From b7f00ed2afbd804906a8336dfef62ed10a74d0ef Mon Sep 17 00:00:00 2001 From: David Brazdil Date: Mon, 22 Jan 2018 19:53:18 +0000 Subject: [PATCH] Apply hiddenapi build tool on boot jars Restrictions on usage of private APIs require encoding new information into the dex files of the boot class path. ART now contains a new build tool called `hiddenapi` which takes three lists of class member signatures (blacklist, light and dark greylist), finds the class members in their respective dex files and modifies their access flags in place. This patch invokes the `hiddenapi` tool on all JARs in PRODUCT_BOOT_JARS. For Java libraries built with Makefiles the tool is invoked after the dexer directly on DEX files. For Soong-built libraries, the build system has to unzip the JAR produced by Soong, apply `hiddenapi` and rezip again. This is due to the fact that the PRODUCT_BOOT_JARS variable is not available to Soong. Bug: 64382372 Test: m Change-Id: I6ce897d204459c8b6f46ed49e0909ff76c08a9ed --- core/config.mk | 1 + core/definitions.mk | 31 +++++++++++++++++++++++++++++++ core/java.mk | 10 +++++++++- core/soong_java_prebuilt.mk | 6 +++++- 4 files changed, 46 insertions(+), 2 deletions(-) diff --git a/core/config.mk b/core/config.mk index dea3f8fc78..6883d20e05 100644 --- a/core/config.mk +++ b/core/config.mk @@ -686,6 +686,7 @@ BRILLO_UPDATE_PAYLOAD := $(HOST_OUT_EXECUTABLES)/brillo_update_payload DEXDUMP := $(HOST_OUT_EXECUTABLES)/dexdump2$(BUILD_EXECUTABLE_SUFFIX) PROFMAN := $(HOST_OUT_EXECUTABLES)/profman +HIDDENAPI := $(HOST_OUT_EXECUTABLES)/hiddenapi # relocation packer RELOCATION_PACKER := prebuilts/misc/$(BUILD_OS)-$(HOST_PREBUILT_ARCH)/relocation_packer/relocation_packer diff --git a/core/definitions.mk b/core/definitions.mk index 1236bf5835..64882d91c4 100644 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -2802,6 +2802,37 @@ done \ fi endef +define hiddenapi-copy-dex-files +$(2): $(1) $(HIDDENAPI) $(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) \ + $(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST) $(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST) + @rm -rf $(dir $(2)) + @mkdir -p $(dir $(2)) + find $(dir $(1)) -maxdepth 1 -name "classes*.dex" | sort | \ + xargs -I{} cp -f {} $(dir $(2)) + find $(dir $(2)) -name "classes*.dex" | sort | sed 's/^/--dex=/' | \ + xargs $(HIDDENAPI) --light-greylist=$(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) \ + --dark-greylist=$(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST) \ + --blacklist=$(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST) +endef + +define hiddenapi-copy-soong-jar +$(2): PRIVATE_FOLDER := $(dir $(2))dex-hiddenapi +$(2): $(1) $(HIDDENAPI) $(SOONG_ZIP) $(MERGE_ZIPS) $(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) \ + $(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST) $(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST) + @echo "Hidden API: $$@" + $$(copy-file-to-target) + @rm -rf $${PRIVATE_FOLDER} + @mkdir -p $${PRIVATE_FOLDER} + unzip -q $(2) 'classes*.dex' -d $${PRIVATE_FOLDER} + find $${PRIVATE_FOLDER} -name "classes*.dex" | sort | sed 's/^/--dex=/' | \ + xargs $(HIDDENAPI) --light-greylist=$(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) \ + --dark-greylist=$(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST) \ + --blacklist=$(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST) + $(SOONG_ZIP) -o $${PRIVATE_FOLDER}/classes.dex.jar -C $${PRIVATE_FOLDER} -D $${PRIVATE_FOLDER} + $(MERGE_ZIPS) -D -zipToNotStrip $${PRIVATE_FOLDER}/classes.dex.jar -stripFile "classes*.dex" \ + $(2) $${PRIVATE_FOLDER}/classes.dex.jar $(1) +endef + ########################################################### ## Commands to call Proguard ########################################################### diff --git a/core/java.mk b/core/java.mk index ee071c9324..6f5dce4ce6 100644 --- a/core/java.mk +++ b/core/java.mk @@ -73,6 +73,7 @@ full_classes_jarjar_jar := $(intermediates.COMMON)/classes-jarjar.jar full_classes_proguard_jar := $(intermediates.COMMON)/classes-proguard.jar full_classes_combined_jar := $(intermediates.COMMON)/classes-combined.jar built_dex_intermediate := $(intermediates.COMMON)/dex/classes.dex +built_dex_hiddenapi := $(intermediates.COMMON)/dex-hiddenapi/classes.dex full_classes_stubs_jar := $(intermediates.COMMON)/stubs.jar java_source_list_file := $(intermediates.COMMON)/java-source-list @@ -762,7 +763,14 @@ else endif endif -$(built_dex): $(built_dex_intermediate) +ifneq ($(filter $(LOCAL_MODULE),$(PRODUCT_BOOT_JARS)),) # is_boot_jar + $(eval $(call hiddenapi-copy-dex-files,$(built_dex_intermediate),$(built_dex_hiddenapi))) + built_dex_copy_from := $(built_dex_hiddenapi) +else # !is_boot_jar + built_dex_copy_from := $(built_dex_intermediate) +endif # is_boot_jar + +$(built_dex): $(built_dex_copy_from) @echo Copying: $@ $(hide) mkdir -p $(dir $@) $(hide) rm -f $(dir $@)/classes*.dex diff --git a/core/soong_java_prebuilt.mk b/core/soong_java_prebuilt.mk index 6cf94229cb..5c2d768bb0 100644 --- a/core/soong_java_prebuilt.mk +++ b/core/soong_java_prebuilt.mk @@ -40,7 +40,11 @@ endif # TURBINE_DISABLED != false ifdef LOCAL_SOONG_DEX_JAR ifndef LOCAL_IS_HOST_MODULE - $(eval $(call copy-one-file,$(LOCAL_SOONG_DEX_JAR),$(common_javalib.jar))) + ifneq ($(filter $(LOCAL_MODULE),$(PRODUCT_BOOT_JARS)),) # is_boot_jar + $(eval $(call hiddenapi-copy-soong-jar,$(LOCAL_SOONG_DEX_JAR),$(common_javalib.jar))) + else # !is_boot_jar + $(eval $(call copy-one-file,$(LOCAL_SOONG_DEX_JAR),$(common_javalib.jar))) + endif # is_boot_jar $(eval $(call add-dependency,$(common_javalib.jar),$(full_classes_jar) $(full_classes_header_jar))) dex_preopt_profile_src_file := $(common_javalib.jar)