1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef ART_LIBARTBASE_BASE_HIDDENAPI_FLAGS_H_
18 #define ART_LIBARTBASE_BASE_HIDDENAPI_FLAGS_H_
19 
20 #include "sdk_version.h"
21 
22 #include <vector>
23 
24 #include "android-base/logging.h"
25 #include "base/bit_utils.h"
26 #include "base/dumpable.h"
27 #include "base/macros.h"
28 #include "base/hiddenapi_stubs.h"
29 
30 namespace art {
31 namespace hiddenapi {
32 
33 // Helper methods used inside ApiList. These were moved outside of the ApiList
34 // class so that they can be used in static_asserts. If they were inside, they
35 // would be part of an unfinished type.
36 namespace helper {
37   // Casts enum value to uint32_t.
38   template<typename T>
ToUint(T val)39   constexpr uint32_t ToUint(T val) { return static_cast<uint32_t>(val); }
40 
41   // Returns uint32_t with one bit set at an index given by an enum value.
42   template<typename T>
ToBit(T val)43   constexpr uint32_t ToBit(T val) { return 1u << ToUint(val); }
44 
45   // Returns a bit mask with `size` least significant bits set.
BitMask(uint32_t size)46   constexpr uint32_t BitMask(uint32_t size) { return (1u << size) - 1; }
47 
48   // Returns a bit mask formed from an enum defining kMin and kMax. The values
49   // are assumed to be indices of min/max bits and the resulting bitmask has
50   // bits [kMin, kMax] set.
51   template<typename T>
BitMask()52   constexpr uint32_t BitMask() {
53     return BitMask(ToUint(T::kMax) + 1) & (~BitMask(ToUint(T::kMin)));
54   }
55 
56   // Returns true if `val` is a bitwise subset of `mask`.
MatchesBitMask(uint32_t val,uint32_t mask)57   constexpr bool MatchesBitMask(uint32_t val, uint32_t mask) { return (val & mask) == val; }
58 
59   // Returns true if the uint32_t value of `val` is a bitwise subset of `mask`.
60   template<typename T>
MatchesBitMask(T val,uint32_t mask)61   constexpr bool MatchesBitMask(T val, uint32_t mask) { return MatchesBitMask(ToUint(val), mask); }
62 
63   // Returns the number of values defined in an enum, assuming the enum defines
64   // kMin and kMax and no integer values are skipped between them.
65   template<typename T>
NumValues()66   constexpr uint32_t NumValues() { return ToUint(T::kMax) - ToUint(T::kMin) + 1; }
67 
68   // Returns enum value at position i from enum list.
69   template <typename T>
GetEnumAt(uint32_t i)70   constexpr T GetEnumAt(uint32_t i) {
71     return static_cast<T>(ToUint(T::kMin) + i);
72   }
73 
74 }  // namespace helper
75 
76 /*
77  * This class represents the information whether a field/method is in
78  * public API (whitelist) or if it isn't, apps targeting which SDK
79  * versions are allowed to access it.
80  */
81 class ApiList {
82  private:
83   // Number of bits reserved for Value in dex flags, and the corresponding bit mask.
84   static constexpr uint32_t kValueBitSize = 4;
85   static constexpr uint32_t kValueBitMask = helper::BitMask(kValueBitSize);
86 
87   enum class Value : uint32_t {
88     // Values independent of target SDK version of app
89     kSdk =    0,
90     kUnsupported =     1,
91     kBlocked =    2,
92 
93     // Values dependent on target SDK version of app. Put these last as
94     // their list will be extended in future releases.
95     // The max release code implicitly includes all maintenance releases,
96     // e.g. MaxTargetO is accessible to targetSdkVersion <= 27 (O_MR1).
97     kMaxTargetO = 3,
98     kMaxTargetP = 4,
99     kMaxTargetQ = 5,
100     kMaxTargetR = 6,
101 
102     // Special values
103     kInvalid =      (static_cast<uint32_t>(-1) & kValueBitMask),
104     kMin =          kSdk,
105     kMax =          kMaxTargetR,
106   };
107 
108   // Additional bit flags after the first kValueBitSize bits in dex flags.
109   // These are used for domain-specific API.
