commit c5a96e4a8ea9f78135c5cd3df7e1fc965104182e
author David Brazdil <dbrazdil@google.com> Wed Jan 09 10:04:45 2019 +0000
committer David Brazdil <dbrazdil@google.com> Wed Jan 09 10:04:45 2019 +0000
tree 662506a68d056c382f6882b65bb28dd3f09366d7
parent 5d938ef154f504ada9c8fc9c9361fe69aabbe8b9

Do not enter hidden API slow path when policy==Disabled

After a recent refactor the hidden API access check logic would enter
slow path when the enforcement policy is set to kDisabled. This did
not affect correctness but could have a performance impact. Moreover,
a debuggable process would see logcat warnings printed for every such
access despite it being granted. This caused occasional logcat buffer
overflows in killswitch CTS tests and their resulting flakiness.

The patch exits from ShouldDenyAccessToMember early if policy is
kDisabled and adds a DCHECK in ShouldDenyAccessToMemberImpl to assert
slow path is not entered under the policy.

Test: m test-art-host-gtest-hidden_api_test
Change-Id: I217d9914d2645af11ce84c03a0ed778a82bc760f

runtime/hidden_api.cc

diff --git a/runtime/hidden_api.cc b/runtime/hidden_api.cc
index c146daa..2d3493d 100644
--- a/runtime/hidden_api.cc
+++ b/runtime/hidden_api.cc
@@ -361,9 +361,11 @@
                                   hiddenapi::ApiList api_list,
                                   AccessMethod access_method) {
   DCHECK(member != nullptr);
-
   Runtime* runtime = Runtime::Current();
+
   EnforcementPolicy policy = runtime->GetHiddenApiEnforcementPolicy();
+  DCHECK(policy != EnforcementPolicy::kDisabled)
+      << "Should never enter this function when access checks are completely disabled";
 
   const bool deny_access =
       (policy == EnforcementPolicy::kEnabled) &&

runtime/hidden_api.h

diff --git a/runtime/hidden_api.h b/runtime/hidden_api.h
index a0eeae2..1a5e010 100644
--- a/runtime/hidden_api.h
+++ b/runtime/hidden_api.h
@@ -311,6 +311,11 @@
     return false;
   }
 
+  // Exit early if access checks are completely disabled.
+  if (Runtime::Current()->GetHiddenApiEnforcementPolicy() == EnforcementPolicy::kDisabled) {
+    return false;
+  }
+
   // Check if caller is exempted from access checks.
   // This can be *very* expensive. Save it for last.
   if (fn_get_access_context().IsTrusted()) {

runtime/hidden_api_test.cc

diff --git a/runtime/hidden_api_test.cc b/runtime/hidden_api_test.cc
index 595f077..1f83c05 100644
--- a/runtime/hidden_api_test.cc
+++ b/runtime/hidden_api_test.cc
@@ -100,13 +100,6 @@
 TEST_F(HiddenApiTest, CheckGetActionFromRuntimeFlags) {
   ScopedObjectAccess soa(self_);
 
-  runtime_->SetHiddenApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kDisabled);
-  ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::Whitelist()), false);
-  ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::Greylist()), false);
-  ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::GreylistMaxP()), false);
-  ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::GreylistMaxO()), false);
-  ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::Blacklist()), false);
-
   runtime_->SetHiddenApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kJustWarn);
   ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::Whitelist()), false);
   ASSERT_EQ(ShouldDenyAccess(hiddenapi::ApiList::Greylist()), false);