From 267366ca19e7b71a63d3c4a02976cc56a6e58adc Mon Sep 17 00:00:00 2001
From: Artur Satayev <satayev@google.com>
Date: Thu, 31 Oct 2019 14:59:26 +0000
Subject: Only allow access to @TestApi signatures in instrumented processes.

Note that the check is for "pure" @TestApi signatures, i.e. those that are on blacklist. If the signature is also annotated with @SystemApi or @UnsupportedApiUsage then it would not be on blacklist.

Bug: 133832325
Test: manual
Change-Id: I546fb42495331efd638d9def924ef33da0c80182
---
 runtime/hidden_api.cc | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

(limited to 'runtime/hidden_api.cc')

diff --git a/runtime/hidden_api.cc b/runtime/hidden_api.cc
index 98774bdf2d..6a9bdf6c79 100644
--- a/runtime/hidden_api.cc
+++ b/runtime/hidden_api.cc
@@ -435,15 +435,10 @@ bool ShouldDenyAccessToMemberImpl(T* member, ApiList api_list, AccessMethod acce
   DCHECK(member != nullptr);
   Runtime* runtime = Runtime::Current();
 
-  EnforcementPolicy policy = runtime->GetHiddenApiEnforcementPolicy();
-  DCHECK(policy != EnforcementPolicy::kDisabled)
+  EnforcementPolicy hiddenApiPolicy = runtime->GetHiddenApiEnforcementPolicy();
+  DCHECK(hiddenApiPolicy != EnforcementPolicy::kDisabled)
       << "Should never enter this function when access checks are completely disabled";
 
-  const bool deny_access =
-      (policy == EnforcementPolicy::kEnabled) &&
-      IsSdkVersionSetAndMoreThan(runtime->GetTargetSdkVersion(),
-                                 api_list.GetMaxAllowedSdkVersion());
-
   MemberSignature member_signature(member);
 
   // Check for an exemption first. Exempted APIs are treated as white list.
@@ -455,6 +450,18 @@ bool ShouldDenyAccessToMemberImpl(T* member, ApiList api_list, AccessMethod acce
     return false;
   }
 
+  EnforcementPolicy testApiPolicy = runtime->GetTestApiEnforcementPolicy();
+
+  bool deny_access = false;
+  if (hiddenApiPolicy == EnforcementPolicy::kEnabled) {
+    if (testApiPolicy == EnforcementPolicy::kDisabled && api_list.IsTestApi()) {
+      deny_access = false;
+    } else {
+      deny_access = IsSdkVersionSetAndMoreThan(runtime->GetTargetSdkVersion(),
+                                               api_list.GetMaxAllowedSdkVersion());
+    }
+  }
+
   if (access_method != AccessMethod::kNone) {
     // Print a log message with information about this class member access.
     // We do this if we're about to deny access, or the app is debuggable.
-- 
cgit v1.2.3-59-g8ed1b