diff options
| author | Orion Hodson <oth@google.com> | 2021-07-01 12:12:40 +0100 |
|---|---|---|
| committer | Orion Hodson <oth@google.com> | 2021-07-01 12:12:40 +0100 |
| commit | 2b12e7c84a89f71e3869d8f0186d1946b8703081 (patch) | |
| tree | ed3cb64cbe581326cbc80dd90a29a812eceb3a1a | |
| parent | 7716e351eab610e41e454624937f8f1839aba027 (diff) | |
| download | native-2b12e7c84a89f71e3869d8f0186d1946b8703081.tar.gz | |
installd: pass verification state from odsign to ART tools
Bug: 192049377
Test: manual
Change-Id: I10094499b6141e134cb873d6c6590a1731e5910b
| -rw-r--r-- | cmds/installd/dexopt.cpp | 16 | ||||
| -rw-r--r-- | cmds/installd/run_dex2oat.cpp | 7 |
2 files changed, 23 insertions, 0 deletions
diff --git a/cmds/installd/dexopt.cpp b/cmds/installd/dexopt.cpp index 15f0c5b75c..cd5c36f68d 100644 --- a/cmds/installd/dexopt.cpp +++ b/cmds/installd/dexopt.cpp @@ -492,6 +492,14 @@ class RunProfman : public ExecVHelper { std::to_string(min_new_methods_percent_change)); } + // On-device signing related. odsign sets the system property odsign.verification.success if + // AOT artifacts have the expected signatures. + const bool trust_art_apex_data_files = + ::android::base::GetBoolProperty("odsign.verification.success", false); + if (!trust_art_apex_data_files) { + AddRuntimeArg("-Xdeny-art-apex-data-files"); + } + // Do not add after dex2oat_flags, they should override others for debugging. PrepareArgs(profman_bin); } @@ -1231,6 +1239,14 @@ class RunDexoptAnalyzer : public ExecVHelper { } } + // On-device signing related. odsign sets the system property odsign.verification.success if + // AOT artifacts have the expected signatures. + const bool trust_art_apex_data_files = + ::android::base::GetBoolProperty("odsign.verification.success", false); + if (!trust_art_apex_data_files) { + AddRuntimeArg("-Xdeny-art-apex-data-files"); + } + PrepareArgs(dexoptanalyzer_bin); } diff --git a/cmds/installd/run_dex2oat.cpp b/cmds/installd/run_dex2oat.cpp index e847626a14..b6616841f0 100644 --- a/cmds/installd/run_dex2oat.cpp +++ b/cmds/installd/run_dex2oat.cpp @@ -283,6 +283,13 @@ void RunDex2Oat::PrepareCompilerConfigFlags(const UniqueFile& input_vdex, } } + // On-device signing related. odsign sets the system property odsign.verification.success if + // AOT artifacts have the expected signatures. + const bool trust_art_apex_data_files = GetBoolProperty("odsign.verification.success", false); + if (!trust_art_apex_data_files) { + AddRuntimeArg("-Xdeny-art-apex-data-files"); + } + if (target_sdk_version != 0) { AddRuntimeArg(StringPrintf("-Xtarget-sdk-version:%d", target_sdk_version)); } |