Re: API restrictions for non SDK interfaces on Android 10

[Colin Cross]

There is an additional step to encode the hiddenapi flags into the dex file that is probably missing.  Did you add your jar to PRODUCT_BOOT_JARS for your product?

The jar produced by the build is the implementation jar, which contains all the APIs.  If you want a jar to distribute to app developers you'll need to use metalava via a droidstubs module to generate java files that contain only the publicly visible API, and then compile that into a stubs jar.

On Thu, Nov 7, 2019 at 2:21 PM Abhishek Katti <abhishe...@gmail.com> wrote:

Hi,

I'm trying to leverage https://developer.android.com/distribute/best-practices/develop/restrictions-non-sdk-interfaces for my Java library.

I'm able to generate the Java library which makes use of @SystemApi, @TestApi annotations.

I see that the APIs from the Java library generated are listed with blacklist/whitelist/greylist in hiddenapi-flags.csv appropriately.

However when i import this Java library (JAR) file to to a debug test app (Android studio project), i do have access to all the APIs and i was able to use set/get APIs from the debug test app even when the APIs are blacklisted.

I was expecting Android runtime to intercept and reject the method specially for the blacklisted APIs as described in the below link

https://developer.android.com/distribute/best-practices/develop/restrictions-non-sdk-interfaces#results-of-keeping-non-sdk

Am i missing any step here ? when do we expect the exceptions to be thrown if an app attempts to use non-SDK interfaces.

My expectation here is that for my Java library if an API is listed under blacklist category, exception should be thrown. 

Isn't the expectation correct ?

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-platfo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/db9c7fc0-822b-4ce1-9f53-df15ecd04927%40googlegroups.com.

[Abhishek Katti]

Hi Collin,

Thank you for your response.

Yes i did add JAR to PRODUCT_BOOT_JARS and encode the hiddenapi flags into the dex file using below

1. PRODUCT_BOOT_JARS += com.xyz.yy
2. PRODUCT_HIDDENAPI_STUBS += \ com.xyz.yy-stub
3. Used compile_dex: true for stub JAR generated.

Are the above steps sufficient ?

I also have generated different stub JAR files using metalava (droiddoc), as mentioned in your response.

I currently have two stub JARs one for the public APIs and one for the System APIs.

Now, my expectation was if third party app tries to import System API jar stub and tries to make use of the System APIs.

The Android runtime would intercept and reject the method.

Is that a fair expectation ?

Best Regards,

Abhishek k

To unsubscribe from this group and stop receiving emails from it, send an email to android-...@googlegroups.com.

[Colin Cross]

I don't think hiddenapi distinguishes between @SystemApi and public api, only blocking access to methods that are @hide and not @SystemApi or @TestApi.

To unsubscribe from this group and stop receiving emails from it, send an email to android-platfo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/4c06696a-b4a1-4836-8c93-67041b8dba05%40googlegroups.com.

[Gabriele Ledonne]

Hi Abhishek,

I would like to ask you how to whitelist a custom api. I'm not able to find a proper way to do it in Android Q: is there any config file in which list my methods?

Thank you!

Gabriele.

[Abhishek Katti]

Hi Gabriele,

Sorry for the delayed response as it was a long christmas break :-)

You can try to make use of droiddoc tool/options via soong build (configuration)

https://source.android.com/setup/build

"droiddoc" is a custom javadoc doclet and this doclet has a number of specialized command line

flags. You can find its sources in build/tools/droiddoc

You can make use of annotations as part of custom api's and generate respective JAR's using soong build configuration.

Hope the above information helps.

Regards,

Abhishek k