| 51 | } |
| 52 | |
| 53 | void InitializeSecurityConfig() { |
| 54 | std::call_once(s_securityConfigInitFlag, []() { |
| 55 | try { |
| 56 | JEnv env; |
| 57 | jclass runtimeClass = env.FindClass("com/tns/Runtime"); |
| 58 | if (runtimeClass == nullptr) { |
| 59 | return; |
| 60 | } |
| 61 | |
| 62 | // Check isDebuggable first |
| 63 | jmethodID isDebuggableMid = env.GetStaticMethodID(runtimeClass, "isDebuggable", "()Z"); |
| 64 | if (isDebuggableMid != nullptr) { |
| 65 | jboolean res = env.CallStaticBooleanMethod(runtimeClass, isDebuggableMid); |
| 66 | s_isDebuggable = (res == JNI_TRUE); |
| 67 | } |
| 68 | |
| 69 | // If debuggable, we don't need to check further - always allow |
| 70 | if (s_isDebuggable) { |
| 71 | s_allowRemoteModules = true; |
| 72 | return; |
| 73 | } |
| 74 | |
| 75 | // Check isRemoteModulesAllowed |
| 76 | jmethodID allowRemoteMid = env.GetStaticMethodID(runtimeClass, "isRemoteModulesAllowed", "()Z"); |
| 77 | if (allowRemoteMid != nullptr) { |
| 78 | jboolean res = env.CallStaticBooleanMethod(runtimeClass, allowRemoteMid); |
| 79 | s_allowRemoteModules = (res == JNI_TRUE); |
| 80 | } |
| 81 | |
| 82 | // Get the allowlist |
| 83 | jmethodID getAllowlistMid = env.GetStaticMethodID(runtimeClass, "getRemoteModuleAllowlist", "()[Ljava/lang/String;"); |
| 84 | if (getAllowlistMid != nullptr) { |
| 85 | jobjectArray allowlistArray = (jobjectArray)env.CallStaticObjectMethod(runtimeClass, getAllowlistMid); |
| 86 | if (allowlistArray != nullptr) { |
| 87 | jsize len = env.GetArrayLength(allowlistArray); |
| 88 | for (jsize i = 0; i < len; i++) { |
| 89 | jstring jstr = (jstring)env.GetObjectArrayElement(allowlistArray, i); |
| 90 | if (jstr != nullptr) { |
| 91 | const char* str = env.GetStringUTFChars(jstr, nullptr); |
| 92 | if (str != nullptr) { |
| 93 | s_remoteModuleAllowlist.push_back(std::string(str)); |
| 94 | env.ReleaseStringUTFChars(jstr, str); |
| 95 | } |
| 96 | env.DeleteLocalRef(jstr); |
| 97 | } |
| 98 | } |
| 99 | env.DeleteLocalRef(allowlistArray); |
| 100 | } |
| 101 | } |
| 102 | } catch (...) { |
| 103 | // Keep defaults (remote modules disabled) |
| 104 | } |
| 105 | }); |
| 106 | } |
| 107 | |
| 108 | bool IsRemoteModulesAllowed() { |
| 109 | InitializeSecurityConfig(); |
no test coverage detected