Revert "Enable genrule sandboxing by default"
Revert submission 2782270-genrule_sandboxing_by_default
Reason for revert: Potential culprit for b/305851039 and many other build breakages - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted changes: /q/submissionid:2782270-genrule_sandboxing_by_default
Change-Id: I3a8eb5d3a6a9e0d51ed7798c99187e9ca236b7bd
diff --git a/Changes.md b/Changes.md
index fc15e60..6c0cf70 100644
--- a/Changes.md
+++ b/Changes.md
@@ -1,14 +1,5 @@
# Build System Changes for Android.mk/Android.bp Writers
-## Soong genrules are now sandboxed
-
-Previously, soong genrules could access any files in the source tree, without specifying them as
-inputs. This makes them incorrect in incremental builds, and incompatible with RBE and Bazel.
-
-Now, genrules are sandboxed so they can only access their listed srcs. Modules denylisted in
-genrule/allowlists.go are exempt from this. You can also set `BUILD_BROKEN_GENRULE_SANDBOXING`
-in board config to disable this behavior.
-
## Partitions are no longer affected by previous builds
Partition builds used to include everything in their staging directories, and building an
diff --git a/core/board_config.mk b/core/board_config.mk
index a0e5d36..eb4c5ec 100644
--- a/core/board_config.mk
+++ b/core/board_config.mk
@@ -188,7 +188,6 @@
BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE \
BUILD_BROKEN_VINTF_PRODUCT_COPY_FILES \
BUILD_BROKEN_INCORRECT_PARTITION_IMAGES \
- BUILD_BROKEN_GENRULE_SANDBOXING \
_build_broken_var_list += \
$(foreach m,$(AVAILABLE_BUILD_MODULE_TYPES) \
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 5bf06dc..e541c12 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -15,10 +15,6 @@
# PRODUCT_AFDO_PROFILES takes precedence over product-agnostic profiles in AFDO_PROFILES
ALL_AFDO_PROFILES := $(PRODUCT_AFDO_PROFILES) $(AFDO_PROFILES)
-ifneq (,$(filter-out environment undefined,$(origin GENRULE_SANDBOXING)))
- $(error GENRULE_SANDBOXING can only be provided via an environment variable, use BUILD_BROKEN_GENRULE_SANDBOXING to disable genrule sandboxing in board config)
-endif
-
ifeq ($(WRITE_SOONG_VARIABLES),true)
# Create soong.variables with copies of makefile settings. Runs every build,
@@ -284,8 +280,7 @@
$(call add_json_bool, BuildBrokenClangProperty, $(filter true,$(BUILD_BROKEN_CLANG_PROPERTY)))
$(call add_json_bool, BuildBrokenClangAsFlags, $(filter true,$(BUILD_BROKEN_CLANG_ASFLAGS)))
$(call add_json_bool, BuildBrokenClangCFlags, $(filter true,$(BUILD_BROKEN_CLANG_CFLAGS)))
-# Use the value of GENRULE_SANDBOXING if set, otherwise use the inverse of BUILD_BROKEN_GENRULE_SANDBOXING
-$(call add_json_bool, GenruleSandboxing, $(if $(GENRULE_SANDBOXING),$(filter true,$(GENRULE_SANDBOXING)),$(if $(filter true,$(BUILD_BROKEN_GENRULE_SANDBOXING)),,true)))
+$(call add_json_bool, GenruleSandboxing, $(filter true,$(GENRULE_SANDBOXING)))
$(call add_json_bool, BuildBrokenEnforceSyspropOwner, $(filter true,$(BUILD_BROKEN_ENFORCE_SYSPROP_OWNER)))
$(call add_json_bool, BuildBrokenTrebleSyspropNeverallow, $(filter true,$(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW)))
$(call add_json_bool, BuildBrokenUsesSoongPython2Modules, $(filter true,$(BUILD_BROKEN_USES_SOONG_PYTHON2_MODULES)))