Replace kAllLists policy with kJustWarn.
It seems pretty unlikely that we'd ever want to disallow access to the
light greylist in P, since doing do would break do many apps. We don't need
this policy here as an opt-in for apps now, since the StrictMode work will
achieve the same thing.
Instead, make a kJustWarn policy which allows access to all APIs, but
leaves the detection and logging logic in place. This gives us the option
of disabling enforcement, but still gathering logs to find out which apps
use which APIs.
Add some tests for GetActionFromAccessFlags since the logic is getting
more complex.
Bug: 77517571
Test: make test-art-host-gtest-hidden_api_test
Test: boot device
Merged-In: I2e6824d7ef53532d0836a2b6b1930cbbed196d0c
Change-Id: I2e6824d7ef53532d0836a2b6b1930cbbed196d0c
(cherry picked from commit 68693699d62bc7a2192f51be191ae81defcf4388)
diff --git a/runtime/hidden_api.h b/runtime/hidden_api.h
index ffdeacb..3ac0877 100644
--- a/runtime/hidden_api.h
+++ b/runtime/hidden_api.h
@@ -33,7 +33,7 @@
// frameworks/base/core/java/android/content/pm/ApplicationInfo.java
enum class EnforcementPolicy {
kNoChecks = 0,
- kAllLists = 1, // ban anything but whitelist
+ kJustWarn = 1, // keep checks enabled, but allow everything (enables logging)
kDarkGreyAndBlackList = 2, // ban dark grey & blacklist
kBlacklistOnly = 3, // ban blacklist violations only
kMax = kBlacklistOnly,
@@ -69,6 +69,11 @@
if (api_list == HiddenApiAccessFlags::kWhitelist) {
return kAllow;
}
+ // if policy is "just warn", always warn. We returned above for whitelist APIs.
+ if (policy == EnforcementPolicy::kJustWarn) {
+ return kAllowButWarn;
+ }
+ DCHECK(policy >= EnforcementPolicy::kDarkGreyAndBlackList);
// The logic below relies on equality of values in the enums EnforcementPolicy and
// HiddenApiAccessFlags::ApiList, and their ordering. Assertions are in hidden_api.cc.
if (static_cast<int>(policy) > static_cast<int>(api_list)) {