diff options
| -rw-r--r-- | runtime/hidden_api.cc | 4 | ||||
| -rw-r--r-- | runtime/hidden_api.h | 5 | ||||
| -rw-r--r-- | runtime/hidden_api_test.cc | 7 |
3 files changed, 8 insertions, 8 deletions
diff --git a/runtime/hidden_api.cc b/runtime/hidden_api.cc index c146daa809..2d3493d60e 100644 --- a/runtime/hidden_api.cc +++ b/runtime/hidden_api.cc @@ -361,9 +361,11 @@ bool ShouldDenyAccessToMemberImpl(T* member, hiddenapi::ApiList api_list, AccessMethod access_method) { DCHECK(member != nullptr); - Runtime* runtime = Runtime::Current(); + EnforcementPolicy policy = runtime->GetHiddenApiEnforcementPolicy(); + DCHECK(policy != EnforcementPolicy::kDisabled) + << "Should never enter this function when access checks are completely disabled"; const bool deny_access = (policy == EnforcementPolicy::kEnabled) && diff --git a/runtime/hidden_api.h b/runtime/hidden_api.h index a0eeae2950..1a5e010a7d 100644 --- a/runtime/hidden_api.h +++ b/runtime/hidden_api.h @@ -311,6 +311,11 @@ inline bool ShouldDenyAccessToMember(T* member, return false; } + // Exit early if access checks are completely disabled. + if (Runtime::Current()->GetHiddenApiEnforcementPolicy() == EnforcementPolicy::kDisabled) { + return false; + } + // Check if caller is exempted from access checks. // This can be *very* expensive. Save it for last. if (fn_get_access_context().IsTrusted()) { diff --git a/runtime/hidden_api_test.cc b/runtime/hidden_api_test.cc index 595f0779e2..1f83c052eb 100644 --- a/runtime/hidden_api_test.cc +++ b/runtime/hidden_api_test.cc @@ -100,13 +100,6 @@ class HiddenApiTest : public CommonRuntimeTest { TEST_F(HiddenApiTest, CheckGetActionFromRuntimeFlags) { ScopedObjectAccess soa(self_); - runtime_->SetHiddenApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kDisabled); - ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::Whitelist()), false); - ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::Greylist()), false); - ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::GreylistMaxP()), false); - ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::GreylistMaxO()), false); - ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::Blacklist()), false); - runtime_->SetHiddenApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kJustWarn); ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::Whitelist()), false); ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::Greylist()), false); |