search

google / conscrypt

Conscrypt is a Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.
Apache License 2.0
1.28k stars 273 forks source link

GTS test failing because of undefined symbols #879

Open bsafwen opened 4 years ago

bsafwen commented 4 years ago

Hello,

We are building an android system application that uses the AWS IOT SDK for Android. To be able to deploy this app on Android TV STB's, we need to run the android test suites (CTS/GTS). Unfortunately, We have a GTS test failing with our application. The failure seems related to the 'conscrypt' dependency of the AWS IOT SDK. Could you please check bellow logs and share any thoughts you may have on how to fix this?

com.android.compatibility.common.tradefed.testtype.JarHostTest com.android.gts.api.UnofficialApisUsageTest#testNonApiReferences fail:
junit.framework.AssertionFailedError:
Undefined type ref: com.android.org.conscrypt.OpenSSLSocketImpl from: /vendor/app/App/App.apk
Undefined type ref: com.android.org.conscrypt.SSLParametersImpl from: /vendor/app/App/App.apk
Undefined type ref: dalvik.system.BlockGuard from: /vendor/app/App/App.apk
Undefined type ref: dalvik.system.BlockGuard.Policy from: /vendor/app/App/App.apk
Undefined type ref: dalvik.system.CloseGuard from: /vendor/app/App/App.apk
Undefined type ref: org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl from: /vendor/app/App/App.apk
Undefined type ref: org.apache.harmony.xnet.provider.jsse.SSLParametersImpl from: /vendor/app/App/App.apk
Undefined method ref: com.android.org.conscrypt.OpenSSLSocketImpl.<init>(com.android.org.conscrypt.SSLParametersImpl) from: /vendor/app/App/App.apk
Undefined method ref: dalvik.system.BlockGuard.Policy.onNetwork()void from: /vendor/app/App/App.apk
Undefined method ref: dalvik.system.BlockGuard.getThreadPolicy()dalvik.system.BlockGuard.Policy from: /vendor/app/App/App.apk

GTS version 7.0_r4 Device android version: ro.build.version.release:10 ro.build.version.sdk:29

I think the conscrypt errors come from here:

    public static SSLSocketFactory wrapSocketFactoryIfNeeded(OpenSSLSocketFactoryImpl factory) {
        if (Build.VERSION.SDK_INT < 19) {
            return new PreKitKatPlatformOpenSSLSocketAdapterFactory(factory);
        } else if (Build.VERSION.SDK_INT < 22) {
            return new KitKatPlatformOpenSSLSocketAdapterFactory(factory);
        }
        return factory;
    }

and KitKatPlatformOpenSSLSocketAdapterFactory extends com.android.org.conscrypt.OpenSSLSocketImpl;

For the BlockGuard error, the api is internal and Google disallows using it:

@libcore.api.CorePlatformApi
@libcore.api.IntraCoreApi
public final class BlockGuard {
}

as for the CloseGuard error, CloseGuard move from dalvik.system to android.util

Regards

kruton commented 4 years ago

I would just use Google Play Service's ProviderInstaller instead of packaging Conscrypt with your app.

bsafwen commented 3 years ago

System apps don't have the permission to use ProviderInstaller, I get permission denied, and the AWS IoT SDK makes calls to libconscrypt, to add the conscrypt provider Security.addProvider(new OpenSSLProvider()); and another one to set the ALPN extension: Conscrypt.setApplicationProtocols((SSLSocket) socket, ALPN_EXTENSION);

daulet commented 3 years ago

Sounds more like this is an issue with AWS IoT SDK