From a1383d8f9d34bc223548d2528a73de424b9aafa9 Mon Sep 17 00:00:00 2001
From: Colin Cross <ccross@android.com>
Date: Thu, 11 Jun 2020 11:25:05 -0700
Subject: [PATCH] Use inclusive language in build/make

Bug: 158889297
Test: m checkbuild
Change-Id: I54a7e55d3fdd5571ef1ae33ebe443c10d138fd28
Merged-In: I54a7e55d3fdd5571ef1ae33ebe443c10d138fd28
(cherry picked from commit c3ad80467e5a3119def1cd257c279200f6f5a6fe)
---
 core/app_certificate_validate.mk              |  2 +-
 core/binary.mk                                |  2 +-
 core/config.mk                                |  3 +-
 core/main.mk                                  | 47 ++++++++++---------
 core/product.mk                               | 17 +++----
 core/product_config.mk                        |  2 +-
 core/sdk_check.mk                             |  4 +-
 core/soong_config.mk                          |  2 +-
 core/tasks/boot_jars_package_check.mk         | 10 ++--
 core/tasks/check_boot_jars/check_boot_jars.py | 32 ++++++-------
 ...whitelist.txt => package_allowed_list.txt} |  2 +-
 core/tasks/vendor_module_check.mk             |  6 +--
 target/product/aosp_arm.mk                    |  2 +-
 target/product/aosp_x86_arm.mk                |  2 +-
 target/product/emulator_system.mk             |  2 +-
 target/product/generic.mk                     |  4 +-
 target/product/gsi_release.mk                 |  2 +-
 target/product/legacy_gsi_release.mk          |  2 +-
 target/product/mainline_system.mk             |  6 +--
 19 files changed, 76 insertions(+), 73 deletions(-)
 rename core/tasks/check_boot_jars/{package_whitelist.txt => package_allowed_list.txt} (99%)

diff --git a/core/app_certificate_validate.mk b/core/app_certificate_validate.mk
index c01526a68..1ccacfb5f 100644
--- a/core/app_certificate_validate.mk
+++ b/core/app_certificate_validate.mk
@@ -3,7 +3,7 @@ ifeq (true,$(non_system_module))
   ifneq (,$(filter $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))%,$(LOCAL_CERTIFICATE)))
     CERTIFICATE_VIOLATION_MODULES += $(LOCAL_MODULE)
     ifeq (true,$(PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT))
-      $(if $(filter $(LOCAL_MODULE),$(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST)),,\
+      $(if $(filter $(LOCAL_MODULE),$(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST)),,\
         $(call pretty-error,The module in product partition cannot be signed with certificate in system.))
     endif
   endif
diff --git a/core/binary.mk b/core/binary.mk
index 57508bbdc..7ee8c5c7e 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -84,7 +84,7 @@ ifneq ($(NATIVE_COVERAGE),true)
   my_native_coverage := false
 endif
 
-# Exclude directories from manual binder interface whitelisting.
+# Exclude directories from checking allowed manual binder interface lists.
 # TODO(b/145621474): Move this check into IInterface.h when clang-tidy no longer uses absolute paths.
 ifneq (,$(filter $(addsuffix %,$(ALLOWED_MANUAL_INTERFACE_PATHS)),$(LOCAL_PATH)))
   my_cflags += -DDO_NOT_CHECK_MANUAL_BINDER_INTERFACES
diff --git a/core/config.mk b/core/config.mk
index 0e0ff8f8a..0b9ff52bc 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -122,6 +122,7 @@ $(KATI_obsolete_var PRODUCT_IOT)
 $(KATI_obsolete_var MD5SUM)
 $(KATI_obsolete_var BOARD_HAL_STATIC_LIBRARIES, See $(CHANGES_URL)#BOARD_HAL_STATIC_LIBRARIES)
 $(KATI_obsolete_var LOCAL_HAL_STATIC_LIBRARIES, See $(CHANGES_URL)#BOARD_HAL_STATIC_LIBRARIES)
+$(KATI_obsolete_var PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST,Use PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST.)
 
