$30 off During Our Annual Pro Sale. View Details »

Android P - Restrictions on non-SDK interfaces

Android P - Restrictions on non-SDK interfaces

operandoOS

June 21, 2018
Tweet

More Decks by operandoOS

Other Decks in Technology

Transcript

  1. Android P

    Restrictions on

    non-SDK interfaces
    potatotips #52

    View Slide

  2. Android P Developer Preview 3
    (Beta 2)

    ࣌఺ͷυΩϡϝϯτΛ

    ࢀߟʹॻ͍ͯ·͢

    View Slide

  3. Restrictions on non-SDK interfaces
    • Android P͔Βద༻͞ΕΔnon-SDK΁ͷ੍ݶࣄ߲
    • ࡶʹ͍͏ͱnon-SDKʹΞΫηε͢ΔͱException͕
    ى͖Δ...৔߹͕͋Δʂ
    • ΞϓϦ͚ͩͰ͸ͳ͘ɺϥΠϒϥϦΛ࡞ͬͯΔਓ

    ʹ΋ؔ܎͢Δ࿩

    View Slide

  4. Restrictions on non-SDK interfaces
    • ͜ͷ੍ݶ͸targetSdkVersionؔ܎ͳ͘

    Android PͰಈ࡞͢Δ͢΂ͯͷΞϓϦʹ

    ద༻͞ΕΔ
    • Ұ෦ͰtargetSdkVersionͰҟͳΔಈ࡞Λ͢Δ

    View Slide

  5. What are non-SDK interfaces?
    "They are Java fields and
    methods that are not part of the
    official Android SDK."

