From 04c58dea0bf90bfcffe7fa36c0681ba289539116 Mon Sep 17 00:00:00 2001 From: Mathew Inwood Date: Wed, 11 Jul 2018 15:14:00 +0100 Subject: [PATCH] Build rules to derive greylists from annotations. Uses the new class2greylist tool to extract API descriptors from .class files. Also add these generated greylist.txt files as dependencies of INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST so they can be merged later in the build. Bug: 110868826 Test: m Change-Id: I406587732b537f9b56768ad9909039dfab34c334 --- core/config.mk | 1 + core/definitions.mk | 10 ++++++++++ core/java.mk | 8 ++++++++ core/soong_java_prebuilt.mk | 6 ++++++ 4 files changed, 25 insertions(+) diff --git a/core/config.mk b/core/config.mk index f7a8176b4..a6aec9bcb 100644 --- a/core/config.mk +++ b/core/config.mk @@ -719,6 +719,7 @@ BRILLO_UPDATE_PAYLOAD := $(HOST_OUT_EXECUTABLES)/brillo_update_payload DEXDUMP := $(HOST_OUT_EXECUTABLES)/dexdump2$(BUILD_EXECUTABLE_SUFFIX) PROFMAN := $(HOST_OUT_EXECUTABLES)/profman HIDDENAPI := $(HOST_OUT_EXECUTABLES)/hiddenapi +CLASS2GREYLIST := $(HOST_OUT_EXECUTABLES)/class2greylist FINDBUGS_DIR := external/owasp/sanitizer/tools/findbugs/bin FINDBUGS := $(FINDBUGS_DIR)/findbugs diff --git a/core/definitions.mk b/core/definitions.mk index 7108e0903..4341c6282 100644 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -2866,6 +2866,16 @@ $(INTERNAL_PLATFORM_HIDDENAPI_PRIVATE_LIST): \ PRIVATE_DEX_INPUTS := $$(PRIVATE_DEX_INPUTS) $(1) endef +# Generate a greylist.txt from a classes.jar +define hiddenapi-generate-greylist-txt +$(2): $(1) $(CLASS2GREYLIST) + $(CLASS2GREYLIST) $(1) > $(2) + +$(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST): $(2) +$(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST): \ + PRIVATE_GREYLIST_INPUTS := $$(PRIVATE_GREYLIST_INPUTS) $(2) +endef + # File names for intermediate dex files of `hiddenapi-copy-soong-jar`. hiddenapi-soong-input-dex = $(dir $(1))/hiddenapi/dex-input/classes.dex hiddenapi-soong-output-dex = $(dir $(1))/hiddenapi/dex-output/classes.dex diff --git a/core/java.mk b/core/java.mk index 78b492ddb..a8b680d25 100644 --- a/core/java.mk +++ b/core/java.mk @@ -79,6 +79,7 @@ built_dex_intermediate := $(intermediates.COMMON)/dex/classes.dex built_dex_hiddenapi := $(intermediates.COMMON)/dex-hiddenapi/classes.dex full_classes_stubs_jar := $(intermediates.COMMON)/stubs.jar java_source_list_file := $(intermediates.COMMON)/java-source-list +greylist_txt := $(intermediates.COMMON)/greylist.txt ifeq ($(LOCAL_MODULE_CLASS)$(LOCAL_SRC_FILES)$(LOCAL_STATIC_JAVA_LIBRARIES)$(LOCAL_SOURCE_FILES_ALL_GENERATED),APPS) @@ -544,6 +545,13 @@ $(built_dex_intermediate): $(full_classes_proguard_jar) $(DX) $(ZIP2ZIP) endif ifneq ($(filter $(LOCAL_MODULE),$(PRODUCT_BOOT_JARS)),) # is_boot_jar + # Derive API greylist from the classes jar. + # We use full_classes_proguard_jar here, as that is what is converted to dex + # later on. The difference is academic currently, as we don't proguard any + # bootclasspath code at the moment. If we were to do that, we should add keep + # rules for all members with the @UnsupportedAppUsage annotation. + $(eval $(call hiddenapi-generate-greylist-txt,$(full_classes_proguard_jar),$(greylist_txt))) + LOCAL_INTERMEDIATE_TARGETS += $(greylist_txt) $(eval $(call hiddenapi-copy-dex-files,$(built_dex_intermediate),$(built_dex_hiddenapi))) built_dex_copy_from := $(built_dex_hiddenapi) else # !is_boot_jar diff --git a/core/soong_java_prebuilt.mk b/core/soong_java_prebuilt.mk index ef71107fc..f1e5dddfc 100644 --- a/core/soong_java_prebuilt.mk +++ b/core/soong_java_prebuilt.mk @@ -19,6 +19,7 @@ full_classes_jar := $(intermediates.COMMON)/classes.jar full_classes_pre_proguard_jar := $(intermediates.COMMON)/classes-pre-proguard.jar full_classes_header_jar := $(intermediates.COMMON)/classes-header.jar common_javalib.jar := $(intermediates.COMMON)/javalib.jar +greylist_txt := $(intermediates.COMMON)/greylist.txt $(eval $(call copy-one-file,$(LOCAL_PREBUILT_MODULE_FILE),$(full_classes_jar))) $(eval $(call copy-one-file,$(LOCAL_PREBUILT_MODULE_FILE),$(full_classes_pre_proguard_jar))) @@ -82,6 +83,11 @@ ifdef LOCAL_SOONG_DEX_JAR ifneq ($(LOCAL_UNINSTALLABLE_MODULE),true) ifndef LOCAL_IS_HOST_MODULE ifneq ($(filter $(LOCAL_MODULE),$(PRODUCT_BOOT_JARS)),) # is_boot_jar + # Derive greylist from classes.jar. + # We use full_classes_jar here, which is the post-proguard jar (on the basis that we also + # have a full_classes_pre_proguard_jar). This is consistent with the equivalent code in + # java.mk. + $(eval $(call hiddenapi-generate-greylist-txt,$(full_classes_jar),$(greylist_txt))) $(eval $(call hiddenapi-copy-soong-jar,$(LOCAL_SOONG_DEX_JAR),$(common_javalib.jar))) else # !is_boot_jar $(eval $(call copy-one-file,$(LOCAL_SOONG_DEX_JAR),$(common_javalib.jar)))