Android P - Restrictions on non-SDK interfaces

Android P - Restrictions on non-SDK interfaces

E77b6a5f919f7366d94f21eee9a014f5?s=128

operandoOS

June 21, 2018
Tweet

Transcript

  1. Android P
 Restrictions on
 non-SDK interfaces potatotips #52

  2. Android P Developer Preview 3 (Beta 2)
 ࣌఺ͷυΩϡϝϯτΛ
 ࢀߟʹॻ͍ͯ·͢

  3. Restrictions on non-SDK interfaces • Android P͔Βద༻͞ΕΔnon-SDK΁ͷ੍ݶࣄ߲ • ࡶʹ͍͏ͱnon-SDKʹΞΫηε͢ΔͱException͕ ى͖Δ...৔߹͕͋Δʂ

    • ΞϓϦ͚ͩͰ͸ͳ͘ɺϥΠϒϥϦΛ࡞ͬͯΔਓ
 ʹ΋ؔ܎͢Δ࿩
  4. Restrictions on non-SDK interfaces • ͜ͷ੍ݶ͸targetSdkVersionؔ܎ͳ͘
 Android PͰಈ࡞͢Δ͢΂ͯͷΞϓϦʹ
 ద༻͞ΕΔ •

    Ұ෦ͰtargetSdkVersionͰҟͳΔಈ࡞Λ͢Δ
  5. What are non-SDK interfaces? "They are Java fields and methods

    that are not part of the official Android SDK."
  6. What are non-SDK interfaces? • ϦϑϨΫγϣϯΛ࢖ͬͯΞΫηε͢ΔΑ͏ͳ fields and methods •

    Android frameworkͷSDKυΩϡϝϯτʹ
 هࡌ͞Ε͍ͯͳ͍ͷ͸non-SDKͱߟ͑ͯྑͦ͞͏
  7. What are non-SDK interfaces? • Support LibraryͳͲGoogle͕ެࣜͰ
 ग़͍ͯ͠ΔLibrary͸ݱ࣌఺͸ର৅֎ͬΆ͍ • ͋͘·Ͱ͋ΕΒ͸Libraryͬͯѻ͍ͬͯ࿩͔ͳ

  8. ͭ·Γ

  9. Restrictions on non-SDK interfaces • ௚઀ɾϦϑϨΫγϣϯɺ·ͨ͸JNIܦ༝Ͱ
 non-SDKΛ࢖༻͢Δ৔߹ʹద༻͞ΕΔ
 ੍ݶͰ͢Αʔ • Android

    Pະຬͷ୺຤Ͱಈ࡞͢ΔΞϓϦͰ͸ ͜ͷ੍ݶ͸ద༻͞Ε·ͤΜ
  10. Results of keeping non-SDK interfaces • ΞΫηεखஈͱͦΕͧΕͷ݁Ռ͸දͷΑ͏ʹͳΔ

  11. Results of keeping non-SDK interfaces non-SDKʹΞΫηε͢ΔͱError΍Exception͕
 ى͖ͨΓɺϦϑϨΫγϣϯͯ͠΋nullΛฦͯ͠
 ଘࡏ͠ͳ͍fields and methodsͱͯ͠ѻ͍·͢Αʔ

  12. ͢΂ͯͷnon-SDK͕
 ࢖͑ͳ͘ͳΔͷʁ

  13. ͦ͏Ͱ͸ͳ͍

  14. non-SDK͸3ͭͷϦετʹ
 ෼͚ΒΕ͍ͯΔ • light-greylist • dark-greylist • blacklist

  15. non-SDKͷ֤Ϧετͷҧ͍ • ֤Ϧετ͝ͱʹఆٛ͞ΕͯΔ
 non-SDK fields and methods͕ҧ͏ • non-SDK΁ΞΫηεͨ࣌͠ͷಈ࡞͕ҧ͏

  16. non-SDKͷ֤Ϧετͷҧ͍ • ϦετͷϑΝΠϧ͸ҎԼͷAOSPʹ͋Δ • https://android.googlesource.com/platform/ prebuilts/runtime/+/master/appcompat • hiddenapi-light-greylist.txt • hiddenapi-dark-greylist.txt

    • hiddenapi-blacklist.txt
  17. non-SDKͷ֤Ϧετͷҧ͍ • ϑΝΠϧʹ͸ͣΒͬͱnon-SDK fields and methods͕ॻ͍ͯ͋Δ

