Add support enforcing all path requirements.
Setting PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS to be non-empty will verify that when an inherited product file makes an path requirement claim, no files other than the ones it produces are allowed inside its paths. This allows more rigorous control of what goes where, and specifically stops accidental inclusion of modules in the wrong places (which is very easy to do otherwise). In order to enable iterative improvements to current offenders, support for a whitelist is also added (via the new PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST property). Verification is done that this variable corresponds to exactly the list of current offenders. Example use: PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS := true PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST := system/priv-app/Dialer/Dialer.apk Bug: 80410283 Test: In a downstream CL specifying the above. Change-Id: I58047db08bde34da21759cfc55f398892b1c809a
This commit is contained in:
parent
2b0ea222c1
commit
427d855728
11
core/main.mk
11
core/main.mk
|
@ -965,6 +965,17 @@ $(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\
|
|||
$(call maybe-print-list-and-error,$(offending_files),$(makefile) produces files outside its artifact path requirement.) \
|
||||
$(eval unused_whitelist := $(filter-out $(files),$(whitelist_patterns))) \
|
||||
$(call maybe-print-list-and-error,$(unused_whitelist),$(makefile) includes redundant whitelist entries in its artifact path requirement.) \
|
||||
$(eval ### Optionally verify that nothing else produces files inside this artifact path requirement.) \
|
||||
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS),\
|
||||
$(eval extra_files := $(filter-out $(files) $(HOST_OUT)/%,$(product_FILES))) \
|
||||
$(eval whitelist := $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST)) \
|
||||
$(eval whitelist_patterns := $(call resolve-product-relative-paths,$(whitelist))) \
|
||||
$(eval files_in_requirement := $(filter $(path_patterns),$(extra_files))) \
|
||||
$(eval offending_files := $(filter-out $(whitelist_patterns),$(files_in_requirement))) \
|
||||
$(call maybe-print-list-and-error,$(offending_files),$(INTERNAL_PRODUCT) produces files inside $(makefile)s artifact path requirement.) \
|
||||
$(eval unused_whitelist := $(filter-out $(extra_files),$(whitelist_patterns))) \
|
||||
$(call maybe-print-list-and-error,$(unused_whitelist),$(INTERNAL_PRODUCT) includes redundant artifact path requirement whitelist entries.) \
|
||||
) \
|
||||
)
|
||||
|
||||
ifeq (0,1)
|
||||
|
|
|
@ -198,6 +198,8 @@ _product_var_list := \
|
|||
PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE \
|
||||
PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE \
|
||||
PRODUCT_USE_LOGICAL_PARTITIONS \
|
||||
PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS \
|
||||
PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST \
|
||||
|
||||
define dump-product
|
||||
$(info ==== $(1) ====)\
|
||||
|
|
Loading…
Reference in New Issue