diff options
| author | 2019-10-31 14:59:26 +0000 | |
|---|---|---|
| committer | 2019-11-07 15:23:32 +0000 | |
| commit | 267366ca19e7b71a63d3c4a02976cc56a6e58adc (patch) | |
| tree | 063ef118f770096ac667f5b4c7d22b75693896c0 /runtime/hidden_api_test.cc | |
| parent | fa2b2d35255515accd0aa69193aa5e72b009e38e (diff) | |
Only allow access to @TestApi signatures in instrumented processes.
Note that the check is for "pure" @TestApi signatures, i.e. those that are on blacklist. If the signature is also annotated with @SystemApi or @UnsupportedApiUsage then it would not be on blacklist.
Bug: 133832325
Test: manual
Change-Id: I546fb42495331efd638d9def924ef33da0c80182
Diffstat (limited to 'runtime/hidden_api_test.cc')
| -rw-r--r-- | runtime/hidden_api_test.cc | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/runtime/hidden_api_test.cc b/runtime/hidden_api_test.cc index d5c03c3850..145bb07676 100644 --- a/runtime/hidden_api_test.cc +++ b/runtime/hidden_api_test.cc @@ -155,6 +155,44 @@ TEST_F(HiddenApiTest, CheckGetActionFromRuntimeFlags) { ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::Blacklist()), true); } +TEST_F(HiddenApiTest, CheckTestApiEnforcement) { + ScopedObjectAccess soa(self_); + + runtime_->SetHiddenApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kEnabled); + runtime_->SetTargetSdkVersion( + static_cast<uint32_t>(hiddenapi::ApiList::GreylistMaxQ().GetMaxAllowedSdkVersion()) + 1); + + // Default case where all TestApis are treated like non-TestApi. + runtime_->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kEnabled); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Whitelist()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Greylist()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::GreylistMaxQ()), true); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::GreylistMaxP()), true); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::GreylistMaxO()), true); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Blacklist()), true); + + // A case where we want to allow access to TestApis. + runtime_->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kDisabled); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Whitelist()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Greylist()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::GreylistMaxQ()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::GreylistMaxP()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::GreylistMaxO()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Blacklist()), false); +} + TEST_F(HiddenApiTest, CheckMembersRead) { ASSERT_NE(nullptr, class1_field1_); ASSERT_NE(nullptr, class1_field12_); |