 # Used to force goals to build.  Only use for conditionally defined goals.
 .PHONY: FORCE
@@ -667,7 +668,7 @@ HOST_JDK_TOOLS_JAR := $(ANDROID_JAVA8_HOME)/lib/tools.jar
 
 APICHECK_COMMAND := $(JAVA) -Xmx4g -jar $(APICHECK) --no-banner --compatible-output=yes
 
-# Boolean variable determining if the whitelist for compatible properties is enabled
+# Boolean variable determining if the allow list for compatible properties is enabled
 PRODUCT_COMPATIBLE_PROPERTY := false
 ifneq ($(PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE),)
   PRODUCT_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE)
diff --git a/core/main.mk b/core/main.mk
index a6365dfd7..a7a69f086 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -206,8 +206,8 @@ $(KATI_obsolete_var PRODUCT_FULL_TREBLE,\
 	variables like PRODUCT_SEPOLICY_SPLIT should be used until that is \
 	possible.)
 
-# Sets ro.actionable_compatible_property.enabled to know on runtime whether the whitelist
-# of actionable compatible properties is enabled or not.
+# Sets ro.actionable_compatible_property.enabled to know on runtime whether the
+# allowed list of actionable compatible properties is enabled or not.
 ifeq ($(PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE),true)
 ADDITIONAL_DEFAULT_PROPERTIES += ro.actionable_compatible_property.enabled=false
 else
@@ -1119,7 +1119,7 @@ ifdef FULL_BUILD
   ifneq (true,$(ALLOW_MISSING_DEPENDENCIES))
     # Check to ensure that all modules in PRODUCT_PACKAGES exist (opt in per product)
     ifeq (true,$(PRODUCT_ENFORCE_PACKAGES_EXIST))
-      _whitelist := $(PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST)
+      _allow_list := $(PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST)
       _modules := $(PRODUCT_PACKAGES)
       # Strip :32 and :64 suffixes
       _modules := $(patsubst %:32,%,$(_modules))
@@ -1129,10 +1129,10 @@ ifdef FULL_BUILD
       _nonexistent_modules := $(filter-out $(ALL_MODULES),$(_modules))
       _nonexistent_modules := $(foreach m,$(_nonexistent_modules),\
         $(if $(call get-32-bit-modules,$(m)),,$(m)))
-      $(call maybe-print-list-and-error,$(filter-out $(_whitelist),$(_nonexistent_modules)),\
+      $(call maybe-print-list-and-error,$(filter-out $(_allow_list),$(_nonexistent_modules)),\
         $(INTERNAL_PRODUCT) includes non-existent modules in PRODUCT_PACKAGES)
-      $(call maybe-print-list-and-error,$(filter-out $(_nonexistent_modules),$(_whitelist)),\
-        $(INTERNAL_PRODUCT) includes redundant whitelist entries for nonexistent PRODUCT_PACKAGES)
+      $(call maybe-print-list-and-error,$(filter-out $(_nonexistent_modules),$(_allow_list)),\
+        $(INTERNAL_PRODUCT) includes redundant allow list entries for non-existent PRODUCT_PACKAGES)
     endif
 
