commit 47afbddc1776954fb42f110e45afc9c5be24af09
author Orlando Arbildo <oarbildo@google.com> Wed Jan 08 00:27:37 2025 +0000
committer Orlando Arbildo <oarbildo@google.com> Thu Jan 09 21:29:56 2025 +0000
tree 3b1f0c0b61fc0941af4781e57d240467a9f38143
parent 3c6b81ef50dbddcd8a38b81621b891c79e527fd1

neverallow: Adding support for extra Trusty VM build

Modifying neverallow rules to allow an additional Trusty
Vm type to be built.

Bug: 371777025
Test: aosp build/trusty VM test
Change-Id: Iea9778de56a2c7972247a4c08ab70d250160078d

android/neverallow.go

diff --git a/android/neverallow.go b/android/neverallow.go
index d211784..5ecc5e5 100644
--- a/android/neverallow.go
+++ b/android/neverallow.go
@@ -291,16 +291,20 @@
 	return []Rule{
 		NeverAllow().
 			ModuleType("dirgroup").
-			WithMatcher("visibility", NotInList([]string{"//trusty/vendor/google/aosp/scripts"})).Because(reason),
+			WithMatcher("visibility", NotInList([]string{"//trusty/vendor/google/aosp/scripts", "//trusty/vendor/google/proprietary/scripts"})).Because(reason),
 		NeverAllow().
 			ModuleType("dirgroup").
-			Without("visibility", "//trusty/vendor/google/aosp/scripts").Because(reason),
+			WithoutMatcher("visibility", InAllowedList([]string{"//trusty/vendor/google/aosp/scripts", "//trusty/vendor/google/proprietary/scripts"})).Because(reason),
 		NeverAllow().
 			ModuleType("genrule").
 			Without("name", "trusty-arm64.lk.elf.gen").
 			Without("name", "trusty-arm64-virt-test-debug.lk.elf.gen").
 			Without("name", "trusty-x86_64.lk.elf.gen").
 			Without("name", "trusty-x86_64-test.lk.elf.gen").
+			Without("name", "trusty-arm64.wv.lk.elf.gen").
+			Without("name", "trusty-arm64-virt-test-debug.wv.lk.elf.gen").
+			Without("name", "trusty-x86_64.wv.lk.elf.gen").
+			Without("name", "trusty-x86_64-test.wv.lk.elf.gen").
 			WithMatcher("dir_srcs", isSetMatcherInstance).Because(reason),
 		NeverAllow().
 			ModuleType("genrule").
@@ -308,6 +312,10 @@
 			Without("name", "trusty-arm64-virt-test-debug.lk.elf.gen").
 			Without("name", "trusty-x86_64.lk.elf.gen").
 			Without("name", "trusty-x86_64-test.lk.elf.gen").
+			Without("name", "trusty-arm64.wv.lk.elf.gen").
+			Without("name", "trusty-arm64-virt-test-debug.wv.lk.elf.gen").
+			Without("name", "trusty-x86_64.wv.lk.elf.gen").
+			Without("name", "trusty-x86_64-test.wv.lk.elf.gen").
 			With("keep_gendir", "true").Because(reason),
 	}
 }
@@ -474,6 +482,18 @@
 	return ".not-in-list(" + strings.Join(m.allowed, ",") + ")"
 }
 
+type InListMatcher struct {
+	allowed []string
+}
+
+func (m *InListMatcher) Test(value string) bool {
+	return InList(value, m.allowed)
+}
+
+func (m *InListMatcher) String() string {
+	return ".in-list(" + strings.Join(m.allowed, ",") + ")"
+}
+
 type isSetMatcher struct{}
 
 func (m *isSetMatcher) Test(value string) bool {
@@ -752,6 +772,10 @@
 	return &notInListMatcher{allowed}
 }
 
+func InAllowedList(allowed []string) ValueMatcher {
+	return &InListMatcher{allowed}
+}
+
 // assorted utils
 
 func cleanPaths(paths []string) []string {