1 files changed, 37 insertions, 146 deletions
diff --git a/runtime/hidden_api.h b/runtime/hidden_api.h
index 0e6f159c53..cc6c146f00 100644
--- a/runtime/hidden_api.h
+++ b/runtime/hidden_api.h
@@ -19,7 +19,7 @@
 
 #include "art_field-inl.h"
 #include "art_method-inl.h"
-#include "base/dumpable.h"
+#include "base/mutex.h"
 #include "dex/hidden_api_access_flags.h"
 #include "mirror/class-inl.h"
 #include "reflection.h"
@@ -58,25 +58,6 @@ enum AccessMethod {
   kLinking,
 };
 
-inline std::ostream& operator<<(std::ostream& os, AccessMethod value) {
-  switch (value) {
-    case kReflection:
-      os << "reflection";
-      break;
-    case kJNI:
-      os << "JNI";
-      break;
-    case kLinking:
-      os << "linking";
-      break;
-  }
-  return os;
-}
-
-static constexpr bool EnumsEqual(EnforcementPolicy policy, HiddenApiAccessFlags::ApiList apiList) {
-  return static_cast<int>(policy) == static_cast<int>(apiList);
-}
-
 inline Action GetMemberAction(uint32_t access_flags) {
   EnforcementPolicy policy = Runtime::Current()->GetHiddenApiEnforcementPolicy();
   if (policy == EnforcementPolicy::kNoChecks) {
@@ -89,16 +70,7 @@ inline Action GetMemberAction(uint32_t access_flags) {
     return kAllow;
   }
   // The logic below relies on equality of values in the enums EnforcementPolicy and
-  // HiddenApiAccessFlags::ApiList, and their ordering. Assert that this is as expected.
-  static_assert(
-      EnumsEqual(EnforcementPolicy::kAllLists, HiddenApiAccessFlags::kLightGreylist) &&
-      EnumsEqual(EnforcementPolicy::kDarkGreyAndBlackList, HiddenApiAccessFlags::kDarkGreylist) &&
-      EnumsEqual(EnforcementPolicy::kBlacklistOnly, HiddenApiAccessFlags::kBlacklist),
-      "Mismatch between EnforcementPolicy and ApiList enums");
-  static_assert(
-      EnforcementPolicy::kAllLists < EnforcementPolicy::kDarkGreyAndBlackList &&
-      EnforcementPolicy::kDarkGreyAndBlackList < EnforcementPolicy::kBlacklistOnly,
-      "EnforcementPolicy values ordering not correct");
+  // HiddenApiAccessFlags::ApiList, and their ordering. Assertions are in hidden_api.cc.
   if (static_cast<int>(policy) > static_cast<int>(api_list)) {
     return api_list == HiddenApiAccessFlags::kDarkGreylist
         ? kAllowButWarnAndToast
@@ -108,6 +80,8 @@ inline Action GetMemberAction(uint32_t access_flags) {
   }
 }
 
+// Implementation details. DO NOT ACCESS DIRECTLY.
+namespace detail {
 
 // Class to encapsulate the signature of a member (ArtField or ArtMethod). This
 // is used as a helper when matching prefixes, and when logging the signature.
@@ -118,68 +92,44 @@ class MemberSignature {
   std::string tmp_;
 
  public:
-  explicit MemberSignature(ArtField* field) REQUIRES_SHARED(Locks::mutator_lock_) {
-    member_type_ = "field";
-    signature_parts_ = {
-      field->GetDeclaringClass()->GetDescriptor(&tmp_),
-      "->",
-      field->GetName(),
-      ":",
-      field->GetTypeDescriptor()
-    };
-  }
+  explicit MemberSignature(ArtField* field) REQUIRES_SHARED(Locks::mutator_lock_);
+  explicit MemberSignature(ArtMethod* method) REQUIRES_SHARED(Locks::mutator_lock_);
 
-  explicit MemberSignature(ArtMethod* method) REQUIRES_SHARED(Locks::mutator_lock_) {
-    member_type_ = "method";
-    signature_parts_ = {
-      method->GetDeclaringClass()->GetDescriptor(&tmp_),
-      "->",
-      method->GetName(),
-      method->GetSignature().ToString()
-    };
-  }
+  void Dump(std::ostream& os) const;
 
-  const std::vector<std::string>& Parts() const {
-    return signature_parts_;
-  }
-
-  void Dump(std::ostream& os) const {
-    for (std::string part : signature_parts_) {
-      os << part;
-    }
-  }
   // Performs prefix match on this member. Since the full member signature is
   // composed of several parts, we match each part in turn (rather than
   // building the entire thing in memory and performing a simple prefix match)
-  bool DoesPrefixMatch(const std::string& prefix) const {
-    size_t pos = 0;
-    for (const std::string& part : signature_parts_) {
-      size_t count = std::min(prefix.length() - pos, part.length());
-      if (prefix.compare(pos, count, part, 0, count) == 0) {
-        pos += count;
-      } else {
-        return false;
-      }
-    }
-    // We have a complete match if all parts match (we exit the loop without
-    // returning) AND we've matched the whole prefix.
-    return pos == prefix.length();
-  }
+  bool DoesPrefixMatch(const std::string& prefix) const;
+
+  bool IsExempted(const std::vector<std::string>& exemptions);
+
+  void WarnAboutAccess(AccessMethod access_method, HiddenApiAccessFlags::ApiList list);
+};
+
+template<typename T>
+bool ShouldBlockAccessToMemberImpl(T* member,
+                                   Action action,
+                                   AccessMethod access_method)
+    REQUIRES_SHARED(Locks::mutator_lock_);
 
