Start warning on hidden API greylist
Insert checks into reflection, JNI and the verifier to print
a warning when greylisted methods are invoked and fields accessed.
We do this on actual access, because reflection allows to list
all methods/fields and simply listing a greylisted member would
print too many false positives.
Issuing a warning also sets a boolean flag in Runtime. This will
be made accessible through VMRuntime to the framework which will
issue a Toast on Activity start.
The change was tested with internal microbenchmarks of reflection
and those flagged one issue. Microbenchmark invoking a field getter
has regressed by 35%. We will profile this benchmark in detail and
consider options for improvement. Bug b/72482474 was created to track
progress.
Test: art/test.py -b -r -t 674-hiddenapi
Bug: 64382372
Bug: 72482474
Change-Id: I323244935e9091a2f8d012385cefaac6b1fe3777
diff --git a/runtime/runtime.h b/runtime/runtime.h
index 893ebbe..184e4e5 100644
--- a/runtime/runtime.h
+++ b/runtime/runtime.h
@@ -528,6 +528,22 @@
return do_hidden_api_checks_;
}
+ void SetPendingHiddenApiWarning(bool value) {
+ pending_hidden_api_warning_ = value;
+ }
+
+ bool HasPendingHiddenApiWarning() const {
+ return pending_hidden_api_warning_;
+ }
+
+ void SetDedupeHiddenApiWarnings(bool value) {
+ dedupe_hidden_api_warnings_ = value;
+ }
+
+ bool ShouldDedupeHiddenApiWarnings() {
+ return dedupe_hidden_api_warnings_;
+ }
+
bool IsDexFileFallbackEnabled() const {
return allow_dex_file_fallback_;
}
@@ -968,6 +984,14 @@
// Whether access checks on hidden API should be performed.
bool do_hidden_api_checks_;
+ // Whether the application has used an API which is not restricted but we
+ // should issue a warning about it.
+ bool pending_hidden_api_warning_;
+
+ // Do not warn about the same hidden API access violation twice.
+ // This is only used for testing.
+ bool dedupe_hidden_api_warnings_;
+
// Whether threads should dump their native stack on SIGQUIT.
bool dump_native_stack_on_sig_quit_;