Android P - Restrictions on non-SDK interfaces

Transcript

1. Android P

   Restrictions on

   non-SDK interfaces
   potatotips #52
   

   View Slide

2. Android P Developer Preview 3
   (Beta 2)

   ࣌఺ͷυΩϡϝϯτΛ

   ࢀߟʹॻ͍ͯ·͢
   

   View Slide

3. Restrictions on non-SDK interfaces
   • Android P͔Βద༻͞ΕΔnon-SDK΁ͷ੍ݶࣄ߲
   • ࡶʹ͍͏ͱnon-SDKʹΞΫηε͢ΔͱException͕
   ى͖Δ...৔߹͕͋Δʂ
   • ΞϓϦ͚ͩͰ͸ͳ͘ɺϥΠϒϥϦΛ࡞ͬͯΔਓ

   ʹ΋ؔ܎͢Δ࿩
   

   View Slide

4. Restrictions on non-SDK interfaces
   • ͜ͷ੍ݶ͸targetSdkVersionؔ܎ͳ͘

   Android PͰಈ࡞͢Δ͢΂ͯͷΞϓϦʹ

   ద༻͞ΕΔ
   • Ұ෦ͰtargetSdkVersionͰҟͳΔಈ࡞Λ͢Δ
   

   View Slide

5. What are non-SDK interfaces?
   "They are Java fields and
   methods that are not part of the
   official Android SDK."
   

   View Slide

6. What are non-SDK interfaces?
   • ϦϑϨΫγϣϯΛ࢖ͬͯΞΫηε͢ΔΑ͏ͳ
   fields and methods
   • Android frameworkͷSDKυΩϡϝϯτʹ

   هࡌ͞Ε͍ͯͳ͍ͷ͸non-SDKͱߟ͑ͯྑͦ͞͏
   

   View Slide

7. What are non-SDK interfaces?
   • Support LibraryͳͲGoogle͕ެࣜͰ

   ग़͍ͯ͠ΔLibrary͸ݱ࣌఺͸ର৅֎ͬΆ͍
   • ͋͘·Ͱ͋ΕΒ͸Libraryͬͯѻ͍ͬͯ࿩͔ͳ
   

   View Slide

8. ͭ·Γ
   

   View Slide

9. Restrictions on non-SDK interfaces
   • ௚઀ɾϦϑϨΫγϣϯɺ·ͨ͸JNIܦ༝Ͱ

   non-SDKΛ࢖༻͢Δ৔߹ʹద༻͞ΕΔ

   ੍ݶͰ͢Αʔ
   • Android Pະຬͷ୺຤Ͱಈ࡞͢ΔΞϓϦͰ͸
   ͜ͷ੍ݶ͸ద༻͞Ε·ͤΜ
   

   View Slide

10. Results of keeping non-SDK interfaces
    • ΞΫηεखஈͱͦΕͧΕͷ݁Ռ͸දͷΑ͏ʹͳΔ
    

    View Slide

11. Results of keeping non-SDK interfaces
    non-SDKʹΞΫηε͢ΔͱError΍Exception͕

    ى͖ͨΓɺϦϑϨΫγϣϯͯ͠΋nullΛฦͯ͠

    ଘࡏ͠ͳ͍fields and methodsͱͯ͠ѻ͍·͢Αʔ
    

    View Slide

12. ͢΂ͯͷnon-SDK͕

    ࢖͑ͳ͘ͳΔͷʁ
    

    View Slide

13. ͦ͏Ͱ͸ͳ͍
    

    View Slide

14. non-SDK͸3ͭͷϦετʹ

    ෼͚ΒΕ͍ͯΔ
    • light-greylist
    • dark-greylist
    • blacklist
    

    View Slide

15. non-SDKͷ֤Ϧετͷҧ͍
    • ֤Ϧετ͝ͱʹఆٛ͞ΕͯΔ

    non-SDK fields and methods͕ҧ͏
    • non-SDK΁ΞΫηεͨ࣌͠ͷಈ࡞͕ҧ͏
    

    View Slide

16. non-SDKͷ֤Ϧετͷҧ͍
    • ϦετͷϑΝΠϧ͸ҎԼͷAOSPʹ͋Δ
    • https://android.googlesource.com/platform/
    prebuilts/runtime/+/master/appcompat
    • hiddenapi-light-greylist.txt
    • hiddenapi-dark-greylist.txt
    • hiddenapi-blacklist.txt
    

