Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_art / 9b5ddff6f74073a2b45669eff8379ed796dbf488^! / .
commit9b5ddff6f74073a2b45669eff8379ed796dbf488[log] [tgz]
authorMathew Inwood <mathewi@google.com>Wed May 16 11:18:10 2018 +0100
committerMathew Inwood <mathewi@google.com>Fri May 18 08:32:32 2018 +0000
tree35678faec5526810a7066a421fbfa712a8795122
parent8d2befc479f59f10421066e1586b23d075b16348 [diff]
Hidden API: only log what we deny.

Only print a "Accessing hidden ..." warning in logcat when we deny access
to any API, or if the app is debuggable. This reduces log spam.

Update test expectations accordingly.

Bug: 79914966
Test: $ art/test.py -b --host -t 674-hiddenapi

(cherry picked from commit 46b26278907301dcc27010b397d1a4bd1cd53b33)

Merged-In: Ic6dfa0dd519a8854e3a40ba19c9a001c0c2a378b
Change-Id: Ieda769d51e53ec4b7712d0bb1bf76e1a95d2120f

diff --git a/runtime/hidden_api.cc b/runtime/hidden_api.cc
index ee518ae..e41d1d3 100644
--- a/runtime/hidden_api.cc
+++ b/runtime/hidden_api.cc

@@ -40,7 +40,7 @@
 // Note that when flipping this flag, you must also update the expectations of test 674-hiddenapi
 // as it affects whether or not we warn for light grey APIs that have been added to the exemptions
 // list.
-static constexpr bool kLogAllAccesses = true;
+static constexpr bool kLogAllAccesses = false;
 
 static inline std::ostream& operator<<(std::ostream& os, AccessMethod value) {
   switch (value) {
@@ -219,7 +219,8 @@
   // - for non-debuggable apps, there is no distinction between light grey & whitelisted APIs.
   // - we want to avoid the overhead of checking for exemptions for light greylisted APIs whenever
   //   possible.
-  if (kLogAllAccesses || action == kDeny || runtime->IsJavaDebuggable()) {
+  const bool shouldWarn = kLogAllAccesses || runtime->IsJavaDebuggable();
+  if (shouldWarn || action == kDeny) {
     if (member_signature.IsExempted(runtime->GetHiddenApiExemptions())) {
       action = kAllow;
       // Avoid re-examining the exemption list next time.
@@ -260,7 +261,8 @@
     MaybeWhitelistMember(runtime, member);
 
     // If this action requires a UI warning, set the appropriate flag.
-    if (action == kAllowButWarnAndToast || runtime->ShouldAlwaysSetHiddenApiWarningFlag()) {
+    if (shouldWarn &&
+        (action == kAllowButWarnAndToast || runtime->ShouldAlwaysSetHiddenApiWarningFlag())) {
       runtime->SetPendingHiddenApiWarning(true);
     }
   }

diff --git a/test/674-hiddenapi/src-ex/ChildClass.java b/test/674-hiddenapi/src-ex/ChildClass.java
index 0349e8f..d5966cd 100644
--- a/test/674-hiddenapi/src-ex/ChildClass.java
+++ b/test/674-hiddenapi/src-ex/ChildClass.java

@@ -91,12 +91,12 @@
     // Run meaningful combinations of access flags.
     for (Hiddenness hiddenness : Hiddenness.values()) {
       final Behaviour expected;
-      if (isSameBoot || hiddenness == Hiddenness.Whitelist || everythingWhitelisted) {
+      // Warnings are now disabled whenever access is granted, even for
+      // greylisted APIs. This is the behaviour for release builds.
+      if (isSameBoot || hiddenness != Hiddenness.Blacklist || everythingWhitelisted) {
         expected = Behaviour.Granted;
-      } else if (hiddenness == Hiddenness.Blacklist) {
-        expected = Behaviour.Denied;
       } else {
-        expected = Behaviour.Warning;
+        expected = Behaviour.Denied;
       }
 
       for (boolean isStatic : booleanValues) {