1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "hidden_api.h"
18
19 #include <nativehelper/scoped_local_ref.h>
20
21 #include "art_field-inl.h"
22 #include "art_method-inl.h"
23 #include "base/dumpable.h"
24 #include "base/file_utils.h"
25 #include "dex/class_accessor-inl.h"
26 #include "dex/dex_file_loader.h"
27 #include "mirror/class_ext.h"
28 #include "oat_file.h"
29 #include "scoped_thread_state_change.h"
30 #include "thread-inl.h"
31 #include "well_known_classes.h"
32
33 namespace art {
34 namespace hiddenapi {
35
36 // Should be the same as dalvik.system.VMRuntime.HIDE_MAXTARGETSDK_P_HIDDEN_APIS and
37 // dalvik.system.VMRuntime.HIDE_MAXTARGETSDK_Q_HIDDEN_APIS.
38 // Corresponds to bug ids.
39 static constexpr uint64_t kHideMaxtargetsdkPHiddenApis = 149997251;
40 static constexpr uint64_t kHideMaxtargetsdkQHiddenApis = 149994052;
41
42 // Set to true if we should always print a warning in logcat for all hidden API accesses, not just
43 // dark grey and black. This can be set to true for developer preview / beta builds, but should be
44 // false for public release builds.
45 // Note that when flipping this flag, you must also update the expectations of test 674-hiddenapi
46 // as it affects whether or not we warn for light grey APIs that have been added to the exemptions
47 // list.
48 static constexpr bool kLogAllAccesses = false;
49
50 // Exemptions for logcat warning. Following signatures do not produce a warning as app developers
51 // should not be alerted on the usage of these greylised APIs. See b/154851649.
52 static const std::vector<std::string> kWarningExemptions = {
53 "Ljava/nio/Buffer;",
54 "Llibcore/io/Memory;",
55 "Lsun/misc/Unsafe;",
56 };
57
operator <<(std::ostream & os,AccessMethod value)58 static inline std::ostream& operator<<(std::ostream& os, AccessMethod value) {
59 switch (value) {
60 case AccessMethod::kNone:
61 LOG(FATAL) << "Internal access to hidden API should not be logged";
62 UNREACHABLE();
63 case AccessMethod::kReflection:
64 os << "reflection";
65 break;
66 case AccessMethod::kJNI:
67 os << "JNI";
68 break;
69 case AccessMethod::kLinking:
70 os << "linking";
71 break;
72 }
73 return os;
74 }
75
operator <<(std::ostream & os,const AccessContext & value)76 static inline std::ostream& operator<<(std::ostream& os, const AccessContext& value)
77 REQUIRES_SHARED(Locks::mutator_lock_) {
78 if (!value.GetClass().IsNull()) {
79 std::string tmp;
80 os << value.GetClass()->GetDescriptor(&tmp);
81 } else if (value.GetDexFile() != nullptr) {
82 os << value.GetDexFile()->GetLocation();
83 } else {
84 os << "<unknown_caller>";
85 }
86 return os;
87 }
88
DetermineDomainFromLocation(const std::string & dex_location,ObjPtr<mirror::ClassLoader> class_loader)89 static Domain DetermineDomainFromLocation(const std::string& dex_location,
90 ObjPtr<mirror::ClassLoader> class_loader) {
91 // If running with APEX, check `path` against known APEX locations.
92 // These checks will be skipped on target buildbots where ANDROID_ART_ROOT
93 // is set to "/system".
94 if (ArtModuleRootDistinctFromAndroidRoot()) {
95 if (LocationIsOnArtModule(dex_location.c_str()) ||
96 LocationIsOnConscryptModule(dex_location.c_str()) ||
97 LocationIsOnI18nModule(dex_location.c_str())) {
98 return Domain::kCorePlatform;
99 }
100
101 if (LocationIsOnApex(dex_location.c_str())) {
102 return Domain::kPlatform;
103 }
104 }
105
106 if (LocationIsOnSystemFramework(dex_location.c_str())) {
107 return Domain::kPlatform;
108 }
109
110 if (LocationIsOnSystemExtFramework(dex_location.c_str())) {
111 return Domain::kPlatform;
112 }
113
114 if (class_loader.IsNull()) {
115 if (kIsTargetBuild && !kIsTargetLinux) {
116 // This is unexpected only when running on Android.
