diff options
| author | Przemyslaw Szczepaniak <pszczepaniak@google.com> | 2019-05-14 09:14:50 +0100 |
|---|---|---|
| committer | Przemyslaw Szczepaniak <pszczepaniak@google.com> | 2019-05-17 21:00:37 +0000 |
| commit | c8747bb09bd63bf7d4e01bd4625de05cd83bb6f8 (patch) | |
| tree | 6ceecc710a26cd2d8e8d69f2708c9aa57fa6cd0d | |
| parent | fff96ed82eeaea69b69c858eebbd3ad8a6bac628 (diff) | |
| download | ml-c8747bb09bd63bf7d4e01bd4625de05cd83bb6f8.tar.gz | |
Extensions whitelist renamed to allowlist.
go/allowlist. The terms “allowlist” and “blocklist” describe
their purpose, while the other words use metaphors to
decribe their purpose.
Test: NeuralNetworksTest_static
Bug: 132147842
Change-Id: I83e336ac822cdc412f76c46bc6913ccfadda72b6
| -rw-r--r-- | nn/runtime/TypeManager.cpp | 50 | ||||
| -rw-r--r-- | nn/runtime/TypeManager.h | 6 | ||||
| -rw-r--r-- | nn/runtime/test/TestExtensions.cpp | 100 |
3 files changed, 78 insertions, 78 deletions
diff --git a/nn/runtime/TypeManager.cpp b/nn/runtime/TypeManager.cpp index fa0308f83..fcca7455f 100644 --- a/nn/runtime/TypeManager.cpp +++ b/nn/runtime/TypeManager.cpp @@ -63,22 +63,22 @@ bool isNNAPIVendorExtensionsUseAllowedInProductImage() { return vExtProductDeny.empty(); } -// The file containing list of Android apps and binaries whitelisted for vendor extensions -// usage. Each line of the file contains new entry. If entry is prefixed by +// The file containing the list of Android apps and binaries allowed to use vendor extensions. +// Each line of the file contains new entry. If entry is prefixed by // '/' slash, then it's a native binary path (e.g. '/data/foo'). If not, it's a name // of Android app package (e.g. 'com.foo.bar'). -const char kAppWhitelistPath[] = "/vendor/etc/nnapi_extensions_app_whitelist"; -const char kCtsWhitelist[] = "/data/local/tmp/CTSNNAPITestCases"; -std::vector<std::string> getVendorExtensionWhitelistedApps() { +const char kAppAllowlistPath[] = "/vendor/etc/nnapi_extensions_app_allowlist"; +const char kCtsAllowlist[] = "/data/local/tmp/CTSNNAPITestCases"; +std::vector<std::string> getVendorExtensionAllowlistedApps() { std::string data; - // Whitelist CTS by default. - std::vector<std::string> whitelist = {kCtsWhitelist}; - - if (!android::base::ReadFileToString(kAppWhitelistPath, &data)) { - // Return default whitelist (no app can use extensions). - LOG(INFO) << "Failed to read " << kAppWhitelistPath - << " ; No app whitelisted for vendor extensions use."; - return whitelist; + // Allowlist CTS by default. + std::vector<std::string> allowlist = {kCtsAllowlist}; + + if (!android::base::ReadFileToString(kAppAllowlistPath, &data)) { + // Return default allowlist (no app can use extensions). + LOG(INFO) << "Failed to read " << kAppAllowlistPath + << " ; No app allowlisted for vendor extensions use."; + return allowlist; } std::istringstream streamData(data); @@ -87,12 +87,12 @@ std::vector<std::string> getVendorExtensionWhitelistedApps() { // Do some basic sanity check on entry, it's either // fs path or package name. if (StartsWith(line, "/") || line.find('.') != std::string::npos) { - whitelist.push_back(line); + allowlist.push_back(line); } else { - LOG(ERROR) << kAppWhitelistPath << " - Invalid entry: " << line; + LOG(ERROR) << kAppAllowlistPath << " - Invalid entry: " << line; } } - return whitelist; + return allowlist; } // Query PackageManagerNative service about Android app properties. @@ -138,7 +138,7 @@ bool fetchAppPackageLocationInfo(uid_t uid, TypeManager::AppPackageInfo* appPack } // Check if this process is allowed to use NNAPI Vendor extensions. -bool isNNAPIVendorExtensionsUseAllowed(const