Merge changes Icb91de93,I5a2edaf4 am: 2430a04b2e am: 7638a61b2b
Original change: https://android-review.googlesource.com/c/platform/build/soong/+/2054866
Change-Id: Icce58ef19cbb2960ec5769840a39ed5e937e831e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/android/neverallow.go b/android/neverallow.go
index 7512da7..f87cebb 100644
--- a/android/neverallow.go
+++ b/android/neverallow.go
@@ -261,10 +261,6 @@
continue
}
- if !n.appliesToBootclasspathJar(ctx) {
- continue
- }
-
ctx.ModuleErrorf("violates " + n.String())
}
}
@@ -380,8 +376,6 @@
NotModuleType(types ...string) Rule
- BootclasspathJar() Rule
-
With(properties, value string) Rule
WithMatcher(properties string, matcher ValueMatcher) Rule
@@ -497,12 +491,6 @@
return r
}
-// BootclasspathJar whether this rule only applies to Jars in the Bootclasspath
-func (r *rule) BootclasspathJar() Rule {
- r.onlyBootclasspathJar = true
- return r
-}
-
func (r *rule) String() string {
s := []string{"neverallow requirements. Not allowed:"}
if len(r.paths) > 0 {
@@ -520,9 +508,6 @@
if len(r.osClasses) > 0 {
s = append(s, fmt.Sprintf("os class(es): %q", r.osClasses))
}
- if r.onlyBootclasspathJar {
- s = append(s, "in bootclasspath jar")
- }
if len(r.unlessPaths) > 0 {
s = append(s, fmt.Sprintf("EXCEPT in dirs: %q", r.unlessPaths))
}
@@ -563,14 +548,6 @@
return matches
}
-func (r *rule) appliesToBootclasspathJar(ctx BottomUpMutatorContext) bool {
- if !r.onlyBootclasspathJar {
- return true
- }
-
- return InList(ctx.ModuleName(), ctx.Config().BootJars())
-}
-
func (r *rule) appliesToOsClass(osClass OsClass) bool {
if len(r.osClasses) == 0 {
return true
diff --git a/apex/apex.go b/apex/apex.go
index e49e42e..2fe17da 100644
--- a/apex/apex.go
+++ b/apex/apex.go
@@ -3278,19 +3278,18 @@
}
func init() {
- android.AddNeverAllowRules(createApexPermittedPackagesRules(qModulesPackages())...)
- android.AddNeverAllowRules(createApexPermittedPackagesRules(rModulesPackages())...)
+ android.AddNeverAllowRules(createBcpPermittedPackagesRules(qBcpPackages())...)
+ android.AddNeverAllowRules(createBcpPermittedPackagesRules(rBcpPackages())...)
}
-func createApexPermittedPackagesRules(modules_packages map[string][]string) []android.Rule {
- rules := make([]android.Rule, 0, len(modules_packages))
- for module_name, module_packages := range modules_packages {
+func createBcpPermittedPackagesRules(bcpPermittedPackages map[string][]string) []android.Rule {
+ rules := make([]android.Rule, 0, len(bcpPermittedPackages))
+ for jar, permittedPackages := range bcpPermittedPackages {
permittedPackagesRule := android.NeverAllow().
- BootclasspathJar().
- With("apex_available", module_name).
- WithMatcher("permitted_packages", android.NotInList(module_packages)).
- Because("jars that are part of the " + module_name +
- " module may only use these package prefixes: " + strings.Join(module_packages, ",") +
+ With("name", jar).
+ WithMatcher("permitted_packages", android.NotInList(permittedPackages)).
+ Because(jar +
+ " bootjar may only use these package prefixes: " + strings.Join(permittedPackages, ",") +
". Please consider the following alternatives:\n" +
" 1. If the offending code is from a statically linked library, consider " +
"removing that dependency and using an alternative already in the " +
@@ -3299,6 +3298,7 @@
" 3. Jarjar the offending code. Please be mindful of the potential system " +
"health implications of bundling that code, particularly if the offending jar " +
"is part of the bootclasspath.")