117 LOG(WARNING) << "DexFile " << dex_location
118 << " is in boot class path but is not in a known location";
119 }
120 return Domain::kPlatform;
121 }
122
123 return Domain::kApplication;
124 }
125
InitializeDexFileDomain(const DexFile & dex_file,ObjPtr<mirror::ClassLoader> class_loader)126 void InitializeDexFileDomain(const DexFile& dex_file, ObjPtr<mirror::ClassLoader> class_loader) {
127 Domain dex_domain = DetermineDomainFromLocation(dex_file.GetLocation(), class_loader);
128
129 // Assign the domain unless a more permissive domain has already been assigned.
130 // This may happen when DexFile is initialized as trusted.
131 if (IsDomainMoreTrustedThan(dex_domain, dex_file.GetHiddenapiDomain())) {
132 dex_file.SetHiddenapiDomain(dex_domain);
133 }
134 }
135
InitializeCorePlatformApiPrivateFields()136 void InitializeCorePlatformApiPrivateFields() {
137 // The following fields in WellKnownClasses correspond to private fields in the Core Platform
138 // API that cannot be otherwise expressed and propagated through tooling (b/144502743).
139 jfieldID private_core_platform_api_fields[] = {
140 WellKnownClasses::java_io_FileDescriptor_descriptor,
141 WellKnownClasses::java_nio_Buffer_address,
142 WellKnownClasses::java_nio_Buffer_elementSizeShift,
143 WellKnownClasses::java_nio_Buffer_limit,
144 WellKnownClasses::java_nio_Buffer_position,
145 };
146
147 ScopedObjectAccess soa(Thread::Current());
148 for (const auto private_core_platform_api_field : private_core_platform_api_fields) {
149 ArtField* field = jni::DecodeArtField(private_core_platform_api_field);
150 const uint32_t access_flags = field->GetAccessFlags();
151 uint32_t new_access_flags = access_flags | kAccCorePlatformApi;
152 DCHECK(new_access_flags != access_flags);
153 field->SetAccessFlags(new_access_flags);
154 }
155 }
156
157 namespace detail {
158
159 // Do not change the values of items in this enum, as they are written to the
160 // event log for offline analysis. Any changes will interfere with that analysis.
161 enum AccessContextFlags {
162 // Accessed member is a field if this bit is set, else a method
163 kMemberIsField = 1 << 0,
164 // Indicates if access was denied to the member, instead of just printing a warning.