    View Slide

  6. What are non-SDK interfaces?
    • ϦϑϨΫγϣϯΛ࢖ͬͯΞΫηε͢ΔΑ͏ͳ
    fields and methods
    • Android frameworkͷSDKυΩϡϝϯτʹ

    هࡌ͞Ε͍ͯͳ͍ͷ͸non-SDKͱߟ͑ͯྑͦ͞͏

    View Slide

  7. What are non-SDK interfaces?
    • Support LibraryͳͲGoogle͕ެࣜͰ

    ग़͍ͯ͠ΔLibrary͸ݱ࣌఺͸ର৅֎ͬΆ͍
    • ͋͘·Ͱ͋ΕΒ͸Libraryͬͯѻ͍ͬͯ࿩͔ͳ

    View Slide

  8. ͭ·Γ

    View Slide

  9. Restrictions on non-SDK interfaces
    • ௚઀ɾϦϑϨΫγϣϯɺ·ͨ͸JNIܦ༝Ͱ

    non-SDKΛ࢖༻͢Δ৔߹ʹద༻͞ΕΔ

    ੍ݶͰ͢Αʔ
    • Android Pະຬͷ୺຤Ͱಈ࡞͢ΔΞϓϦͰ͸
    ͜ͷ੍ݶ͸ద༻͞Ε·ͤΜ

    View Slide

  10. Results of keeping non-SDK interfaces
    • ΞΫηεखஈͱͦΕͧΕͷ݁Ռ͸දͷΑ͏ʹͳΔ

    View Slide

  11. Results of keeping non-SDK interfaces
    non-SDKʹΞΫηε͢ΔͱError΍Exception͕

    ى͖ͨΓɺϦϑϨΫγϣϯͯ͠΋nullΛฦͯ͠

    ଘࡏ͠ͳ͍fields and methodsͱͯ͠ѻ͍·͢Αʔ

    View Slide

  12. ͢΂ͯͷnon-SDK͕

    ࢖͑ͳ͘ͳΔͷʁ

    View Slide

  13. ͦ͏Ͱ͸ͳ͍

    View Slide

  14. non-SDK͸3ͭͷϦετʹ

    ෼͚ΒΕ͍ͯΔ
    • light-greylist
    • dark-greylist
    • blacklist

    View Slide

  15. non-SDKͷ֤Ϧετͷҧ͍
    • ֤Ϧετ͝ͱʹఆٛ͞ΕͯΔ

    non-SDK fields and methods͕ҧ͏
    • non-SDK΁ΞΫηεͨ࣌͠ͷಈ࡞͕ҧ͏

    View Slide

  16. non-SDKͷ֤Ϧετͷҧ͍
    • ϦετͷϑΝΠϧ͸ҎԼͷAOSPʹ͋Δ
    • https://android.googlesource.com/platform/
    prebuilts/runtime/+/master/appcompat
    • hiddenapi-light-greylist.txt
    • hiddenapi-dark-greylist.txt
    • hiddenapi-blacklist.txt

    View Slide

  17. non-SDKͷ֤Ϧετͷҧ͍
    • ϑΝΠϧʹ͸ͣΒͬͱnon-SDK fields and
    methods͕ॻ͍ͯ͋Δ

    View Slide

  18. light-greylist
    • ·ͩී௨ʹΞΫηεͰ͖Δnon-SDK͕

    ఆٛ͞Ε͍ͯΔ
    • কདྷͷόʔδϣϯͰ΋ΞΫηεΛอূ͢Δ

    ΋ͷͰ͸ͳ͍
    • ͍͔ͭ͸࢖͑ͳ͘ͳΔ͔΋Ͷͬͯ࿩

    View Slide

  19. dark-greylist
    • ΞϓϦͷtargetSdkVersionʹΑͬͯ

    ಈ࡞͕ҟͳΔ
    •❗❓

    View Slide

  20. dark-greylist
    • targetSdkVersion͕Pະຬ(27ҎԼ)ͷ৔߹
    • ·ͩී௨ʹΞΫηεͰ͖Δnon-SDK͕

    ఆٛ͞Ε͍ͯΔ
    • light-greylistͱಉ͡ײ͡

    View Slide

  21. dark-greylist
    • targetSdkVersion͕PҎ্(28Ҏ্)ͷ৔߹
    • ΞΫηεͰ͖ͳ͍non-SDK͕ఆٛ͞Ε͍ͯΔ
    • blacklistͱಉ͡ײ͡

    View Slide

  22. blacklist
    • targetSdkVersionʹؔ܎ͳ͘

    ΞΫηεͰ͖ͳ͍non-SDK͕ఆٛ͞Ε͍ͯΔ
    • ΞΫηε͢ΔͱException͕ى͖·͢
    • ཁ͸͜ͷϦετʹؚ·ΕΔnon-SDK͸

    ࢖Θͳ͍ํ͕͍͍ʂ

    View Slide

  23. SampleϓϩδΣΫτॻ͍ͯΈͨ
    https://github.com/operando/
    Android-P-Restrictions-on-non-SDK-
    interfaces-Sample

    View Slide

  24. Demo

    View Slide

  25. ݁ہͳʹରԠͨ͠Β͍͍ͷʁ
    • ࣗ਎͕࡞ͬͯΔΞϓϦ͕non-SDKΛ࢖ͬͯͳ͍͔νΣοΫ
    • ࢖ͬͯΔϥΠϒϥϦ͕non-SDKΛ࢖ͬͯͳ͍͔΋νΣοΫ
    • ࢖͍ͬͯͨΒͲͷlistʹؚ·ΕΔnon-SDK͔νΣοΫ
    • dark-greylist or blacklistͷnon-SDKͩͬͨΒԿ͔

    ରԠͨ͠ํ͕ྑͦ͞͏
    • light-greylistͷnon-SDKͰ΋ରԠͰ͖ΔͳΒ΍Δ΂͖

    View Slide

  26. ରԠํ๏
    • non-SDKΛ࢖Θͳ͍ίʔυʹॻ͖௚͢
    • ద੾ʹྫ֎ॲཧͯ͠ɺAndroid PະຬͰ͸

    ಈ࡞͢Δίʔυʹ͢Δ
    • Android PͰ͸ಈ࡞Λ͖͋ΒΊΔ
    • ͖͋ΒΊͯགྷΔ

    View Slide

  27. ͖͋ΒΊͯགྷΔલʹ...
    • Androidͷissue trackerʹFeature RequestΛग़͢
    • ࢖༻ͯ͠Δnon-SDKͷৄࡉͳϢʔεέʔεͱ͔

