Set DEXOPT_DISABLE_HIDDEN_API_CHECKS for system apps
For now, system apps will be exempt from hidden API access checks.
Pass the appropriate flag to dexopt.
Test: manual
Bug: 64382372
Bug: 72305689
Change-Id: I5676ffa3a5ba680bf5f6bab0b62f0acf4a933097
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index 7bdf72f..746a090 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -1591,6 +1591,13 @@
/**
* @hide
*/
+ public boolean isAllowedToUseHiddenApi() {
+ return isSystemApp();
+ }
+
+ /**
+ * @hide
+ */
@Override
public Drawable loadDefaultIcon(PackageManager pm) {
if ((flags & FLAG_EXTERNAL_STORAGE) != 0
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
index 2671f29..5659470 100644
--- a/core/java/com/android/internal/os/ZygoteInit.java
+++ b/core/java/com/android/internal/os/ZygoteInit.java
@@ -98,6 +98,10 @@
private static final String SOCKET_NAME_ARG = "--socket-name=";
+ /* Dexopt flag to disable hidden API access checks when dexopting SystemServer.
+ * Must be kept in sync with com.android.server.pm.Installer. */
+ private static final int DEXOPT_DISABLE_HIDDEN_API_CHECKS = 1 << 10;
+
/**
* Used to pre-load resources.
*/
@@ -565,7 +569,10 @@
if (dexoptNeeded != DexFile.NO_DEXOPT_NEEDED) {
final String packageName = "*";
final String outputPath = null;
- final int dexFlags = 0;
+ // Dexopt with a flag which lifts restrictions on hidden API usage.
+ // Offending methods would otherwise be re-verified at runtime and
+ // we want to avoid the performance overhead of that.
+ final int dexFlags = DEXOPT_DISABLE_HIDDEN_API_CHECKS;
final String compilerFilter = systemServerFilter;
final String uuid = StorageManager.UUID_PRIVATE_INTERNAL;
final String seInfo = null;
diff --git a/services/core/java/com/android/server/pm/Installer.java b/services/core/java/com/android/server/pm/Installer.java
index 4b3758d..1dc3fe3 100644
--- a/services/core/java/com/android/server/pm/Installer.java
+++ b/services/core/java/com/android/server/pm/Installer.java
@@ -58,6 +58,9 @@
public static final int DEXOPT_STORAGE_DE = 1 << 8;
/** Indicates that dexopt is invoked from the background service. */
public static final int DEXOPT_IDLE_BACKGROUND_JOB = 1 << 9;
+ /* Indicates that dexopt should not restrict access to private APIs.
+ * Must be kept in sync with com.android.internal.os.ZygoteInit. */
+ public static final int DEXOPT_DISABLE_HIDDEN_API_CHECKS = 1 << 10;
// NOTE: keep in sync with installd
public static final int FLAG_CLEAR_CACHE_ONLY = 1 << 8;
diff --git a/services/core/java/com/android/server/pm/PackageDexOptimizer.java b/services/core/java/com/android/server/pm/PackageDexOptimizer.java
index 91df87b..6a08e1b 100644
--- a/services/core/java/com/android/server/pm/PackageDexOptimizer.java
+++ b/services/core/java/com/android/server/pm/PackageDexOptimizer.java
@@ -55,6 +55,7 @@
import static com.android.server.pm.Installer.DEXOPT_STORAGE_CE;
import static com.android.server.pm.Installer.DEXOPT_STORAGE_DE;
import static com.android.server.pm.Installer.DEXOPT_IDLE_BACKGROUND_JOB;
+import static com.android.server.pm.Installer.DEXOPT_DISABLE_HIDDEN_API_CHECKS;
import static com.android.server.pm.InstructionSets.getAppDexInstructionSets;
import static com.android.server.pm.InstructionSets.getDexCodeInstructionSets;
@@ -509,12 +510,18 @@
boolean isProfileGuidedFilter = isProfileGuidedCompilerFilter(compilerFilter);
boolean isPublic = !info.isForwardLocked() && !isProfileGuidedFilter;
int profileFlag = isProfileGuidedFilter ? DEXOPT_PROFILE_GUIDED : 0;
+ // System apps are invoked with a runtime flag which exempts them from
+ // restrictions on hidden API usage. We dexopt with the same runtime flag
+ // otherwise offending methods would have to be re-verified at runtime
+ // and we want to avoid the performance overhead of that.
+ int hiddenApiFlag = info.isAllowedToUseHiddenApi() ? DEXOPT_DISABLE_HIDDEN_API_CHECKS : 0;
int dexFlags =
(isPublic ? DEXOPT_PUBLIC : 0)
| (debuggable ? DEXOPT_DEBUGGABLE : 0)
| profileFlag
| (options.isBootComplete() ? DEXOPT_BOOTCOMPLETE : 0)
- | (options.isDexoptIdleBackgroundJob() ? DEXOPT_IDLE_BACKGROUND_JOB : 0);
+ | (options.isDexoptIdleBackgroundJob() ? DEXOPT_IDLE_BACKGROUND_JOB : 0)
+ | hiddenApiFlag;
return adjustDexoptFlags(dexFlags);
}
@@ -629,6 +636,9 @@
if ((flags & DEXOPT_IDLE_BACKGROUND_JOB) == DEXOPT_IDLE_BACKGROUND_JOB) {
flagsList.add("idle_background_job");
}
+ if ((flags & DEXOPT_DISABLE_HIDDEN_API_CHECKS) == DEXOPT_DISABLE_HIDDEN_API_CHECKS) {
+ flagsList.add("disable_hidden_api_checks");
+ }
return String.join(",", flagsList);
}