165 kAccessDenied = 1 << 1,
166 };
167
MemberSignature(ArtField * field)168 MemberSignature::MemberSignature(ArtField* field) {
169 class_name_ = field->GetDeclaringClass()->GetDescriptor(&tmp_);
170 member_name_ = field->GetName();
171 type_signature_ = field->GetTypeDescriptor();
172 type_ = kField;
173 }
174
MemberSignature(ArtMethod * method)175 MemberSignature::MemberSignature(ArtMethod* method) {
176 DCHECK(method == method->GetInterfaceMethodIfProxy(kRuntimePointerSize))
177 << "Caller should have replaced proxy method with interface method";
178 class_name_ = method->GetDeclaringClass()->GetDescriptor(&tmp_);
179 member_name_ = method->GetName();
180 type_signature_ = method->GetSignature().ToString();
181 type_ = kMethod;
182 }
183
MemberSignature(const ClassAccessor::Field & field)184 MemberSignature::MemberSignature(const ClassAccessor::Field& field) {
185 const DexFile& dex_file = field.GetDexFile();
186 const dex::FieldId& field_id = dex_file.GetFieldId(field.GetIndex());
187 class_name_ = dex_file.GetFieldDeclaringClassDescriptor(field_id);
188 member_name_ = dex_file.GetFieldName(field_id);
189 type_signature_ = dex_file.GetFieldTypeDescriptor(field_id);
190 type_ = kField;
191 }
192
MemberSignature(const ClassAccessor::Method & method)193 MemberSignature::MemberSignature(const ClassAccessor::Method& method) {
194 const DexFile& dex_file = method.GetDexFile();
195 const dex::MethodId& method_id = dex_file.GetMethodId(method.GetIndex());
196 class_name_ = dex_file.GetMethodDeclaringClassDescriptor(method_id);
197 member_name_ = dex_file.GetMethodName(method_id);
198 type_signature_ = dex_file.GetMethodSignature(method_id).ToString();
199 type_ = kMethod;
200 }
201
GetSignatureParts() const202 inline std::vector<const char*> MemberSignature::GetSignatureParts() const {
203 if (type_ == kField) {
204 return { class_name_.c_str(), "->", member_name_.c_str(), ":", type_signature_.c_str() };
205 } else {
206 DCHECK_EQ(type_, kMethod);
207 return { class_name_.c_str(), "->", member_name_.c_str(), type_signature_.c_str() };
208 }
209 }
210
DoesPrefixMatch(const std::string & prefix) const211 bool MemberSignature::DoesPrefixMatch(const std::string& prefix) const {
212 size_t pos = 0;
213 for (const char* part : GetSignatureParts()) {
214 size_t count = std::min(prefix.length() - pos, strlen(part));
215 if (prefix.compare(pos, count, part, 0, count) == 0) {
216 pos += count;
217 } else {
218 return false;
219 }
220 }
221 // We have a complete match if all parts match (we exit the loop without
222 // returning) AND we've matched the whole prefix.
223 return pos == prefix.length();
224 }
225
DoesPrefixMatchAny(const std::vector<std::string> & exemptions)226 bool MemberSignature::DoesPrefixMatchAny(const std::vector<std::string>& exemptions) {
227 for (const std::string& exemption : exemptions) {
228 if (DoesPrefixMatch(exemption)) {
229 return true;
230 }
231 }
232 return false;
233 }
234
Dump(std::ostream & os) const235 void MemberSignature::Dump(std::ostream& os) const {
236 for (const char* part : GetSignatureParts()) {
237 os << part;
238 }
239 }
240
WarnAboutAccess(AccessMethod access_method,hiddenapi::ApiList list,bool access_denied)241 void MemberSignature::WarnAboutAccess(AccessMethod access_method,
242 hiddenapi::ApiList list,
243 bool access_denied) {
244 LOG(WARNING) << "Accessing hidden " << (type_ == kField ? "field " : "method ")
245 << Dumpable<MemberSignature>(*this) << " (" << list << ", " << access_method
246 << (access_denied ? ", denied)" : ", allowed)");
247 }
248
Equals(const MemberSignature & other)249 bool MemberSignature::Equals(const MemberSignature& other) {
250 return type_ == other.type_ &&
251 class_name_ == other.class_name_ &&
252 member_name_ == other.member_name_ &&
253 type_signature_ == other.type_signature_;
254 }
255
MemberNameAndTypeMatch(const MemberSignature & other)256 bool MemberSignature::MemberNameAndTypeMatch(const MemberSignature& other) {
257 return member_name_ == other.member_name_ && type_signature_ == other.type_signature_;
258 }
259
LogAccessToEventLog(uint32_t sampled_value,AccessMethod access_method,bool access_denied)260 void MemberSignature::LogAccessToEventLog(uint32_t sampled_value,
261 AccessMethod access_method,
262 bool access_denied) {
263 #ifdef ART_TARGET_ANDROID
264 if (access_method == AccessMethod::kLinking || access_method == AccessMethod::kNone) {
265 // Linking warnings come from static analysis/compilation of the bytecode
266 // and can contain false positives (i.e. code that is never run). We choose
267 // not to log these in the event log.
