Replace kAllLists policy with kJustWarn.
It seems pretty unlikely that we'd ever want to disallow access to the
light greylist in P, since doing do would break do many apps. We don't need
this policy here as an opt-in for apps now, since the StrictMode work will
achieve the same thing.
Instead, make a kJustWarn policy which allows access to all APIs, but
leaves the detection and logging logic in place. This gives us the option
of disabling enforcement, but still gathering logs to find out which apps
use which APIs.
Add some tests for GetActionFromAccessFlags since the logic is getting
more complex.
Bug: 77517571
Test: make test-art-host-gtest-hidden_api_test
Test: boot device
Change-Id: I2e6824d7ef53532d0836a2b6b1930cbbed196d0c
diff --git a/runtime/hidden_api.cc b/runtime/hidden_api.cc
index 0e72f27..2d01fdd 100644
--- a/runtime/hidden_api.cc
+++ b/runtime/hidden_api.cc
@@ -46,12 +46,11 @@
// GetMemberAction-related static_asserts.
static_assert(
- EnumsEqual(EnforcementPolicy::kAllLists, HiddenApiAccessFlags::kLightGreylist) &&
EnumsEqual(EnforcementPolicy::kDarkGreyAndBlackList, HiddenApiAccessFlags::kDarkGreylist) &&
EnumsEqual(EnforcementPolicy::kBlacklistOnly, HiddenApiAccessFlags::kBlacklist),
"Mismatch between EnforcementPolicy and ApiList enums");
static_assert(
- EnforcementPolicy::kAllLists < EnforcementPolicy::kDarkGreyAndBlackList &&
+ EnforcementPolicy::kJustWarn < EnforcementPolicy::kDarkGreyAndBlackList &&
EnforcementPolicy::kDarkGreyAndBlackList < EnforcementPolicy::kBlacklistOnly,
"EnforcementPolicy values ordering not correct");