Support loading only approved vendorsetup.sh files

Very few vendorsetup.sh files are needed anymore, since add_lunch_combo
has been deprecated. So add a way so that only approved vendorsetup.sh
files can be loaded into the shell, and others will be skipped.

This further limits the amount of code that can run outside the build
sandbox, and makes this list more visible to tree maintainers before
they're used instead of after.

Test: no allowed-vendorsetup_sh-files
Test: empty allowed-vendorsetup_sh-files
Test: one file in allowed-vendorsetup_sh-files
Test: two files in allowed-vendorsetup_sh-files
Test: non-present file in allowed-vendorsetup_sh-files
Change-Id: Ia23d1c9d11a7295d5be5abd10cf56edbdec80483

envsetup.sh

@@ -1765,11 +1765,33 @@ function aidegen()
 }
 
 # Execute the contents of any vendorsetup.sh files we can find.
+# Unless we find an allowed-vendorsetup_sh-files file, in which case we'll only
+# load those.
+#
+# This allows loading only approved vendorsetup.sh files
 function source_vendorsetup() {
+    allowed=
+    for f in $(find -L device vendor product -maxdepth 4 -name 'allowed-vendorsetup_sh-files' 2>/dev/null | sort); do
+        if [ -n "$allowed" ]; then
+            echo "More than one 'allowed_vendorsetup_sh-files' file found, not including any vendorsetup.sh files:"
+            echo "  $allowed"
+            echo "  $f"
+            return
+        fi
+        allowed="$f"
+    done
+
+    allowed_files=
+    [ -n "$allowed" ] && allowed_files=$(cat "$allowed")
     for dir in device vendor product; do
         for f in $(test -d $dir && \
             find -L $dir -maxdepth 4 -name 'vendorsetup.sh' 2>/dev/null | sort); do
-            echo "including $f"; . $f
+
+            if [[ -z "$allowed" || "$allowed_files" =~ $f ]]; then
+                echo "including $f"; . "$f"
+            else
+                echo "ignoring $f, not in $allowed"
+            fi
         done
     done
 }