Skip to content
This repository has been archived by the owner on Jan 12, 2023. It is now read-only.

WebViewDataTest fails on API 26+ after Android Profiler file injection (part 1: whitelist) #1842

Closed
mcomella opened this issue Nov 29, 2017 · 4 comments
Closed

WebViewDataTest fails on API 26+ after Android Profiler file injection (part 1: whitelist) #1842

mcomella opened this issue Nov 29, 2017 · 4 comments
Assignees
@mcomella
Labels
bug P1 QANotNeeded testing meta label for all features/bugs requiring test
Milestone
v4.0

Comments

@mcomella
Copy link
Contributor

Stack trace:

java.lang.AssertionError: Expected file 'perfd' to be in the app's data dir whitelist
at org.junit.Assert.fail(Assert.java:88)
at org.junit.Assert.assertTrue(Assert.java:41)
at org.mozilla.focus.activity.WebViewDataTest.DeleteWebViewDataTest(WebViewDataTest.java:205)
at java.lang.reflect.Method.invoke(Native Method)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)

It seems there are a few files in the data/ directory that don't exist on my API 23 emulator, which is why I didn't catch this sooner.

We should also verify that these files, if we whitelist them, aren't leaking browsing state. Otherwise, we should delete them!
@mcomella mcomella added P1 testing meta label for all features/bugs requiring test labels Nov 29, 2017
@mcomella mcomella added this to the Focus Android V4.0 milestone Nov 29, 2017
@mcomella mcomella self-assigned this Nov 29, 2017
@mcomella
Copy link
Contributor Author

These may come from the new Android Studio 3.0 profiler. Three files I noticed are:

  • perfa.jar
  • perfd (binary file)
  • libperfa_x86.so

The contents of perfa.jar:

$ unzip perfa.jar
Archive:  perfa.jar
  inflating: META-INF/MANIFEST.MF
  inflating: classes.dex
   creating: com/
   creating: com/android/
   creating: com/android/tools/
   creating: com/android/tools/profiler/
   creating: com/android/tools/profiler/support/
   creating: com/android/tools/profiler/support/event/
   creating: com/android/tools/profiler/support/memory/
   creating: com/android/tools/profiler/support/network/
   creating: com/android/tools/profiler/support/network/httpurl/
   creating: com/android/tools/profiler/support/network/okhttp/
   creating: com/android/tools/profiler/support/network/okhttp/reflection/
   creating: com/android/tools/profiler/support/network/okhttp/reflection/okhttp2/
   creating: com/android/tools/profiler/support/network/okhttp/reflection/okhttp3/
   creating: com/android/tools/profiler/support/network/okhttp/reflection/okio/
   creating: com/android/tools/profiler/support/profilers/
   creating: com/android/tools/profiler/support/util/

I confirmed that these files are not injected in AS 2.3.3 but are in 3.0.1.

The new profiler description page mentions, "To show you advanced profiling data, Android Studio must inject monitoring logic into your compiled app." After following the directions to enable it, I see:
screen shot 2017-11-29 at 16 01 59

Which leads me to the conclusion: Android Studio 3.0+ is automatically injecting profiler related files on API 26+ and this can also be enabled for APIs below 26: I assume this only affects debug builds. Note that I did not extensively test this so this conclusion may be wrong in some cases.

@mcomella
Copy link
Contributor Author

We should also verify that these files, if we whitelist them, aren't leaking browsing state. Otherwise, we should delete them!

I don't want to delete them because this may break our ability to correctly profile the app so I'm going to whitelist them.

@mcomella mcomella added the bug label Nov 30, 2017
@mcomella
Copy link
Contributor Author

I'm having second thoughts – if our intent is to ensure there is no browsing data left on disk and the profiler caches browsing data on disk, shouldn't we delete the profiler's files? I'm going to investigate if these files are added in:

  1. Release builds
  2. Gradle-only builds (i.e. not from Android Studio)

If so:

  • We should delete the profiler's files on clean-up
  • To prevent the profiler from breaking, in local builds we can have a branch to avoid deleting those files

If not:

  • The simple solution is to whitelist the files. It could be insecure if these files are added to release builds later
  • We could delete on cleanup and add a branch that doesn't delete the profile, as per the above.

fwiw, perfd contained "localhost" (or, at least the binary data in the file matched "localhost") and broke the test even when I whitelist the files; perhaps this is not surprising because it has a network monitor.

@mcomella
Copy link
Contributor Author

It appears data these profiler files will only be injected if you build via Android Studio and you have opened the "Android profiler" tab at least once since this current Android Studio process has been launched.

I think we should whitelist these so we don't break local builds and I think it's unlikely that these files will be added for release builds so it should be safe.

mcomella added a commit to mcomella/focus-android that referenced this issue Nov 30, 2017
@mcomella
Closes mozilla-mobile#1842: Whitelist AS profiler files.
1518a49 
Given the conditions under which I've noticed these files are added, it's only
likely to occur in local builds. However, if we wanted to be extra safe that
these files aren't kept on disk in release builds, we could explicitly delete
them but then we'd presumably have to add a branch to allow developer builds to
use these files without problems. For simplicity, I've opted for the whitelist.
@mcomella mcomella mentioned this issue Nov 30, 2017
Merged
@mcomella mcomella mentioned this issue Nov 30, 2017
Closed
@mcomella mcomella changed the title WebViewDataTest fails on API 26 Pixel emulator WebViewDataTest fails on API 26+ after Android Profiler file injection Nov 30, 2017
@mcomella mcomella changed the title WebViewDataTest fails on API 26+ after Android Profiler file injection WebViewDataTest fails on API 26+ after Android Profiler file injection (part 1) Dec 1, 2017
@mcomella mcomella changed the title WebViewDataTest fails on API 26+ after Android Profiler file injection (part 1) WebViewDataTest fails on API 26+ after Android Profiler file injection (part 1: whitelist) Dec 1, 2017
riyaz pushed a commit to riyaz/focus-android-old that referenced this issue Dec 14, 2017
@mcomella
Closes mozilla-mobile#1842: Whitelist AS profiler files.
75d4241 
Given the conditions under which I've noticed these files are added, it's only
likely to occur in local builds. However, if we wanted to be extra safe that
these files aren't kept on disk in release builds, we could explicitly delete
them but then we'd presumably have to add a branch to allow developer builds to
use these files without problems. For simplicity, I've opted for the whitelist.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mcomella mcomella

Labels
bug P1 QANotNeeded testing meta label for all features/bugs requiring test
Projects
None yet
Milestone
v4.0
Development

No branches or pull requests
2 participants
@mcomella @nojunpark