    View Slide

17. non-SDKͷ֤Ϧετͷҧ͍
    • ϑΝΠϧʹ͸ͣΒͬͱnon-SDK fields and
    methods͕ॻ͍ͯ͋Δ
    

    View Slide

18. light-greylist
    • ·ͩී௨ʹΞΫηεͰ͖Δnon-SDK͕

    ఆٛ͞Ε͍ͯΔ
    • কདྷͷόʔδϣϯͰ΋ΞΫηεΛอূ͢Δ

    ΋ͷͰ͸ͳ͍
    • ͍͔ͭ͸࢖͑ͳ͘ͳΔ͔΋Ͷͬͯ࿩
    

    View Slide

19. dark-greylist
    • ΞϓϦͷtargetSdkVersionʹΑͬͯ

    ಈ࡞͕ҟͳΔ
    •❗❓
    

    View Slide

20. dark-greylist
    • targetSdkVersion͕Pະຬ(27ҎԼ)ͷ৔߹
    • ·ͩී௨ʹΞΫηεͰ͖Δnon-SDK͕

    ఆٛ͞Ε͍ͯΔ
    • light-greylistͱಉ͡ײ͡
    

    View Slide

21. dark-greylist
    • targetSdkVersion͕PҎ্(28Ҏ্)ͷ৔߹
    • ΞΫηεͰ͖ͳ͍non-SDK͕ఆٛ͞Ε͍ͯΔ
    • blacklistͱಉ͡ײ͡
    

    View Slide

22. blacklist
    • targetSdkVersionʹؔ܎ͳ͘

    ΞΫηεͰ͖ͳ͍non-SDK͕ఆٛ͞Ε͍ͯΔ
    • ΞΫηε͢ΔͱException͕ى͖·͢
    • ཁ͸͜ͷϦετʹؚ·ΕΔnon-SDK͸

    ࢖Θͳ͍ํ͕͍͍ʂ
    

    View Slide

23. SampleϓϩδΣΫτॻ͍ͯΈͨ
    https://github.com/operando/
    Android-P-Restrictions-on-non-SDK-
    interfaces-Sample
    

    View Slide

24. Demo
    

    View Slide

25. ݁ہͳʹରԠͨ͠Β͍͍ͷʁ
    • ࣗ਎͕࡞ͬͯΔΞϓϦ͕non-SDKΛ࢖ͬͯͳ͍͔νΣοΫ
    • ࢖ͬͯΔϥΠϒϥϦ͕non-SDKΛ࢖ͬͯͳ͍͔΋νΣοΫ
    • ࢖͍ͬͯͨΒͲͷlistʹؚ·ΕΔnon-SDK͔νΣοΫ
    • dark-greylist or blacklistͷnon-SDKͩͬͨΒԿ͔

    ରԠͨ͠ํ͕ྑͦ͞͏
    • light-greylistͷnon-SDKͰ΋ରԠͰ͖ΔͳΒ΍Δ΂͖
    

    View Slide

26. ରԠํ๏
    • non-SDKΛ࢖Θͳ͍ίʔυʹॻ͖௚͢
    • ద੾ʹྫ֎ॲཧͯ͠ɺAndroid PະຬͰ͸

    ಈ࡞͢Δίʔυʹ͢Δ
    • Android PͰ͸ಈ࡞Λ͖͋ΒΊΔ
    • ͖͋ΒΊͯགྷΔ
    

    View Slide

27. ͖͋ΒΊͯགྷΔલʹ...
    • Androidͷissue trackerʹFeature RequestΛग़͢
    • ࢖༻ͯ͠Δnon-SDKͷৄࡉͳϢʔεέʔεͱ͔

