Plumb @TestApi enforcement policy to runtime.
By default access to test APIs would be allowed for instrumented processes only.
Bug: 133832325
Test: manual
Change-Id: Iaa68447c88304b062025c96e8b863a0758b78add
diff --git a/runtime/native/dalvik_system_ZygoteHooks.cc b/runtime/native/dalvik_system_ZygoteHooks.cc
index 156895d..ce942c8 100644
--- a/runtime/native/dalvik_system_ZygoteHooks.cc
+++ b/runtime/native/dalvik_system_ZygoteHooks.cc
@@ -134,24 +134,25 @@
// Must match values in com.android.internal.os.Zygote.
enum {
- DEBUG_ENABLE_JDWP = 1,
- DEBUG_ENABLE_CHECKJNI = 1 << 1,
- DEBUG_ENABLE_ASSERT = 1 << 2,
- DEBUG_ENABLE_SAFEMODE = 1 << 3,
- DEBUG_ENABLE_JNI_LOGGING = 1 << 4,
- DEBUG_GENERATE_DEBUG_INFO = 1 << 5,
- DEBUG_ALWAYS_JIT = 1 << 6,
- DEBUG_NATIVE_DEBUGGABLE = 1 << 7,
- DEBUG_JAVA_DEBUGGABLE = 1 << 8,
- DISABLE_VERIFIER = 1 << 9,
- ONLY_USE_SYSTEM_OAT_FILES = 1 << 10,
- DEBUG_GENERATE_MINI_DEBUG_INFO = 1 << 11,
- HIDDEN_API_ENFORCEMENT_POLICY_MASK = (1 << 12)
- | (1 << 13),
- PROFILE_SYSTEM_SERVER = 1 << 14,
- PROFILE_FROM_SHELL = 1 << 15,
- USE_APP_IMAGE_STARTUP_CACHE = 1 << 16,
- DEBUG_IGNORE_APP_SIGNAL_HANDLER = 1 << 17,
+ DEBUG_ENABLE_JDWP = 1,
+ DEBUG_ENABLE_CHECKJNI = 1 << 1,
+ DEBUG_ENABLE_ASSERT = 1 << 2,
+ DEBUG_ENABLE_SAFEMODE = 1 << 3,
+ DEBUG_ENABLE_JNI_LOGGING = 1 << 4,
+ DEBUG_GENERATE_DEBUG_INFO = 1 << 5,
+ DEBUG_ALWAYS_JIT = 1 << 6,
+ DEBUG_NATIVE_DEBUGGABLE = 1 << 7,
+ DEBUG_JAVA_DEBUGGABLE = 1 << 8,
+ DISABLE_VERIFIER = 1 << 9,
+ ONLY_USE_SYSTEM_OAT_FILES = 1 << 10,
+ DEBUG_GENERATE_MINI_DEBUG_INFO = 1 << 11,
+ HIDDEN_API_ENFORCEMENT_POLICY_MASK = (1 << 12)
+ | (1 << 13),
+ PROFILE_SYSTEM_SERVER = 1 << 14,
+ PROFILE_FROM_SHELL = 1 << 15,
+ USE_APP_IMAGE_STARTUP_CACHE = 1 << 16,
+ DEBUG_IGNORE_APP_SIGNAL_HANDLER = 1 << 17,
+ DISABLE_TEST_API_ENFORCEMENT_POLICY = 1 << 18,
// bits to shift (flags & HIDDEN_API_ENFORCEMENT_POLICY_MASK) by to get a value
// corresponding to hiddenapi::EnforcementPolicy
@@ -319,6 +320,13 @@
(runtime_flags & HIDDEN_API_ENFORCEMENT_POLICY_MASK) >> API_ENFORCEMENT_POLICY_SHIFT);
runtime_flags &= ~HIDDEN_API_ENFORCEMENT_POLICY_MASK;
+ if ((runtime_flags & DISABLE_TEST_API_ENFORCEMENT_POLICY) != 0u) {
+ runtime->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kDisabled);
+ } else {
+ runtime->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kEnabled);
+ }
+ runtime_flags &= ~DISABLE_TEST_API_ENFORCEMENT_POLICY;
+
bool profile_system_server = (runtime_flags & PROFILE_SYSTEM_SERVER) == PROFILE_SYSTEM_SERVER;
runtime_flags &= ~PROFILE_SYSTEM_SERVER;
diff --git a/runtime/runtime.cc b/runtime/runtime.cc
index c6d9bfd..691aa80 100644
--- a/runtime/runtime.cc
+++ b/runtime/runtime.cc
@@ -288,6 +288,7 @@
safe_mode_(false),
hidden_api_policy_(hiddenapi::EnforcementPolicy::kDisabled),
core_platform_api_policy_(hiddenapi::EnforcementPolicy::kDisabled),
+ test_api_policy_(hiddenapi::EnforcementPolicy::kDisabled),
dedupe_hidden_api_warnings_(true),
hidden_api_access_event_log_rate_(0),
dump_native_stack_on_sig_quit_(true),
diff --git a/runtime/runtime.h b/runtime/runtime.h
index d71123d..cfa67a8 100644
--- a/runtime/runtime.h
+++ b/runtime/runtime.h
@@ -601,6 +601,14 @@
return core_platform_api_policy_;
}
+ void SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy policy) {
+ test_api_policy_ = policy;
+ }
+
+ hiddenapi::EnforcementPolicy GetTestApiEnforcementPolicy() const {
+ return test_api_policy_;
+ }
+
void SetHiddenApiExemptions(const std::vector<std::string>& exemptions) {
hidden_api_exemptions_ = exemptions;
}
@@ -1218,6 +1226,9 @@
// Whether access checks on core platform API should be performed.
hiddenapi::EnforcementPolicy core_platform_api_policy_;
+ // Whether access checks on test API should be performed.
+ hiddenapi::EnforcementPolicy test_api_policy_;
+
// List of signature prefixes of methods that have been removed from the blacklist, and treated
// as if whitelisted.
std::vector<std::string> hidden_api_exemptions_;