     # Check to ensure that all modules in PRODUCT_HOST_PACKAGES exist
@@ -1174,21 +1174,21 @@ ifdef FULL_BUILD
   is_asan := $(if $(filter address,$(SANITIZE_TARGET)),true)
   ifneq (true,$(or $(is_asan),$(DISABLE_ARTIFACT_PATH_REQUIREMENTS)))
   # Fakes don't get installed, and NDK stubs aren't installed to device.
-  static_whitelist_patterns := $(TARGET_OUT_FAKE)/% $(SOONG_OUT_DIR)/ndk/%
+  static_allowed_patterns := $(TARGET_OUT_FAKE)/% $(SOONG_OUT_DIR)/ndk/%
   # RROs become REQUIRED by the source module, but are always placed on the vendor partition.
-  static_whitelist_patterns += %__auto_generated_rro_product.apk
-  static_whitelist_patterns += %__auto_generated_rro_vendor.apk
+  static_allowed_patterns += %__auto_generated_rro_product.apk
+  static_allowed_patterns += %__auto_generated_rro_vendor.apk
   # Auto-included targets are not considered
-  static_whitelist_patterns += $(call product-installed-files,)
+  static_allowed_patterns += $(call product-installed-files,)
   # $(PRODUCT_OUT)/apex is where shared libraries in APEXes get installed.
   # The path can be considered as a fake path, as the shared libraries
   # are installed there just to have symbols files for them under
   # $(PRODUCT_OUT)/symbols/apex for debugging purpose. The /apex directory
   # is never compiled into a filesystem image.
-  static_whitelist_patterns += $(PRODUCT_OUT)/apex/%
+  static_allowed_patterns += $(PRODUCT_OUT)/apex/%
   ifeq (true,$(BOARD_USES_SYSTEM_OTHER_ODEX))
     # Allow system_other odex space optimization.
-    static_whitelist_patterns += \
+    static_allowed_patterns += \
       $(TARGET_OUT_SYSTEM_OTHER)/%.odex \
       $(TARGET_OUT_SYSTEM_OTHER)/%.vdex \
       $(TARGET_OUT_SYSTEM_OTHER)/%.art
@@ -1204,31 +1204,32 @@ $(call dist-for-goals,droidcore,$(CERTIFICATE_VIOLATION_MODULES_FILENAME))
   $(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\
     $(eval requirements := $(PRODUCTS.$(makefile).ARTIFACT_PATH_REQUIREMENTS)) \
     $(eval ### Verify that the product only produces files inside its path requirements.) \
-    $(eval whitelist := $(PRODUCTS.$(makefile).ARTIFACT_PATH_WHITELIST)) \
+    $(eval allowed := $(PRODUCTS.$(makefile).ARTIFACT_PATH_ALLOWED_LIST)) \
     $(eval path_patterns := $(call resolve-product-relative-paths,$(requirements),%)) \
-    $(eval whitelist_patterns := $(call resolve-product-relative-paths,$(whitelist))) \
+    $(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \
     $(eval files := $(call product-installed-files, $(makefile))) \
-    $(eval offending_files := $(filter-out $(path_patterns) $(whitelist_patterns) $(static_whitelist_patterns),$(files))) \
+    $(eval offending_files := $(filter-out $(path_patterns) $(allowed_patterns) $(static_allowed_patterns),$(files))) \
     $(call maybe-print-list-and-error,$(offending_files),\
       $(makefile) produces files outside its artifact path requirement. \
       Allowed paths are $(subst $(space),$(comma)$(space),$(addsuffix *,$(requirements)))) \
-    $(eval unused_whitelist := $(filter-out $(files),$(whitelist_patterns))) \
-    $(call maybe-print-list-and-error,$(unused_whitelist),$(makefile) includes redundant whitelist entries in its artifact path requirement.) \
+    $(eval unused_allowed := $(filter-out $(files),$(allowed_patterns))) \
+    $(call maybe-print-list-and-error,$(unused_allowed),$(makefile) includes redundant allowed entries in its artifact path requirement.) \
     $(eval ### Optionally verify that nothing else produces files inside this artifact path requirement.) \
     $(eval extra_files := $(filter-out $(files) $(HOST_OUT)/%,$(product_target_FILES))) \
     $(eval files_in_requirement := $(filter $(path_patterns),$(extra_files))) \
     $(eval all_offending_files += $(files_in_requirement)) \
-    $(eval whitelist := $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST)) \
-    $(eval whitelist_patterns := $(call resolve-product-relative-paths,$(whitelist))) \
-    $(eval offending_files := $(filter-out $(whitelist_patterns),$(files_in_requirement))) \
+    $(eval allowed := $(strip $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST) \
+      $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST))) \
+    $(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \
+    $(eval offending_files := $(filter-out $(allowed_patterns),$(files_in_requirement))) \
     $(eval enforcement := $(PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS)) \
     $(if $(enforcement),\
       $(call maybe-print-list-and-error,$(offending_files),\
         $(INTERNAL_PRODUCT) produces files inside $(makefile)s artifact path requirement. \
         $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT)) \
-      $(eval unused_whitelist := $(if $(filter true strict,$(enforcement)),\
-        $(foreach p,$(whitelist_patterns),$(if $(filter $(p),$(extra_files)),,$(p))))) \
-      $(call maybe-print-list-and-error,$(unused_whitelist),$(INTERNAL_PRODUCT) includes redundant artifact path requirement whitelist entries.) \
+      $(eval unused_allowed := $(if $(filter true strict,$(enforcement)),\
+        $(foreach p,$(allowed_patterns),$(if $(filter $(p),$(extra_files)),,$(p))))) \
+      $(call maybe-print-list-and-error,$(unused_allowed),$(INTERNAL_PRODUCT) includes redundant artifact path requirement allowed list entries.) \
     ) \
   )
 $(PRODUCT_OUT)/offending_artifacts.txt:
diff --git a/core/product.mk b/core/product.mk
index 0aa07ef5b..3d96d2359 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -326,14 +326,15 @@ _product_list_vars += PRODUCT_EXTRA_VNDK_VERSIONS
 # partitions uses PLATFORM_VNDK_VERSION.
 _product_single_value_var += PRODUCT_PRODUCT_VNDK_VERSION
 