  18. light-greylist • ·ͩී௨ʹΞΫηεͰ͖Δnon-SDK͕
 ఆٛ͞Ε͍ͯΔ • কདྷͷόʔδϣϯͰ΋ΞΫηεΛอূ͢Δ
 ΋ͷͰ͸ͳ͍ • ͍͔ͭ͸࢖͑ͳ͘ͳΔ͔΋Ͷͬͯ࿩

  19. dark-greylist • ΞϓϦͷtargetSdkVersionʹΑͬͯ
 ಈ࡞͕ҟͳΔ •❗❓

  20. dark-greylist • targetSdkVersion͕Pະຬ(27ҎԼ)ͷ৔߹ • ·ͩී௨ʹΞΫηεͰ͖Δnon-SDK͕
 ఆٛ͞Ε͍ͯΔ • light-greylistͱಉ͡ײ͡

  21. dark-greylist • targetSdkVersion͕PҎ্(28Ҏ্)ͷ৔߹ • ΞΫηεͰ͖ͳ͍non-SDK͕ఆٛ͞Ε͍ͯΔ • blacklistͱಉ͡ײ͡

  22. blacklist • targetSdkVersionʹؔ܎ͳ͘
 ΞΫηεͰ͖ͳ͍non-SDK͕ఆٛ͞Ε͍ͯΔ • ΞΫηε͢ΔͱException͕ى͖·͢ • ཁ͸͜ͷϦετʹؚ·ΕΔnon-SDK͸
 ࢖Θͳ͍ํ͕͍͍ʂ

  23. SampleϓϩδΣΫτॻ͍ͯΈͨ https://github.com/operando/ Android-P-Restrictions-on-non-SDK- interfaces-Sample

  24. Demo

  25. ݁ہͳʹରԠͨ͠Β͍͍ͷʁ • ࣗ਎͕࡞ͬͯΔΞϓϦ͕non-SDKΛ࢖ͬͯͳ͍͔νΣοΫ • ࢖ͬͯΔϥΠϒϥϦ͕non-SDKΛ࢖ͬͯͳ͍͔΋νΣοΫ • ࢖͍ͬͯͨΒͲͷlistʹؚ·ΕΔnon-SDK͔νΣοΫ • dark-greylist or

    blacklistͷnon-SDKͩͬͨΒԿ͔
 ରԠͨ͠ํ͕ྑͦ͞͏ • light-greylistͷnon-SDKͰ΋ରԠͰ͖ΔͳΒ΍Δ΂͖
  26. ରԠํ๏ • non-SDKΛ࢖Θͳ͍ίʔυʹॻ͖௚͢ • ద੾ʹྫ֎ॲཧͯ͠ɺAndroid PະຬͰ͸
 ಈ࡞͢Δίʔυʹ͢Δ • Android PͰ͸ಈ࡞Λ͖͋ΒΊΔ

    • ͖͋ΒΊͯགྷΔ
  27. ͖͋ΒΊͯགྷΔલʹ... • Androidͷissue trackerʹFeature RequestΛग़͢ • ࢖༻ͯ͠Δnon-SDKͷৄࡉͳϢʔεέʔεͱ͔
 ॻ͍ͯग़͢ • ࠶ݕ౼͸͢Δ͚Ͳɺઈରʹঝೝ͞ΕΔΘ͚Ͱ͸ͳ͍

    • dark-greylistʹ͋ͬͨ΋ͷ͕light-greylistʹ
 ͳΔͱ͔͸͋Δ͔΋ʁ
  28. ͖͋ΒΊͯགྷΔલʹ... • Feature Requestͷग़͠ํ͸υΩϡϝϯτʹ ϦϯΫ͋Δ • https://developer.android.com/preview/ restrictions-non-sdk-interfaces

  29. ϝδϟʔͳϥΠϒϥϦʹ͸ issue্͕͕Γ࢝ΊͯΔ • okhttp reflection meet Android P DP1 non-sdk

    restriction • https://github.com/square/okhttp/issues/ 3980 • [ Important ] Violations on android P • https://github.com/facebook/react-native/ issues/19067
  30. ϥΠϒϥϦͷϝϯςφʔͱͯ͠ͷରԠ • جຊΞϓϦͷ࣌ͱಉ͡νΣοΫΛߦ͏ • light-greylistͷnon-SDKͳΒࠓ͙͢
 ରԠ͠ͳͯ͘΋େৎ෉ • ͱ͸͍͑ɺࠓޙͷಈ࡞͸อূ͞ΕΔΘ͚Ͱ͸ ͳ͍ͷͰରԠͰ͖ΔͳΒରԠ͢Δ

