// Copyright (C) 2019 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include "__mutex_base"
#include <cstddef>
#include <fcntl.h>
#include <fstream>
#include <memory>
#include <sstream>
#include <string>
#include <unistd.h>
#include <unordered_set>
#include <android-base/logging.h>
#include <android-base/macros.h>
#include <nativehelper/scoped_local_ref.h>
#include <jni.h>
#include <jvmti.h>
// Slicer's headers have code that triggers these warnings. b/65298177
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wunused-parameter"
#pragma clang diagnostic ignored "-Wsign-compare"
#include <slicer/code_ir.h>
#include <slicer/dex_bytecode.h>
#include <slicer/dex_ir.h>
#include <slicer/dex_ir_builder.h>
#include <slicer/reader.h>
#include <slicer/writer.h>
#pragma clang diagnostic pop
namespace forceredefine {
namespace {
struct AgentInfo {
std::fstream stream;
std::unordered_set<std::string> classes;
std::mutex mutex;
};
// Converts a class name to a type descriptor
// (ex. "java.lang.String" to "Ljava/lang/String;")
std::string classNameToDescriptor(const char* className) {
std::stringstream ss;
ss << "L";
for (auto p = className; *p != '\0'; ++p) {
ss << (*p == '.' ? '/' : *p);
}
ss << ";";
return ss.str();
}
// Converts a descriptor (Lthis/style/of/name;) to a jni-FindClass style Fully-qualified class name
// (this/style/of/name).
std::string DescriptorToFQCN(const std::string& descriptor) {
return descriptor.substr(1, descriptor.size() - 2);
}
static AgentInfo* GetAgentInfo(jvmtiEnv* jvmti) {
AgentInfo* ai = nullptr;
CHECK_EQ(jvmti->GetEnvironmentLocalStorage(reinterpret_cast<void**>(&ai)), JVMTI_ERROR_NONE);
CHECK(ai != nullptr);
return ai;
}
class JvmtiAllocator : public dex::Writer::Allocator {
public:
explicit JvmtiAllocator(jvmtiEnv* jvmti) : jvmti_(jvmti) {}
void* Allocate(size_t size) override {
unsigned char* res = nullptr;
jvmti_->Allocate(size, &res);
return res;
}
void Free(void* ptr) override {
jvmti_->Deallocate(reinterpret_cast<unsigned char*>(ptr));
}
private:
jvmtiEnv* jvmti_;
};
static void Transform(std::shared_ptr<ir::DexFile> ir) {
std::unique_ptr<ir::Builder> builder;
for (auto& method : ir->encoded_methods) {
// Do not look into abstract/bridge/native/synthetic methods.
if ((method->access_flags &
(dex::kAccAbstract | dex::kAccBridge | dex::kAccNative | dex::kAccSynthetic)) != 0) {
continue;
}
struct AddNopVisitor : public lir::Visitor {
explicit AddNopVisitor(lir::CodeIr* cir) : cir_(cir) {}
bool Visit(lir::Bytecode* bc) override {
if (seen_first_inst) {
return false;
}
seen_first_inst = true;
auto new_inst = cir_->Alloc<lir::Bytecode>();
new_inst->opcode = dex::OP_NOP;
cir_->instructions.InsertBefore(bc, new_inst);
return true;
}
lir::CodeIr* cir_;
bool seen_first_inst = false;
};
lir::CodeIr c(method.get(), ir);
AddNopVisitor visitor(&c);
for (auto it = c.instructions.begin(); it != c.instructions.end(); ++it) {
lir::Instruction* fi = *it;
if (fi->Accept(&visitor)) {
break;
}
}
c.Assemble();
}
}
static void CbClassFileLoadHook(jvmtiEnv* jvmti,
JNIEnv* env ATTRIBUTE_UNUSED,
jclass classBeingRedefined ATTRIBUTE_UNUSED,
jobject loader ATTRIBUTE_UNUSED,
const char* name,
jobject protectionDomain ATTRIBUTE_UNUSED,
jint classDataLen,
const unsigned char* classData,
jint* newClassDataLen,
unsigned char** newClassData) {
std::string desc(classNameToDescriptor(name));
std::string fqcn(DescriptorToFQCN(desc));
AgentInfo* ai = GetAgentInfo(jvmti);
{
std::lock_guard<std::mutex> mu(ai->mutex);
if (ai->classes.find(fqcn) == ai->classes.end()) {
return;
}
}
LOG(INFO) << "Got CFLH for " << name << " on env " << static_cast<void*>(jvmti);
JvmtiAllocator allocator(jvmti);
dex::Reader reader(classData, classDataLen);
dex::u4 index = reader.FindClassIndex(desc.c_str());
reader.CreateClassIr(index);
std::shared_ptr<ir::DexFile> ir(reader.GetIr());
Transform(ir);
dex::Writer writer(ir);
size_t new_size;
*newClassData = writer.CreateImage(&allocator, &new_size);
*newClassDataLen = new_size;
}
static jclass FindClass(jvmtiEnv* jvmti, JNIEnv* env, const std::string& name) {
jclass res = env->FindClass(name.c_str());
if (res != nullptr) {
return res;
}
ScopedLocalRef<jthrowable> exc(env, env->ExceptionOccurred());
env->ExceptionClear();
// Try to find it in other classloaders.
