commit d51e574e05a66bd6706f6e9e05f8abe0f8581551
author David Brazdil <dbrazdil@google.com> Thu Feb 28 14:47:32 2019 +0000
committer David Brazdil <dbrazdil@google.com> Tue Mar 05 15:17:01 2019 +0000
tree f782a63e1a530a3664724b98ecc8f20c0c6c66a4
parent e7e26d10a7a1446b42c00104b162bf07e7c01a04

Reenable core platform API violation warnings, dedupe

Print a warning the first time a non-core platform API member is
accessed and add kAccCorePlatformApi to its access flags to not report
it next time. Only do this when policy is kJustWarn. This prevents
logspam.

Bug: 125701194
Bug: 119068555
Test: compiles, boots
Test: art/test.py -b -r -t 674
Change-Id: Ia7d6ba4f1f30fbea7bdea1670183c17f84ca1150

runtime/hidden_api.h

diff --git a/runtime/hidden_api.h b/runtime/hidden_api.h
index 0a40341..08a9fff 100644
--- a/runtime/hidden_api.h
+++ b/runtime/hidden_api.h
@@ -80,8 +80,7 @@
   ObjPtr<mirror::Class> GetClass() const { return klass_; }
   const DexFile* GetDexFile() const { return dex_file_; }
   Domain GetDomain() const { return domain_; }
-
-  bool IsUntrustedDomain() const { return domain_ == Domain::kApplication; }
+  bool IsApplicationDomain() const { return domain_ == Domain::kApplication; }
 
   // Returns true if this domain is always allowed to access the domain of `callee`.
   bool CanAlwaysAccess(const AccessContext& callee) const {
@@ -212,10 +211,13 @@
 template<typename T>
 uint32_t GetDexFlags(T* member) REQUIRES_SHARED(Locks::mutator_lock_);
 
+// Handler of detected core platform API violations. Returns true if access to
+// `member` should be denied.
 template<typename T>
-void MaybeReportCorePlatformApiViolation(T* member,
-                                         const AccessContext& caller_context,
-                                         AccessMethod access_method)
+bool HandleCorePlatformApiViolation(T* member,
+                                    const AccessContext& caller_context,
+                                    AccessMethod access_method,
+                                    EnforcementPolicy policy)
     REQUIRES_SHARED(Locks::mutator_lock_);
 
 template<typename T>
@@ -385,7 +387,7 @@
   const AccessContext callee_context(member->GetDeclaringClass());
 
   // Non-boot classpath callers should have exited early.
-  DCHECK(!callee_context.IsUntrustedDomain());
+  DCHECK(!callee_context.IsApplicationDomain());
 
   // Check if the caller is always allowed to access members in the callee context.
   if (caller_context.CanAlwaysAccess(callee_context)) {
@@ -396,7 +398,7 @@
   // not part of core platform API.
   switch (caller_context.GetDomain()) {
     case Domain::kApplication: {
-      DCHECK(!callee_context.IsUntrustedDomain());
+      DCHECK(!callee_context.IsApplicationDomain());
 
       // Exit early if access checks are completely disabled.
       EnforcementPolicy policy = Runtime::Current()->GetHiddenApiEnforcementPolicy();
@@ -435,10 +437,12 @@
       member = detail::GetInterfaceMemberIfProxy(member);
 
       // Access checks are not disabled, report the violation.
-      // detail::MaybeReportCorePlatformApiViolation(member, caller_context, access_method);
-
-      // Deny access if the policy is enabled.
-      return policy == EnforcementPolicy::kEnabled;
+      // This may also add kAccCorePlatformApi to the access flags of `member`
+      // so as to not warn again on next access.
+      return detail::HandleCorePlatformApiViolation(member,
+                                                    caller_context,
+                                                    access_method,
+                                                    policy);
     }
 
     case Domain::kCorePlatform: {