More flexible API enforcement policy support.
This CL adds the ability to configure which banned API lists to enforce,
defined by new enum hiddenapi::ApiEnforcementPolicy. Currently, the policy
can be set at zygote fork time, but not at dex optimization time where
blacklist enforcement is still assumed. As such, making the policy more
strict will not work as expected yet. This will be improved in a follow up
CL.
Test: art tests pass
Test: Device boots
BUG: 73337509
(cherry-picked from commit 159f596eec01adbb5a1c9654402c137cdb943131)
Change-Id: I6c319bb8a3000cb1d3c4693b4fb196e749c36d96
Merged-In: I33f9afce628a86727e400052f4d5979d3536da8c
diff --git a/runtime/native/java_lang_Class.cc b/runtime/native/java_lang_Class.cc
index 25d5037..fc61c95 100644
--- a/runtime/native/java_lang_Class.cc
+++ b/runtime/native/java_lang_Class.cc
@@ -89,8 +89,8 @@
// access hidden APIs. This can be *very* expensive. Never call this in a loop.
ALWAYS_INLINE static bool ShouldEnforceHiddenApi(Thread* self)
REQUIRES_SHARED(Locks::mutator_lock_) {
- return Runtime::Current()->AreHiddenApiChecksEnabled() &&
- !IsCallerInBootClassPath(self);
+ hiddenapi::EnforcementPolicy policy = Runtime::Current()->GetHiddenApiEnforcementPolicy();
+ return policy != hiddenapi::EnforcementPolicy::kNoChecks && !IsCallerInBootClassPath(self);
}
// Returns true if the first non-ClassClass caller up the stack should not be