-# Whether the whitelist of actionable compatible properties should be disabled or not
+# Whether the list of allowed of actionable compatible properties should be disabled or not
 _product_single_value_vars += PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE
 
 _product_single_value_vars += PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS
 _product_single_value_vars += PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT
-_product_list_vars += PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST
+_product_list_vars += PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST
 _product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT
 _product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST
+_product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST
 
 # List of modules that should be forcefully unmarked from being LOCAL_PRODUCT_MODULE, and hence
 # installed on /system directory by default.
@@ -453,19 +454,19 @@ endef
 define require-artifacts-in-path
   $(eval current_mk := $(strip $(word 1,$(_include_stack)))) \
   $(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_REQUIREMENTS := $(strip $(1))) \
-  $(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_WHITELIST := $(strip $(2))) \
+  $(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_ALLOWED_LIST := $(strip $(2))) \
   $(eval ARTIFACT_PATH_REQUIREMENT_PRODUCTS := \
     $(sort $(ARTIFACT_PATH_REQUIREMENT_PRODUCTS) $(current_mk)))
 endef
 
-# Makes including non-existant modules in PRODUCT_PACKAGES an error.
-# $(1): whitelist of non-existant modules to allow.
+# Makes including non-existent modules in PRODUCT_PACKAGES an error.
+# $(1): list of non-existent modules to allow.
 define enforce-product-packages-exist
   $(eval current_mk := $(strip $(word 1,$(_include_stack)))) \
   $(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST := true) \
-  $(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST := $(1)) \
+  $(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST := $(1)) \
   $(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST) \
-  $(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST)
+  $(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST)
 endef
 
 #
@@ -587,7 +588,7 @@ define strip-product-vars
 $(foreach v,\
   $(_product_var_list) \
     PRODUCT_ENFORCE_PACKAGES_EXIST \
-    PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST, \
+    PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST, \
   $(eval $(v) := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).$(v)))) \
   $(eval get-product-var = $$(if $$(filter $$(1),$$(INTERNAL_PRODUCT)),$$($$(2)),$$(PRODUCTS.$$(strip $$(1)).$$(2)))) \
   $(KATI_obsolete_var PRODUCTS.$(INTERNAL_PRODUCT).$(v),Use $(v) instead) \
diff --git a/core/product_config.mk b/core/product_config.mk
index 699d62aaf..a16af05cf 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -278,7 +278,7 @@ $(foreach pair,$(PRODUCT_UPDATABLE_BOOT_JARS), \
 )
 
 ENFORCE_SYSTEM_CERTIFICATE := $(PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT)
-ENFORCE_SYSTEM_CERTIFICATE_WHITELIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST)
+ENFORCE_SYSTEM_CERTIFICATE_ALLOW_LIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST)
 
 PRODUCT_OTA_PUBLIC_KEYS := $(sort $(PRODUCT_OTA_PUBLIC_KEYS))
 PRODUCT_EXTRA_RECOVERY_KEYS := $(sort $(PRODUCT_EXTRA_RECOVERY_KEYS))
diff --git a/core/sdk_check.mk b/core/sdk_check.mk
index c09fc7cae..09fd0eb48 100644
--- a/core/sdk_check.mk
+++ b/core/sdk_check.mk
@@ -6,7 +6,7 @@
 # be set to a particular module class to enable warnings and errors for that
 # subtype.
 
-whitelisted_modules := framework-res__auto_generated_rro
+allowed_modules := framework-res__auto_generated_rro
 
 
 ifeq (,$(JAVA_SDK_ENFORCEMENT_ERROR))
@@ -14,7 +14,7 @@ ifeq (,$(JAVA_SDK_ENFORCEMENT_ERROR))
 endif
 
 ifeq ($(LOCAL_SDK_VERSION)$(LOCAL_PRIVATE_PLATFORM_APIS),)
-  ifeq (,$(filter $(LOCAL_MODULE),$(whitelisted_modules)))
+  ifeq (,$(filter $(LOCAL_MODULE),$(allowed_modules)))
     ifneq ($(JAVA_SDK_ENFORCEMENT_WARNING)$(JAVA_SDK_ENFORCEMENT_ERROR),)
       my_message := Must specify LOCAL_SDK_VERSION or LOCAL_PRIVATE_PLATFORM_APIS,
       ifeq ($(LOCAL_MODULE_CLASS),$(JAVA_SDK_ENFORCEMENT_ERROR))
diff --git a/core/soong_config.mk b/core/soong_config.mk
index cbc2dd1f4..3f4ba24bc 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -182,7 +182,7 @@ $(call add_json_list, PackageNameOverrides,              $(PRODUCT_PACKAGE_NAME_
 $(call add_json_list, CertificateOverrides,              $(PRODUCT_CERTIFICATE_OVERRIDES))
 