    ॻ͍ͯग़͢
    • ࠶ݕ౼͸͢Δ͚Ͳɺઈରʹঝೝ͞ΕΔΘ͚Ͱ͸ͳ͍
    • dark-greylistʹ͋ͬͨ΋ͷ͕light-greylistʹ

    ͳΔͱ͔͸͋Δ͔΋ʁ

    View Slide

  28. ͖͋ΒΊͯགྷΔલʹ...
    • Feature Requestͷग़͠ํ͸υΩϡϝϯτʹ
    ϦϯΫ͋Δ
    • https://developer.android.com/preview/
    restrictions-non-sdk-interfaces

    View Slide

  29. ϝδϟʔͳϥΠϒϥϦʹ͸
    issue্͕͕Γ࢝ΊͯΔ
    • okhttp reflection meet Android P DP1 non-sdk
    restriction
    • https://github.com/square/okhttp/issues/
    3980
    • [ Important ] Violations on android P
    • https://github.com/facebook/react-native/
    issues/19067

    View Slide

  30. ϥΠϒϥϦͷϝϯςφʔͱͯ͠ͷରԠ
    • جຊΞϓϦͷ࣌ͱಉ͡νΣοΫΛߦ͏
    • light-greylistͷnon-SDKͳΒࠓ͙͢

    ରԠ͠ͳͯ͘΋େৎ෉
    • ͱ͸͍͑ɺࠓޙͷಈ࡞͸อূ͞ΕΔΘ͚Ͱ͸
    ͳ͍ͷͰରԠͰ͖ΔͳΒରԠ͢Δ

    View Slide

  31. ϥΠϒϥϦͷϝϯςφʔͱͯ͠ͷରԠ

    View Slide

  32. React Nativͷissue
    • [ Important ] Violations on android P
    • https://github.com/facebook/react-native/
    issues/19067

    View Slide

  33. try {
    // Get the original cursor drawable resource.
    Field cursorDrawableResField =
    TextView.class.getDeclaredField("mCursorDrawableRes");
    cursorDrawableResField.setAccessible(true);
    int drawableResId = cursorDrawableResField.getInt(view);
    .....
    } catch (NoSuchFieldException ex) {
    // Ignore errors to avoid crashing if these private fields
    don't exist on modified
    // or future android versions.
    }
    issueͰ৮ΕΒΕͯΔ෦෼ͷίʔυ

    View Slide

  34. React Nativͷissue
    • ϦϑϨΫγϣϯͯ͠ΔͶʂ͍͍Ͷʂ
    • ͚Ͳ...TextViewͷmCursorDrawableRes͸
    light-greylistʹؚ·ΕΔnon-SDK fieldͳͷͰ

    ࠓͷͱ͜Ζ͸PͰ΋ಈ͘

    View Slide

  35. ϥΠϒϥϦʹissueΛ͋͛ΔͳΒ...
    • ࢖༻͞ΕͯΔnon-SDK͕Ͳͷlistʹଐ͢Δͷ͔ॻ͘
    • non-SDKΛ࢖Θͳͯ͘΋࣮૷Ͱ͖Δํ๏͕͋Ε͹ॻ͘
    • Androidͷissue trackerʹFeature RequestΛ

    ग़ͯ͠΋Β͏Α͏ʹ͓ئ͍͢Δ

    View Slide

  36. How can I enable access to
    non-SDK APIs?
    • adbͰglobal settingΛ͍͡Δ͜ͱͰɺಈ࡞Λม͑Δ
    ͜ͱ͕Ͱ͖·͢
    adb shell settings put global hidden_api_policy_pre_p_apps 1
    adb shell settings put global hidden_api_policy_p_apps 1