-  bool IsExempted(const std::vector<std::string>& exemptions) {
-    for (const std::string& exemption : exemptions) {
-      if (DoesPrefixMatch(exemption)) {
-        return true;
-      }
-    }
+// Returns true if the caller is either loaded by the boot strap class loader or comes from
+// a dex file located in ${ANDROID_ROOT}/framework/.
+ALWAYS_INLINE
+inline bool IsCallerInPlatformDex(ObjPtr<mirror::ClassLoader> caller_class_loader,
+                                  ObjPtr<mirror::DexCache> caller_dex_cache)
+    REQUIRES_SHARED(Locks::mutator_lock_) {
+  if (caller_class_loader.IsNull()) {
+    return true;
+  } else if (caller_dex_cache.IsNull()) {
     return false;
+  } else {
+    const DexFile* caller_dex_file = caller_dex_cache->GetDexFile();
+    return caller_dex_file != nullptr && caller_dex_file->IsPlatformDexFile();
   }
+}
 
-  void WarnAboutAccess(AccessMethod access_method, HiddenApiAccessFlags::ApiList list) {
-    LOG(WARNING) << "Accessing hidden " << member_type_ << " " << Dumpable<MemberSignature>(*this)
-                 << " (" << list << ", " << access_method << ")";
-  }
-};
+}  // namespace detail
 
 // Returns true if access to `member` should be denied to the caller of the
 // reflective query. The decision is based on whether the caller is in the
@@ -209,72 +159,13 @@ inline bool ShouldBlockAccessToMember(T* member,
   }
 
   // Member is hidden and caller is not in the platform.
-
-  // Get the signature, we need it later.
-  MemberSignature member_signature(member);
-
-  Runtime* runtime = Runtime::Current();
-
-  if (action == kDeny) {
-    // If we were about to deny, check for an exemption first.
-    // Exempted APIs are treated as light grey list.
-    if (member_signature.IsExempted(runtime->GetHiddenApiExemptions())) {
-      action = kAllowButWarn;
-      // Avoid re-examining the exemption list next time.
-      // Note this results in the warning below showing "light greylist", which
-      // seems like what one would expect. Exemptions effectively add new members to
-      // the light greylist.
-      member->SetAccessFlags(HiddenApiAccessFlags::EncodeForRuntime(
-              member->GetAccessFlags(), HiddenApiAccessFlags::kLightGreylist));
-    }
-  }
-
-  // Print a log message with information about this class member access.
-  // We do this regardless of whether we block the access or not.
-  member_signature.WarnAboutAccess(access_method,
-      HiddenApiAccessFlags::DecodeFromRuntime(member->GetAccessFlags()));
-
-  if (action == kDeny) {
-    // Block access
-    return true;
-  }
-
-  // Allow access to this member but print a warning.
-  DCHECK(action == kAllowButWarn || action == kAllowButWarnAndToast);
-
-  // Depending on a runtime flag, we might move the member into whitelist and
-  // skip the warning the next time the member is accessed.
-  if (runtime->ShouldDedupeHiddenApiWarnings()) {
-    member->SetAccessFlags(HiddenApiAccessFlags::EncodeForRuntime(
-        member->GetAccessFlags(), HiddenApiAccessFlags::kWhitelist));
-  }
-
-  // If this action requires a UI warning, set the appropriate flag.
-  if (action == kAllowButWarnAndToast || runtime->ShouldAlwaysSetHiddenApiWarningFlag()) {
-    runtime->SetPendingHiddenApiWarning(true);
-  }
-
-  return false;
-}
-
-// Returns true if the caller is either loaded by the boot strap class loader or comes from
-// a dex file located in ${ANDROID_ROOT}/framework/.
-inline bool IsCallerInPlatformDex(ObjPtr<mirror::ClassLoader> caller_class_loader,
-                                  ObjPtr<mirror::DexCache> caller_dex_cache)
-    REQUIRES_SHARED(Locks::mutator_lock_) {
-  if (caller_class_loader.IsNull()) {
-    return true;
-  } else if (caller_dex_cache.IsNull()) {
-    return false;
-  } else {
-    const DexFile* caller_dex_file = caller_dex_cache->GetDexFile();
-    return caller_dex_file != nullptr && caller_dex_file->IsPlatformDexFile();
-  }
+  return detail::ShouldBlockAccessToMemberImpl(member, action, access_method);
 }
 
 inline bool IsCallerInPlatformDex(ObjPtr<mirror::Class> caller)
     REQUIRES_SHARED(Locks::mutator_lock_) {
-  return !caller.IsNull() && IsCallerInPlatformDex(caller->GetClassLoader(), caller->GetDexCache());
+  return !caller.IsNull() &&
+      detail::IsCallerInPlatformDex(caller->GetClassLoader(), caller->GetDexCache());
 }
 
 // Returns true if access to `member` should be denied to a caller loaded with
@@ -286,7 +177,7 @@ inline bool ShouldBlockAccessToMember(T* member,
                                       ObjPtr<mirror::DexCache> caller_dex_cache,
                                       AccessMethod access_method)
     REQUIRES_SHARED(Locks::mutator_lock_) {
-  bool caller_in_platform = IsCallerInPlatformDex(caller_class_loader, caller_dex_cache);
+  bool caller_in_platform = detail::IsCallerInPlatformDex(caller_class_loader, caller_dex_cache);
   return ShouldBlockAccessToMember(member,
                                    /* thread */ nullptr,
                                    [caller_in_platform] (Thread*) { return caller_in_platform; },