Prevent smuggling modules through neverallow rules
Soong config module types would change the module type that neverallow
sees, which can allow modules to get by the neverallow rules.
Make the neverallow rules operate on the base module type instead of
the soong config module type.
Test: go test
Change-Id: Icf8ef0d5c83f1027efe54ca21bbb6d5292921099
diff --git a/android/module.go b/android/module.go
index 3d643f9..c6c4fd8 100644
--- a/android/module.go
+++ b/android/module.go
@@ -520,6 +520,11 @@
// names of other modules to install on target if this module is installed
Target_required []string `android:"arch_variant"`
+
+ // If this is a soong config module, this property will be set to the name of the original
+ // module type. This is used by neverallow to ensure you can't bypass a ModuleType() matcher
+ // just by creating a soong config module type.
+ Soong_config_base_module_type *string `blueprint:"mutated"`
}
type distProperties struct {
diff --git a/android/neverallow.go b/android/neverallow.go
index eca8eb3..a7bfd2d 100644
--- a/android/neverallow.go
+++ b/android/neverallow.go
@@ -412,7 +412,8 @@
continue
}
- if !n.appliesToModuleType(ctx.ModuleType()) {
+ modType := proptools.StringDefault(m.base().baseProperties.Soong_config_base_module_type, ctx.ModuleType())
+ if !n.appliesToModuleType(modType) {
continue
}
diff --git a/android/neverallow_test.go b/android/neverallow_test.go
index c74d5ff..3ccc883 100644
--- a/android/neverallow_test.go
+++ b/android/neverallow_test.go
@@ -388,6 +388,30 @@
`module type not allowed to be defined in bp file`,
},
},
+ // Test the a neverallowed module type can't be smuggled through a soong config module type
+ {
+ name: `smuggling module types through soong config modules`,
+ fs: map[string][]byte{
+ "a/b/Android.bp": []byte(`
+ soong_config_bool_variable {
+ name: "my_var",
+ }
+ soong_config_module_type {
+ name: "smuggled_prebuilt_usr_srec",
+ module_type: "prebuilt_usr_srec",
+ config_namespace: "ANDROID",
+ variables: ["my_var"],
+ properties: ["enabled"],
+ }
+ smuggled_prebuilt_usr_srec {
+ name: "foo",
+ }
+ `),
+ },
+ expectedErrors: []string{
+ `module type not allowed to be defined in bp file`,
+ },
+ },
}
var prepareForNeverAllowTest = GroupFixturePreparers(
@@ -399,6 +423,7 @@
ctx.RegisterModuleType("filesystem", newMockFilesystemModule)
ctx.RegisterModuleType("prebuilt_usr_srec", newMockPrebuiltUsrSrecModule)
}),
+ PrepareForTestWithSoongConfigModuleBuildComponents,
)
func TestNeverallow(t *testing.T) {
diff --git a/android/soong_config_modules.go b/android/soong_config_modules.go
index e0b1d7c..a61c9d3 100644
--- a/android/soong_config_modules.go
+++ b/android/soong_config_modules.go
@@ -506,6 +506,10 @@
conditionalProps := proptools.CloneEmptyProperties(conditionalFactoryProps)
props = append(props, conditionalProps.Interface())
+ if m, ok := module.(Module); ok {
+ m.base().baseProperties.Soong_config_base_module_type = &moduleType.BaseModuleType
+ }
+
// Regular Soong operation wraps the existing module factory with a
// conditional on Soong config variables by reading the product
// config variables from Make.