std::vector<std::string>& whitelist) { +bool isNNAPIVendorExtensionsUseAllowed(const std::vector<std::string>& allowlist) { TypeManager::AppPackageInfo appPackageInfo = { .binaryPath = ::android::procpartition::getExe(getpid()), .appPackageName = "", @@ -154,21 +154,21 @@ bool isNNAPIVendorExtensionsUseAllowed(const std::vector<std::string>& whitelist } } return TypeManager::isExtensionsUseAllowed( - appPackageInfo, isNNAPIVendorExtensionsUseAllowedInProductImage(), whitelist); + appPackageInfo, isNNAPIVendorExtensionsUseAllowedInProductImage(), allowlist); } } // namespace TypeManager::TypeManager() { VLOG(MANAGER) << "TypeManager::TypeManager"; - mExtensionsAllowed = isNNAPIVendorExtensionsUseAllowed(getVendorExtensionWhitelistedApps()); + mExtensionsAllowed = isNNAPIVendorExtensionsUseAllowed(getVendorExtensionAllowlistedApps()); VLOG(MANAGER) << "NNAPI Vendor extensions enabled: " << mExtensionsAllowed; findAvailableExtensions(); } bool TypeManager::isExtensionsUseAllowed(const AppPackageInfo& appPackageInfo, bool useOnProductImageEnabled, - const std::vector<std::string>& whitelist) { + const std::vector<std::string>& allowlist) { // Only selected partitions and user-installed apps (/data) // are allowed to use extensions. if (StartsWith(appPackageInfo.binaryPath, "/vendor/") || @@ -185,16 +185,16 @@ bool TypeManager::isExtensionsUseAllowed(const AppPackageInfo& appPackageInfo, } #endif // NN_DEBUGGABLE - return std::find(whitelist.begin(), whitelist.end(), appPackageInfo.binaryPath) != - whitelist.end(); + return std::find(allowlist.begin(), allowlist.end(), appPackageInfo.binaryPath) != + allowlist.end(); } else if (appPackageInfo.binaryPath == "/system/bin/app_process64" || appPackageInfo.binaryPath == "/system/bin/app_process32") { // App is not system app OR vendor app OR (product app AND product enabled) - // AND app is on whitelist. + // AND app is on allowlist. return (!appPackageInfo.appIsSystemApp || appPackageInfo.appIsOnVendorImage || (appPackageInfo.appIsOnProductImage && useOnProductImageEnabled)) && - std::find(whitelist.begin(), whitelist.end(), appPackageInfo.appPackageName) != - whitelist.end(); + std::find(allowlist.begin(), allowlist.end(), appPackageInfo.appPackageName) != + allowlist.end(); } return false; } diff --git a/nn/runtime/TypeManager.h b/nn/runtime/TypeManager.h index a30ed03cd..2b48141a0 100644 --- a/nn/runtime/TypeManager.h +++ b/nn/runtime/TypeManager.h @@ -117,11 +117,11 @@ class TypeManager { // and supplemental infomation. // // useOnProductImageEnabled - whether apps/binaries preinstalled on /product partition - // can be whitelisted. - // whitelist - list of apps/binaries which are allowed to use extensions. + // can be enabled for extensions use. + // allowlist - list of apps/binaries which are allowed to use extensions. static bool isExtensionsUseAllowed(const AppPackageInfo& appPackageInfo, bool useOnProductImageEnabled, - const std::vector<std::string>& whitelist); + const std::vector<std::string>& allowlist); private: TypeManager(); diff --git a/nn/runtime/test/TestExtensions.cpp b/nn/runtime/test/TestExtensions.cpp index 943616f77..4aa7cd191 100644 --- a/nn/runtime/test/TestExtensions.cpp +++ b/nn/runtime/test/TestExtensions.cpp @@ -118,8 +118,8 @@ TEST_F(ExtensionsTest, DeviceReportsSupportedExtensions) { } TEST_F(ExtensionsTest, TestAllowedNativeBinaries) { - std::vector<std::string> whitelist = {"/data/foo", "/vendor/foo", "/odm/foo", - "/product/foo", "/system/whitelisted", "/foobar/foo"}; + std::vector<std::string> allowlist = {"/data/foo", "/vendor/foo", "/odm/foo", + "/product/foo", "/system/allowlisted", "/foobar/foo"}; auto native_info = [&](const