diff options
| author | 2018-04-05 16:10:25 +0100 | |
|---|---|---|
| committer | 2018-05-08 10:30:33 +0100 | |
| commit | a8503d9696f37ff66b23016f3374ecbe59774dc6 (patch) | |
| tree | ff05ba35980c063a046553885268fcffee04d535 /runtime/hidden_api_test.cc | |
| parent | d94a00cdf0519ff92dff1ee59a5a42234a391ddd (diff) | |
Replace kAllLists policy with kJustWarn.
It seems pretty unlikely that we'd ever want to disallow access to the
light greylist in P, since doing do would break do many apps. We don't need
this policy here as an opt-in for apps now, since the StrictMode work will
achieve the same thing.
Instead, make a kJustWarn policy which allows access to all APIs, but
leaves the detection and logging logic in place. This gives us the option
of disabling enforcement, but still gathering logs to find out which apps
use which APIs.
Add some tests for GetActionFromAccessFlags since the logic is getting
more complex.
Bug: 77517571
Test: make test-art-host-gtest-hidden_api_test
Test: boot device
Merged-In: I2e6824d7ef53532d0836a2b6b1930cbbed196d0c
Change-Id: I2e6824d7ef53532d0836a2b6b1930cbbed196d0c
(cherry picked from commit 68693699d62bc7a2192f51be191ae81defcf4388)
Diffstat (limited to 'runtime/hidden_api_test.cc')
| -rw-r--r-- | runtime/hidden_api_test.cc | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/runtime/hidden_api_test.cc b/runtime/hidden_api_test.cc index 5a31dd4972..65d6363bfd 100644 --- a/runtime/hidden_api_test.cc +++ b/runtime/hidden_api_test.cc @@ -22,6 +22,7 @@ namespace art { using hiddenapi::detail::MemberSignature; +using hiddenapi::GetActionFromAccessFlags; class HiddenApiTest : public CommonRuntimeTest { protected: @@ -84,6 +85,39 @@ class HiddenApiTest : public CommonRuntimeTest { ArtMethod* class3_method1_i_; }; +TEST_F(HiddenApiTest, CheckGetActionFromRuntimeFlags) { + uint32_t whitelist = HiddenApiAccessFlags::EncodeForRuntime(0, HiddenApiAccessFlags::kWhitelist); + uint32_t lightgreylist = + HiddenApiAccessFlags::EncodeForRuntime(0, HiddenApiAccessFlags::kLightGreylist); + uint32_t darkgreylist = + HiddenApiAccessFlags::EncodeForRuntime(0, HiddenApiAccessFlags::kDarkGreylist); + uint32_t blacklist = HiddenApiAccessFlags::EncodeForRuntime(0, HiddenApiAccessFlags::kBlacklist); + + runtime_->SetHiddenApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kNoChecks); + ASSERT_EQ(GetActionFromAccessFlags(whitelist), hiddenapi::kAllow); + ASSERT_EQ(GetActionFromAccessFlags(lightgreylist), hiddenapi::kAllow); + ASSERT_EQ(GetActionFromAccessFlags(darkgreylist), hiddenapi::kAllow); + ASSERT_EQ(GetActionFromAccessFlags(blacklist), hiddenapi::kAllow); + + runtime_->SetHiddenApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kJustWarn); + ASSERT_EQ(GetActionFromAccessFlags(whitelist), hiddenapi::kAllow); + ASSERT_EQ(GetActionFromAccessFlags(lightgreylist), hiddenapi::kAllowButWarn); + ASSERT_EQ(GetActionFromAccessFlags(darkgreylist), hiddenapi::kAllowButWarn); + ASSERT_EQ(GetActionFromAccessFlags(blacklist), hiddenapi::kAllowButWarn); + + runtime_->SetHiddenApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kDarkGreyAndBlackList); + ASSERT_EQ(GetActionFromAccessFlags(whitelist), hiddenapi::kAllow); + ASSERT_EQ(GetActionFromAccessFlags(lightgreylist), hiddenapi::kAllowButWarn); + ASSERT_EQ(GetActionFromAccessFlags(darkgreylist), hiddenapi::kDeny); + ASSERT_EQ(GetActionFromAccessFlags(blacklist), hiddenapi::kDeny); + + runtime_->SetHiddenApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kBlacklistOnly); + ASSERT_EQ(GetActionFromAccessFlags(whitelist), hiddenapi::kAllow); + ASSERT_EQ(GetActionFromAccessFlags(lightgreylist), hiddenapi::kAllowButWarn); + ASSERT_EQ(GetActionFromAccessFlags(darkgreylist), hiddenapi::kAllowButWarnAndToast); + ASSERT_EQ(GetActionFromAccessFlags(blacklist), hiddenapi::kDeny); +} + TEST_F(HiddenApiTest, CheckMembersRead) { ASSERT_NE(nullptr, class1_field1_); ASSERT_NE(nullptr, class1_field12_); |