1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "sdk_checker.h"
18 
19 #include "art_method-inl.h"
20 #include "base/utils.h"
21 #include "dex/art_dex_file_loader.h"
22 #include "mirror/class-inl.h"
23 
24 namespace art HIDDEN {
25 
SdkChecker()26 SdkChecker::SdkChecker() : enabled_(true) {}
27 
Create(const std::string & public_sdk,std::string * error_msg)28 SdkChecker* SdkChecker::Create(const std::string& public_sdk, std::string* error_msg) {
29   std::vector<std::string> dex_file_paths;
30   Split(public_sdk, ':', &dex_file_paths);
31 
32   std::unique_ptr<SdkChecker> sdk_checker(new SdkChecker());
33   for (const std::string& path : dex_file_paths) {
34     DexFileLoader dex_file_loader(path);
35     if (!dex_file_loader.Open(/*verify=*/true,
36                               /*verify_checksum*/ false,
37                               error_msg,
38                               &sdk_checker->sdk_dex_files_)) {
39       return nullptr;
40     }
41   }
42   return sdk_checker.release();
43 }
44 
ShouldDenyAccess(ArtMethod * art_method) const45 bool SdkChecker::ShouldDenyAccess(ArtMethod* art_method) const {
46   if (!enabled_) {
47     return false;
48   }
49 
50   std::string_view declaring_class_descriptor = art_method->GetDeclaringClassDescriptorView();
51   const char* name = art_method->GetName();
52 
53   bool found = false;
54   for (const std::unique_ptr<const DexFile>& dex_file : sdk_dex_files_) {
55     const dex::TypeId* declaring_type_id = dex_file->FindTypeId(declaring_class_descriptor);
56     if (declaring_type_id == nullptr) {
57       continue;
58     }
59     const dex::StringId* name_id = dex_file->FindStringId(name);
60     if (name_id == nullptr) {
61       continue;
62     }
63 
64     dex::TypeIndex return_type_idx;
65     std::vector<dex::TypeIndex> param_type_idxs;
66     if (!dex_file->CreateTypeList(
67             art_method->GetSignature().ToString(), &return_type_idx, &param_type_idxs)) {
68       continue;
69     }
70     const dex::ProtoId* proto_id = dex_file->FindProtoId(return_type_idx, param_type_idxs);
71     if (proto_id == nullptr) {
72       continue;
73     }
74 
75     const dex::MethodId* method_id =
76         dex_file->FindMethodId(*declaring_type_id, *name_id, *proto_id);
77     if (method_id != nullptr) {
78       found = true;
79       break;
80     }
81   }
82 
83   if (!found) {
84     VLOG(verifier) << "Deny for " << art_method->PrettyMethod(true);
85   }
86 
87   // Deny access if we didn't find the descriptor in the public api dex files.
88   return !found;
89 }
90 
ShouldDenyAccess(ArtField * art_field) const91 bool SdkChecker::ShouldDenyAccess(ArtField* art_field) const {
92   if (!enabled_) {
93     return false;
94   }
95 
96   std::string_view declaring_class_descriptor = art_field->GetDeclaringClassDescriptorView();
97   const char* name = art_field->GetName();
98   std::string_view type_descriptor = art_field->GetTypeDescriptorView();
99 
100   bool found = false;
101   for (const std::unique_ptr<const DexFile>& dex_file : sdk_dex_files_) {
102     const dex::TypeId* declaring_type_id = dex_file->FindTypeId(declaring_class_descriptor);
103     if (declaring_type_id == nullptr) {
104       continue;
105     }
106     const dex::StringId* name_id = dex_file->FindStringId(name);
107     if (name_id == nullptr) {
108       continue;
109     }
110     const dex::TypeId* type_id = dex_file->FindTypeId(type_descriptor);
111     if (type_id == nullptr) {
112       continue;
113     }
114 
115     const dex::FieldId* field_id = dex_file->FindFieldId(*declaring_type_id, *name_id, *type_id);
116     if (field_id != nullptr) {
117       found = true;
118       break;
119     }
120   }
121 
122   if (!found) {
123     VLOG(verifier) << "Deny for " << ArtField::PrettyField(art_field, true);
124   }
125 
126   // Deny access if we didn't find the descriptor in the public api dex files.
127   return !found;
128 }
129 
ShouldDenyAccess(std::string_view descriptor) const130 bool SdkChecker::ShouldDenyAccess(std::string_view descriptor) const {
131   if (!enabled_) {
132     return false;
133   }
134 
135   bool found = false;
136   for (const std::unique_ptr<const DexFile>& dex_file : sdk_dex_files_) {
137     const dex::TypeId* type_id = dex_file->FindTypeId(descriptor);
138     if (type_id != nullptr) {
139       dex::TypeIndex type_idx = dex_file->GetIndexForTypeId(*type_id);
140       if (dex_file->FindClassDef(type_idx) != nullptr) {
141         found = true;
142         break;
143       }
144     }
145   }
146 
147   if (!found) {
148     VLOG(verifier) << "Deny for " << descriptor;
149   }
150 
151   // Deny access if we didn't find the descriptor in the public api dex files.
152   return !found;
153 }
154 
155 }  // namespace art
156