Rename preferCodeIntegrity to useEmbeddedDex
Also remove the restriction of extractNativeLibs.
Test: build, (new) CTS in progress
Bug: 112037137
Change-Id: If0ad13b0d63b288c2da3a82b911d8dad0db8c07a
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index 5d6d144..147d6b3 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -640,19 +640,15 @@
public static final int PRIVATE_FLAG_HAS_FRAGILE_USER_DATA = 1 << 24;
/**
- * Indicate whether this application prefers code integrity, that is, run only code that is
- * signed. This requires android:extractNativeLibs to be "false", as well as .dex and .so (if
- * any) stored uncompressed inside the APK, which is signed. At run time, the implications
- * include:
- *
- * <ul>
- * <li>ART will JIT the dex code directly from the APK. There may be performance characteristic
- * changes depend on the actual workload.
- * </ul>
+ * Indicates whether this application wants to use the embedded dex in the APK, rather than
+ * extracted or locally compiled variants. This keeps the dex code protected by the APK
+ * signature. Such apps will always run in JIT mode (same when they are first installed), and
+ * the system will never generate ahead-of-time compiled code for them. Depending on the app's
+ * workload, there may be some run time performance change, noteably the cold start time.
*
* @hide
*/
- public static final int PRIVATE_FLAG_PREFER_CODE_INTEGRITY = 1 << 25;
+ public static final int PRIVATE_FLAG_USE_EMBEDDED_DEX = 1 << 25;
/** @hide */
@IntDef(flag = true, prefix = { "PRIVATE_FLAG_" }, value = {
@@ -669,7 +665,7 @@
PRIVATE_FLAG_ISOLATED_SPLIT_LOADING,
PRIVATE_FLAG_OEM,
PRIVATE_FLAG_PARTIALLY_DIRECT_BOOT_AWARE,
- PRIVATE_FLAG_PREFER_CODE_INTEGRITY,
+ PRIVATE_FLAG_USE_EMBEDDED_DEX,
PRIVATE_FLAG_PRIVILEGED,
PRIVATE_FLAG_PRODUCT,
PRIVATE_FLAG_PRODUCT_SERVICES,
@@ -1956,8 +1952,8 @@
}
/** @hide */
- public boolean isCodeIntegrityPreferred() {
- return (privateFlags & PRIVATE_FLAG_PREFER_CODE_INTEGRITY) != 0;
+ public boolean isEmbeddedDexUsed() {
+ return (privateFlags & PRIVATE_FLAG_USE_EMBEDDED_DEX) != 0;
}
/**
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index eb59cfc..75c307c 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -475,7 +475,7 @@
public final boolean extractNativeLibs;
public final boolean isolatedSplits;
public final boolean isSplitRequired;
- public final boolean preferCodeIntegrity;
+ public final boolean useEmbeddedDex;
public ApkLite(String codePath, String packageName, String splitName,
boolean isFeatureSplit,
@@ -484,7 +484,7 @@
int revisionCode, int installLocation, List<VerifierInfo> verifiers,
SigningDetails signingDetails, boolean coreApp,
boolean debuggable, boolean multiArch, boolean use32bitAbi,
- boolean preferCodeIntegrity, boolean extractNativeLibs, boolean isolatedSplits) {
+ boolean useEmbeddedDex, boolean extractNativeLibs, boolean isolatedSplits) {
this.codePath = codePath;
this.packageName = packageName;
this.splitName = splitName;
@@ -501,7 +501,7 @@
this.debuggable = debuggable;
this.multiArch = multiArch;
this.use32bitAbi = use32bitAbi;
- this.preferCodeIntegrity = preferCodeIntegrity;
+ this.useEmbeddedDex = useEmbeddedDex;
this.extractNativeLibs = extractNativeLibs;
this.isolatedSplits = isolatedSplits;
this.isSplitRequired = isSplitRequired;
@@ -1726,7 +1726,7 @@
boolean isolatedSplits = false;
boolean isFeatureSplit = false;
boolean isSplitRequired = false;
- boolean preferCodeIntegrity = false;
+ boolean useEmbeddedDex = false;
String configForSplit = null;
String usesSplitName = null;
@@ -1790,8 +1790,8 @@
extractNativeLibsProvided = Boolean.valueOf(
attrs.getAttributeBooleanValue(i, true));
}
- if ("preferCodeIntegrity".equals(attr)) {
- preferCodeIntegrity = attrs.getAttributeBooleanValue(i, false);
+ if ("useEmbeddedDex".equals(attr)) {
+ useEmbeddedDex = attrs.getAttributeBooleanValue(i, false);
}
}
} else if (TAG_USES_SPLIT.equals(parser.getName())) {
@@ -1851,16 +1851,10 @@
final boolean extractNativeLibs = (extractNativeLibsProvided != null)
? extractNativeLibsProvided : extractNativeLibsDefault;
