diff options
| -rw-r--r-- | runtime/hidden_api.cc | 6 | ||||
| -rw-r--r-- | runtime/hidden_api_test.cc | 20 | ||||
| -rw-r--r-- | runtime/native/dalvik_system_ZygoteHooks.cc | 8 | ||||
| -rw-r--r-- | runtime/runtime.cc | 1 | ||||
| -rw-r--r-- | runtime/runtime.h | 11 |
5 files changed, 45 insertions, 1 deletions
diff --git a/runtime/hidden_api.cc b/runtime/hidden_api.cc index d1c6ee15a5..f42ed49140 100644 --- a/runtime/hidden_api.cc +++ b/runtime/hidden_api.cc @@ -512,9 +512,13 @@ bool ShouldDenyAccessToMemberImpl(T* member, ApiList api_list, AccessMethod acce return false; } + EnforcementPolicy testApiPolicy = runtime->GetTestApiEnforcementPolicy(); + bool deny_access = false; if (hiddenApiPolicy == EnforcementPolicy::kEnabled) { - if (api_list.IsTestApi() && compatFramework.IsChangeEnabled(kAllowTestApiAccess)) { + if (api_list.IsTestApi() && + (testApiPolicy == EnforcementPolicy::kDisabled || + compatFramework.IsChangeEnabled(kAllowTestApiAccess))) { deny_access = false; } else { switch (api_list.GetMaxAllowedSdkVersion()) { diff --git a/runtime/hidden_api_test.cc b/runtime/hidden_api_test.cc index 9c278fd720..cfdba4552e 100644 --- a/runtime/hidden_api_test.cc +++ b/runtime/hidden_api_test.cc @@ -216,6 +216,7 @@ TEST_F(HiddenApiTest, CheckTestApiEnforcement) { static_cast<uint32_t>(hiddenapi::ApiList::MaxTargetR().GetMaxAllowedSdkVersion()) + 1); // Default case where all TestApis are treated like non-TestApi. + runtime_->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kEnabled); setChangeIdState(kAllowTestApiAccess, false); ASSERT_EQ( ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Sdk()), false); @@ -233,6 +234,25 @@ TEST_F(HiddenApiTest, CheckTestApiEnforcement) { ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Blocked()), true); // A case where we want to allow access to TestApis. + runtime_->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kDisabled); + setChangeIdState(kAllowTestApiAccess, false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Sdk()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Unsupported()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::MaxTargetR()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::MaxTargetQ()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::MaxTargetP()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::MaxTargetO()), false); + ASSERT_EQ( + ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Blocked()), false); + + // A second case where we want to allow access to TestApis. + runtime_->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kEnabled); setChangeIdState(kAllowTestApiAccess, true); ASSERT_EQ( ShouldDenyAccess(hiddenapi::ApiList::TestApi() | hiddenapi::ApiList::Sdk()), false); diff --git a/runtime/native/dalvik_system_ZygoteHooks.cc b/runtime/native/dalvik_system_ZygoteHooks.cc index 8a474b6fd4..c37b8bb51c 100644 --- a/runtime/native/dalvik_system_ZygoteHooks.cc +++ b/runtime/native/dalvik_system_ZygoteHooks.cc @@ -152,6 +152,7 @@ enum { PROFILE_FROM_SHELL = 1 << 15, USE_APP_IMAGE_STARTUP_CACHE = 1 << 16, DEBUG_IGNORE_APP_SIGNAL_HANDLER = 1 << 17, + DISABLE_TEST_API_ENFORCEMENT_POLICY = 1 << 18, // bits to shift (flags & HIDDEN_API_ENFORCEMENT_POLICY_MASK) by to get a value // corresponding to hiddenapi::EnforcementPolicy @@ -318,6 +319,13 @@ static void ZygoteHooks_nativePostForkChild(JNIEnv* env, (runtime_flags & HIDDEN_API_ENFORCEMENT_POLICY_MASK) >> API_ENFORCEMENT_POLICY_SHIFT); runtime_flags &= ~HIDDEN_API_ENFORCEMENT_POLICY_MASK; + if ((runtime_flags & DISABLE_TEST_API_ENFORCEMENT_POLICY) != 0u) { + runtime->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kDisabled); + } else { + runtime->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kEnabled); + } + runtime_flags &= ~DISABLE_TEST_API_ENFORCEMENT_POLICY; + bool profile_system_server = (runtime_flags & PROFILE_SYSTEM_SERVER) == PROFILE_SYSTEM_SERVER; runtime_flags &= ~PROFILE_SYSTEM_SERVER; diff --git a/runtime/runtime.cc b/runtime/runtime.cc index 179cd41103..b174f2a5c2 100644 --- a/runtime/runtime.cc +++ b/runtime/runtime.cc @@ -287,6 +287,7 @@ Runtime::Runtime() safe_mode_(false), hidden_api_policy_(hiddenapi::EnforcementPolicy::kDisabled), core_platform_api_policy_(hiddenapi::EnforcementPolicy::kDisabled), + test_api_policy_(hiddenapi::EnforcementPolicy::kDisabled), dedupe_hidden_api_warnings_(true), hidden_api_access_event_log_rate_(0), dump_native_stack_on_sig_quit_(true), diff --git a/runtime/runtime.h b/runtime/runtime.h index 8408b8b0e5..c0a880ed75 100644 --- a/runtime/runtime.h +++ b/runtime/runtime.h @@ -603,6 +603,14 @@ class Runtime { return core_platform_api_policy_; } + void SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy policy) { + test_api_policy_ = policy; + } + + hiddenapi::EnforcementPolicy GetTestApiEnforcementPolicy() const { + return test_api_policy_; + } + void SetHiddenApiExemptions(const std::vector<std::string>& exemptions) { hidden_api_exemptions_ = exemptions; } @@ -1231,6 +1239,9 @@ class Runtime { // Whether access checks on core platform API should be performed. hiddenapi::EnforcementPolicy core_platform_api_policy_; + // Whether access checks on test API should be performed. + hiddenapi::EnforcementPolicy test_api_policy_; + // List of signature prefixes of methods that have been removed from the blacklist, and treated // as if whitelisted. std::vector<std::string> hidden_api_exemptions_; |