    ॻ͍ͯग़͢
    • ࠶ݕ౼͸͢Δ͚Ͳɺઈରʹঝೝ͞ΕΔΘ͚Ͱ͸ͳ͍
    • dark-greylistʹ͋ͬͨ΋ͷ͕light-greylistʹ

    ͳΔͱ͔͸͋Δ͔΋ʁ
    

    View Slide

28. ͖͋ΒΊͯགྷΔલʹ...
    • Feature Requestͷग़͠ํ͸υΩϡϝϯτʹ
    ϦϯΫ͋Δ
    • https://developer.android.com/preview/
    restrictions-non-sdk-interfaces
    

    View Slide

29. ϝδϟʔͳϥΠϒϥϦʹ͸
    issue্͕͕Γ࢝ΊͯΔ
    • okhttp reflection meet Android P DP1 non-sdk
    restriction
    • https://github.com/square/okhttp/issues/
    3980
    • [ Important ] Violations on android P
    • https://github.com/facebook/react-native/
    issues/19067
    

    View Slide

30. ϥΠϒϥϦͷϝϯςφʔͱͯ͠ͷରԠ
    • جຊΞϓϦͷ࣌ͱಉ͡νΣοΫΛߦ͏
    • light-greylistͷnon-SDKͳΒࠓ͙͢

    ରԠ͠ͳͯ͘΋େৎ෉
    • ͱ͸͍͑ɺࠓޙͷಈ࡞͸อূ͞ΕΔΘ͚Ͱ͸
    ͳ͍ͷͰରԠͰ͖ΔͳΒରԠ͢Δ
    

    View Slide

31. ϥΠϒϥϦͷϝϯςφʔͱͯ͠ͷରԠ
    

    View Slide

32. React Nativͷissue
    • [ Important ] Violations on android P
    • https://github.com/facebook/react-native/
    issues/19067
    

    View Slide

33. try {
    // Get the original cursor drawable resource.
    Field cursorDrawableResField =
    TextView.class.getDeclaredField("mCursorDrawableRes");
    cursorDrawableResField.setAccessible(true);
    int drawableResId = cursorDrawableResField.getInt(view);
    .....
    } catch (NoSuchFieldException ex) {
    // Ignore errors to avoid crashing if these private fields
    don't exist on modified
    // or future android versions.
    }
    issueͰ৮ΕΒΕͯΔ෦෼ͷίʔυ
    

    View Slide

34. React Nativͷissue
    • ϦϑϨΫγϣϯͯ͠ΔͶʂ͍͍Ͷʂ
    • ͚Ͳ...TextViewͷmCursorDrawableRes͸
    light-greylistʹؚ·ΕΔnon-SDK fieldͳͷͰ

    ࠓͷͱ͜Ζ͸PͰ΋ಈ͘
    

    View Slide

35. ϥΠϒϥϦʹissueΛ͋͛ΔͳΒ...
    • ࢖༻͞ΕͯΔnon-SDK͕Ͳͷlistʹଐ͢Δͷ͔ॻ͘
    • non-SDKΛ࢖Θͳͯ͘΋࣮૷Ͱ͖Δํ๏͕͋Ε͹ॻ͘
    • Androidͷissue trackerʹFeature RequestΛ

    ग़ͯ͠΋Β͏Α͏ʹ͓ئ͍͢Δ
    

    View Slide

36. How can I enable access to
    non-SDK APIs?
    • adbͰglobal settingΛ͍͡Δ͜ͱͰɺಈ࡞Λม͑Δ
    ͜ͱ͕Ͱ͖·͢
    adb shell settings put global hidden_api_policy_pre_p_apps 1
    adb shell settings put global hidden_api_policy_p_apps 1
    