  31. ϥΠϒϥϦͷϝϯςφʔͱͯ͠ͷରԠ

  32. React Nativͷissue • [ Important ] Violations on android P

    • https://github.com/facebook/react-native/ issues/19067
  33. try { // Get the original cursor drawable resource. Field

    cursorDrawableResField = TextView.class.getDeclaredField("mCursorDrawableRes"); cursorDrawableResField.setAccessible(true); int drawableResId = cursorDrawableResField.getInt(view); ..... } catch (NoSuchFieldException ex) { // Ignore errors to avoid crashing if these private fields don't exist on modified // or future android versions. } issueͰ৮ΕΒΕͯΔ෦෼ͷίʔυ
  34. React Nativͷissue • ϦϑϨΫγϣϯͯ͠ΔͶʂ͍͍Ͷʂ • ͚Ͳ...TextViewͷmCursorDrawableRes͸ light-greylistʹؚ·ΕΔnon-SDK fieldͳͷͰ
 ࠓͷͱ͜Ζ͸PͰ΋ಈ͘

  35. ϥΠϒϥϦʹissueΛ͋͛ΔͳΒ... • ࢖༻͞ΕͯΔnon-SDK͕Ͳͷlistʹଐ͢Δͷ͔ॻ͘ • non-SDKΛ࢖Θͳͯ͘΋࣮૷Ͱ͖Δํ๏͕͋Ε͹ॻ͘ • Androidͷissue trackerʹFeature RequestΛ
 ग़ͯ͠΋Β͏Α͏ʹ͓ئ͍͢Δ

  36. How can I enable access to non-SDK APIs? • adbͰglobal

    settingΛ͍͡Δ͜ͱͰɺಈ࡞Λม͑Δ ͜ͱ͕Ͱ͖·͢ adb shell settings put global hidden_api_policy_pre_p_apps 1 adb shell settings put global hidden_api_policy_p_apps 1
  37. How can I enable access to non-SDK APIs? • ࢦఆ͢Δ਺ࣈͷҙຯ͸ҎԼͷͱ͓Γ

    • Α͘࢖͏ͷ͸ 1 or 2͋ͨΓ͔ͳʔ
  38. How can I enable access to non-SDK APIs? • ಈ࡞֬ೝऴΘͬͨΒઃఆͨ͠஋͸ফ͠·͠ΐ

    adb shell settings delete global hidden_api_policy_pre_p_apps adb shell settings delete global hidden_api_policy_p_apps
  39. Ͳ͏΍ͬͯΞϓϦͰnon-SDKΛ ࢖ͬͯΔͷΛௐ΂Δ͔ • StrictMode + Logcat • static analysis tool

    "veridex"
  40. StrictMode + Logcat • StrictMode.VmPolicy.Builder#
 detectNonSdkApiUsageΛ
 StrictModeͷsetVmPolicyʹઃఆ͢Δ https://developer.android.com/reference/android/os/ StrictMode.VmPolicy.Builder.html#detectNonSdkApiUsage()

  41. if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) { StrictMode.setVmPolicy( StrictMode.VmPolicy .Builder() .detectNonSdkApiUsage() .build())

    }
  42. StrictMode + Logcat • StrictModeΛઃఆͨ͠ΞϓϦ͕non-SDKʹΞ Ϋηε͢ΔͱLogcatʹϩά͕ग़Δ • Ͳͷϝιου΍ϑΟʔϧυͳͷ͔ͱɺͲͷlist ʹଐ͢Δ΋ͷͳͷ͔͕ग़ͯศར Accessing

    hidden method Landroid/gesture/Gesture;
 ->setID(J)V (blacklist, reflection)
  43. StrictMode + Logcat • StackTrace΋දࣔ͞ΕΔ

  44. StrictMode policy violation: android.os.strictmode.NonSdkApiUsedViolation: Landroid/widget/ Toast;->mDuration:I at android.os.StrictMode.lambda$static$1(StrictMode.java:428) at android.os.-$$Lambda$StrictMode$lu9ekkHJ2HMz0jd3F8K8MnhenxQ.accept(Unknown

