1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "sdk_checker.h"
18 
19 #include "art_method-inl.h"
20 #include "base/utils.h"
21 #include "dex/art_dex_file_loader.h"
22 #include "mirror/class-inl.h"
23 
24 namespace art {
25 
SdkChecker()26 SdkChecker::SdkChecker() : enabled_(true) {}
27 
Create(const std::string & public_sdk,std::string * error_msg)28 SdkChecker* SdkChecker::Create(
29     const std::string& public_sdk, std::string* error_msg) {
30   std::vector<std::string> dex_file_paths;
31   Split(public_sdk, ':', &dex_file_paths);
32 
33   ArtDexFileLoader dex_loader;
34 
35   std::unique_ptr<SdkChecker> sdk_checker(new SdkChecker());
36   for (const std::string& path : dex_file_paths) {
37     if (!dex_loader.Open(path.c_str(),
38                          path,
39                          /*verify=*/ true,
40                          /*verify_checksum*/ false,
41                          error_msg,
42                          &sdk_checker->sdk_dex_files_)) {
43       return nullptr;
44     }
45   }
46   return sdk_checker.release();
47 }
48 
ShouldDenyAccess(ArtMethod * art_method) const49 bool SdkChecker::ShouldDenyAccess(ArtMethod* art_method) const {
50   if (!enabled_) {
51     return false;
52   }
53 
54   bool found = false;
55   for (const std::unique_ptr<const DexFile>& dex_file : sdk_dex_files_) {
56     const dex::TypeId* declaring_type_id =
57         dex_file->FindTypeId(art_method->GetDeclaringClassDescriptor());
58     if (declaring_type_id == nullptr) {
59       continue;
60     }
61     const dex::StringId* name_id = dex_file->FindStringId(art_method->GetName());
62     if (name_id == nullptr) {
63       continue;
64     }
65 
66     dex::TypeIndex return_type_idx;
67     std::vector<dex::TypeIndex> param_type_idxs;
68     if (!dex_file->CreateTypeList(
69             art_method->GetSignature().ToString().c_str(),
70             &return_type_idx,
71             &param_type_idxs)) {
72       continue;
73     }
74     const dex::ProtoId* proto_id = dex_file->FindProtoId(return_type_idx, param_type_idxs);
75     if (proto_id == nullptr) {
76       continue;
77     }
78 
79     const dex::MethodId* method_id =
80         dex_file->FindMethodId(*declaring_type_id, *name_id, *proto_id);
81     if (method_id != nullptr) {
82       found = true;
83       break;
84     }
85   }
86 
87   if (!found) {
88     VLOG(verifier) << "Deny for " << art_method->PrettyMethod(true);
89   }
90 
91   // Deny access if we didn't find the descriptor in the public api dex files.
92   return !found;
93 }
94 
ShouldDenyAccess(ArtField * art_field) const95 bool SdkChecker::ShouldDenyAccess(ArtField* art_field) const {
96   if (!enabled_) {
97     return false;
98   }
99 
100   bool found = false;
101   for (const std::unique_ptr<const DexFile>& dex_file : sdk_dex_files_) {
102     std::string declaring_class;
103 
104     const dex::TypeId* declaring_type_id = dex_file->FindTypeId(
105         art_field->GetDeclaringClass()->GetDescriptor(&declaring_class));
106     if (declaring_type_id == nullptr) {
107       continue;
108     }
109     const dex::StringId* name_id = dex_file->FindStringId(art_field->GetName());
110     if (name_id == nullptr) {
111       continue;
112     }
113     const dex::TypeId* type_id = dex_file->FindTypeId(art_field->GetTypeDescriptor());
114     if (type_id == nullptr) {
115       continue;
116     }
117 
118     const dex::FieldId* field_id = dex_file->FindFieldId(*declaring_type_id, *name_id, *type_id);
119     if (field_id != nullptr) {
120       found = true;
121       break;
122     }
123   }
124 
125   if (!found) {
126     VLOG(verifier) << "Deny for " << ArtField::PrettyField(art_field, true);
127   }
128 
129   // Deny access if we didn't find the descriptor in the public api dex files.
130   return !found;
131 }
132 
ShouldDenyAccess(const char * descriptor) const133 bool SdkChecker::ShouldDenyAccess(const char* descriptor) const {
134   if (!enabled_) {
135     return false;
136   }
137 
138   bool found = false;
139   for (const std::unique_ptr<const DexFile>& dex_file : sdk_dex_files_) {
140     const dex::TypeId* type_id = dex_file->FindTypeId(descriptor);
141     if (type_id != nullptr) {
142       dex::TypeIndex type_idx = dex_file->GetIndexForTypeId(*type_id);
143       if (dex_file->FindClassDef(type_idx) != nullptr) {
144         found = true;
145         break;
146       }
147     }
148   }
149 
150   if (!found) {
151     VLOG(verifier) << "Deny for " << descriptor;
152   }
153 
154   // Deny access if we didn't find the descriptor in the public api dex files.
155   return !found;
156 }
157 
158 }  // namespace art
159