From be2aed5529ba84b480493b8df89f52fd5a0feae7 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Mon, 2 Dec 2019 14:12:49 +0900 Subject: [PATCH 1/3] Use apex_available property Use apex_available property to prevent modules that are only for the NN apex from being used outside of the APEX. Bug: 128708192 Bug: 133140750 Test: m Change-Id: I57fe857d99088ef08e065dd2a3fc5a9389b6eb0f --- core/main.mk | 4 ---- 1 file changed, 4 deletions(-) diff --git a/core/main.mk b/core/main.mk index 37a0b98c4..ad146717b 100644 --- a/core/main.mk +++ b/core/main.mk @@ -1121,10 +1121,6 @@ APEX_MODULE_LIBS += \ libdl_android.so \ libm.so \ -# Android Neural Network API (NNAPI) APEX (native) libraries -APEX_MODULE_LIBS += \ - libneuralnetworks.so \ - # An option to disable the check below, for local use since some build targets # still may create these libraries in /system (b/129006418). DISABLE_APEX_LIBS_ABSENCE_CHECK ?= From be77c453a7a461f02a0986c473056e1398a4641d Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Mon, 2 Dec 2019 14:45:49 +0900 Subject: [PATCH 2/3] Remove bionic libs from APEX_MODULE_LIBS check The test was to ensure that bionic libs are not installed to the non-updatable part of the platform (e.g. system/lib). However, for bionic libs, we actually have been installing them for bootstrapping. Specifically, they are installed to /system/lib/bootstrap, not /system/lib. The test has passed just because it didn't look into /system/lib/bootstrap. Removing the unnecessary check. Bug: 128708192 Bug: 133140750 Test: m Test: m out/target/prduct/$(TARGET_DEVICE)/system/lib/libc.so doesn't work Change-Id: I93cbd74972cdd2daea45612136d5133fa49ab76a --- core/main.mk | 9 --------- 1 file changed, 9 deletions(-) diff --git a/core/main.mk b/core/main.mk index ad146717b..15ffe94e7 100644 --- a/core/main.mk +++ b/core/main.mk @@ -1112,15 +1112,6 @@ endef # art/build/apex/art_apex_test.py. # TODO(b/128708192): Implement this restriction in Soong instead. -# Runtime (Bionic) APEX (native) libraries -APEX_MODULE_LIBS += \ - libc.so \ - libc_malloc_debug.so \ - libc_malloc_hooks.so \ - libdl.so \ - libdl_android.so \ - libm.so \ - # An option to disable the check below, for local use since some build targets # still may create these libraries in /system (b/129006418). DISABLE_APEX_LIBS_ABSENCE_CHECK ?= From 22195346ddd6cc0b4a5f9848019c10fb5df6ce7d Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Mon, 2 Dec 2019 14:51:37 +0900 Subject: [PATCH 3/3] apex-libs-absence checks are removed The check is implemented in Soong via the apex_available property. For a module that should be in the APEX named "foo" and shouldn't be in any other APEX and also in the platform (the non-updatable part), the property can be set to "foo" (without "//apex_available:platform") to express the restriction and then Soong will enforce it. Bug: 128708192 Test: m Change-Id: Ia1aaaacd685f466447b61deae2849cb0aa83def3 --- core/Makefile | 1 - core/main.mk | 105 -------------------------------------------------- 2 files changed, 106 deletions(-) diff --git a/core/Makefile b/core/Makefile index 5fdca13b4..20639cabf 100644 --- a/core/Makefile +++ b/core/Makefile @@ -2489,7 +2489,6 @@ define build-systemimage-target $(call create-system-vendor-symlink) $(call create-system-product-symlink) $(call create-system-system_ext-symlink) - $(call check-apex-libs-absence-on-disk) @mkdir -p $(dir $(1)) $(systemimage_intermediates) && rm -rf $(systemimage_intermediates)/system_image_info.txt $(call generate-image-prop-dictionary, $(systemimage_intermediates)/system_image_info.txt,system, \ skip_fsck=true) diff --git a/core/main.mk b/core/main.mk index 15ffe94e7..9f3ebea1b 100644 --- a/core/main.mk +++ b/core/main.mk @@ -1107,109 +1107,6 @@ $(if $(strip $(1)), \ ) endef -# Check that libraries that should only be in APEXes don't end up in the system -# image. For the ART APEX this complements the checks in -# art/build/apex/art_apex_test.py. -# TODO(b/128708192): Implement this restriction in Soong instead. - -# An option to disable the check below, for local use since some build targets -# still may create these libraries in /system (b/129006418). -DISABLE_APEX_LIBS_ABSENCE_CHECK ?