Assign conscrypt to core-platform hiddenapi domain
Conscrypt accesses internals of libcore, assign it to core-platform
domain accordingly.
Bug: 125701194
Bug: 119068555
Bug: 127269864
Test: compiles, boots, no violations conscrypt
Change-Id: I3ee26d8cebcc9c74bd9f3e6e03278378efe9db43
diff --git a/libartbase/base/file_utils.cc b/libartbase/base/file_utils.cc
index 9e49d05..1f8457a 100644
--- a/libartbase/base/file_utils.cc
+++ b/libartbase/base/file_utils.cc
@@ -68,6 +68,8 @@
static constexpr const char* kApexDefaultPath = "/apex/";
static constexpr const char* kRuntimeApexEnvVar = "ANDROID_RUNTIME_ROOT";
static constexpr const char* kRuntimeApexDefaultPath = "/apex/com.android.runtime";
+static constexpr const char* kConscryptApexEnvVar = "ANDROID_CONSCRYPT_ROOT";
+static constexpr const char* kConscryptApexDefaultPath = "/apex/com.android.conscrypt";
bool ReadFileToString(const std::string& file_name, std::string* result) {
File file(file_name, O_RDONLY, false);
@@ -285,15 +287,23 @@
}
}
-bool LocationIsOnRuntimeModule(const char* full_path) {
+static bool IsLocationOnModule(const char* full_path,
+ const char* env_var,
+ const char* default_path) {
std::string error_msg;
- const char* runtime_path = GetAndroidDirSafe(kRuntimeApexEnvVar,
- kRuntimeApexDefaultPath,
- &error_msg);
- if (runtime_path == nullptr) {
+ const char* module_path = GetAndroidDirSafe(env_var, default_path, &error_msg);
+ if (module_path == nullptr) {
return false;
}
- return android::base::StartsWith(full_path, runtime_path);
+ return android::base::StartsWith(full_path, module_path);
+}
+
+bool LocationIsOnRuntimeModule(const char* full_path) {
+ return IsLocationOnModule(full_path, kRuntimeApexEnvVar, kRuntimeApexDefaultPath);
+}
+
+bool LocationIsOnConscryptModule(const char* full_path) {
+ return IsLocationOnModule(full_path, kConscryptApexEnvVar, kConscryptApexDefaultPath);
}
bool LocationIsOnApex(const char* full_path) {
diff --git a/libartbase/base/file_utils.h b/libartbase/base/file_utils.h
index 88dcbea..1da19c8 100644
--- a/libartbase/base/file_utils.h
+++ b/libartbase/base/file_utils.h
@@ -78,6 +78,9 @@
// Return whether the location is on /apex/com.android.runtime
bool LocationIsOnRuntimeModule(const char* location);
+// Return whether the location is on /apex/com.android.conscrypt
+bool LocationIsOnConscryptModule(const char* location);
+
// Return whether the location is on system (i.e. android root).
bool LocationIsOnSystem(const char* location);
diff --git a/libdexfile/dex/art_dex_file_loader.cc b/libdexfile/dex/art_dex_file_loader.cc
index 180ed7b..0854b76 100644
--- a/libdexfile/dex/art_dex_file_loader.cc
+++ b/libdexfile/dex/art_dex_file_loader.cc
@@ -544,7 +544,7 @@
// Location can contain multidex suffix, so fetch its canonical version. Note
// that this will call `realpath`.
std::string path = DexFileLoader::GetDexCanonicalLocation(location.c_str());
- if (LocationIsOnRuntimeModule(path.c_str())) {
+ if (LocationIsOnRuntimeModule(path.c_str()) || LocationIsOnConscryptModule(path.c_str())) {
dex_file->SetHiddenapiDomain(hiddenapi::Domain::kCorePlatform);
} else if (LocationIsOnApex(path.c_str()) || LocationIsOnSystemFramework(path.c_str())) {
dex_file->SetHiddenapiDomain(hiddenapi::Domain::kPlatform);