268 // None does not correspond to actual access, so should also be ignored.
269 return;
270 }
271 Runtime* runtime = Runtime::Current();
272 if (runtime->IsAotCompiler()) {
273 return;
274 }
275 JNIEnvExt* env = Thread::Current()->GetJniEnv();
276 const std::string& package_name = Runtime::Current()->GetProcessPackageName();
277 ScopedLocalRef<jstring> package_str(env, env->NewStringUTF(package_name.c_str()));
278 if (env->ExceptionCheck()) {
279 env->ExceptionClear();
280 LOG(ERROR) << "Unable to allocate string for package name which called hidden api";
281 }
282 std::ostringstream signature_str;
283 Dump(signature_str);
284 ScopedLocalRef<jstring> signature_jstr(env,
285 env->NewStringUTF(signature_str.str().c_str()));
286 if (env->ExceptionCheck()) {
287 env->ExceptionClear();
288 LOG(ERROR) << "Unable to allocate string for hidden api method signature";
289 }
290 env->CallStaticVoidMethod(WellKnownClasses::dalvik_system_VMRuntime,
291 WellKnownClasses::dalvik_system_VMRuntime_hiddenApiUsed,
292 sampled_value,
293 package_str.get(),
294 signature_jstr.get(),
295 static_cast<jint>(access_method),
296 access_denied);
297 if (env->ExceptionCheck()) {
298 env->ExceptionClear();
299 LOG(ERROR) << "Unable to report hidden api usage";
300 }
301 #else
302 UNUSED(sampled_value);
303 UNUSED(access_method);
304 UNUSED(access_denied);
305 #endif
306 }
307
NotifyHiddenApiListener(AccessMethod access_method)308 void MemberSignature::NotifyHiddenApiListener(AccessMethod access_method) {
309 if (access_method != AccessMethod::kReflection && access_method != AccessMethod::kJNI) {
310 // We can only up-call into Java during reflection and JNI down-calls.
311 return;
312 }
313
314 Runtime* runtime = Runtime::Current();
315 if (!runtime->IsAotCompiler()) {
316 ScopedObjectAccessUnchecked soa(Thread::Current());
317
318 ScopedLocalRef<jobject> consumer_object(soa.Env(),
319 soa.Env()->GetStaticObjectField(
320 WellKnownClasses::dalvik_system_VMRuntime,
321 WellKnownClasses::dalvik_system_VMRuntime_nonSdkApiUsageConsumer));
322 // If the consumer is non-null, we call back to it to let it know that we
323 // have encountered an API that's in one of our lists.
324 if (consumer_object != nullptr) {
325 std::ostringstream member_signature_str;
326 Dump(member_signature_str);
327
328 ScopedLocalRef<jobject> signature_str(
329 soa.Env(),
330 soa.Env()->NewStringUTF(member_signature_str.str().c_str()));
331
332 // Call through to Consumer.accept(String memberSignature);
333 soa.Env()->CallVoidMethod(consumer_object.get(),
334 WellKnownClasses::java_util_function_Consumer_accept,
335 signature_str.get());
336 }
337 }
338 }
339
CanUpdateRuntimeFlags(ArtField *)340 static ALWAYS_INLINE bool CanUpdateRuntimeFlags(ArtField*) {
341 return true;
342 }
343
CanUpdateRuntimeFlags(ArtMethod * method)344 static ALWAYS_INLINE bool CanUpdateRuntimeFlags(ArtMethod* method) {
345 return !method->IsIntrinsic();
346 }
347
348 template<typename T>
MaybeUpdateAccessFlags(Runtime * runtime,T * member,uint32_t flag)349 static ALWAYS_INLINE void MaybeUpdateAccessFlags(Runtime* runtime, T* member, uint32_t flag)
350 REQUIRES_SHARED(Locks::mutator_lock_) {
351 // Update the access flags unless:
352 // (a) `member` is an intrinsic
353 // (b) this is AOT compiler, as we do not want the updated access flags in the boot/app image
354 // (c) deduping warnings has been explicitly switched off.
