AndroidRuntime: pass odsign verification status to ART

ART will refuse to load on-device generated artifacts if odsign verification status suggests files have been tampered with. (cherry picked from commit a8b24392a1da6c3441f38acd623fbefaaa97d723) Bug: 180949581 Test: manual Merged-In: I772b5b7b191310bf7c7797161a304a1ab6f53c5e Change-Id: Ia0e5ebf4c763678fef55139af60b169f0e6fdeee
author: Orion Hodson <oth@google.com> 2021-07-01 12:14:47 +0100
committer: Orion Hodson <oth@google.com> 2021-07-02 11:57:45 +0100
commit: 30202b7abbbcd9f8185b62b836ee6c0268bfeab1 (patch)
tree: 1c576f274a5ea9fd0ac464ec6780a363ad478822 /core/jni/AndroidRuntime.cpp
parent: de8ea692b1c58cb19c7fb94ce1aa5bf9299187b3 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/core/jni/AndroidRuntime.cpp b/core/jni/AndroidRuntime.cpp
index 443bfce7f050..4c4c9aae1b0f 100644
--- a/core/jni/AndroidRuntime.cpp
+++ b/core/jni/AndroidRuntime.cpp
@@ -752,6 +752,11 @@ int AndroidRuntime::startVm(JavaVM** pJavaVM, JNIEnv** pEnv, bool zygote, bool p
         //addOption("-verbose:jni");
     }
 
+    const bool odsignVerificationSuccess = GetBoolProperty("odsign.verification.success", false);
+    if (!odsignVerificationSuccess) {
+        addOption("-Xdeny-art-apex-data-files");
+    }
+
     property_get("dalvik.vm.execution-mode", propBuf, "");
     if (strcmp(propBuf, "int:portable") == 0) {
         executionMode = kEMIntPortable;
author	Orion Hodson <oth@google.com>	2021-07-01 12:14:47 +0100
committer	Orion Hodson <oth@google.com>	2021-07-02 11:57:45 +0100
commit	30202b7abbbcd9f8185b62b836ee6c0268bfeab1 (patch)
tree	1c576f274a5ea9fd0ac464ec6780a363ad478822 /core/jni/AndroidRuntime.cpp
parent	de8ea692b1c58cb19c7fb94ce1aa5bf9299187b3 (diff)