env->PushLocalFrame(1 << 18);
do {
jint cnt;
jclass* klasses;
if (jvmti->GetLoadedClasses(&cnt, &klasses) != JVMTI_ERROR_NONE) {
LOG(ERROR) << "Unable to get loaded classes!";
break;
}
for (jint i = 0; i < cnt; i++) {
char* sig;
if (jvmti->GetClassSignature(klasses[i], &sig, nullptr) != JVMTI_ERROR_NONE) {
continue;
}
if (sig[0] == 'L' && DescriptorToFQCN(sig) == name) {
res = klasses[i];
break;
}
}
jvmti->Deallocate(reinterpret_cast<unsigned char*>(klasses));
} while (false);
res = reinterpret_cast<jclass>(env->PopLocalFrame(res));
if (res == nullptr && exc.get() != nullptr) {
env->Throw(exc.get());
}
return res;
}
static void RedefineClass(jvmtiEnv* jvmti, JNIEnv* env, const std::string& klass_name) {
jclass klass = nullptr;
if ((klass = FindClass(jvmti, env, klass_name)) == nullptr) {
LOG(WARNING) << "Failed to find class for " << klass_name;
env->ExceptionDescribe();
env->ExceptionClear();
return;
}
jvmti->RetransformClasses(1, &klass);
env->DeleteLocalRef(klass);
}
static void AgentMain(jvmtiEnv* jvmti, JNIEnv* jni, void* arg ATTRIBUTE_UNUSED) {
AgentInfo* ai = GetAgentInfo(jvmti);
std::string klass_name;
jvmti->SetEventNotificationMode(JVMTI_ENABLE, JVMTI_EVENT_CLASS_FILE_LOAD_HOOK, nullptr);
// TODO Replace this with something that can read from a fifo and ignore the 'EOF's.
while (std::getline(ai->stream, klass_name, '\n')) {
LOG(INFO) << "Redefining class " << klass_name << " with " << static_cast<void*>(jvmti);
{
std::lock_guard<std::mutex> mu(ai->mutex);
ai->classes.insert(klass_name);
}
RedefineClass(jvmti, jni, klass_name);
}
}
static void CbVmInit(jvmtiEnv* jvmti, JNIEnv* env, jthread thr ATTRIBUTE_UNUSED) {
// Create a Thread object.
ScopedLocalRef<jobject> thread_name(env, env->NewStringUTF("Agent Thread"));
if (thread_name.get() == nullptr) {
env->ExceptionDescribe();
env->ExceptionClear();
return;
}
ScopedLocalRef<jclass> thread_klass(env, env->FindClass("java/lang/Thread"));
if (thread_klass.get() == nullptr) {
env->ExceptionDescribe();
env->ExceptionClear();
return;
}
ScopedLocalRef<jobject> thread(env, env->AllocObject(thread_klass.get()));
if (thread.get() == nullptr) {
env->ExceptionDescribe();
env->ExceptionClear();
return;
}
env->CallNonvirtualVoidMethod(
thread.get(),
thread_klass.get(),
env->GetMethodID(thread_klass.get(), "<init>", "(Ljava/lang/String;)V"),
thread_name.get());
env->CallVoidMethod(thread.get(), env->GetMethodID(thread_klass.get(), "setPriority", "(I)V"), 1);
env->CallVoidMethod(
thread.get(), env->GetMethodID(thread_klass.get(), "setDaemon", "(Z)V"), JNI_TRUE);
jvmti->RunAgentThread(thread.get(), AgentMain, nullptr, JVMTI_THREAD_MIN_PRIORITY);
}
} // namespace
template <bool kIsOnLoad>
static jint AgentStart(JavaVM* vm, char* options, void* reserved ATTRIBUTE_UNUSED) {
jvmtiEnv* jvmti = nullptr;
if (vm->GetEnv(reinterpret_cast<void**>(&jvmti), JVMTI_VERSION_1_1) != JNI_OK ||
jvmti == nullptr) {
LOG(ERROR) << "unable to obtain JVMTI env.";
return JNI_ERR;
}
std::string sopts(options);
AgentInfo* ai = new AgentInfo;
ai->stream.open(options, std::ios_base::in);
if (!ai->stream.is_open()) {
PLOG(ERROR) << "Could not open file " << options << " for triggering class-reload";
return JNI_ERR;
}
jvmtiCapabilities caps{
.can_retransform_classes = 1,
};
if (jvmti->AddCapabilities(&caps) != JVMTI_ERROR_NONE) {
LOG(ERROR) << "Unable to get retransform_classes capability!";
return JNI_ERR;
}
jvmtiEventCallbacks cb{
.ClassFileLoadHook = CbClassFileLoadHook,
.VMInit = CbVmInit,
};
jvmti->SetEventCallbacks(&cb, sizeof(cb));
jvmti->SetEnvironmentLocalStorage(reinterpret_cast<void*>(ai));
if (kIsOnLoad) {
jvmti->SetEventNotificationMode(JVMTI_ENABLE, JVMTI_EVENT_VM_INIT, nullptr);
} else {
JNIEnv* jni = nullptr;
vm->GetEnv(reinterpret_cast<void**>(&jni), JNI_VERSION_1_2);
jthread thr;
jvmti->GetCurrentThread(&thr);
CbVmInit(jvmti, jni, thr);
}
return JNI_OK;
}
// Late attachment (e.g. 'am attach-agent').
extern "C" JNIEXPORT jint JNICALL Agent_OnAttach(JavaVM* vm, char* options, void* reserved) {
return AgentStart<false>(vm, options, reserved);
}
// Early attachment
extern "C" JNIEXPORT jint JNICALL Agent_OnLoad(JavaVM* jvm, char* options, void* reserved) {
return AgentStart<true>(jvm, options, reserved);
}
} // namespace forceredefine