355 if (CanUpdateRuntimeFlags(member) &&
356 !runtime->IsAotCompiler() &&
357 runtime->ShouldDedupeHiddenApiWarnings()) {
358 member->SetAccessFlags(member->GetAccessFlags() | flag);
359 }
360 }
361
GetMemberDexIndex(ArtField * field)362 static ALWAYS_INLINE uint32_t GetMemberDexIndex(ArtField* field) {
363 return field->GetDexFieldIndex();
364 }
365
GetMemberDexIndex(ArtMethod * method)366 static ALWAYS_INLINE uint32_t GetMemberDexIndex(ArtMethod* method)
367 REQUIRES_SHARED(Locks::mutator_lock_) {
368 // Use the non-obsolete method to avoid DexFile mismatch between
369 // the method index and the declaring class.
370 return method->GetNonObsoleteMethod()->GetDexMethodIndex();
371 }
372
VisitMembers(const DexFile & dex_file,const dex::ClassDef & class_def,const std::function<void (const ClassAccessor::Field &)> & fn_visit)373 static void VisitMembers(const DexFile& dex_file,
374 const dex::ClassDef& class_def,
375 const std::function<void(const ClassAccessor::Field&)>& fn_visit) {
376 ClassAccessor accessor(dex_file, class_def, /* parse_hiddenapi_class_data= */ true);
377 accessor.VisitFields(fn_visit, fn_visit);
378 }
379
VisitMembers(const DexFile & dex_file,const dex::ClassDef & class_def,const std::function<void (const ClassAccessor::Method &)> & fn_visit)380 static void VisitMembers(const DexFile& dex_file,
381 const dex::ClassDef& class_def,
382 const std::function<void(const ClassAccessor::Method&)>& fn_visit) {
383 ClassAccessor accessor(dex_file, class_def, /* parse_hiddenapi_class_data= */ true);
384 accessor.VisitMethods(fn_visit, fn_visit);
385 }
386
387 template<typename T>
GetDexFlags(T * member)388 uint32_t GetDexFlags(T* member) REQUIRES_SHARED(Locks::mutator_lock_) {
389 static_assert(std::is_same<T, ArtField>::value || std::is_same<T, ArtMethod>::value);
390 constexpr bool kMemberIsField = std::is_same<T, ArtField>::value;
391 using AccessorType = typename std::conditional<std::is_same<T, ArtField>::value,
392 ClassAccessor::Field, ClassAccessor::Method>::type;
393
394 ObjPtr<mirror::Class> declaring_class = member->GetDeclaringClass();
395 DCHECK(!declaring_class.IsNull()) << "Attempting to access a runtime method";
396
397 ApiList flags;
398 DCHECK(!flags.IsValid());
399
400 // Check if the declaring class has ClassExt allocated. If it does, check if
401 // the pre-JVMTI redefine dex file has been set to determine if the declaring
402 // class has been JVMTI-redefined.
403 ObjPtr<mirror::ClassExt> ext(declaring_class->GetExtData());
404 const DexFile* original_dex = ext.IsNull() ? nullptr : ext->GetPreRedefineDexFile();
405 if (LIKELY(original_dex == nullptr)) {
406 // Class is not redefined. Find the class def, iterate over its members and
407 // find the entry corresponding to this `member`.
408 const dex::ClassDef* class_def = declaring_class->GetClassDef();
409 if (class_def == nullptr) {
410 // ClassDef is not set for proxy classes. Only their fields can ever be inspected.
