openkylin
/
platform_build_soong
mirror of https://gitee.com/openkylin/platform_build_soong.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Prevent runtime module paths being used in include_dirs 

am: 2ac2befc9a

Change-Id: Ia7683cb3400013a78bd62b4f7c002c7f0e352903
This commit is contained in:
Paul Duffin 2019-07-21 04:14:26 -07:00 committed by android-build-merger
parent 34ae60b2bb 2ac2befc9a
commit 31d0688df9
2 changed files with 91 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
android/neverallow.go
View File

@ -48,6 +48,7 @@ func registerNeverallowMutator(ctx RegisterMutatorsContext) {
var neverallows = []Rule{} var neverallows = []Rule{}
func init() { func init() {
AddNeverAllowRules(createIncludeDirsRules()...)
AddNeverAllowRules(createTrebleRules()...) AddNeverAllowRules(createTrebleRules()...)
AddNeverAllowRules(createLibcoreRules()...) AddNeverAllowRules(createLibcoreRules()...)
AddNeverAllowRules(createMediaRules()...) AddNeverAllowRules(createMediaRules()...)
@ -59,6 +60,42 @@ func AddNeverAllowRules(rules ...Rule) {
neverallows = append(neverallows, rules...) neverallows = append(neverallows, rules...)
} }
func createIncludeDirsRules() []Rule {
// The list of paths that cannot be referenced using include_dirs
paths := []string{
"art",
"libcore",
"libnativehelper",
"external/apache-harmony",
"external/apache-xml",
"external/boringssl",
"external/bouncycastle",
"external/conscrypt",
"external/icu",
"external/okhttp",
"external/vixl",
"external/wycheproof",
"system/core/libnativebridge",
"system/core/libnativehelper",
}
// Create a composite matcher that will match if the value starts with any of the restricted
// paths. A / is appended to the prefix to ensure that restricting path X does not affect paths
// XY.
rules := make([]Rule, 0, len(paths))
for _, path := range paths {
rule :=
NeverAllow().
WithMatcher("include_dirs", StartsWith(path+"/")).
Because("include_dirs is deprecated, all usages of '" + path + "' have been migrated" +
" to use alternate mechanisms and so can no longer be used.")
rules = append(rules, rule)
}
return rules
}
func createTrebleRules() []Rule { func createTrebleRules() []Rule {
return []Rule{ return []Rule{
NeverAllow(). NeverAllow().
@ -195,6 +232,18 @@ func (m *anyMatcher) String() string {
var anyMatcherInstance = &anyMatcher{} var anyMatcherInstance = &anyMatcher{}
type startsWithMatcher struct {
prefix string
}
func (m *startsWithMatcher) test(value string) bool {
return strings.HasPrefix(value, m.prefix)
}
func (m *startsWithMatcher) String() string {
return ".starts-with(" + m.prefix + ")"
}
type ruleProperty struct { type ruleProperty struct {
fields []string // e.x.: Vndk.Enabled fields []string // e.x.: Vndk.Enabled
matcher ValueMatcher matcher ValueMatcher
@ -212,8 +261,12 @@ type Rule interface {
With(properties, value string) Rule With(properties, value string) Rule
WithMatcher(properties string, matcher ValueMatcher) Rule
Without(properties, value string) Rule Without(properties, value string) Rule
WithoutMatcher(properties string, matcher ValueMatcher) Rule
Because(reason string) Rule Because(reason string) Rule
} }
@ -257,17 +310,25 @@ func (r *rule) NotModuleType(types ...string) Rule {
} }
func (r *rule) With(properties, value string) Rule { func (r *rule) With(properties, value string) Rule {
return r.WithMatcher(properties, selectMatcher(value))
}
func (r *rule) WithMatcher(properties string, matcher ValueMatcher) Rule {
r.props = append(r.props, ruleProperty{ r.props = append(r.props, ruleProperty{
fields: fieldNamesForProperties(properties), fields: fieldNamesForProperties(properties),
matcher: selectMatcher(value), matcher: matcher,
}) })
return r return r
} }
func (r *rule) Without(properties, value string) Rule { func (r *rule) Without(properties, value string) Rule {
return r.WithoutMatcher(properties, selectMatcher(value))
}
func (r *rule) WithoutMatcher(properties string, matcher ValueMatcher) Rule {
r.unlessProps = append(r.unlessProps, ruleProperty{ r.unlessProps = append(r.unlessProps, ruleProperty{
fields: fieldNamesForProperties(properties), fields: fieldNamesForProperties(properties),
matcher: selectMatcher(value), matcher: matcher,
}) })
return r return r
} }
@ -326,6 +387,10 @@ func (r *rule) appliesToProperties(properties []interface{}) bool {
return includeProps && !excludeProps return includeProps && !excludeProps
} }
func StartsWith(prefix string) ValueMatcher {
return &startsWithMatcher{prefix}
}
// assorted utils // assorted utils
func cleanPaths(paths []string) []string { func cleanPaths(paths []string) []string {

24
android/neverallow_test.go
View File

@ -23,6 +23,29 @@ var neverallowTests = []struct {
fs map[string][]byte fs map[string][]byte
expectedError string expectedError string
}{ }{
// include_dir rule tests
{
name: "include_dir not allowed to reference art",
fs: map[string][]byte{
"other/Blueprints": []byte(`
cc_library {
name: "libother",
include_dirs: ["art/libdexfile/include"],
}`),
},
expectedError: "all usages of 'art' have been migrated",
},
{
name: "include_dir can reference another location",
fs: map[string][]byte{
"other/Blueprints": []byte(`
cc_library {
name: "libother",
include_dirs: ["another/include"],
}`),
},
},
// Treble rule tests
{ {
name: "no vndk.enabled under vendor directory", name: "no vndk.enabled under vendor directory",
fs: map[string][]byte{ fs: map[string][]byte{
@ -213,6 +236,7 @@ func testNeverallow(t *testing.T, config Config, fs map[string][]byte) (*TestCon
} }
type mockCcLibraryProperties struct { type mockCcLibraryProperties struct {
Include_dirs []string
Vendor_available *bool Vendor_available *bool
Vndk struct { Vndk struct {