    View Slide

  37. How can I enable access to
    non-SDK APIs?
    • ࢦఆ͢Δ਺ࣈͷҙຯ͸ҎԼͷͱ͓Γ
    • Α͘࢖͏ͷ͸ 1 or 2͋ͨΓ͔ͳʔ

    View Slide

  38. How can I enable access to
    non-SDK APIs?
    • ಈ࡞֬ೝऴΘͬͨΒઃఆͨ͠஋͸ফ͠·͠ΐ
    adb shell settings delete global hidden_api_policy_pre_p_apps
    adb shell settings delete global hidden_api_policy_p_apps

    View Slide

  39. Ͳ͏΍ͬͯΞϓϦͰnon-SDKΛ
    ࢖ͬͯΔͷΛௐ΂Δ͔
    • StrictMode + Logcat
    • static analysis tool "veridex"

    View Slide

  40. StrictMode + Logcat
    • StrictMode.VmPolicy.Builder#

    detectNonSdkApiUsageΛ

    StrictModeͷsetVmPolicyʹઃఆ͢Δ
    https://developer.android.com/reference/android/os/
    StrictMode.VmPolicy.Builder.html#detectNonSdkApiUsage()

    View Slide

  41. if (Build.VERSION.SDK_INT
    >= Build.VERSION_CODES.P) {
    StrictMode.setVmPolicy(
    StrictMode.VmPolicy
    .Builder()
    .detectNonSdkApiUsage()
    .build())
    }

    View Slide

  42. StrictMode + Logcat
    • StrictModeΛઃఆͨ͠ΞϓϦ͕non-SDKʹΞ
    Ϋηε͢ΔͱLogcatʹϩά͕ग़Δ
    • Ͳͷϝιου΍ϑΟʔϧυͳͷ͔ͱɺͲͷlist
    ʹଐ͢Δ΋ͷͳͷ͔͕ग़ͯศར
    Accessing hidden method Landroid/gesture/Gesture;

    ->setID(J)V (blacklist, reflection)

    View Slide

  43. StrictMode + Logcat
    • StackTrace΋දࣔ͞ΕΔ

    View Slide

  44. StrictMode policy violation: android.os.strictmode.NonSdkApiUsedViolation: Landroid/widget/
    Toast;->mDuration:I
    at android.os.StrictMode.lambda$static$1(StrictMode.java:428)
    at android.os.-$$Lambda$StrictMode$lu9ekkHJ2HMz0jd3F8K8MnhenxQ.accept(Unknown Source:2)
    at java.lang.Class.getDeclaredField(Native Method)
    at
    com.os.operando.non_sdkinterfaces.sample.MainActivity$onCreate$3.onClick(MainActivity.kt:49)
    at android.view.View.performClick(View.java:6597)
    at android.view.View.performClickInternal(View.java:6574)
    at android.view.View.access$3100(View.java:778)
    at android.view.View$PerformClick.run(View.java:25883)
    at android.os.Handler.handleCallback(Handler.java:873)
    at android.os.Handler.dispatchMessage(Handler.java:99)
    at android.os.Looper.loop(Looper.java:193)
    at android.app.ActivityThread.main(ActivityThread.java:6642)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)

    View Slide

  45. static analysis tool veridex
    • StrictModeͩͱ࣮ߦ͠ͳ͍ͱΘ͔Βͳ͍
    • ͦ͜ͰveridexΛ࢖͏
    • apkΛղੳͯ͠ɺ࢖༻ͯ͠Δnon-SDKΛ

    දࣔͯ͘͠ΕΔ

    View Slide

  46. static analysis tool veridex
    • appcompatͷσΟϨΫτϦ͝ͱtgzͰ

    μ΢ϯϩʔυ͢Δ
    • ҎԼʹΞΫηεͯ͠ɺμ΢ϯϩʔυͰ͖Δ
    • https://android.googlesource.com/
    platform/prebuilts/runtime/+/master/
    appcompat/

