Add sdk mutator for native modules
Compiling native modules against the NDK disables platform features
like ASAN. For anything shipped on the system image there is no
reason to compile against the NDK. Add a new mutator to Soong that
creates a platform and an SDK variant for modules that set
sdk_version, and ignore sdk_version for the platform variant. The
SDK variant will be used for embedding in APKs that may be installed
on older platforms. Apexes use their own variants that enforce
backwards compatibility.
Test: sdk_test.go
Test: TestJNIPackaging
Bug: 149591340
Change-Id: I7d72934aaee2e1326cc0ba5f29f51f14feec4521
Merged-In: I7d72934aaee2e1326cc0ba5f29f51f14feec4521
(cherry picked from commit 82e192c3aeae55337e335101ba83126decd4ddac)
diff --git a/android/neverallow.go b/android/neverallow.go
index 4d3a16f..cf09792 100644
--- a/android/neverallow.go
+++ b/android/neverallow.go
@@ -54,6 +54,7 @@
AddNeverAllowRules(createLibcoreRules()...)
AddNeverAllowRules(createMediaRules()...)
AddNeverAllowRules(createJavaDeviceForHostRules()...)
+ AddNeverAllowRules(createCcSdkVariantRules()...)
}
// Add a NeverAllow rule to the set of rules to apply.
@@ -177,6 +178,37 @@
}
}
+func createCcSdkVariantRules() []Rule {
+ sdkVersionOnlyWhitelist := []string{
+ // derive_sdk_prefer32 has stem: "derive_sdk" which conflicts with the derive_sdk.
+ // This sometimes works because the APEX modules that contain derive_sdk and
+ // derive_sdk_prefer32 suppress the platform installation rules, but fails when
+ // the APEX modules contain the SDK variant and the platform variant still exists.
+ "frameworks/base/apex/sdkextensions/derive_sdk",
+ }
+
+ platformVariantPropertiesWhitelist := []string{
+ // android_native_app_glue and libRSSupport use native_window.h but target old
+ // sdk versions (minimum and 9 respectively) where libnativewindow didn't exist,
+ // so they can't add libnativewindow to shared_libs to get the header directory
+ // for the platform variant. Allow them to use the platform variant
+ // property to set shared_libs.
+ "prebuilts/ndk",
+ "frameworks/rs",
+ }
+
+ return []Rule{
+ NeverAllow().
+ NotIn(sdkVersionOnlyWhitelist...).
+ WithMatcher("sdk_variant_only", isSetMatcherInstance).
+ Because("sdk_variant_only can only be used in whitelisted projects"),
+ NeverAllow().
+ NotIn(platformVariantPropertiesWhitelist...).
+ WithMatcher("platform.shared_libs", isSetMatcherInstance).
+ Because("platform variant properties can only be used in whitelisted projects"),
+ }
+}
+
func neverallowMutator(ctx BottomUpMutatorContext) {
m, ok := ctx.Module().(Module)
if !ok {
@@ -268,6 +300,18 @@
return ".regexp(" + m.re.String() + ")"
}
+type isSetMatcher struct{}
+
+func (m *isSetMatcher) Test(value string) bool {
+ return value != ""
+}
+
+func (m *isSetMatcher) String() string {
+ return ".is-set"
+}
+
+var isSetMatcherInstance = &isSetMatcher{}
+
type ruleProperty struct {
fields []string // e.x.: Vndk.Enabled
matcher ValueMatcher