Revert "Remove obsolete TestApiEnforcementPolicy."
This reverts commit d8b153b7c2026f45db97a7fd5804957becc5cfdf.
Reason for revert: cts tests on -user builds is broken
Change-Id: I7528fb6d1606f08d2398bc4cbb27519424cf1b51
diff --git a/runtime/hidden_api.cc b/runtime/hidden_api.cc
index d1c6ee1..f42ed49 100644
--- a/runtime/hidden_api.cc
+++ b/runtime/hidden_api.cc
@@ -512,9 +512,13 @@
return false;
}
+ EnforcementPolicy testApiPolicy = runtime->GetTestApiEnforcementPolicy();
+
bool deny_access = false;
if (hiddenApiPolicy == EnforcementPolicy::kEnabled) {
- if (api_list.IsTestApi() && compatFramework.IsChangeEnabled(kAllowTestApiAccess)) {
+ if (api_list.IsTestApi() &&
+ (testApiPolicy == EnforcementPolicy::kDisabled ||
+ compatFramework.IsChangeEnabled(kAllowTestApiAccess))) {
deny_access = false;
} else {
switch (api_list.GetMaxAllowedSdkVersion()) {
diff --git a/runtime/hidden_api_test.cc b/runtime/hidden_api_test.cc
index 9c278fd..cfdba45 100644
--- a/runtime/hidden_api_test.cc
+++ b/runtime/hidden_api_test.cc
@@ -216,6 +216,7 @@
static_cast<uint32_t>(hiddenapi::ApiList::MaxTargetR().GetMaxAllowedSdkVersion()) + 1);
// Default case where all TestApis are treated like non-TestApi.
+ runtime_->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kEnabled);
setChangeIdState(kAllowTestApiAccess, false);
ASSERT_EQ(
ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Sdk()), false);
@@ -233,6 +234,25 @@
ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Blocked()), true);
// A case where we want to allow access to TestApis.
+ runtime_->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kDisabled);
+ setChangeIdState(kAllowTestApiAccess, false);
+ ASSERT_EQ(
+ ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Sdk()), false);
+ ASSERT_EQ(
+ ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Unsupported()), false);
+ ASSERT_EQ(
+ ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::MaxTargetR()), false);
+ ASSERT_EQ(
+ ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::MaxTargetQ()), false);
+ ASSERT_EQ(
+ ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::MaxTargetP()), false);
+ ASSERT_EQ(
+ ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::MaxTargetO()), false);
+ ASSERT_EQ(
+ ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Blocked()), false);
+
+ // A second case where we want to allow access to TestApis.
+ runtime_->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kEnabled);
setChangeIdState(kAllowTestApiAccess, true);
ASSERT_EQ(
ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Sdk()), false);
diff --git a/runtime/native/dalvik_system_ZygoteHooks.cc b/runtime/native/dalvik_system_ZygoteHooks.cc
index 8a474b6..c37b8bb 100644
--- a/runtime/native/dalvik_system_ZygoteHooks.cc
+++ b/runtime/native/dalvik_system_ZygoteHooks.cc
@@ -152,6 +152,7 @@
PROFILE_FROM_SHELL = 1 << 15,
USE_APP_IMAGE_STARTUP_CACHE = 1 << 16,
DEBUG_IGNORE_APP_SIGNAL_HANDLER = 1 << 17,
+ DISABLE_TEST_API_ENFORCEMENT_POLICY = 1 << 18,
// bits to shift (flags & HIDDEN_API_ENFORCEMENT_POLICY_MASK) by to get a value
// corresponding to hiddenapi::EnforcementPolicy
@@ -318,6 +319,13 @@
(runtime_flags & HIDDEN_API_ENFORCEMENT_POLICY_MASK) >> API_ENFORCEMENT_POLICY_SHIFT);
runtime_flags &= ~HIDDEN_API_ENFORCEMENT_POLICY_MASK;
+ if ((runtime_flags & DISABLE_TEST_API_ENFORCEMENT_POLICY) != 0u) {
+ runtime->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kDisabled);
+ } else {
+ runtime->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kEnabled);
+ }
+ runtime_flags &= ~DISABLE_TEST_API_ENFORCEMENT_POLICY;
+
bool profile_system_server = (runtime_flags & PROFILE_SYSTEM_SERVER) == PROFILE_SYSTEM_SERVER;
runtime_flags &= ~PROFILE_SYSTEM_SERVER;
diff --git a/runtime/runtime.cc b/runtime/runtime.cc
index 179cd41..b174f2a 100644
--- a/runtime/runtime.cc
+++ b/runtime/runtime.cc
@@ -287,6 +287,7 @@
safe_mode_(false),
hidden_api_policy_(hiddenapi::EnforcementPolicy::kDisabled),
core_platform_api_policy_(hiddenapi::EnforcementPolicy::kDisabled),
+ test_api_policy_(hiddenapi::EnforcementPolicy::kDisabled),
dedupe_hidden_api_warnings_(true),
hidden_api_access_event_log_rate_(0),
dump_native_stack_on_sig_quit_(true),
diff --git a/runtime/runtime.h b/runtime/runtime.h
index 8408b8b..c0a880e 100644
--- a/runtime/runtime.h
+++ b/runtime/runtime.h
@@ -603,6 +603,14 @@
return core_platform_api_policy_;
}
+ void SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy policy) {
+ test_api_policy_ = policy;
+ }
+
+ hiddenapi::EnforcementPolicy GetTestApiEnforcementPolicy() const {
+ return test_api_policy_;
+ }
+
void SetHiddenApiExemptions(const std::vector<std::string>& exemptions) {
hidden_api_exemptions_ = exemptions;
}
@@ -1231,6 +1239,9 @@
// Whether access checks on core platform API should be performed.
hiddenapi::EnforcementPolicy core_platform_api_policy_;
+ // Whether access checks on test API should be performed.
+ hiddenapi::EnforcementPolicy test_api_policy_;
+
// List of signature prefixes of methods that have been removed from the blacklist, and treated
// as if whitelisted.
std::vector<std::string> hidden_api_exemptions_;