std::string& binaryPath) -> android::nn::TypeManager::AppPackageInfo { @@ -133,55 +133,55 @@ TEST_F(ExtensionsTest, TestAllowedNativeBinaries) { // No binary info EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info(""), /* useOnProductImageEnabled = */ false, - whitelist)); + allowlist)); // Non-approved top-level dir EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/foobar/foo"), /* useOnProductImageEnabled = */ false, - whitelist)); - // Whitelisted /data binary + allowlist)); + // Allowlisted /data binary EXPECT_TRUE(TypeManager::isExtensionsUseAllowed(native_info("/data/foo"), /* useOnProductImageEnabled = */ false, - whitelist)); - // Whitelisted /vendor binary + allowlist)); + // Allowlisted /vendor binary EXPECT_TRUE(TypeManager::isExtensionsUseAllowed(native_info("/vendor/foo"), /* useOnProductImageEnabled = */ false, - whitelist)); - // Whitelisted /odm binary + allowlist)); + // Allowlisted /odm binary EXPECT_TRUE(TypeManager::isExtensionsUseAllowed(native_info("/odm/foo"), /* useOnProductImageEnabled = */ false, - whitelist)); - // Non-whitelisted /system binary + allowlist)); + // Non-allowlisted /system binary EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/system/foo"), /* useOnProductImageEnabled = */ false, - whitelist)); - // whitelisted /system binary (can't be whitelisted) - EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/system/whitelisted"), + allowlist)); + // allowlisted /system binary (can't be allowlisted) + EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/system/allowlisted"), /* useOnProductImageEnabled = */ false, - whitelist)); - // Whitelisted /product binary, product disabled + allowlist)); + // Allowlisted /product binary, product disabled EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/product/foo"), /* useOnProductImageEnabled = */ false, - whitelist)); - // Whitelisted /product binary, product enabled + allowlist)); + // Allowlisted /product binary, product enabled EXPECT_TRUE(TypeManager::isExtensionsUseAllowed(native_info("/product/foo"), /* useOnProductImageEnabled = */ true, - whitelist)); - // Non-whitelisted /product binary, product enabled - EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/product/foo_not_whitelisted"), + allowlist)); + // Non-allowlisted /product binary, product enabled + EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/product/foo_not_allowlisted"), /* useOnProductImageEnabled = */ true, - whitelist)); - // Non-whitelisted /odm binary - EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/odm/foo_not_whitelisted"), + allowlist)); + // Non-allowlisted /odm binary + EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/odm/foo_not_allowlisted"), /* useOnProductImageEnabled = */ false, - whitelist)); - // Non-whitelisted /vendor binary - EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/vendor/foo_not_whitelisted"), + allowlist)); + // Non-allowlisted /vendor binary + EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/vendor/foo_not_allowlisted"), /* useOnProductImageEnabled = */ false, - whitelist)); - // Non-whitelisted /data binary - EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/data/foo_not_whitelisted"), + allowlist)); + // Non-allowlisted /data binary + EXPECT_FALSE(TypeManager::isExtensionsUseAllowed(native_info("/data/foo_not_allowlisted"), /* useOnProductImageEnabled = */ false, - whitelist)); + allowlist)); } TEST_F(ExtensionsTest, TestAllowedApps) { @@ -190,9 +190,9 @@ TEST_F(ExtensionsTest, TestAllowedApps) { std::string other_binary = "/system/bin/foo"; std::string package = "com.foo"; - std::string package_non_whitelisted = "com.foo2"; + std::string