    View Slide

37. How can I enable access to
    non-SDK APIs?
    • ࢦఆ͢Δ਺ࣈͷҙຯ͸ҎԼͷͱ͓Γ
    • Α͘࢖͏ͷ͸ 1 or 2͋ͨΓ͔ͳʔ
    

    View Slide

38. How can I enable access to
    non-SDK APIs?
    • ಈ࡞֬ೝऴΘͬͨΒઃఆͨ͠஋͸ফ͠·͠ΐ
    adb shell settings delete global hidden_api_policy_pre_p_apps
    adb shell settings delete global hidden_api_policy_p_apps
    

    View Slide

39. Ͳ͏΍ͬͯΞϓϦͰnon-SDKΛ
    ࢖ͬͯΔͷΛௐ΂Δ͔
    • StrictMode + Logcat
    • static analysis tool "veridex"
    

    View Slide

40. StrictMode + Logcat
    • StrictMode.VmPolicy.Builder#

    detectNonSdkApiUsageΛ

    StrictModeͷsetVmPolicyʹઃఆ͢Δ
    https://developer.android.com/reference/android/os/
    StrictMode.VmPolicy.Builder.html#detectNonSdkApiUsage()
    

    View Slide

41. if (Build.VERSION.SDK_INT
    >= Build.VERSION_CODES.P) {
    StrictMode.setVmPolicy(
    StrictMode.VmPolicy
    .Builder()
    .detectNonSdkApiUsage()
    .build())
    }
    

    View Slide

42. StrictMode + Logcat
    • StrictModeΛઃఆͨ͠ΞϓϦ͕non-SDKʹΞ
    Ϋηε͢ΔͱLogcatʹϩά͕ग़Δ
    • Ͳͷϝιου΍ϑΟʔϧυͳͷ͔ͱɺͲͷlist
    ʹଐ͢Δ΋ͷͳͷ͔͕ग़ͯศར
    Accessing hidden method Landroid/gesture/Gesture;

    ->setID(J)V (blacklist, reflection)
    

    View Slide

43. StrictMode + Logcat
    • StackTrace΋දࣔ͞ΕΔ
    

    View Slide

44. StrictMode policy violation: android.os.strictmode.NonSdkApiUsedViolation: Landroid/widget/
    Toast;->mDuration:I
    at android.os.StrictMode.lambda$static$1(StrictMode.java:428)
    at android.os.-$$Lambda$StrictMode$lu9ekkHJ2HMz0jd3F8K8MnhenxQ.accept(Unknown Source:2)
    at java.lang.Class.getDeclaredField(Native Method)
    at
    com.os.operando.non_sdkinterfaces.sample.MainActivity$onCreate$3.onClick(MainActivity.kt:49)
    at android.view.View.performClick(View.java:6597)
    at android.view.View.performClickInternal(View.java:6574)
    at android.view.View.access$3100(View.java:778)
    at android.view.View$PerformClick.run(View.java:25883)
    at android.os.Handler.handleCallback(Handler.java:873)
    at android.os.Handler.dispatchMessage(Handler.java:99)
    at android.os.Looper.loop(Looper.java:193)
    at android.app.ActivityThread.main(ActivityThread.java:6642)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
    

    View Slide

45. static analysis tool veridex
    • StrictModeͩͱ࣮ߦ͠ͳ͍ͱΘ͔Βͳ͍
    • ͦ͜ͰveridexΛ࢖͏
    • apkΛղੳͯ͠ɺ࢖༻ͯ͠Δnon-SDKΛ

    දࣔͯ͘͠ΕΔ
    

    View Slide

46. static analysis tool veridex
    • appcompatͷσΟϨΫτϦ͝ͱtgzͰ

    μ΢ϯϩʔυ͢Δ
    • ҎԼʹΞΫηεͯ͠ɺμ΢ϯϩʔυͰ͖Δ
    • https://android.googlesource.com/
    platform/prebuilts/runtime/+/master/
    appcompat/
    

