Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 071bcaa906eabd3e01afa06e72720bdb92897bc3^! / .
commit071bcaa906eabd3e01afa06e72720bdb92897bc3[log] [tgz]
authorDavid Brazdil <dbrazdil@google.com>Wed Jan 17 18:06:47 2018 +0000
committerDavid Brazdil <dbrazdil@google.com>Wed Jan 24 21:42:28 2018 +0000
tree05e4ebe4ee06cd9007548ddef346c710f3d61bdc
parentec44a402d2c90a6d7e57f51a99d9e1f5e136a839 [diff]
Set Zygote.DISABLE_HIDDEN_API_CHECKS for system apps

When forking a process for a system app, pass a flag to ART that
will disable enforcement of hidden API access checks.

Test: manual
Bug: 64382372
Change-Id: I5ba81d84a44c9467613f060428b11e1d9d725bd3

diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java
index 9167076..d0f5ba7 100644
--- a/core/java/com/android/internal/os/Zygote.java
+++ b/core/java/com/android/internal/os/Zygote.java

@@ -55,6 +55,8 @@
     public static final int DISABLE_VERIFIER = 1 << 9;
     /** Only use oat files located in /system. Otherwise use dex/jar/apk . */
     public static final int ONLY_USE_SYSTEM_OAT_FILES = 1 << 10;
+    /** Do not enfore hidden API access restrictions. */
+    public static final int DISABLE_HIDDEN_API_CHECKS = 1 << 11;
 
     /** No external storage should be mounted. */
     public static final int MOUNT_EXTERNAL_NONE = 0;
@@ -158,6 +160,9 @@
      */
     public static int forkSystemServer(int uid, int gid, int[] gids, int runtimeFlags,
             int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) {
+        // SystemServer is always allowed to use hidden APIs.
+        runtimeFlags |= DISABLE_HIDDEN_API_CHECKS;
+
         VM_HOOKS.preFork();
         // Resets nice priority for zygote process.
         resetNicePriority();

diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 002381a..d3fb087 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java

@@ -3877,6 +3877,12 @@
                 runtimeFlags |= Zygote.ONLY_USE_SYSTEM_OAT_FILES;
             }
 
+            if (app.info.isAllowedToUseHiddenApi()) {
+                // This app is allowed to use undocumented and private APIs. Set
+                // up its runtime with the appropriate flag.
+                runtimeFlags |= Zygote.DISABLE_HIDDEN_API_CHECKS;
+            }
+
             String invokeWith = null;
             if ((app.info.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
                 // Debuggable apps may include a wrapper script with their library directory.