p96705831
/
platform_build
forked from openkylin/platform_build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add support enforcing all path requirements. 

Setting PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS to be non-empty will
verify that when an inherited product file makes an path requirement
claim, no files other than the ones it produces are allowed inside its
paths. This allows more rigorous control of what goes where, and
specifically stops accidental inclusion of modules in the wrong places
(which is very easy to do otherwise).

In order to enable iterative improvements to current offenders, support
for a whitelist is also added (via the new
PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST property). Verification is
done that this variable corresponds to exactly the list of current
offenders.

Example use:
  PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS := true
  PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST := system/priv-app/Dialer/Dialer.apk

Bug: 80410283
Test: In a downstream CL specifying the above.
Change-Id: I58047db08bde34da21759cfc55f398892b1c809a
This commit is contained in:
Anton Hansson 2018-06-05 17:53:09 +01:00
parent 2b0ea222c1
commit 427d855728
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
core/main.mk
View File

@ -965,6 +965,17 @@ $(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\
$(call maybe-print-list-and-error,$(offending_files),$(makefile) produces files outside its artifact path requirement.) \
$(eval unused_whitelist := $(filter-out $(files),$(whitelist_patterns))) \
$(call maybe-print-list-and-error,$(unused_whitelist),$(makefile) includes redundant whitelist entries in its artifact path requirement.) \
$(eval ### Optionally verify that nothing else produces files inside this artifact path requirement.) \
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS),\
$(eval extra_files := $(filter-out $(files) $(HOST_OUT)/%,$(product_FILES))) \
$(eval whitelist := $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST)) \
$(eval whitelist_patterns := $(call resolve-product-relative-paths,$(whitelist))) \
$(eval files_in_requirement := $(filter $(path_patterns),$(extra_files))) \
$(eval offending_files := $(filter-out $(whitelist_patterns),$(files_in_requirement))) \
$(call maybe-print-list-and-error,$(offending_files),$(INTERNAL_PRODUCT) produces files inside $(makefile)s artifact path requirement.) \
$(eval unused_whitelist := $(filter-out $(extra_files),$(whitelist_patterns))) \
$(call maybe-print-list-and-error,$(unused_whitelist),$(INTERNAL_PRODUCT) includes redundant artifact path requirement whitelist entries.) \
) \
)
ifeq (0,1)

2
core/product.mk
View File

@ -198,6 +198,8 @@ _product_var_list := \
PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE \
PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE \
PRODUCT_USE_LOGICAL_PARTITIONS \
PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS \
PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST \
define dump-product
$(info ==== $(1) ====)\