- if (preferCodeIntegrity && extractNativeLibs) {
- throw new PackageParserException(
- PackageManager.INSTALL_PARSE_FAILED_MANIFEST_MALFORMED,
- "Can't request both preferCodeIntegrity and extractNativeLibs");
- }
-
return new ApkLite(codePath, packageSplit.first, packageSplit.second, isFeatureSplit,
configForSplit, usesSplitName, isSplitRequired, versionCode, versionCodeMajor,
revisionCode, installLocation, verifiers, signingDetails, coreApp, debuggable,
- multiArch, use32bitAbi, preferCodeIntegrity, extractNativeLibs, isolatedSplits);
+ multiArch, use32bitAbi, useEmbeddedDex, extractNativeLibs, isolatedSplits);
}
/**
@@ -3789,9 +3783,9 @@
}
if (sa.getBoolean(
- R.styleable.AndroidManifestApplication_preferCodeIntegrity,
+ R.styleable.AndroidManifestApplication_useEmbeddedDex,
false)) {
- ai.privateFlags |= ApplicationInfo.PRIVATE_FLAG_PREFER_CODE_INTEGRITY;
+ ai.privateFlags |= ApplicationInfo.PRIVATE_FLAG_USE_EMBEDDED_DEX;
}
if (sa.getBoolean(
diff --git a/core/java/android/view/LayoutInflater.java b/core/java/android/view/LayoutInflater.java
index dc7c343..3fb74c7 100644
--- a/core/java/android/view/LayoutInflater.java
+++ b/core/java/android/view/LayoutInflater.java
@@ -408,8 +408,7 @@
// Make sure the application allows code generation
ApplicationInfo appInfo = mContext.getApplicationInfo();
- if ((appInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PREFER_CODE_INTEGRITY) != 0
- || appInfo.isPrivilegedApp()) {
+ if (appInfo.isEmbeddedDexUsed() || appInfo.isPrivilegedApp()) {
mUseCompiledView = false;
return;
}
diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml
index 0abe456..04dbe0c 100644
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -1129,10 +1129,12 @@
resource] to be present in order to function. Default value is false. -->
<attr name="isSplitRequired" format="boolean" />
- <!-- Flag to specify if this app prioritizes code integrity. The system may choose
- to run with better integrity guarantee in various components if possible based on the app's
- <code>targetSdkVersion</code>. -->
- <attr name="preferCodeIntegrity" format="boolean" />
+ <!-- Flag to specify if this app wants to run the dex within its APK but not extracted or
+ locally compiled variants. This keeps the dex code protected by the APK signature. Such
+ apps will always run in JIT mode (same when they are first installed), and the system will
+ never generate ahead-of-time compiled code for them. Depending on the app's workload,
+ there may be some run time performance change, noteably the cold start time. -->
+ <attr name="useEmbeddedDex" format="boolean" />
<!-- Extra options for an activity's UI. Applies to either the {@code <activity>} or
{@code <application>} tag. If specified on the {@code <application>}
@@ -1602,7 +1604,7 @@
to honor this flag as well. -->
<attr name="usesCleartextTraffic" />
<attr name="multiArch" />
- <attr name="preferCodeIntegrity" />
+ <attr name="useEmbeddedDex" />
<attr name="extractNativeLibs" />
<attr name="defaultToDeviceProtectedStorage" format="boolean" />
<attr name="directBootAware" />
diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java
index c2e7763..20915da5 100644
--- a/services/core/java/com/android/server/am/ProcessList.java
+++ b/services/core/java/com/android/server/am/ProcessList.java
@@ -1507,7 +1507,7 @@
mService.mNativeDebuggingApp = null;
}
- if (app.info.isCodeIntegrityPreferred()
+ if (app.info.isEmbeddedDexUsed()
|| (app.info.isPrivilegedApp()
&& DexManager.isPackageSelectedToRunOob(app.pkgList.mPkgList.keySet()))) {
runtimeFlags |= Zygote.ONLY_USE_SYSTEM_OAT_FILES;
diff --git a/services/core/java/com/android/server/pm/PackageDexOptimizer.java b/services/core/java/com/android/server/pm/PackageDexOptimizer.java
index 94b1b36..5b38208 100644
--- a/services/core/java/com/android/server/pm/PackageDexOptimizer.java
+++ b/services/core/java/com/android/server/pm/PackageDexOptimizer.java
@@ -507,7 +507,7 @@
int flags = info.flags;
boolean vmSafeMode = (flags & ApplicationInfo.FLAG_VM_SAFE_MODE) != 0;
// When an app or priv app is configured to run out of box, only verify it.