    View Slide

  47. static analysis tool veridex
    ͜͜ԡ͢

    View Slide

  48. static analysis tool veridex
    • μ΢ϯϩʔυͨ͠ΒPCͷOS͝ͱͷzipΛղౚ
    • ͋ͱ͸ղੳ͍ͨ͠apkΛshell scriptʹࢦఆ
    ./appcompat.sh --dex-file=test.apk

    View Slide

  49. veridex - output

    View Slide

  50. veridex - output

    View Slide

  51. static analysis tool veridex
    • ศར
    • Ͳ͜Ͱnon-SDKΛࢀরͯ͠Δ͔͕ग़Δ
    • ΋ͪΖΜϥΠϒϥϦଆͰnon-SDKࢀরͯ͠Δ
    ͱ͜Ζ΋Θ͔Δ
    • ·ͣ͸Ұ౓apkΛͿͬ͜ΜͰΈΔͷ͓͢͢Ί

    View Slide

  52. non-SDK FAQ
    • FAQ͕υΩϡϝϯτʹ͔ͬ͠Γॻ͍ͯ͋ΔͷͰ

    ৄ͘͠ಡΉͱྑ͛͞
    • https://developer.android.com/preview/
    restrictions-non-sdk-interfaces#faq

    View Slide

  53. Are the blacklist / greylists the same on
    different OEM devices with the same
    Android versions?
    "Yes OEMs can add their own apis to the
    blacklist, but cannot remove things from the
    original/AOSP black or grey lists. The CDD
    prevents such changes and CTS tests ensure
    that the Android Runtime is enforcing the list."

    View Slide

  54. ࠓޙͷ։ൃͰҙ͍ࣝͨ͜͠ͱ
    • Ͱ͖Δ͚ͩAndroid FrameworkͷSDK͸

    ϦϑϨΫγϣϯ͠ͳ͍
    • ݩʑ͠ͳ͍Α͏ʹؾΛ͚ͭͨํ͕ྑ͔ͬͨ

    ͚Ͳɺࠓޙ͸͞Βʹ
    • non-SDKΛ࢖͏ͳΒͲͷlistʹଐ͢Δ͔ௐ΂Δ

    View Slide

  55. ࢥͬͨ͜ͱͳͲͳͲ
    • non-SDKΛ࢖ͬͯΔ৔߹ʹGoogle Play Consoleͱ͔ʹ΋ग़ͯ͠΄͍͔͠΋
    • release buildͰ΋ग़ͯ͠΄͍͔͠΋ͳʔ
    • non-SDKͷ֤Ϧετͷ಺༰ͷߋ৽͸OSΞοϓσʔτͷλΠϛϯάͱ͔Ͱ͞ΕΔʁ
    • ύονϨϕϧͰ͸ߋ৽ͳͦ͞͏
    • ͋Δͱ͢Ε͹OSόʔδϣϯΞοϓ͘Β͍ͷΞοϓσʔτͷ͔࣌΋Ͷ
    • ࢖༻ͯ͠ΔϥΠϒϥϦ͕non-SDKΛ࢖͍ͬͯͨΒissue΍PRΛग़ͦ͏
    • Contribute chance

    View Slide

  56. ·ͱΊ
    ͖͋ΒΊͯགྷΔલʹ͕Μ͹Ζ͏

    View Slide

  57. ࢀߟࢿྉ
    • Restrictions on non-SDK interfaces
    • https://developer.android.com/preview/restrictions-non-sdk-
    interfaces
    • Improving Stability by Reducing Usage of non-SDK Interfaces
    • https://android-developers.googleblog.com/2018/02/
    improving-stability-by-reducing-usage.html
    • An Update on non-SDK restrictions in Android P
    • https://android-developers.googleblog.com/2018/06/an-
    update-on-non-sdk-restrictions-in.html

    View Slide

  58. Thanksʂʂ

    View Slide