Android P
 Restrictions on
 non-SDK interfaces potatotips #52

Android P Developer Preview 3 (Beta 2)
 ࣌఺ͷυΩϡϝϯτΛ
 ࢀߟʹॻ͍ͯ·͢

Restrictions on non-SDK interfaces • Android P͔Βద༻͞ΕΔnon-SDK΁ͷ੍ݶࣄ߲ • ࡶʹ͍͏ͱnon-SDKʹΞΫηε͢ΔͱException͕ ى͖Δ...৔߹͕͋Δʂ • ΞϓϦ͚ͩͰ͸ͳ͘ɺϥΠϒϥϦΛ࡞ͬͯΔਓ
 ʹ΋ؔ܎͢Δ࿩

Restrictions on non-SDK interfaces • ͜ͷ੍ݶ͸targetSdkVersionؔ܎ͳ͘
 Android PͰಈ࡞͢Δ͢΂ͯͷΞϓϦʹ
 ద༻͞ΕΔ • Ұ෦ͰtargetSdkVersionͰҟͳΔಈ࡞Λ͢Δ

What are non-SDK interfaces? "They are Java fields and methods that are not part of the official Android SDK."

What are non-SDK interfaces? • ϦϑϨΫγϣϯΛ࢖ͬͯΞΫηε͢ΔΑ͏ͳ fields and methods • Android frameworkͷSDKυΩϡϝϯτʹ
 هࡌ͞Ε͍ͯͳ͍ͷ͸non-SDKͱߟ͑ͯྑͦ͞͏

What are non-SDK interfaces? • Support LibraryͳͲGoogle͕ެࣜͰ
 ग़͍ͯ͠ΔLibrary͸ݱ࣌఺͸ର৅֎ͬΆ͍ • ͋͘·Ͱ͋ΕΒ͸Libraryͬͯѻ͍ͬͯ࿩͔ͳ

ͭ·Γ

Restrictions on non-SDK interfaces • ௚઀ɾϦϑϨΫγϣϯɺ·ͨ͸JNIܦ༝Ͱ
 non-SDKΛ࢖༻͢Δ৔߹ʹద༻͞ΕΔ
 ੍ݶͰ͢Αʔ • Android Pະຬͷ୺຤Ͱಈ࡞͢ΔΞϓϦͰ͸ ͜ͷ੍ݶ͸ద༻͞Ε·ͤΜ

Results of keeping non-SDK interfaces • ΞΫηεखஈͱͦΕͧΕͷ݁Ռ͸දͷΑ͏ʹͳΔ

Results of keeping non-SDK interfaces non-SDKʹΞΫηε͢ΔͱError΍Exception͕
 ى͖ͨΓɺϦϑϨΫγϣϯͯ͠΋nullΛฦͯ͠
 ଘࡏ͠ͳ͍fields and methodsͱͯ͠ѻ͍·͢Αʔ

͢΂ͯͷnon-SDK͕
 ࢖͑ͳ͘ͳΔͷʁ

ͦ͏Ͱ͸ͳ͍

non-SDK͸3ͭͷϦετʹ
 ෼͚ΒΕ͍ͯΔ • light-greylist • dark-greylist • blacklist

non-SDKͷ֤Ϧετͷҧ͍ • ֤Ϧετ͝ͱʹఆٛ͞ΕͯΔ
 non-SDK fields and methods͕ҧ͏ • non-SDK΁ΞΫηεͨ࣌͠ͷಈ࡞͕ҧ͏

non-SDKͷ֤Ϧετͷҧ͍ • ϦετͷϑΝΠϧ͸ҎԼͷAOSPʹ͋Δ • https://android.googlesource.com/platform/ prebuilts/runtime/+/master/appcompat • hiddenapi-light-greylist.txt • hiddenapi-dark-greylist.txt • hiddenapi-blacklist.txt

non-SDKͷ֤Ϧετͷҧ͍ • ϑΝΠϧʹ͸ͣΒͬͱnon-SDK fields and methods͕ॻ͍ͯ͋Δ

light-greylist • ·ͩී௨ʹΞΫηεͰ͖Δnon-SDK͕
 ఆٛ͞Ε͍ͯΔ • কདྷͷόʔδϣϯͰ΋ΞΫηεΛอূ͢Δ
 ΋ͷͰ͸ͳ͍ • ͍͔ͭ͸࢖͑ͳ͘ͳΔ͔΋Ͷͬͯ࿩

