commit 09ddb3a73e14823d51d8227ecaf1997fa010bc14
author Liz Kammer <eakammer@google.com> Wed Oct 19 01:29:18 2022 -0400
committer Liz Kammer <eakammer@google.com> Fri Apr 28 18:28:03 2023 +0000
tree b70b9a7c46d71746c73bed6d14d577c19b281d68
parent 1eaab6047450d5022a09f4efa7a6ec919121665e

Restrict plugins to an existing allowlist

Adds a singleton to do validation that can be disabled via a
BUILD_BROKEN_PLUGIN_VALIDATION flag.

Validation process:
For all go modules that are a plugin for soong_build:
* if path is in build/soong, allow
* if path is in vendor, outside of google paths, allow
* if path is in hardware, outside of google paths, allow
* if name is in allowlist of current plugins, allow

We extend the plugin the list for internal modules via
vendor/google/build/soong/internal_plugins.json

Ignore-AOSP-First: Requires an internal only change to not break when submitted
Test: CI
Change-Id: I264a89b3636043330711d6c996c0360b61f51d92

tests/bootstrap_test.sh

diff --git a/tests/bootstrap_test.sh b/tests/bootstrap_test.sh
index fda5ca0..c5a6336 100755
--- a/tests/bootstrap_test.sh
+++ b/tests/bootstrap_test.sh
@@ -207,8 +207,8 @@
 function test_soong_build_rerun_iff_environment_changes() {
   setup
 
-  mkdir -p cherry
-  cat > cherry/Android.bp <<'EOF'
+  mkdir -p build/soong/cherry
+  cat > build/soong/cherry/Android.bp <<'EOF'
 bootstrap_go_package {
   name: "cherry",
   pkgPath: "android/soong/cherry",
@@ -224,7 +224,7 @@
 }
 EOF
 
-  cat > cherry/cherry.go <<'EOF'
+  cat > build/soong/cherry/cherry.go <<'EOF'
 package cherry
 
 import (
@@ -317,8 +317,8 @@
   run_soong
   local -r mtime1=$(stat -c "%y" out/soong/build.ninja)
 
-  mkdir -p a
-  cat > a/Android.bp <<'EOF'
+  mkdir -p vendor/foo/picard
+  cat > vendor/foo/picard/Android.bp <<'EOF'
 bootstrap_go_package {
   name: "picard-soong-rules",
   pkgPath: "android/soong/picard",
@@ -334,7 +334,7 @@
 }
 EOF
 
-  cat > a/picard.go <<'EOF'
+  cat > vendor/foo/picard/picard.go <<'EOF'
 package picard
 
 import (
@@ -390,11 +390,11 @@
 function test_glob_during_bootstrapping() {
   setup
 
-  mkdir -p a
-  cat > a/Android.bp <<'EOF'
+  mkdir -p build/soong/picard
+  cat > build/soong/picard/Android.bp <<'EOF'
 build=["foo*.bp"]
 EOF
-  cat > a/fooa.bp <<'EOF'
+  cat > build/soong/picard/fooa.bp <<'EOF'
 bootstrap_go_package {
   name: "picard-soong-rules",
   pkgPath: "android/soong/picard",
@@ -410,7 +410,7 @@
 }
 EOF
 
-  cat > a/picard.go <<'EOF'
+  cat > build/soong/picard/picard.go <<'EOF'
 package picard
 
 import (
@@ -459,7 +459,7 @@
 
   grep -q "Make it so" out/soong/build.ninja || fail "Original action not present"
 
-  cat > a/foob.bp <<'EOF'
+  cat > build/soong/picard/foob.bp <<'EOF'
 bootstrap_go_package {
   name: "worf-soong-rules",
   pkgPath: "android/soong/worf",
@@ -476,7 +476,7 @@
 }
 EOF
 
-  cat > a/worf.go <<'EOF'
+  cat > build/soong/picard/worf.go <<'EOF'
 package worf
 
 import "android/soong/picard"