- if (info.isCodeIntegrityPreferred()
+ if (info.isEmbeddedDexUsed()
|| (info.isPrivilegedApp()
&& DexManager.isPackageSelectedToRunOob(info.packageName))) {
return "verify";
diff --git a/services/core/java/com/android/server/pm/PackageInstallerSession.java b/services/core/java/com/android/server/pm/PackageInstallerSession.java
index 494ec3f..9cda889a 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerSession.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerSession.java
@@ -1562,12 +1562,12 @@
}
}
}
- if (baseApk.preferCodeIntegrity) {
+ if (baseApk.useEmbeddedDex) {
for (File file : mResolvedStagedFiles) {
if (file.getName().endsWith(".apk")
- && !DexManager.auditUncompressedCodeInApk(file.getPath())) {
+ && !DexManager.auditUncompressedDexInApk(file.getPath())) {
throw new PackageManagerException(INSTALL_FAILED_INVALID_APK,
- "Some code are not uncompressed and aligned correctly for "
+ "Some dex are not uncompressed and aligned correctly for "
+ mPackageName);
}
}
diff --git a/services/core/java/com/android/server/pm/dex/ArtManagerService.java b/services/core/java/com/android/server/pm/dex/ArtManagerService.java
index 7d2dd65..23705db 100644
--- a/services/core/java/com/android/server/pm/dex/ArtManagerService.java
+++ b/services/core/java/com/android/server/pm/dex/ArtManagerService.java
@@ -480,7 +480,7 @@
final String apkPath = pkg.baseCodePath;
final ApplicationInfo appInfo = pkg.applicationInfo;
final String outDexFile = appInfo.dataDir + "/code_cache/compiled_view.dex";
- if (appInfo.isPrivilegedApp() || appInfo.isCodeIntegrityPreferred()) {
+ if (appInfo.isPrivilegedApp() || appInfo.isEmbeddedDexUsed()) {
// Privileged apps prefer to load trusted code so they don't use compiled views.
// If the app is not privileged but prefers code integrity, also avoid compiling
// views.
diff --git a/services/core/java/com/android/server/pm/dex/DexManager.java b/services/core/java/com/android/server/pm/dex/DexManager.java
index 7ac7395..b9d388b 100644
--- a/services/core/java/com/android/server/pm/dex/DexManager.java
+++ b/services/core/java/com/android/server/pm/dex/DexManager.java
@@ -740,10 +740,10 @@
}
/**
- * Generates log if the archive located at {@code fileName} has uncompressed dex file and so
- * files that can be direclty mapped.
+ * Generates log if the archive located at {@code fileName} has uncompressed dex file that can
+ * be direclty mapped.
*/
- public static boolean auditUncompressedCodeInApk(String fileName) {
+ public static boolean auditUncompressedDexInApk(String fileName) {
StrictJarFile jarFile = null;
try {
jarFile = new StrictJarFile(fileName,
@@ -762,16 +762,6 @@
Slog.w(TAG, "APK " + fileName + " has unaligned dex code " +
entry.getName());
}
- } else if (entry.getName().endsWith(".so")) {
- if (entry.getMethod() != ZipEntry.STORED) {
- allCorrect = false;
- Slog.w(TAG, "APK " + fileName + " has compressed native code " +
- entry.getName());
- } else if ((entry.getDataOffset() & (0x1000 - 1)) != 0) {
- allCorrect = false;
- Slog.w(TAG, "APK " + fileName + " has unaligned native code " +
- entry.getName());
- }
}
}
return allCorrect;