Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build_soong / 0975ee0de3d2befefa613754b4dd684a1a9b8c0e^! / . / java
commit0975ee0de3d2befefa613754b4dd684a1a9b8c0e[log] [tgz]
authorVladimir Marko <vmarko@google.com>Tue Apr 02 10:29:55 2019 +0100
committerVladimir Marko <vmarko@google.com>Mon Apr 08 14:02:14 2019 +0100
treef38501b80a61397d1361f933e404c45b4834c805
parent04b99cbf6d30edf6aced3870801ab9cd50cbc397 [diff]
Check package restrictions for Java libs.

Test: m checkbuild; inspect verbose log.
Test: Manual - compile with unmet restrictions.
Bug: 122937705
Change-Id: I9360ae8b6d9ce016b7827be5e8ffc6eb521809b7

diff --git a/java/androidmk.go b/java/androidmk.go
index 865c120..d2e0f2e 100644
--- a/java/androidmk.go
+++ b/java/androidmk.go

@@ -79,6 +79,10 @@
 					fmt.Fprintln(w, "LOCAL_EXPORT_SDK_LIBRARIES :=", strings.Join(library.exportedSdkLibs, " "))
 				}
 
+				if len(library.additionalCheckedModules) != 0 {
+					fmt.Fprintln(w, "LOCAL_ADDITIONAL_CHECKED_MODULE +=", strings.Join(library.additionalCheckedModules.Strings(), " "))
+				}
+
 				// Temporary hack: export sources used to compile framework.jar to Make
 				// to be used for droiddoc
 				// TODO(ccross): remove this once droiddoc is in soong

diff --git a/java/builder.go b/java/builder.go
index ce9a5ee..338cd52 100644
--- a/java/builder.go
+++ b/java/builder.go

@@ -113,6 +113,15 @@
 		},
 		"rulesFile")
 
+	packageCheck = pctx.AndroidStaticRule("packageCheck",
+		blueprint.RuleParams{
+			Command: "rm -f $out && " +
+				"${config.PackageCheckCmd} $in $packages && " +
+				"touch $out",
+			CommandDeps: []string{"${config.PackageCheckCmd}"},
+		},
+		"packages")
+
 	jetifier = pctx.AndroidStaticRule("jetifier",
 		blueprint.RuleParams{
 			Command:     "${config.JavaCmd} -jar ${config.JetifierJar} -l error -o $out -i $in",
@@ -356,6 +365,19 @@
 	})
 }
 
+func CheckJarPackages(ctx android.ModuleContext, outputFile android.WritablePath,
+	classesJar android.Path, permittedPackages []string) {
+	ctx.Build(pctx, android.BuildParams{
+		Rule:        packageCheck,
+		Description: "packageCheck",
+		Output:      outputFile,
+		Input:       classesJar,
+		Args: map[string]string{
+			"packages": strings.Join(permittedPackages, " "),
+		},
+	})
+}
+
 func TransformJetifier(ctx android.ModuleContext, outputFile android.WritablePath,
 	inputFile android.Path) {
 	ctx.Build(pctx, android.BuildParams{

diff --git a/java/config/config.go b/java/config/config.go
index 3452a1d..46cd361 100644
--- a/java/config/config.go
+++ b/java/config/config.go

@@ -91,6 +91,7 @@
 	pctx.SourcePathVariable("GenKotlinBuildFileCmd", "build/soong/scripts/gen-kotlin-build-file.sh")
 
 	pctx.SourcePathVariable("JarArgsCmd", "build/soong/scripts/jar-args.sh")
+	pctx.SourcePathVariable("PackageCheckCmd", "build/soong/scripts/package-check.sh")
 	pctx.HostBinToolVariable("ExtractJarPackagesCmd", "extract_jar_packages")
 	pctx.HostBinToolVariable("SoongZipCmd", "soong_zip")
 	pctx.HostBinToolVariable("MergeZipsCmd", "merge_zips")

diff --git a/java/java.go b/java/java.go
index 0417dee..bf62578 100644
--- a/java/java.go
+++ b/java/java.go

@@ -117,6 +117,10 @@
 	// If set to true, include sources used to compile the module in to the final jar
 	Include_srcs *bool
 
+	// If not empty, classes are restricted to the specified packages and their sub-packages.
+	// This restriction is checked after applying jarjar rules and including static libs.
+	Permitted_packages []string
+
 	// List of modules to use as annotation processors
 	Plugins []string
 
@@ -320,6 +324,9 @@
 	// expanded Jarjar_rules
 	expandJarjarRules android.Path
 
+	// list of additional targets for checkbuild
+	additionalCheckedModules android.Paths
+
 	hiddenAPI
 	dexpreopter
 }
@@ -1196,6 +1203,19 @@
 			return
 		}
 	}
+
+	// Check package restrictions if necessary.
+	if len(j.properties.Permitted_packages) > 0 {
+		// Check packages and copy to package-checked file.
+		pkgckFile := android.PathForModuleOut(ctx, "package-check.stamp")
+		CheckJarPackages(ctx, pkgckFile, outputFile, j.properties.Permitted_packages)
+		j.additionalCheckedModules = append(j.additionalCheckedModules, pkgckFile)
+
+		if ctx.Failed() {
+			return
+		}
+	}
+
 	j.implementationJarFile = outputFile
 	if j.headerJarFile == nil {
 		j.headerJarFile = j.implementationJarFile