commit 95c7f58bb74a15f08a342db6ee84cb3a44e7e554
author Treehugger Robot <treehugger-gerrit@google.com> Wed Feb 13 07:30:58 2019 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Feb 13 07:30:58 2019 +0000
tree 771ba50e3875f2c8865c18a6aed2fff69f601d82
parent 9f814c284f33b7e47851d0af64551e0798578c88
parent 89443aed80e794e7553b92743b8e7f110f75f9fb

Merge "Add an option not to install all VNDK libs"

envsetup.sh

diff --git a/envsetup.sh b/envsetup.sh
index 5d2e550..0953487 100644
--- a/envsetup.sh
+++ b/envsetup.sh
@@ -1765,11 +1765,33 @@
 }
 
 # Execute the contents of any vendorsetup.sh files we can find.
+# Unless we find an allowed-vendorsetup_sh-files file, in which case we'll only
+# load those.
+#
+# This allows loading only approved vendorsetup.sh files
 function source_vendorsetup() {
+    allowed=
+    for f in $(find -L device vendor product -maxdepth 4 -name 'allowed-vendorsetup_sh-files' 2>/dev/null | sort); do
+        if [ -n "$allowed" ]; then
+            echo "More than one 'allowed_vendorsetup_sh-files' file found, not including any vendorsetup.sh files:"
+            echo "  $allowed"
+            echo "  $f"
+            return
+        fi
+        allowed="$f"
+    done
+
+    allowed_files=
+    [ -n "$allowed" ] && allowed_files=$(cat "$allowed")
     for dir in device vendor product; do
         for f in $(test -d $dir && \
             find -L $dir -maxdepth 4 -name 'vendorsetup.sh' 2>/dev/null | sort); do
-            echo "including $f"; . $f
+
+            if [[ -z "$allowed" || "$allowed_files" =~ $f ]]; then
+                echo "including $f"; . "$f"
+            else
+                echo "ignoring $f, not in $allowed"
+            fi
         done
     done
 }