dark-greylist • ΞϓϦͷtargetSdkVersionʹΑͬͯ
 ಈ࡞͕ҟͳΔ •❗❓

dark-greylist • targetSdkVersion͕Pະຬ(27ҎԼ)ͷ৔߹ • ·ͩී௨ʹΞΫηεͰ͖Δnon-SDK͕
 ఆٛ͞Ε͍ͯΔ • light-greylistͱಉ͡ײ͡

dark-greylist • targetSdkVersion͕PҎ্(28Ҏ্)ͷ৔߹ • ΞΫηεͰ͖ͳ͍non-SDK͕ఆٛ͞Ε͍ͯΔ • blacklistͱಉ͡ײ͡

blacklist • targetSdkVersionʹؔ܎ͳ͘
 ΞΫηεͰ͖ͳ͍non-SDK͕ఆٛ͞Ε͍ͯΔ • ΞΫηε͢ΔͱException͕ى͖·͢ • ཁ͸͜ͷϦετʹؚ·ΕΔnon-SDK͸
 ࢖Θͳ͍ํ͕͍͍ʂ

SampleϓϩδΣΫτॻ͍ͯΈͨ https://github.com/operando/ Android-P-Restrictions-on-non-SDK- interfaces-Sample

Demo

݁ہͳʹରԠͨ͠Β͍͍ͷʁ • ࣗ਎͕࡞ͬͯΔΞϓϦ͕non-SDKΛ࢖ͬͯͳ͍͔νΣοΫ • ࢖ͬͯΔϥΠϒϥϦ͕non-SDKΛ࢖ͬͯͳ͍͔΋νΣοΫ • ࢖͍ͬͯͨΒͲͷlistʹؚ·ΕΔnon-SDK͔νΣοΫ • dark-greylist or blacklistͷnon-SDKͩͬͨΒԿ͔
 ରԠͨ͠ํ͕ྑͦ͞͏ • light-greylistͷnon-SDKͰ΋ରԠͰ͖ΔͳΒ΍Δ΂͖

ରԠํ๏ • non-SDKΛ࢖Θͳ͍ίʔυʹॻ͖௚͢ • ద੾ʹྫ֎ॲཧͯ͠ɺAndroid PະຬͰ͸
 ಈ࡞͢Δίʔυʹ͢Δ • Android PͰ͸ಈ࡞Λ͖͋ΒΊΔ • ͖͋ΒΊͯགྷΔ

͖͋ΒΊͯགྷΔલʹ... • Androidͷissue trackerʹFeature RequestΛग़͢ • ࢖༻ͯ͠Δnon-SDKͷৄࡉͳϢʔεέʔεͱ͔
 ॻ͍ͯग़͢ • ࠶ݕ౼͸͢Δ͚Ͳɺઈରʹঝೝ͞ΕΔΘ͚Ͱ͸ͳ͍ • dark-greylistʹ͋ͬͨ΋ͷ͕light-greylistʹ
 ͳΔͱ͔͸͋Δ͔΋ʁ

͖͋ΒΊͯགྷΔલʹ... • Feature Requestͷग़͠ํ͸υΩϡϝϯτʹ ϦϯΫ͋Δ • https://developer.android.com/preview/ restrictions-non-sdk-interfaces

ϝδϟʔͳϥΠϒϥϦʹ͸ issue্͕͕Γ࢝ΊͯΔ • okhttp reflection meet Android P DP1 non-sdk restriction • https://github.com/square/okhttp/issues/ 3980 • [ Important ] Violations on android P • https://github.com/facebook/react-native/ issues/19067

ϥΠϒϥϦͷϝϯςφʔͱͯ͠ͷରԠ • جຊΞϓϦͷ࣌ͱಉ͡νΣοΫΛߦ͏ • light-greylistͷnon-SDKͳΒࠓ͙͢
 ରԠ͠ͳͯ͘΋େৎ෉ • ͱ͸͍͑ɺࠓޙͷಈ࡞͸อূ͞ΕΔΘ͚Ͱ͸ ͳ͍ͷͰରԠͰ͖ΔͳΒରԠ͢Δ