110   enum class DomainApi : uint32_t {
111     kCorePlatformApi = kValueBitSize,
112     kTestApi = kValueBitSize + 1,
113 
114     // Special values
115     kMin =             kCorePlatformApi,
116     kMax =             kTestApi,
117   };
118 
119   // Bit mask of all domain API flags.
120   static constexpr uint32_t kDomainApiBitMask = helper::BitMask<DomainApi>();
121 
122   // Check that Values fit in the designated number of bits.
123   static_assert(kValueBitSize >= MinimumBitsToStore(helper::ToUint(Value::kMax)),
124                 "Not enough bits to store all ApiList values");
125 
126   // Checks that all Values are covered by kValueBitMask.
127   static_assert(helper::MatchesBitMask(Value::kMin, kValueBitMask));
128   static_assert(helper::MatchesBitMask(Value::kMax, kValueBitMask));
129 
130   // Assert that Value::kInvalid is larger than the maximum Value.
131   static_assert(helper::ToUint(Value::kMax) < helper::ToUint(Value::kInvalid));
132 
133   // Names corresponding to Values.
134   static constexpr const char* kValueNames[] = {
135     "sdk",
136     "unsupported",
137     "blocked",
138     "max-target-o",
139     "max-target-p",
140     "max-target-q",
141     "max-target-r",
142   };
143 
144   // A magic marker used by tests to mimic a hiddenapi list which doesn't exist
145   // yet.
146   static constexpr const char* kFutureValueName = "max-target-future";
147 
148   // Names corresponding to DomainApis.
149   static constexpr const char* kDomainApiNames[] {
150     "core-platform-api",
151     "test-api",
152   };
153 
154   // Maximum SDK versions allowed to access ApiList of given Value.
155   static constexpr SdkVersion kMaxSdkVersions[] {
156     /* sdk */ SdkVersion::kMax,
157     /* unsupported */ SdkVersion::kMax,
158     /* blocklist */ SdkVersion::kMin,
159     /* max-target-o */ SdkVersion::kO_MR1,
160     /* max-target-p */ SdkVersion::kP,
161     /* max-target-q */ SdkVersion::kQ,
162     /* max-target-r */ SdkVersion::kR,
163   };
164 
165   explicit ApiList(Value val, uint32_t domain_apis = 0u)
166       : dex_flags_(helper::ToUint(val) | domain_apis) {
167     DCHECK(GetValue() == val);
168     DCHECK_EQ(GetDomainApis(), domain_apis);
169   }
170 
ApiList(DomainApi val)171   explicit ApiList(DomainApi val) : ApiList(Value::kInvalid, helper::ToBit(val)) {}
172 
GetValue()173   Value GetValue() const {
174     uint32_t value = (dex_flags_ & kValueBitMask);
175 
176     // Treat all ones as invalid value
177     if (value == helper::ToUint(Value::kInvalid)) {
178       return Value::kInvalid;
179     } else if (value > helper::ToUint(Value::kMax)) {
180       // For future unknown flag values, return unsupported.
181       return Value::kUnsupported;
182     } else {
183       DCHECK_GE(value, helper::ToUint(Value::kMin));
184       return static_cast<Value>(value);
185     }
186   }
187 
GetDomainApis()188   uint32_t GetDomainApis() const { return (dex_flags_ & kDomainApiBitMask); }
189 
190   uint32_t dex_flags_;
191 
192  public:
ApiList()193   ApiList() : ApiList(Value::kInvalid) {}
194 
ApiList(uint32_t dex_flags)195   explicit ApiList(uint32_t dex_flags) : dex_flags_(dex_flags) {
196     DCHECK_EQ(dex_flags_, (dex_flags_ & kValueBitMask) | (dex_flags_ & kDomainApiBitMask));
197   }
198 
199   // Helpers for conveniently constructing ApiList instances.
