Add --allow-read-write flag to aconfig
This flag allows the user to specify whether or not to allow flags with READ_WRITE permission to be parsed. By default, the flag is set to true, which means that flags with READ_WRITE permission will be parsed. If the flag is set to false, then it is an error if flags with READ_WRITE permission are provided to the create-cache command.
Bug: 377294922
Test: cargo test
Change-Id: I48583a35e04d392fa7954d69e18884f2a7d46f35
diff --git a/tools/aconfig/aconfig/src/commands.rs b/tools/aconfig/aconfig/src/commands.rs
index 0ad3d97..a9dbce2 100644
--- a/tools/aconfig/aconfig/src/commands.rs
+++ b/tools/aconfig/aconfig/src/commands.rs
@@ -69,6 +69,7 @@
declarations: Vec<Input>,
values: Vec<Input>,
default_permission: ProtoFlagPermission,
+ allow_read_write: bool,
) -> Result<Vec<u8>> {
let mut parsed_flags = ProtoParsedFlags::new();
@@ -195,6 +196,16 @@
}
}
+ if !allow_read_write {
+ if let Some(pf) = parsed_flags
+ .parsed_flag
+ .iter()
+ .find(|pf| pf.permission() == ProtoFlagPermission::READ_WRITE)
+ {
+ bail!("flag {} has permission READ_WRITE, but allow_read_write is false", pf.name());
+ }
+ }
+
// Create a sorted parsed_flags
aconfig_protos::parsed_flags::sort_parsed_flags(&mut parsed_flags);
aconfig_protos::parsed_flags::verify_fields(&parsed_flags)?;
@@ -576,6 +587,7 @@
declaration,
value,
ProtoFlagPermission::READ_ONLY,
+ true,
)
.unwrap();
let parsed_flags =
@@ -609,6 +621,7 @@
declaration,
value,
ProtoFlagPermission::READ_WRITE,
+ true,
)
.unwrap_err();
assert_eq!(
@@ -640,6 +653,7 @@
declaration,
value,
ProtoFlagPermission::READ_WRITE,
+ true,
)
.unwrap_err();
assert_eq!(
@@ -647,6 +661,121 @@
"failed to parse memory: expected container argument.container, got declaration.container"
);
}
+ #[test]
+ fn test_parse_flags_no_allow_read_write_default_error() {
+ let first_flag = r#"
+ package: "com.first"
+ container: "com.first.container"
+ flag {
+ name: "first"
+ namespace: "first_ns"
+ description: "This is the description of the first flag."
+ bug: "123"
+ }
+ "#;
+ let declaration =
+ vec![Input { source: "memory".to_string(), reader: Box::new(first_flag.as_bytes()) }];
+
+ let error = crate::commands::parse_flags(
+ "com.first",
+ Some("com.first.container"),
+ declaration,
+ vec![],
+ ProtoFlagPermission::READ_WRITE,
+ false,
+ )
+ .unwrap_err();
+ assert_eq!(
+ format!("{:?}", error),
+ "flag first has permission READ_WRITE, but allow_read_write is false"
+ );
+ }
+
+ #[test]
+ fn test_parse_flags_no_allow_read_write_value_error() {
+ let first_flag = r#"
+ package: "com.first"
+ container: "com.first.container"
+ flag {
+ name: "first"
+ namespace: "first_ns"
+ description: "This is the description of the first flag."
+ bug: "123"
+ }
+ "#;
+ let declaration =
+ vec![Input { source: "memory".to_string(), reader: Box::new(first_flag.as_bytes()) }];
+
+ let first_flag_value = r#"
+ flag_value {
+ package: "com.first"
+ name: "first"
+ state: DISABLED
+ permission: READ_WRITE
+ }
+ "#;
+ let value = vec![Input {
+ source: "memory".to_string(),
+ reader: Box::new(first_flag_value.as_bytes()),
+ }];
+ let error = crate::commands::parse_flags(
+ "com.first",
+ Some("com.first.container"),
+ declaration,
+ value,
+ ProtoFlagPermission::READ_ONLY,
+ false,
+ )
+ .unwrap_err();
+ assert_eq!(
+ format!("{:?}", error),
+ "flag first has permission READ_WRITE, but allow_read_write is false"
+ );
+ }
+
+ #[test]
+ fn test_parse_flags_no_allow_read_write_success() {
+ let first_flag = r#"
+ package: "com.first"
+ container: "com.first.container"
+ flag {
+ name: "first"
+ namespace: "first_ns"
+ description: "This is the description of the first flag."