package_non_allowlisted = "com.foo2"; - std::vector<std::string> whitelist = {"com.foo"}; + std::vector<std::string> allowlist = {"com.foo"}; auto test_app_process = [&](const std::string& binary) { // /data app @@ -202,7 +202,7 @@ TEST_F(ExtensionsTest, TestAllowedApps) { .appIsOnVendorImage = false, .appIsOnProductImage = false}, /* useOnProductImageEnabled = */ false, - whitelist)); + allowlist)); // /system app EXPECT_FALSE(TypeManager::isExtensionsUseAllowed({.binaryPath = binary, @@ -211,7 +211,7 @@ TEST_F(ExtensionsTest, TestAllowedApps) { .appIsOnVendorImage = false, .appIsOnProductImage = false}, /* useOnProductImageEnabled = */ false, - whitelist)); + allowlist)); // /vendor || /odm app EXPECT_TRUE(TypeManager::isExtensionsUseAllowed({.binaryPath = binary, @@ -220,7 +220,7 @@ TEST_F(ExtensionsTest, TestAllowedApps) { .appIsOnVendorImage = true, .appIsOnProductImage = false}, /* useOnProductImageEnabled = */ false, - whitelist)); + allowlist)); // /product app, disabled EXPECT_FALSE(TypeManager::isExtensionsUseAllowed({.binaryPath = binary, @@ -229,7 +229,7 @@ TEST_F(ExtensionsTest, TestAllowedApps) { .appIsOnVendorImage = false, .appIsOnProductImage = true}, /* useOnProductImageEnabled = */ false, - whitelist)); + allowlist)); // /product app, enabled EXPECT_TRUE(TypeManager::isExtensionsUseAllowed({.binaryPath = binary, @@ -238,34 +238,34 @@ TEST_F(ExtensionsTest, TestAllowedApps) { .appIsOnVendorImage = false, .appIsOnProductImage = true}, /* useOnProductImageEnabled = */ true, - whitelist)); + allowlist)); - // /product app, enabled, package name not on whitelist + // /product app, enabled, package name not on allowlist EXPECT_FALSE(TypeManager::isExtensionsUseAllowed({.binaryPath = binary, - .appPackageName = package_non_whitelisted, + .appPackageName = package_non_allowlisted, .appIsSystemApp = true, .appIsOnVendorImage = false, .appIsOnProductImage = true}, /* useOnProductImageEnabled = */ true, - whitelist)); + allowlist)); - // /data app, package name not on whitelist + // /data app, package name not on allowlist EXPECT_FALSE(TypeManager::isExtensionsUseAllowed({.binaryPath = binary, - .appPackageName = package_non_whitelisted, + .appPackageName = package_non_allowlisted, .appIsSystemApp = false, .appIsOnVendorImage = false, .appIsOnProductImage = false}, /* useOnProductImageEnabled = */ false, - whitelist)); + allowlist)); - // /vendor || /odm app, package name not on whitelist + // /vendor || /odm app, package name not on allowlist EXPECT_FALSE(TypeManager::isExtensionsUseAllowed({.binaryPath = binary, - .appPackageName = package_non_whitelisted, + .appPackageName = package_non_allowlisted, .appIsSystemApp = true, .appIsOnVendorImage = true, .appIsOnProductImage = false}, /* useOnProductImageEnabled = */ false, - whitelist)); + allowlist)); }; test_app_process(app_process64); test_app_process(app_process32); @@ -277,14 +277,14 @@ TEST_F(ExtensionsTest, TestAllowedApps) { .appIsOnVendorImage = false, .appIsOnProductImage = false}, /* useOnProductImageEnabled = */ false, - whitelist)); + allowlist)); EXPECT_FALSE(TypeManager::isExtensionsUseAllowed({.binaryPath = other_binary, .appPackageName = package, .appIsSystemApp = true, .appIsOnVendorImage = true, .appIsOnProductImage = false}, /* useOnProductImageEnabled = */ false, - whitelist)); + allowlist)); EXPECT_FALSE(TypeManager::isExtensionsUseAllowed({.binaryPath = other_binary, .appPackageName = package, @@ -292,7 +292,7 @@ TEST_F(ExtensionsTest, TestAllowedApps) { .appIsOnVendorImage = false, .appIsOnProductImage = true}, /* useOnProductImageEnabled = */ true, - whitelist)); + allowlist)); } } // namespace |