 $(call add_json_bool, EnforceSystemCertificate,          $(ENFORCE_SYSTEM_CERTIFICATE))
-$(call add_json_list, EnforceSystemCertificateWhitelist, $(ENFORCE_SYSTEM_CERTIFICATE_WHITELIST))
+$(call add_json_list, EnforceSystemCertificateAllowList, $(ENFORCE_SYSTEM_CERTIFICATE_ALLOW_LIST))
 
 $(call add_json_list, ProductHiddenAPIStubs,             $(PRODUCT_HIDDENAPI_STUBS))
 $(call add_json_list, ProductHiddenAPIStubsSystem,       $(PRODUCT_HIDDENAPI_STUBS_SYSTEM))
diff --git a/core/tasks/boot_jars_package_check.mk b/core/tasks/boot_jars_package_check.mk
index 05243e53b..825bbc37d 100644
--- a/core/tasks/boot_jars_package_check.mk
+++ b/core/tasks/boot_jars_package_check.mk
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 #
-# Rules to check if classes in the boot jars are from the whitelisted packages.
+# Rules to check if classes in the boot jars are from the list of allowed packages.
 #
 
 ifneq ($(SKIP_BOOT_JARS_CHECK),true)
@@ -37,14 +37,14 @@ platform_boot_jars := $(filter-out $(ART_APEX_JARS),$(PRODUCT_BOOT_JARS))
 built_boot_jars := $(foreach j, $(updatable_boot_jars) $(art_boot_jars) $(platform_boot_jars), \
   $(call intermediates-dir-for, JAVA_LIBRARIES, $(j),,COMMON)/classes.jar)
 script := build/make/core/tasks/check_boot_jars/check_boot_jars.py
-whitelist_file := build/make/core/tasks/check_boot_jars/package_whitelist.txt
+allowed_file := build/make/core/tasks/check_boot_jars/package_allowed_list.txt
 
 $(stamp): PRIVATE_BOOT_JARS := $(built_boot_jars)
 $(stamp): PRIVATE_SCRIPT := $(script)
-$(stamp): PRIVATE_WHITELIST := $(whitelist_file)
-$(stamp) : $(built_boot_jars) $(script) $(whitelist_file)
+$(stamp): PRIVATE_ALLOWED := $(allowed_file)
+$(stamp) : $(built_boot_jars) $(script) $(allowed_file)
 	@echo "Check package name for $(PRIVATE_BOOT_JARS)"
-	$(hide) $(PRIVATE_SCRIPT) $(PRIVATE_WHITELIST) $(PRIVATE_BOOT_JARS)
+	$(hide) $(PRIVATE_SCRIPT) $(PRIVATE_ALLOWED) $(PRIVATE_BOOT_JARS)
 	$(hide) mkdir -p $(dir $@) && touch $@
 
 .PHONY: check-boot-jars
diff --git a/core/tasks/check_boot_jars/check_boot_jars.py b/core/tasks/check_boot_jars/check_boot_jars.py
index 67b73d574..6904a772a 100755
--- a/core/tasks/check_boot_jars/check_boot_jars.py
+++ b/core/tasks/check_boot_jars/check_boot_jars.py
@@ -3,7 +3,7 @@
 """
 Check boot jars.
 