    View Slide

47. static analysis tool veridex
    ͜͜ԡ͢
    

    View Slide

48. static analysis tool veridex
    • μ΢ϯϩʔυͨ͠ΒPCͷOS͝ͱͷzipΛղౚ
    • ͋ͱ͸ղੳ͍ͨ͠apkΛshell scriptʹࢦఆ
    ./appcompat.sh --dex-file=test.apk
    

    View Slide

49. veridex - output
    

    View Slide

50. veridex - output
    

    View Slide

51. static analysis tool veridex
    • ศར
    • Ͳ͜Ͱnon-SDKΛࢀরͯ͠Δ͔͕ग़Δ
    • ΋ͪΖΜϥΠϒϥϦଆͰnon-SDKࢀরͯ͠Δ
    ͱ͜Ζ΋Θ͔Δ
    • ·ͣ͸Ұ౓apkΛͿͬ͜ΜͰΈΔͷ͓͢͢Ί
    

    View Slide

52. non-SDK FAQ
    • FAQ͕υΩϡϝϯτʹ͔ͬ͠Γॻ͍ͯ͋ΔͷͰ

    ৄ͘͠ಡΉͱྑ͛͞
    • https://developer.android.com/preview/
    restrictions-non-sdk-interfaces#faq
    

    View Slide

53. Are the blacklist / greylists the same on
    different OEM devices with the same
    Android versions?
    "Yes OEMs can add their own apis to the
    blacklist, but cannot remove things from the
    original/AOSP black or grey lists. The CDD
    prevents such changes and CTS tests ensure
    that the Android Runtime is enforcing the list."
    

    View Slide

54. ࠓޙͷ։ൃͰҙ͍ࣝͨ͜͠ͱ
    • Ͱ͖Δ͚ͩAndroid FrameworkͷSDK͸

    ϦϑϨΫγϣϯ͠ͳ͍
    • ݩʑ͠ͳ͍Α͏ʹؾΛ͚ͭͨํ͕ྑ͔ͬͨ

    ͚Ͳɺࠓޙ͸͞Βʹ
    • non-SDKΛ࢖͏ͳΒͲͷlistʹଐ͢Δ͔ௐ΂Δ
    

    View Slide

55. ࢥͬͨ͜ͱͳͲͳͲ
    • non-SDKΛ࢖ͬͯΔ৔߹ʹGoogle Play Consoleͱ͔ʹ΋ग़ͯ͠΄͍͔͠΋
    • release buildͰ΋ग़ͯ͠΄͍͔͠΋ͳʔ
    • non-SDKͷ֤Ϧετͷ಺༰ͷߋ৽͸OSΞοϓσʔτͷλΠϛϯάͱ͔Ͱ͞ΕΔʁ
    • ύονϨϕϧͰ͸ߋ৽ͳͦ͞͏
    • ͋Δͱ͢Ε͹OSόʔδϣϯΞοϓ͘Β͍ͷΞοϓσʔτͷ͔࣌΋Ͷ
    • ࢖༻ͯ͠ΔϥΠϒϥϦ͕non-SDKΛ࢖͍ͬͯͨΒissue΍PRΛग़ͦ͏
    • Contribute chance
    

    View Slide

56. ·ͱΊ
    ͖͋ΒΊͯགྷΔલʹ͕Μ͹Ζ͏
    

    View Slide

57. ࢀߟࢿྉ
    • Restrictions on non-SDK interfaces
    • https://developer.android.com/preview/restrictions-non-sdk-
    interfaces
    • Improving Stability by Reducing Usage of non-SDK Interfaces
    • https://android-developers.googleblog.com/2018/02/
    improving-stability-by-reducing-usage.html
    • An Update on non-SDK restrictions in Android P
    • https://android-developers.googleblog.com/2018/06/an-
    update-on-non-sdk-restrictions-in.html
    

    View Slide

58. Thanksʂʂ
    

    View Slide