diff options
author | Colin Cross <ccross@android.com> | 2019-03-05 15:06:16 -0800 |
---|---|---|
committer | Colin Cross <ccross@android.com> | 2019-03-07 15:23:21 +0000 |
commit | c35c5f982479196c86bd4b37cc51d362f81bdb23 (patch) | |
tree | c142bfab4af637b20acb69eb7a192c323620af73 /android | |
parent | 3d7c9827d5c9b34fbeabc74f90d36d5288732e8c (diff) | |
download | build_soong-c35c5f982479196c86bd4b37cc51d362f81bdb23.tar.gz build_soong-c35c5f982479196c86bd4b37cc51d362f81bdb23.tar.bz2 build_soong-c35c5f982479196c86bd4b37cc51d362f81bdb23.zip |
Add neverallow rules for java_device_for_host
java_device_for_host and java_host_for_device should rarely be
used and could cause problems if used incorrectly, so restrict them
to only the necessary projects through a neverallow whitelist.
Bug: 117920228
Test: neverallow_test.go
Change-Id: I37dce489c2fb8bca71bd46dbabaaa514bf6f7eee
Merged-In: I37dce489c2fb8bca71bd46dbabaaa514bf6f7eee
Diffstat (limited to 'android')
-rw-r--r-- | android/neverallow.go | 47 | ||||
-rw-r--r-- | android/neverallow_test.go | 12 |
2 files changed, 59 insertions, 0 deletions
diff --git a/android/neverallow.go b/android/neverallow.go index 18744e81..f63f4618 100644 --- a/android/neverallow.go +++ b/android/neverallow.go @@ -51,6 +51,7 @@ func createNeverAllows() []*rule { rules := []*rule{} rules = append(rules, createTrebleRules()...) rules = append(rules, createLibcoreRules()...) + rules = append(rules, createJavaDeviceForHostRules()...) return rules } @@ -125,6 +126,20 @@ func createLibcoreRules() []*rule { return rules } +func createJavaDeviceForHostRules() []*rule { + javaDeviceForHostProjectsWhitelist := []string{ + "external/robolectric-shadows", + "framework/layoutlib", + } + + return []*rule{ + neverallow(). + notIn(javaDeviceForHostProjectsWhitelist...). + moduleType("java_device_for_host", "java_host_for_device"). + because("java_device_for_host can only be used in whitelisted projects"), + } +} + func neverallowMutator(ctx BottomUpMutatorContext) { m, ok := ctx.Module().(Module) if !ok { @@ -139,6 +154,10 @@ func neverallowMutator(ctx BottomUpMutatorContext) { continue } + if !n.appliesToModuleType(ctx.ModuleType()) { + continue + } + if !n.appliesToProperties(properties) { continue } @@ -159,6 +178,9 @@ type rule struct { paths []string unlessPaths []string + moduleTypes []string + unlessModuleTypes []string + props []ruleProperty unlessProps []ruleProperty } @@ -166,14 +188,27 @@ type rule struct { func neverallow() *rule { return &rule{} } + func (r *rule) in(path ...string) *rule { r.paths = append(r.paths, cleanPaths(path)...) return r } + func (r *rule) notIn(path ...string) *rule { r.unlessPaths = append(r.unlessPaths, cleanPaths(path)...) return r } + +func (r *rule) moduleType(types ...string) *rule { + r.moduleTypes = append(r.moduleTypes, types...) + return r +} + +func (r *rule) notModuleType(types ...string) *rule { + r.unlessModuleTypes = append(r.unlessModuleTypes, types...) + return r +} + func (r *rule) with(properties, value string) *rule { r.props = append(r.props, ruleProperty{ fields: fieldNamesForProperties(properties), @@ -181,6 +216,7 @@ func (r *rule) with(properties, value string) *rule { }) return r } + func (r *rule) without(properties, value string) *rule { r.unlessProps = append(r.unlessProps, ruleProperty{ fields: fieldNamesForProperties(properties), @@ -188,6 +224,7 @@ func (r *rule) without(properties, value string) *rule { }) return r } + func (r *rule) because(reason string) *rule { r.reason = reason return r @@ -201,6 +238,12 @@ func (r *rule) String() string { for _, v := range r.unlessPaths { s += " -dir:" + v + "*" } + for _, v := range r.moduleTypes { + s += " type:" + v + } + for _, v := range r.unlessModuleTypes { + s += " -type:" + v + } for _, v := range r.props { s += " " + strings.Join(v.fields, ".") + "=" + v.value } @@ -219,6 +262,10 @@ func (r *rule) appliesToPath(dir string) bool { return includePath && !excludePath } +func (r *rule) appliesToModuleType(moduleType string) bool { + return (len(r.moduleTypes) == 0 || InList(moduleType, r.moduleTypes)) && !InList(moduleType, r.unlessModuleTypes) +} + func (r *rule) appliesToProperties(properties []interface{}) bool { includeProps := hasAllProperties(properties, r.props) excludeProps := hasAnyProperty(properties, r.unlessProps) diff --git a/android/neverallow_test.go b/android/neverallow_test.go index 8d530874..d55ca575 100644 --- a/android/neverallow_test.go +++ b/android/neverallow_test.go @@ -148,6 +148,17 @@ var neverallowTests = []struct { }, expectedError: "Only core libraries projects can depend on core-libart", }, + { + name: "java_device_for_host", + fs: map[string][]byte{ + "Blueprints": []byte(` + java_device_for_host { + name: "device_for_host", + libs: ["core-libart"], + }`), + }, + expectedError: "java_device_for_host can only be used in whitelisted projects", + }, } func TestNeverallow(t *testing.T) { @@ -176,6 +187,7 @@ func testNeverallow(t *testing.T, config Config, fs map[string][]byte) (*TestCon ctx := NewTestContext() ctx.RegisterModuleType("cc_library", ModuleFactoryAdaptor(newMockCcLibraryModule)) ctx.RegisterModuleType("java_library", ModuleFactoryAdaptor(newMockJavaLibraryModule)) + ctx.RegisterModuleType("java_device_for_host", ModuleFactoryAdaptor(newMockJavaLibraryModule)) ctx.PostDepsMutators(registerNeverallowMutator) ctx.Register() |