 | |
| 217 | template void NotifyHiddenApiListener<ArtMethod>(ArtMethod* member); |
| 218 | template void NotifyHiddenApiListener<ArtField>(ArtField* member); |
| 219 | |
Andreas Gampe | 80f5fe5 | 2018-03-28 16:23:24 -0700 | [diff] [blame] | 220 | } // namespace hiddenapi |
| 221 | } // namespace art |