+ bug: "123"
+ }
+ "#;
+ let declaration =
+ vec![Input { source: "memory".to_string(), reader: Box::new(first_flag.as_bytes()) }];
+
+ let first_flag_value = r#"
+ flag_value {
+ package: "com.first"
+ name: "first"
+ state: DISABLED
+ permission: READ_ONLY
+ }
+ "#;
+ let value = vec![Input {
+ source: "memory".to_string(),
+ reader: Box::new(first_flag_value.as_bytes()),
+ }];
+ let flags_bytes = crate::commands::parse_flags(
+ "com.first",
+ Some("com.first.container"),
+ declaration,
+ value,
+ ProtoFlagPermission::READ_ONLY,
+ false,
+ )
+ .unwrap();
+ let parsed_flags =
+ aconfig_protos::parsed_flags::try_from_binary_proto(&flags_bytes).unwrap();
+ assert_eq!(1, parsed_flags.parsed_flag.len());
+ let parsed_flag = parsed_flags.parsed_flag.first().unwrap();
+ assert_eq!(ProtoFlagState::DISABLED, parsed_flag.state());
+ assert_eq!(ProtoFlagPermission::READ_ONLY, parsed_flag.permission());
+ }
#[test]
fn test_parse_flags_override_fixed_read_only() {
@@ -682,6 +811,7 @@
declaration,
value,
ProtoFlagPermission::READ_WRITE,
+ true,
)
.unwrap_err();
assert_eq!(
@@ -716,6 +846,7 @@
declaration,
value,
ProtoFlagPermission::READ_ONLY,
+ true,
)
.unwrap();
let parsed_flags =
diff --git a/tools/aconfig/aconfig/src/main.rs b/tools/aconfig/aconfig/src/main.rs
index e184efe..c390288 100644
--- a/tools/aconfig/aconfig/src/main.rs
+++ b/tools/aconfig/aconfig/src/main.rs
@@ -62,6 +62,12 @@
&commands::DEFAULT_FLAG_PERMISSION,
)),
)
+ .arg(
+ Arg::new("allow-read-write")
+ .long("allow-read-write")
+ .value_parser(clap::value_parser!(bool))
+ .default_value("true"),
+ )
.arg(Arg::new("cache").long("cache").required(true)),
)
.subcommand(
@@ -242,12 +248,15 @@
sub_matches,
"default-permission",
)?;
+ let allow_read_write = get_optional_arg::<bool>(sub_matches, "allow-read-write")
+ .expect("failed to parse allow-read-write");
let output = commands::parse_flags(
package,
container,
declarations,
values,
*default_permission,
+ *allow_read_write,
)
.context("failed to create cache")?;
let path = get_required_arg::<String>(sub_matches, "cache")?;
diff --git a/tools/aconfig/aconfig/src/storage/mod.rs b/tools/aconfig/aconfig/src/storage/mod.rs
index c7fd55a..462e7fe 100644
--- a/tools/aconfig/aconfig/src/storage/mod.rs
+++ b/tools/aconfig/aconfig/src/storage/mod.rs
@@ -163,6 +163,7 @@
reader: Box::new(value_content),
}],
crate::commands::DEFAULT_FLAG_PERMISSION,
+ true,
)
.unwrap();
aconfig_protos::parsed_flags::try_from_binary_proto(&bytes).unwrap()
diff --git a/tools/aconfig/aconfig/src/test.rs b/tools/aconfig/aconfig/src/test.rs
index a19b372..10da252 100644
--- a/tools/aconfig/aconfig/src/test.rs
+++ b/tools/aconfig/aconfig/src/test.rs
@@ -266,6 +266,7 @@
reader: Box::new(include_bytes!("../tests/read_only_test.values").as_slice()),
}],
crate::commands::DEFAULT_FLAG_PERMISSION,
+ true,
)
.unwrap();
aconfig_protos::parsed_flags::try_from_binary_proto(&bytes).unwrap()
@@ -290,6 +291,7 @@
},
],
crate::commands::DEFAULT_FLAG_PERMISSION,
+ true,
)
.unwrap();
aconfig_protos::parsed_flags::try_from_binary_proto(&bytes).unwrap()
@@ -308,6 +310,7 @@
reader: Box::new(include_bytes!("../tests/third.values").as_slice()),
}],
crate::commands::DEFAULT_FLAG_PERMISSION,
+ true,
)
.unwrap();
aconfig_protos::parsed_flags::try_from_binary_proto(&bytes).unwrap()