From 0e667821012c20ce9cad922363d923662ac2c856 Mon Sep 17 00:00:00 2001
From: LoveSy <shana@zju.edu.cn>
Date: Thu, 6 May 2021 19:18:27 +0800
Subject: [PATCH] [core] Fix Android P (#542)

---
 .../cpp/main/include/art/runtime/hidden_api.h | 32 +++++++++++++++++++
 core/src/main/cpp/main/src/symbol_cache.cpp   | 14 ++++++--
 core/src/main/cpp/main/src/symbol_cache.h     |  3 ++
 3 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/core/src/main/cpp/main/include/art/runtime/hidden_api.h b/core/src/main/cpp/main/include/art/runtime/hidden_api.h
index ab9a7007..2d2adf58 100644
--- a/core/src/main/cpp/main/include/art/runtime/hidden_api.h
+++ b/core/src/main/cpp/main/include/art/runtime/hidden_api.h
@@ -88,6 +88,32 @@ namespace art {
                 }
         );
 
+        CREATE_HOOK_STUB_ENTRIES(
+                "_ZN3artL29DexFile_createCookieWithArrayEP7_JNIEnvP7_jclassP11_jbyteArrayii",
+                jobject, DexFile_createCookieWithArray, (JNIEnv * env,
+                jclass clazz,
+                jbyteArray buffer,
+                jint start,
+                jint end), {
+                    auto j_cookie = backup(env, clazz, buffer, start, end);
+                    DexFile_setTrusted(env, clazz, j_cookie);
+                    return j_cookie;
+                }
+        );
+
+        CREATE_HOOK_STUB_ENTRIES(
+                "_ZN3artL36DexFile_createCookieWithDirectBufferEP7_JNIEnvP7_jclassP8_jobjectii",
+                jobject, DexFile_createCookieWithDirectBuffer, (JNIEnv * env,
+                jclass clazz,
+                jobject buffer,
+                jint start,
+                jint end), {
+                    auto j_cookie = backup(env, clazz, buffer, start, end);
+                    DexFile_setTrusted(env, clazz, j_cookie);
+                    return j_cookie;
+                }
+        );
+
         static void DisableHiddenApi(void *handle) {
 
             const int api_level = lspd::GetAndroidApiLevel();
@@ -98,6 +124,12 @@ namespace art {
             lspd::HookSymNoHandle(lspd::sym_openDexFileNative, DexFile_openDexFileNative);
             lspd::HookSymNoHandle(lspd::sym_openInMemoryDexFilesNative,
                                   DexFile_openInMemoryDexFilesNative);
+            if (api_level == __ANDROID_API_P__) {
+                lspd::HookSymNoHandle(lspd::sym_createCookieWithArray,
+                                      DexFile_createCookieWithArray);
+                lspd::HookSymNoHandle(lspd::sym_createCookieWithDirectBuffer,
+                                      DexFile_createCookieWithDirectBuffer);
+            }
         };
 
     }
diff --git a/core/src/main/cpp/main/src/symbol_cache.cpp b/core/src/main/cpp/main/src/symbol_cache.cpp
index e19df115..e46cd3cb 100644
--- a/core/src/main/cpp/main/src/symbol_cache.cpp
+++ b/core/src/main/cpp/main/src/symbol_cache.cpp
@@ -37,6 +37,8 @@ namespace lspd {
     void *sym_get_property = nullptr;
     void *handle_libart = nullptr;
     void *sym_openInMemoryDexFilesNative = nullptr;
+    void *sym_createCookieWithArray = nullptr;
+    void *sym_createCookieWithDirectBuffer = nullptr;
     void *sym_openDexFileNative = nullptr;
     void *sym_setTrusted = nullptr;
 
@@ -124,8 +126,16 @@ namespace lspd {
                 auto art = SandHook::ElfImg(real_path);
                 if ((sym_openDexFileNative = reinterpret_cast<void *>(art.getSymbAddress(
                         "_ZN3artL25DexFile_openDexFileNativeEP7_JNIEnvP7_jclassP8_jstringS5_iP8_jobjectP13_jobjectArray"))) &&
-                    (sym_openInMemoryDexFilesNative = reinterpret_cast<void *>(art.getSymbAddress(
-                            "_ZN3artL34DexFile_openInMemoryDexFilesNativeEP7_JNIEnvP7_jclassP13_jobjectArrayS5_P10_jintArrayS7_P8_jobjectS5_"))) &&
+                    (
+                            (sym_openInMemoryDexFilesNative = reinterpret_cast<void *>(art.getSymbAddress(
+                                    "_ZN3artL34DexFile_openInMemoryDexFilesNativeEP7_JNIEnvP7_jclassP13_jobjectArrayS5_P10_jintArrayS7_P8_jobjectS5_"))) ||
+                            (
+                                    (sym_createCookieWithArray = reinterpret_cast<void *>(art.getSymbAddress(
+                                            "_ZN3artL29DexFile_createCookieWithArrayEP7_JNIEnvP7_jclassP11_jbyteArrayii"))) &&
+                                    (sym_createCookieWithDirectBuffer = reinterpret_cast<void *>(art.getSymbAddress(
+                                            "_ZN3artL36DexFile_createCookieWithDirectBufferEP7_JNIEnvP7_jclassP8_jobjectii")))
+                            )
+                    ) &&
                     (sym_setTrusted = reinterpret_cast<void *>(art.getSymbAddress(
                             "_ZN3artL18DexFile_setTrustedEP7_JNIEnvP7_jclassP8_jobject"))))
                     return soinfo->to_handle();
diff --git a/core/src/main/cpp/main/src/symbol_cache.h b/core/src/main/cpp/main/src/symbol_cache.h
index 0ad5c0e7..b1a37d5f 100644
--- a/core/src/main/cpp/main/src/symbol_cache.h
+++ b/core/src/main/cpp/main/src/symbol_cache.h
@@ -32,6 +32,9 @@ namespace lspd {
     extern void *sym_get_property;
     extern void *handle_libart;
     extern void *sym_openInMemoryDexFilesNative;
+    extern void *sym_createCookieWithArray;
+    extern void *sym_createCookieWithDirectBuffer;
+    extern void *sym_openInMemoryDexFilesNative;
     extern void *sym_openDexFileNative;
     extern void *sym_setTrusted;