411 DCHECK(declaring_class->IsProxyClass())
412 << "Only proxy classes are expected not to have a class def";
413 DCHECK(kMemberIsField)
414 << "Interface methods should be inspected instead of proxy class methods";
415 flags = ApiList::Greylist();
416 } else {
417 uint32_t member_index = GetMemberDexIndex(member);
418 auto fn_visit = [&](const AccessorType& dex_member) {
419 if (dex_member.GetIndex() == member_index) {
420 flags = ApiList(dex_member.GetHiddenapiFlags());
421 }
422 };
423 VisitMembers(declaring_class->GetDexFile(), *class_def, fn_visit);
424 }
425 } else {
426 // Class was redefined using JVMTI. We have a pointer to the original dex file
427 // and the class def index of this class in that dex file, but the field/method
428 // indices are lost. Iterate over all members of the class def and find the one
429 // corresponding to this `member` by name and type string comparison.
430 // This is obviously very slow, but it is only used when non-exempt code tries
431 // to access a hidden member of a JVMTI-redefined class.
432 uint16_t class_def_idx = ext->GetPreRedefineClassDefIndex();
433 DCHECK_NE(class_def_idx, DexFile::kDexNoIndex16);
434 const dex::ClassDef& original_class_def = original_dex->GetClassDef(class_def_idx);
435 MemberSignature member_signature(member);
436 auto fn_visit = [&](const AccessorType& dex_member) {
437 MemberSignature cur_signature(dex_member);
438 if (member_signature.MemberNameAndTypeMatch(cur_signature)) {
439 DCHECK(member_signature.Equals(cur_signature));
440 flags = ApiList(dex_member.GetHiddenapiFlags());
441 }
442 };
443 VisitMembers(*original_dex, original_class_def, fn_visit);
444 }
445
446 CHECK(flags.IsValid()) << "Could not find hiddenapi flags for "
447 << Dumpable<MemberSignature>(MemberSignature(member));
448 return flags.GetDexFlags();
449 }
450
451 template<typename T>
HandleCorePlatformApiViolation(T * member,const AccessContext & caller_context,AccessMethod access_method,EnforcementPolicy policy)452 bool HandleCorePlatformApiViolation(T* member,
453 const AccessContext& caller_context,
454 AccessMethod access_method,
455 EnforcementPolicy policy) {
456 DCHECK(policy != EnforcementPolicy::kDisabled)
457 << "Should never enter this function when access checks are completely disabled";
458
459 if (access_method != AccessMethod::kNone) {
460 LOG(WARNING) << "Core platform API violation: "
461 << Dumpable<MemberSignature>(MemberSignature(member))
462 << " from " << caller_context << " using " << access_method;
463
464 // If policy is set to just warn, add kAccCorePlatformApi to access flags of
465 // `member` to avoid reporting the violation again next time.
466 if (policy == EnforcementPolicy::kJustWarn) {
467 MaybeUpdateAccessFlags(Runtime::Current(), member, kAccCorePlatformApi);
468 }
469 }
470
471 // Deny access if enforcement is enabled.
472 return policy == EnforcementPolicy::kEnabled;
473 }
474
475 template<typename T>
ShouldDenyAccessToMemberImpl(T * member,ApiList api_list,AccessMethod access_method)476 bool ShouldDenyAccessToMemberImpl(T* member, ApiList api_list, AccessMethod access_method) {
477 DCHECK(member != nullptr);
478 Runtime* runtime = Runtime::Current();
479
480 EnforcementPolicy hiddenApiPolicy = runtime->GetHiddenApiEnforcementPolicy();
481 DCHECK(hiddenApiPolicy != EnforcementPolicy::kDisabled)
482 << "Should never enter this function when access checks are completely disabled";
483
484 MemberSignature member_signature(member);
485
486 // Check for an exemption first. Exempted APIs are treated as white list.