Sdk()200   static ApiList Sdk() { return ApiList(Value::kSdk); }
Unsupported()201   static ApiList Unsupported() { return ApiList(Value::kUnsupported); }
Blocked()202   static ApiList Blocked() { return ApiList(Value::kBlocked); }
MaxTargetO()203   static ApiList MaxTargetO() { return ApiList(Value::kMaxTargetO); }
MaxTargetP()204   static ApiList MaxTargetP() { return ApiList(Value::kMaxTargetP); }
MaxTargetQ()205   static ApiList MaxTargetQ() { return ApiList(Value::kMaxTargetQ); }
MaxTargetR()206   static ApiList MaxTargetR() { return ApiList(Value::kMaxTargetR); }
CorePlatformApi()207   static ApiList CorePlatformApi() { return ApiList(DomainApi::kCorePlatformApi); }
TestApi()208   static ApiList TestApi() { return ApiList(DomainApi::kTestApi); }
209 
GetDexFlags()210   uint32_t GetDexFlags() const { return dex_flags_; }
GetIntValue()211   uint32_t GetIntValue() const { return helper::ToUint(GetValue()) - helper::ToUint(Value::kMin); }
212 
213   // Returns the ApiList with a flag of a given name, or an empty ApiList if not matched.
FromName(const std::string & str)214   static ApiList FromName(const std::string& str) {
215     for (uint32_t i = 0; i < kValueCount; ++i) {
216       if (str == kValueNames[i]) {
217         return ApiList(helper::GetEnumAt<Value>(i));
218       }
219     }
220     for (uint32_t i = 0; i < kDomainApiCount; ++i) {
221       if (str == kDomainApiNames[i]) {
222         return ApiList(helper::GetEnumAt<DomainApi>(i));
223       }
224     }
225     if (str == kFutureValueName) {
226       static_assert(helper::ToUint(Value::kMax) + 1 < helper::ToUint(Value::kInvalid));
227       return ApiList(helper::ToUint(Value::kMax) + 1);
228     }
229     return ApiList();
230   }
231 
232   // Parses a vector of flag names into a single ApiList value. If successful,
233   // returns true and assigns the new ApiList to `out_api_list`.
FromNames(std::vector<std::string>::iterator begin,std::vector<std::string>::iterator end,ApiList * out_api_list)234   static bool FromNames(std::vector<std::string>::iterator begin,
235                         std::vector<std::string>::iterator end,
236                         /* out */ ApiList* out_api_list) {
237     ApiList api_list;
238     for (std::vector<std::string>::iterator it = begin; it != end; it++) {
239       ApiList current = FromName(*it);
240       if (current.IsEmpty() || !api_list.CanCombineWith(current)) {
241         if (ApiStubs::IsStubsFlag(*it)) {
242         // Ignore flags which correspond to the stubs from where the api
243         // originates (i.e. system-api, test-api, public-api), as they are not
244         // relevant at runtime
245           continue;
246         }
247         return false;
248       }
249       api_list |= current;
250     }
251     if (out_api_list != nullptr) {
252       *out_api_list = api_list;
253     }
254     return true;
255   }
256 
257   // Clamp a max-target-* up to the given maxSdk; if the given api list is higher than
258   // maxSdk, return unsupported instead.
CoerceAtMost(const std::string & name,const std::string & maxSdk)259   static std::string CoerceAtMost(const std::string& name, const std::string& maxSdk) {
260     const auto apiListToClamp = FromName(name);
261     // If the api list is a domain instead, return it unmodified.
262     if (!apiListToClamp.IsValid()) {
263       return name;
264     }
265     const auto maxApiList = FromName(maxSdk);
266     CHECK(maxApiList.IsValid()) << "invalid api list name " << maxSdk;
267     if (apiListToClamp > maxApiList) {
268       return kValueNames[Unsupported().GetIntValue()];
269     }
270     return name;
271   }
272 
273   bool operator==(const ApiList& other) const { return dex_flags_ == other.dex_flags_; }
274   bool operator!=(const ApiList& other) const { return !(*this == other); }
275   bool operator<(const ApiList& other) const { return dex_flags_ < other.dex_flags_; }
276   bool operator>(const ApiList& other) const { return dex_flags_ > other.dex_flags_; }
277 
278   // Returns true if combining this ApiList with `other` will succeed.
CanCombineWith(const ApiList & other)279   bool CanCombineWith(const ApiList& other) const {
280     const Value val1 = GetValue();
281     const Value val2 = other.GetValue();
282     return (val1 == val2) || (val1 == Value::kInvalid) || (val2 == Value::kInvalid);
283   }
284 
285   // Combine two ApiList instances.
286   ApiList operator|(const ApiList& other) {
287     // DomainApis are not mutually exclusive. Simply OR them.