= - -# Allow APEX libraries under: -# /system/apex, which happens when APEX flattening is enabled. -# /system/system_ext, which happens with GSI -APEX_LIBS_ABSENCE_CHECK_EXCLUDE := apex system_ext - -# Bionic should not be in /system, except for the bootstrap instance. -APEX_LIBS_ABSENCE_CHECK_EXCLUDE += lib/bootstrap lib64/bootstrap - -# Exclude lib/arm and lib64/arm64 which contain the native bridge proxy libs. They -# are compiled for the guest architecture and used with an entirely different -# linker config. The native libs are then linked to as usual via exported -# interfaces, so the proxy libs do not violate the interface boundaries on the -# native architecture. -# TODO(b/130630776): Introduce a make variable for the appropriate directory -# when native bridge is active. -APEX_LIBS_ABSENCE_CHECK_EXCLUDE += lib/arm lib64/arm64 - -ifdef TARGET_NATIVE_BRIDGE_RELATIVE_PATH - APEX_LIBS_ABSENCE_CHECK_EXCLUDE += lib/$(TARGET_NATIVE_BRIDGE_RELATIVE_PATH) lib64/$(TARGET_NATIVE_BRIDGE_RELATIVE_PATH) -endif - -ifdef TARGET_NATIVE_BRIDGE_2ND_RELATIVE_PATH - APEX_LIBS_ABSENCE_CHECK_EXCLUDE += lib/$(TARGET_NATIVE_BRIDGE_2ND_RELATIVE_PATH) lib64/$(TARGET_NATIVE_BRIDGE_2ND_RELATIVE_PATH) -endif - -# Exclude vndk-* subdirectories which contain prebuilts from older releases. -APEX_LIBS_ABSENCE_CHECK_EXCLUDE += lib/vndk-% lib64/vndk-% - -ifdef DISABLE_APEX_LIBS_ABSENCE_CHECK - check-apex-libs-absence := - check-apex-libs-absence-on-disk := -else - # If the check below fails, some library has ended up in system/lib or - # system/lib64 that is intended to only go into some APEX package. The likely - # cause is that a library or binary in /system has grown a dependency that - # directly or indirectly pulls in the prohibited library. - # - # To resolve this, look for the APEX package that the library belong to - - # search for it in 'native_shared_lib' properties in 'apex' build modules (see - # art/build/apex/Android.bp for an example). Then check if there is an - # exported library in that APEX package that should be used instead, i.e. one - # listed in its 'native_shared_lib' property for which the corresponding - # 'cc_library' module has a 'stubs' clause (like libdexfile_external in - # art/libdexfile/Android.bp). - # - # If you cannot find an APEX exported library that fits your needs, or you - # think that the library you want to depend on should be allowed in /system, - # then please contact the owners of the APEX package containing the library. - # - # If you get this error for a library that is exported in an APEX, then the - # APEX might be misconfigured or something is wrong in the build system. - # Please reach out to the APEX package owners and/or soong-team@, or - # android-building@googlegroups.com externally. - # - # Likewise, we check for the absence of APEX Java libraries (JARs). - define check-apex-libs-absence - $(call maybe-print-list-and-error, \ - $(filter $(foreach lib,$(APEX_MODULE_LIBS),%/$(lib)), \ - $(filter-out $(foreach dir,$(APEX_LIBS_ABSENCE_CHECK_EXCLUDE), \ - $(TARGET_OUT)/$(if $(findstring %,$(dir)),$(dir),$(dir)/%)), \ - $(filter $(TARGET_OUT),$(1)))), \ - APEX libraries found in product_target_FILES (see comment for check-apex-libs-absence in \ - build/make/core/main.mk for details)) - endef - - # TODO(b/129006418): The check above catches libraries through product - # dependencies visible to make, but as long as they have install rules in - # /system they may still be created there through other make targets. To catch - # that we also do a check on disk just before the system image is built. - # NB: This check may fail if you have built intermediate targets in the out - # tree earlier, e.g. "m ". In that case, please - # try "m installclean && m systemimage" to get a correct system image. For - # local work you can also disable the check with the - # DISABLE_APEX_LIBS_ABSENCE_CHECK environment variable. - # - # Likewise, we check for the absence of APEX Java libraries (JARs). - define check-apex-libs-absence-on-disk - $(hide) ( \ - cd $(TARGET_OUT) && \ - findres=$$(find . \ - $(foreach dir,$(APEX_LIBS_ABSENCE_CHECK_EXCLUDE),-path "./$(subst %,*,$(dir))" -prune -o) \ - -type f \( -false $(foreach lib,$(APEX_MODULE_LIBS),-o -name $(lib)) \) \ - -print) && \ - if [ -n "$$findres" ]; then \ - echo "APEX libraries found in system image in TARGET_OUT (see comments for" 1>&2; \ - echo "check-apex-libs-absence and check-apex-libs-absence-on-disk in" 1>&2; \ - echo "build/make/core/main.mk for details):" 1>&2; \ - echo "$$findres" | sort 1>&2; \ - false; \ - fi; \ - ) - endef -endif - ifdef FULL_BUILD ifneq (true,$(ALLOW_MISSING_DEPENDENCIES)) # Check to ensure that all modules in PRODUCT_PACKAGES exist (opt in per product) @@ -1330,8 +1227,6 @@ $(PRODUCT_OUT)/offending_artifacts.txt: rm -f $@ $(foreach f,$(sort $(all_offending_files)),echo $(f) >> $@;) endif - - $(call check-apex-libs-absence,$(product_target_FILES)) else # We're not doing a full build, and are probably only including # a subset of the module makefiles. Don't try to build any modules