487 if (member_signature.DoesPrefixMatchAny(runtime->GetHiddenApiExemptions())) {
488 // Avoid re-examining the exemption list next time.
489 // Note this results in no warning for the member, which seems like what one would expect.
490 // Exemptions effectively adds new members to the whitelist.
491 MaybeUpdateAccessFlags(runtime, member, kAccPublicApi);
492 return false;
493 }
494
495 EnforcementPolicy testApiPolicy = runtime->GetTestApiEnforcementPolicy();
496
497 bool deny_access = false;
498 if (hiddenApiPolicy == EnforcementPolicy::kEnabled) {
499 if (testApiPolicy == EnforcementPolicy::kDisabled && api_list.IsTestApi()) {
500 deny_access = false;
501 } else {
502 switch (api_list.GetMaxAllowedSdkVersion()) {
503 case SdkVersion::kP:
504 deny_access = runtime->isChangeEnabled(kHideMaxtargetsdkPHiddenApis);
505 break;
506 case SdkVersion::kQ:
507 deny_access = runtime->isChangeEnabled(kHideMaxtargetsdkQHiddenApis);
508 break;
509 default:
510 deny_access = IsSdkVersionSetAndMoreThan(runtime->GetTargetSdkVersion(),
511 api_list.GetMaxAllowedSdkVersion());
512 }
513 }
514 }
515
516 if (access_method != AccessMethod::kNone) {
517 // Warn if non-greylisted signature is being accessed or it is not exempted.
518 if (deny_access || !member_signature.DoesPrefixMatchAny(kWarningExemptions)) {
519 // Print a log message with information about this class member access.
520 // We do this if we're about to deny access, or the app is debuggable.
521 if (kLogAllAccesses || deny_access || runtime->IsJavaDebuggable()) {
522 member_signature.WarnAboutAccess(access_method, api_list, deny_access);
523 }
524
525 // If there is a StrictMode listener, notify it about this violation.
526 member_signature.NotifyHiddenApiListener(access_method);
527 }
528
529 // If event log sampling is enabled, report this violation.
530 if (kIsTargetBuild && !kIsTargetLinux) {
531 uint32_t eventLogSampleRate = runtime->GetHiddenApiEventLogSampleRate();
532 // Assert that RAND_MAX is big enough, to ensure sampling below works as expected.
533 static_assert(RAND_MAX >= 0xffff, "RAND_MAX too small");
534 if (eventLogSampleRate != 0) {
535 const uint32_t sampled_value = static_cast<uint32_t>(std::rand()) & 0xffff;
536 if (sampled_value < eventLogSampleRate) {
537 member_signature.LogAccessToEventLog(sampled_value, access_method, deny_access);
538 }
539 }
540 }
541
542 // If this access was not denied, move the member into whitelist and skip
543 // the warning the next time the member is accessed.
544 if (!deny_access) {
545 MaybeUpdateAccessFlags(runtime, member, kAccPublicApi);
546 }
547 }
548
549 return deny_access;
550 }
551
552 // Need to instantiate these.
553 template uint32_t GetDexFlags<ArtField>(ArtField* member);
554 template uint32_t GetDexFlags<ArtMethod>(ArtMethod* member);
555 template bool HandleCorePlatformApiViolation(ArtField* member,
556 const AccessContext& caller_context,
557 AccessMethod access_method,
558 EnforcementPolicy policy);
559 template bool HandleCorePlatformApiViolation(ArtMethod* member,
560 const AccessContext& caller_context,
561 AccessMethod access_method,
562 EnforcementPolicy policy);
563 template bool ShouldDenyAccessToMemberImpl<ArtField>(ArtField* member,
564 ApiList api_list,
565 AccessMethod access_method);
566 template bool ShouldDenyAccessToMemberImpl<ArtMethod>(ArtMethod* member,
567 ApiList api_list,
568 AccessMethod access_method);
569 } // namespace detail
570
571 } // namespace hiddenapi
572 } // namespace art
573