Apply hiddenapi build tool on boot jars
Restrictions on usage of private APIs require encoding new information into the dex files of the boot class path. ART now contains a new build tool called `hiddenapi` which takes three lists of class member signatures (blacklist, light and dark greylist), finds the class members in their respective dex files and modifies their access flags in place. This patch invokes the `hiddenapi` tool on all JARs in PRODUCT_BOOT_JARS. For Java libraries built with Makefiles the tool is invoked after the dexer directly on DEX files. For Soong-built libraries, the build system has to unzip the JAR produced by Soong, apply `hiddenapi` and rezip again. This is due to the fact that the PRODUCT_BOOT_JARS variable is not available to Soong. Bug: 64382372 Test: m Change-Id: I6ce897d204459c8b6f46ed49e0909ff76c08a9ed
This commit is contained in:
David Brazdil
parent
f90b7e1948
commit
b7f00ed2af
4 changed files with 46 additions and 2 deletions
|
|
@ -686,6 +686,7 @@ BRILLO_UPDATE_PAYLOAD := $(HOST_OUT_EXECUTABLES)/brillo_update_payload
|
|||
|
||||
DEXDUMP := $(HOST_OUT_EXECUTABLES)/dexdump2$(BUILD_EXECUTABLE_SUFFIX)
|
||||
PROFMAN := $(HOST_OUT_EXECUTABLES)/profman
|
||||
HIDDENAPI := $(HOST_OUT_EXECUTABLES)/hiddenapi
|
||||
|
||||
# relocation packer
|
||||
RELOCATION_PACKER := prebuilts/misc/$(BUILD_OS)-$(HOST_PREBUILT_ARCH)/relocation_packer/relocation_packer
|
||||
|
|
|
|||
|
|
@ -2802,6 +2802,37 @@ done \
|
|||
fi
|
||||
endef
|
||||
|
||||
define hiddenapi-copy-dex-files
|
||||
$(2): $(1) $(HIDDENAPI) $(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) \
|
||||
$(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST) $(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST)
|
||||
@rm -rf $(dir $(2))
|
||||
@mkdir -p $(dir $(2))
|
||||
find $(dir $(1)) -maxdepth 1 -name "classes*.dex" | sort | \
|
||||
xargs -I{} cp -f {} $(dir $(2))
|
||||
find $(dir $(2)) -name "classes*.dex" | sort | sed 's/^/--dex=/' | \
|
||||
xargs $(HIDDENAPI) --light-greylist=$(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) \
|
||||
--dark-greylist=$(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST) \
|
||||
--blacklist=$(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST)
|
||||
endef
|
||||
|
||||
define hiddenapi-copy-soong-jar
|
||||
$(2): PRIVATE_FOLDER := $(dir $(2))dex-hiddenapi
|
||||
$(2): $(1) $(HIDDENAPI) $(SOONG_ZIP) $(MERGE_ZIPS) $(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) \
|
||||
$(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST) $(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST)
|
||||
@echo "Hidden API: $$@"
|
||||
$$(copy-file-to-target)
|
||||
@rm -rf $${PRIVATE_FOLDER}
|
||||
@mkdir -p $${PRIVATE_FOLDER}
|
||||
unzip -q $(2) 'classes*.dex' -d $${PRIVATE_FOLDER}
|
||||
find $${PRIVATE_FOLDER} -name "classes*.dex" | sort | sed 's/^/--dex=/' | \
|
||||
xargs $(HIDDENAPI) --light-greylist=$(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) \
|
||||
--dark-greylist=$(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST) \
|
||||
--blacklist=$(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST)
|
||||
$(SOONG_ZIP) -o $${PRIVATE_FOLDER}/classes.dex.jar -C $${PRIVATE_FOLDER} -D $${PRIVATE_FOLDER}
|
||||
$(MERGE_ZIPS) -D -zipToNotStrip $${PRIVATE_FOLDER}/classes.dex.jar -stripFile "classes*.dex" \
|
||||
$(2) $${PRIVATE_FOLDER}/classes.dex.jar $(1)
|
||||
endef
|
||||
|
||||
###########################################################
|
||||
## Commands to call Proguard
|
||||
###########################################################
|
||||
|
|
|
|||
10
core/java.mk
10
core/java.mk
|
|
@ -73,6 +73,7 @@ full_classes_jarjar_jar := $(intermediates.COMMON)/classes-jarjar.jar
|
|||
full_classes_proguard_jar := $(intermediates.COMMON)/classes-proguard.jar
|
||||
full_classes_combined_jar := $(intermediates.COMMON)/classes-combined.jar
|
||||
built_dex_intermediate := $(intermediates.COMMON)/dex/classes.dex
|
||||
built_dex_hiddenapi := $(intermediates.COMMON)/dex-hiddenapi/classes.dex
|
||||
full_classes_stubs_jar := $(intermediates.COMMON)/stubs.jar
|
||||
java_source_list_file := $(intermediates.COMMON)/java-source-list
|
||||
|
||||
|
|
@ -762,7 +763,14 @@ else
|
|||
endif
|
||||
endif
|
||||
|
||||
$(built_dex): $(built_dex_intermediate)
|
||||
ifneq ($(filter $(LOCAL_MODULE),$(PRODUCT_BOOT_JARS)),) # is_boot_jar
|
||||
$(eval $(call hiddenapi-copy-dex-files,$(built_dex_intermediate),$(built_dex_hiddenapi)))
|
||||
built_dex_copy_from := $(built_dex_hiddenapi)
|
||||
else # !is_boot_jar
|
||||
built_dex_copy_from := $(built_dex_intermediate)
|
||||
endif # is_boot_jar
|
||||
|
||||
$(built_dex): $(built_dex_copy_from)
|
||||
@echo Copying: $@
|
||||
$(hide) mkdir -p $(dir $@)
|
||||
$(hide) rm -f $(dir $@)/classes*.dex
|
||||
|
|
|
|||
|
|
@ -40,7 +40,11 @@ endif # TURBINE_DISABLED != false
|
|||
|
||||
ifdef LOCAL_SOONG_DEX_JAR
|
||||
ifndef LOCAL_IS_HOST_MODULE
|
||||
$(eval $(call copy-one-file,$(LOCAL_SOONG_DEX_JAR),$(common_javalib.jar)))
|
||||
ifneq ($(filter $(LOCAL_MODULE),$(PRODUCT_BOOT_JARS)),) # is_boot_jar
|
||||
$(eval $(call hiddenapi-copy-soong-jar,$(LOCAL_SOONG_DEX_JAR),$(common_javalib.jar)))
|
||||
else # !is_boot_jar
|
||||
$(eval $(call copy-one-file,$(LOCAL_SOONG_DEX_JAR),$(common_javalib.jar)))
|
||||
endif # is_boot_jar
|
||||
$(eval $(call add-dependency,$(common_javalib.jar),$(full_classes_jar) $(full_classes_header_jar)))
|
||||
|
||||
dex_preopt_profile_src_file := $(common_javalib.jar)
|
||||
|
|
|
|||
Loading…
Reference in a new issue