    Source:2) at java.lang.Class.getDeclaredField(Native Method) at com.os.operando.non_sdkinterfaces.sample.MainActivity$onCreate$3.onClick(MainActivity.kt:49) at android.view.View.performClick(View.java:6597) at android.view.View.performClickInternal(View.java:6574) at android.view.View.access$3100(View.java:778) at android.view.View$PerformClick.run(View.java:25883) at android.os.Handler.handleCallback(Handler.java:873) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:193) at android.app.ActivityThread.main(ActivityThread.java:6642) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
  45. static analysis tool veridex • StrictModeͩͱ࣮ߦ͠ͳ͍ͱΘ͔Βͳ͍ • ͦ͜ͰveridexΛ࢖͏ • apkΛղੳͯ͠ɺ࢖༻ͯ͠Δnon-SDKΛ


    දࣔͯ͘͠ΕΔ
  46. static analysis tool veridex • appcompatͷσΟϨΫτϦ͝ͱtgzͰ
 μ΢ϯϩʔυ͢Δ • ҎԼʹΞΫηεͯ͠ɺμ΢ϯϩʔυͰ͖Δ •

    https://android.googlesource.com/ platform/prebuilts/runtime/+/master/ appcompat/
  47. static analysis tool veridex ͜͜ԡ͢

  48. static analysis tool veridex • μ΢ϯϩʔυͨ͠ΒPCͷOS͝ͱͷzipΛղౚ • ͋ͱ͸ղੳ͍ͨ͠apkΛshell scriptʹࢦఆ ./appcompat.sh

    --dex-file=test.apk
  49. veridex - output

  50. veridex - output

  51. static analysis tool veridex • ศར • Ͳ͜Ͱnon-SDKΛࢀরͯ͠Δ͔͕ग़Δ • ΋ͪΖΜϥΠϒϥϦଆͰnon-SDKࢀরͯ͠Δ

    ͱ͜Ζ΋Θ͔Δ • ·ͣ͸Ұ౓apkΛͿͬ͜ΜͰΈΔͷ͓͢͢Ί
  52. non-SDK FAQ • FAQ͕υΩϡϝϯτʹ͔ͬ͠Γॻ͍ͯ͋ΔͷͰ
 ৄ͘͠ಡΉͱྑ͛͞ • https://developer.android.com/preview/ restrictions-non-sdk-interfaces#faq

  53. Are the blacklist / greylists the same on different OEM

    devices with the same Android versions? "Yes OEMs can add their own apis to the blacklist, but cannot remove things from the original/AOSP black or grey lists. The CDD prevents such changes and CTS tests ensure that the Android Runtime is enforcing the list."
  54. ࠓޙͷ։ൃͰҙ͍ࣝͨ͜͠ͱ • Ͱ͖Δ͚ͩAndroid FrameworkͷSDK͸
 ϦϑϨΫγϣϯ͠ͳ͍ • ݩʑ͠ͳ͍Α͏ʹؾΛ͚ͭͨํ͕ྑ͔ͬͨ
 ͚Ͳɺࠓޙ͸͞Βʹ • non-SDKΛ࢖͏ͳΒͲͷlistʹଐ͢Δ͔ௐ΂Δ

  55. ࢥͬͨ͜ͱͳͲͳͲ • non-SDKΛ࢖ͬͯΔ৔߹ʹGoogle Play Consoleͱ͔ʹ΋ग़ͯ͠΄͍͔͠΋ • release buildͰ΋ग़ͯ͠΄͍͔͠΋ͳʔ • non-SDKͷ֤Ϧετͷ಺༰ͷߋ৽͸OSΞοϓσʔτͷλΠϛϯάͱ͔Ͱ͞ΕΔʁ

    • ύονϨϕϧͰ͸ߋ৽ͳͦ͞͏ • ͋Δͱ͢Ε͹OSόʔδϣϯΞοϓ͘Β͍ͷΞοϓσʔτͷ͔࣌΋Ͷ • ࢖༻ͯ͠ΔϥΠϒϥϦ͕non-SDKΛ࢖͍ͬͯͨΒissue΍PRΛग़ͦ͏ • Contribute chance
  56. ·ͱΊ ͖͋ΒΊͯགྷΔલʹ͕Μ͹Ζ͏

  57. ࢀߟࢿྉ • Restrictions on non-SDK interfaces • https://developer.android.com/preview/restrictions-non-sdk- interfaces •

    Improving Stability by Reducing Usage of non-SDK Interfaces • https://android-developers.googleblog.com/2018/02/ improving-stability-by-reducing-usage.html • An Update on non-SDK restrictions in Android P • https://android-developers.googleblog.com/2018/06/an- update-on-non-sdk-restrictions-in.html
  58. Thanksʂʂ