-Usage: check_boot_jars.py <package_whitelist_file> <jar1> <jar2> ...
+Usage: check_boot_jars.py <package_allow_list_file> <jar1> <jar2> ...
 """
 import logging
 import os.path
@@ -12,12 +12,12 @@ import subprocess
 import sys
 
 
-# The compiled whitelist RE.
-whitelist_re = None
+# The compiled allow list RE.
+allow_list_re = None
 
 
-def LoadWhitelist(filename):
-  """ Load and compile whitelist regular expressions from filename.
+def LoadAllowList(filename):
+  """ Load and compile allow list regular expressions from filename.
   """
   lines = []
   with open(filename, 'r') as f:
@@ -27,19 +27,19 @@ def LoadWhitelist(filename):
         continue
       lines.append(line)
   combined_re = r'^(%s)$' % '|'.join(lines)
-  global whitelist_re
+  global allow_list_re
   try:
-    whitelist_re = re.compile(combined_re)
+    allow_list_re = re.compile(combined_re)
   except re.error:
     logging.exception(
-        'Cannot compile package whitelist regular expression: %r',
+        'Cannot compile package allow list regular expression: %r',
         combined_re)
-    whitelist_re = None
+    allow_list_re = None
     return False
   return True
 
 
-def CheckJar(whitelist_path, jar):
+def CheckJar(allow_list_path, jar):
   """Check a jar file.
   """
   # Get the list of files inside the jar file.
@@ -53,10 +53,10 @@ def CheckJar(whitelist_path, jar):
     if f.endswith('.class'):
       package_name = os.path.dirname(f)
       package_name = package_name.replace('/', '.')
-      if not package_name or not whitelist_re.match(package_name):
+      if not package_name or not allow_list_re.match(package_name):
         print >> sys.stderr, ('Error: %s contains class file %s, whose package name %s is empty or'
-                              ' not in the whitelist %s of packages allowed on the bootclasspath.'
-                              % (jar, f, package_name, whitelist_path))
+                              ' not in the allow list %s of packages allowed on the bootclasspath.'
+                              % (jar, f, package_name, allow_list_path))
         return False
   return True
 
@@ -65,14 +65,14 @@ def main(argv):
   if len(argv) < 2:
     print __doc__
     return 1
-  whitelist_path = argv[0]
+  allow_list_path = argv[0]
 
-  if not LoadWhitelist(whitelist_path):
+  if not LoadAllowList(allow_list_path):
     return 1
 
   passed = True
   for jar in argv[1:]:
-    if not CheckJar(whitelist_path, jar):
+    if not CheckJar(allow_list_path, jar):
       passed = False
   if not passed:
     return 1
diff --git a/core/tasks/check_boot_jars/package_whitelist.txt b/core/tasks/check_boot_jars/package_allowed_list.txt
similarity index 99%
rename from core/tasks/check_boot_jars/package_whitelist.txt
rename to core/tasks/check_boot_jars/package_allowed_list.txt
index 8adf8770a..18ab427b5 100644
--- a/core/tasks/check_boot_jars/package_whitelist.txt
+++ b/core/tasks/check_boot_jars/package_allowed_list.txt
@@ -1,4 +1,4 @@
-# Boot jar package name whitelist.
+# Boot jar package name allowed list.
 # Each line is interpreted as a regular expression.
 
 ###################################################
diff --git a/core/tasks/vendor_module_check.mk b/core/tasks/vendor_module_check.mk
index 0b8f1e870..b4c5a3bc6 100644
--- a/core/tasks/vendor_module_check.mk
+++ b/core/tasks/vendor_module_check.mk
@@ -15,7 +15,7 @@
 #
 
 # Restrict the vendor module owners here.
-_vendor_owner_whitelist := \
+_vendor_owner_allowed_list := \
         asus \
         audience \
         atmel \
@@ -87,14 +87,14 @@ _vendor_check_copy_files := $(filter-out $(_vendor_exception_path_prefix),\
     $(filter vendor/%, $(PRODUCT_COPY_FILES)))
 ifneq (,$(_vendor_check_copy_files))
 $(foreach c, $(_vendor_check_copy_files), \
-  $(if $(filter $(_vendor_owner_whitelist), $(call word-colon,3,$(c))),,\
+  $(if $(filter $(_vendor_owner_allowed_list), $(call word-colon,3,$(c))),,\
     $(error Error: vendor PRODUCT_COPY_FILES file "$(c)" has unknown owner))\
   $(eval _vendor_module_owner_info += $(call word-colon,2,$(c)):$(call word-colon,3,$(c))))
 endif
 _vendor_check_copy_files :=
 