ϥΠϒϥϦͷϝϯςφʔͱͯ͠ͷରԠ

React Nativͷissue • [ Important ] Violations on android P • https://github.com/facebook/react-native/ issues/19067

try { // Get the original cursor drawable resource. Field cursorDrawableResField = TextView.class.getDeclaredField("mCursorDrawableRes"); cursorDrawableResField.setAccessible(true); int drawableResId = cursorDrawableResField.getInt(view); ..... } catch (NoSuchFieldException ex) { // Ignore errors to avoid crashing if these private fields don't exist on modified // or future android versions. } issueͰ৮ΕΒΕͯΔ෦෼ͷίʔυ

React Nativͷissue • ϦϑϨΫγϣϯͯ͠ΔͶʂ͍͍Ͷʂ • ͚Ͳ...TextViewͷmCursorDrawableRes͸ light-greylistʹؚ·ΕΔnon-SDK fieldͳͷͰ
 ࠓͷͱ͜Ζ͸PͰ΋ಈ͘

ϥΠϒϥϦʹissueΛ͋͛ΔͳΒ... • ࢖༻͞ΕͯΔnon-SDK͕Ͳͷlistʹଐ͢Δͷ͔ॻ͘ • non-SDKΛ࢖Θͳͯ͘΋࣮૷Ͱ͖Δํ๏͕͋Ε͹ॻ͘ • Androidͷissue trackerʹFeature RequestΛ
 ग़ͯ͠΋Β͏Α͏ʹ͓ئ͍͢Δ

How can I enable access to non-SDK APIs? • adbͰglobal settingΛ͍͡Δ͜ͱͰɺಈ࡞Λม͑Δ ͜ͱ͕Ͱ͖·͢ adb shell settings put global hidden_api_policy_pre_p_apps 1 adb shell settings put global hidden_api_policy_p_apps 1

How can I enable access to non-SDK APIs? • ࢦఆ͢Δ਺ࣈͷҙຯ͸ҎԼͷͱ͓Γ • Α͘࢖͏ͷ͸ 1 or 2͋ͨΓ͔ͳʔ

How can I enable access to non-SDK APIs? • ಈ࡞֬ೝऴΘͬͨΒઃఆͨ͠஋͸ফ͠·͠ΐ adb shell settings delete global hidden_api_policy_pre_p_apps adb shell settings delete global hidden_api_policy_p_apps

Ͳ͏΍ͬͯΞϓϦͰnon-SDKΛ ࢖ͬͯΔͷΛௐ΂Δ͔ • StrictMode + Logcat • static analysis tool "veridex"

StrictMode + Logcat • StrictMode.VmPolicy.Builder#
 detectNonSdkApiUsageΛ
 StrictModeͷsetVmPolicyʹઃఆ͢Δ https://developer.android.com/reference/android/os/ StrictMode.VmPolicy.Builder.html#detectNonSdkApiUsage()

if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) { StrictMode.setVmPolicy( StrictMode.VmPolicy .Builder() .detectNonSdkApiUsage() .build()) }

StrictMode + Logcat • StrictModeΛઃఆͨ͠ΞϓϦ͕non-SDKʹΞ Ϋηε͢ΔͱLogcatʹϩά͕ग़Δ • Ͳͷϝιου΍ϑΟʔϧυͳͷ͔ͱɺͲͷlist ʹଐ͢Δ΋ͷͳͷ͔͕ग़ͯศར Accessing hidden method Landroid/gesture/Gesture;
 ->setID(J)V (blacklist, reflection)

StrictMode + Logcat • StackTrace΋දࣔ͞ΕΔ

StrictMode policy violation: android.os.strictmode.NonSdkApiUsedViolation: Landroid/widget/ Toast;->mDuration:I at android.os.StrictMode.lambda$static$1(StrictMode.java:428) at android.os.-$$Lambda$StrictMode$lu9ekkHJ2HMz0jd3F8K8MnhenxQ.accept(Unknown Source:2) at java.lang.Class.getDeclaredField(Native Method) at com.os.operando.non_sdkinterfaces.sample.MainActivity$onCreate$3.onClick(MainActivity.kt:49) at android.view.View.performClick(View.java:6597) at android.view.View.performClickInternal(View.java:6574) at android.view.View.access$3100(View.java:778) at android.view.View$PerformClick.run(View.java:25883) at android.os.Handler.handleCallback(Handler.java:873) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:193) at android.app.ActivityThread.main(ActivityThread.java:6642) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)