288     const uint32_t domain_apis = GetDomainApis() | other.GetDomainApis();
289 
290     // Values are mutually exclusive. Check if `this` and `other` have the same Value
291     // or if at most one is set.
292     const Value val1 = GetValue();
293     const Value val2 = other.GetValue();
294     if (val1 == val2) {
295       return ApiList(val1, domain_apis);
296     } else if (val1 == Value::kInvalid) {
297       return ApiList(val2, domain_apis);
298     } else if (val2 == Value::kInvalid) {
299       return ApiList(val1, domain_apis);
300     } else {
301       LOG(FATAL) << "Invalid combination of values " << Dumpable(ApiList(val1))
302           << " and " << Dumpable(ApiList(val2));
303       UNREACHABLE();
304     }
305   }
306 
307   const ApiList& operator|=(const ApiList& other) {
308     (*this) = (*this) | other;
309     return *this;
310   }
311 
312   // Returns true if all flags set in `other` are also set in `this`.
Contains(const ApiList & other)313   bool Contains(const ApiList& other) const {
314     return ((other.GetValue() == Value::kInvalid) || (GetValue() == other.GetValue())) &&
315            helper::MatchesBitMask(other.GetDomainApis(), GetDomainApis());
316   }
317 
318   // Returns true whether the configuration is valid for runtime use.
IsValid()319   bool IsValid() const { return GetValue() != Value::kInvalid; }
320 
321   // Returns true when no ApiList is specified and no domain_api flags either.
IsEmpty()322   bool IsEmpty() const { return (GetValue() == Value::kInvalid) && (GetDomainApis() == 0); }
323 
324   // Returns true if the ApiList is on blocklist.
IsBlocked()325   bool IsBlocked() const {
326     return GetValue() == Value::kBlocked;
327   }
328 
329   // Returns true if the ApiList is a test API.
IsTestApi()330   bool IsTestApi() const {
331     return helper::MatchesBitMask(helper::ToBit(DomainApi::kTestApi), dex_flags_);
332   }
333 
334   // Returns the maximum target SDK version allowed to access this ApiList.
GetMaxAllowedSdkVersion()335   SdkVersion GetMaxAllowedSdkVersion() const { return kMaxSdkVersions[GetIntValue()]; }
336 
Dump(std::ostream & os)337   void Dump(std::ostream& os) const {
338     bool is_first = true;
339 
340     if (IsEmpty()) {
341       os << "invalid";
342       return;
343     }
344 
345     if (GetValue() != Value::kInvalid) {
346       os << kValueNames[GetIntValue()];
347       is_first = false;
348     }
349 
350     const uint32_t domain_apis = GetDomainApis();
351     for (uint32_t i = 0; i < kDomainApiCount; i++) {
352       if (helper::MatchesBitMask(helper::ToBit(helper::GetEnumAt<DomainApi>(i)), domain_apis)) {
353         if (is_first) {
354           is_first = false;
355         } else {
356           os << ",";
357         }
358         os << kDomainApiNames[i];
359       }
360     }
361 
362     DCHECK_EQ(IsEmpty(), is_first);
363   }
364 
365   // Number of valid enum values in Value.
366   static constexpr uint32_t kValueCount = helper::NumValues<Value>();
367   // Number of valid enum values in DomainApi.
368   static constexpr uint32_t kDomainApiCount = helper::NumValues<DomainApi>();
369   // Total number of possible enum values, including invalid, in Value.
370   static constexpr uint32_t kValueSize = (1u << kValueBitSize) + 1;
371 
372   // Check min and max values are calculated correctly.
373   static_assert(Value::kMin == helper::GetEnumAt<Value>(0));
374   static_assert(Value::kMax == helper::GetEnumAt<Value>(kValueCount - 1));
375 
376   static_assert(DomainApi::kMin == helper::GetEnumAt<DomainApi>(0));
377   static_assert(DomainApi::kMax == helper::GetEnumAt<DomainApi>(kDomainApiCount - 1));
378 };
379 
380 inline std::ostream& operator<<(std::ostream& os, ApiList value) {
381   value.Dump(os);
382   return os;
383 }
384 
385 }  // namespace hiddenapi
386 }  // namespace art
387 
388 
389 #endif  // ART_LIBARTBASE_BASE_HIDDENAPI_FLAGS_H_
390