 $(foreach m, $(_vendor_check_modules), \
-  $(if $(filter $(_vendor_owner_whitelist), $(ALL_MODULES.$(m).OWNER)),,\
+  $(if $(filter $(_vendor_owner_allowed_list), $(ALL_MODULES.$(m).OWNER)),,\
     $(error Error: vendor module "$(m)" in $(ALL_MODULES.$(m).PATH) with unknown owner \
       "$(ALL_MODULES.$(m).OWNER)" in product "$(TARGET_PRODUCT)"))\
   $(if $(ALL_MODULES.$(m).INSTALLED),\
diff --git a/target/product/aosp_arm.mk b/target/product/aosp_arm.mk
index 060771778..0cec14b17 100644
--- a/target/product/aosp_arm.mk
+++ b/target/product/aosp_arm.mk
@@ -33,7 +33,7 @@ ifeq (aosp_arm,$(TARGET_PRODUCT))
 PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS := relaxed
 endif
 
-PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += \
+PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \
 
 #
 # All components inherited here go to system_ext image
diff --git a/target/product/aosp_x86_arm.mk b/target/product/aosp_x86_arm.mk
index 7b9b89cf7..deba3d98d 100644
--- a/target/product/aosp_x86_arm.mk
+++ b/target/product/aosp_x86_arm.mk
@@ -27,7 +27,7 @@ PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS := relaxed
 endif
 
 # TODO (b/138382074): remove following setting after enable product/system_ext
-PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += \
+PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \
     system/product/% \
     system/system_ext/%
 
diff --git a/target/product/emulator_system.mk b/target/product/emulator_system.mk
index 4b6987cd9..b7e7cfa19 100644
--- a/target/product/emulator_system.mk
+++ b/target/product/emulator_system.mk
@@ -16,7 +16,7 @@
 # This file lists emulator experimental modules added to PRODUCT_PACKAGES,
 # only included by targets sdk_phone_x86/64 and sdk_gphone_x86/64
 
-PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST := \
+PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST := \
     system/lib/libemulator_multidisplay_jni.so \
     system/lib64/libemulator_multidisplay_jni.so \
     system/priv-app/MultiDisplayProvider/MultiDisplayProvider.apk \
diff --git a/target/product/generic.mk b/target/product/generic.mk
index a1acaab92..d3f81b1ed 100644
--- a/target/product/generic.mk
+++ b/target/product/generic.mk
@@ -28,5 +28,5 @@ PRODUCT_BRAND := generic
 PRODUCT_DEVICE := generic
 PRODUCT_NAME := generic
 
-whitelist := product_manifest.xml
-$(call enforce-product-packages-exist,$(whitelist))
+allowed_list := product_manifest.xml
+$(call enforce-product-packages-exist,$(allowed_list))
diff --git a/target/product/gsi_release.mk b/target/product/gsi_release.mk
index a6dd4183c..d786177fb 100644
--- a/target/product/gsi_release.mk
+++ b/target/product/gsi_release.mk
@@ -25,7 +25,7 @@
 #
 
 # Exclude all files under system/product and system/system_ext
-PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += \
+PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \
     system/product/% \
     system/system_ext/%
 
diff --git a/target/product/legacy_gsi_release.mk b/target/product/legacy_gsi_release.mk
index f0724814b..c1646bba3 100644
--- a/target/product/legacy_gsi_release.mk
+++ b/target/product/legacy_gsi_release.mk
@@ -16,7 +16,7 @@
 
 include $(SRC_TARGET_DIR)/product/gsi_release.mk
 
-PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += \
+PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \
     system/etc/init/init.legacy-gsi.rc \
     system/etc/init/gsi/init.vndk-27.rc \
     system/etc/ld.config.vndk_lite.txt \
diff --git a/target/product/mainline_system.mk b/target/product/mainline_system.mk
index f8d85bfd3..a787707a0 100644
--- a/target/product/mainline_system.mk
+++ b/target/product/mainline_system.mk
@@ -131,13 +131,13 @@ PRODUCT_SYSTEM_MANUFACTURER := Android
 PRODUCT_SYSTEM_MODEL := mainline
 PRODUCT_SYSTEM_DEVICE := generic
 
-_base_mk_whitelist :=
+_base_mk_allowed_list :=
 
-_my_whitelist := $(_base_mk_whitelist)
+_my_allowed_list := $(_base_mk_allowed_list)
 
 # For mainline, system.img should be mounted at /, so we include ROOT here.
 _my_paths := \
   $(TARGET_COPY_OUT_ROOT)/ \
   $(TARGET_COPY_OUT_SYSTEM)/ \
 
-$(call require-artifacts-in-path, $(_my_paths), $(_my_whitelist))
+$(call require-artifacts-in-path, $(_my_paths), $(_my_allowed_list))