static analysis tool veridex • StrictModeͩͱ࣮ߦ͠ͳ͍ͱΘ͔Βͳ͍ • ͦ͜ͰveridexΛ࢖͏ • apkΛղੳͯ͠ɺ࢖༻ͯ͠Δnon-SDKΛ
 දࣔͯ͘͠ΕΔ

static analysis tool veridex • appcompatͷσΟϨΫτϦ͝ͱtgzͰ
 μ΢ϯϩʔυ͢Δ • ҎԼʹΞΫηεͯ͠ɺμ΢ϯϩʔυͰ͖Δ • https://android.googlesource.com/ platform/prebuilts/runtime/+/master/ appcompat/

static analysis tool veridex ͜͜ԡ͢

static analysis tool veridex • μ΢ϯϩʔυͨ͠ΒPCͷOS͝ͱͷzipΛղౚ • ͋ͱ͸ղੳ͍ͨ͠apkΛshell scriptʹࢦఆ ./appcompat.sh --dex-file=test.apk

veridex - output

veridex - output

static analysis tool veridex • ศར • Ͳ͜Ͱnon-SDKΛࢀরͯ͠Δ͔͕ग़Δ • ΋ͪΖΜϥΠϒϥϦଆͰnon-SDKࢀরͯ͠Δ ͱ͜Ζ΋Θ͔Δ • ·ͣ͸Ұ౓apkΛͿͬ͜ΜͰΈΔͷ͓͢͢Ί

non-SDK FAQ • FAQ͕υΩϡϝϯτʹ͔ͬ͠Γॻ͍ͯ͋ΔͷͰ
 ৄ͘͠ಡΉͱྑ͛͞ • https://developer.android.com/preview/ restrictions-non-sdk-interfaces#faq

Are the blacklist / greylists the same on different OEM devices with the same Android versions? "Yes OEMs can add their own apis to the blacklist, but cannot remove things from the original/AOSP black or grey lists. The CDD prevents such changes and CTS tests ensure that the Android Runtime is enforcing the list."

ࠓޙͷ։ൃͰҙ͍ࣝͨ͜͠ͱ • Ͱ͖Δ͚ͩAndroid FrameworkͷSDK͸
 ϦϑϨΫγϣϯ͠ͳ͍ • ݩʑ͠ͳ͍Α͏ʹؾΛ͚ͭͨํ͕ྑ͔ͬͨ
 ͚Ͳɺࠓޙ͸͞Βʹ • non-SDKΛ࢖͏ͳΒͲͷlistʹଐ͢Δ͔ௐ΂Δ

ࢥͬͨ͜ͱͳͲͳͲ • non-SDKΛ࢖ͬͯΔ৔߹ʹGoogle Play Consoleͱ͔ʹ΋ग़ͯ͠΄͍͔͠΋ • release buildͰ΋ग़ͯ͠΄͍͔͠΋ͳʔ • non-SDKͷ֤Ϧετͷ಺༰ͷߋ৽͸OSΞοϓσʔτͷλΠϛϯάͱ͔Ͱ͞ΕΔʁ • ύονϨϕϧͰ͸ߋ৽ͳͦ͞͏ • ͋Δͱ͢Ε͹OSόʔδϣϯΞοϓ͘Β͍ͷΞοϓσʔτͷ͔࣌΋Ͷ • ࢖༻ͯ͠ΔϥΠϒϥϦ͕non-SDKΛ࢖͍ͬͯͨΒissue΍PRΛग़ͦ͏ • Contribute chance

·ͱΊ ͖͋ΒΊͯགྷΔલʹ͕Μ͹Ζ͏

ࢀߟࢿྉ • Restrictions on non-SDK interfaces • https://developer.android.com/preview/restrictions-non-sdk- interfaces • Improving Stability by Reducing Usage of non-SDK Interfaces • https://android-developers.googleblog.com/2018/02/ improving-stability-by-reducing-usage.html • An Update on non-SDK restrictions in Android P • https://android-developers.googleblog.com/2018/06/an- update-on-non-sdk-restrictions-in.html

Thanksʂʂ