+
rules = append(rules, permittedPackagesRule)
}
return rules
@@ -3306,13 +3306,13 @@
// DO NOT EDIT! These are the package prefixes that are exempted from being AOT'ed by ART.
// Adding code to the bootclasspath in new packages will cause issues on module update.
-func qModulesPackages() map[string][]string {
+func qBcpPackages() map[string][]string {
return map[string][]string{
- "com.android.conscrypt": []string{
+ "conscrypt": []string{
"android.net.ssl",
"com.android.org.conscrypt",
},
- "com.android.media": []string{
+ "updatable-media": []string{
"android.media",
},
}
@@ -3320,34 +3320,34 @@
// DO NOT EDIT! These are the package prefixes that are exempted from being AOT'ed by ART.
// Adding code to the bootclasspath in new packages will cause issues on module update.
-func rModulesPackages() map[string][]string {
+func rBcpPackages() map[string][]string {
return map[string][]string{
- "com.android.mediaprovider": []string{
+ "framework-mediaprovider": []string{
"android.provider",
},
- "com.android.permission": []string{
+ "framework-permission": []string{
"android.permission",
"android.app.role",
"com.android.permission",
"com.android.role",
},
- "com.android.sdkext": []string{
+ "framework-sdkextensions": []string{
"android.os.ext",
},
- "com.android.os.statsd": []string{
+ "framework-statsd": []string{
"android.app",
"android.os",
"android.util",
"com.android.internal.statsd",
"com.android.server.stats",
},
- "com.android.wifi": []string{
+ "framework-wifi": []string{
"com.android.server.wifi",
"com.android.wifi.x",
"android.hardware.wifi",
"android.net.wifi",
},
- "com.android.tethering": []string{
+ "framework-tethering": []string{
"android.net",
},
}
diff --git a/apex/apex_test.go b/apex/apex_test.go
index 99bed94..5706a2c 100644
--- a/apex/apex_test.go
+++ b/apex/apex_test.go
@@ -7580,7 +7580,7 @@
})
}
-func testApexPermittedPackagesRules(t *testing.T, errmsg, bp string, bootJars []string, rules []android.Rule) {
+func testBootJarPermittedPackagesRules(t *testing.T, errmsg, bp string, bootJars []string, rules []android.Rule) {
t.Helper()
bp += `
apex_key {
@@ -7619,11 +7619,11 @@
func TestApexPermittedPackagesRules(t *testing.T) {
testcases := []struct {
- name string
- expectedError string
- bp string
- bootJars []string
- modulesPackages map[string][]string
+ name string
+ expectedError string
+ bp string
+ bootJars []string
+ bcpPermittedPackages map[string][]string
}{
{
@@ -7653,15 +7653,15 @@
updatable: false,
}`,
bootJars: []string{"bcp_lib1"},
- modulesPackages: map[string][]string{
- "myapex": []string{
+ bcpPermittedPackages: map[string][]string{
+ "bcp_lib1": []string{
"foo.bar",
},
},
},
{
name: "Bootclasspath apex jar not satisfying allowed module packages.",
- expectedError: `(?s)module "bcp_lib2" .* which is restricted because jars that are part of the myapex module may only use these package prefixes: foo.bar. Please consider the following alternatives:\n 1. If the offending code is from a statically linked library, consider removing that dependency and using an alternative already in the bootclasspath, or perhaps a shared library. 2. Move the offending code into an allowed package.\n 3. Jarjar the offending code. Please be mindful of the potential system health implications of bundling that code, particularly if the offending jar is part of the bootclasspath.`,
+ expectedError: `(?s)module "bcp_lib2" .* which is restricted because bcp_lib2 bootjar may only use these package prefixes: foo.bar. Please consider the following alternatives:\n 1. If the offending code is from a statically linked library, consider removing that dependency and using an alternative already in the bootclasspath, or perhaps a shared library. 2. Move the offending code into an allowed package.\n 3. Jarjar the offending code. Please be mindful of the potential system health implications of bundling that code, particularly if the offending jar is part of the bootclasspath.`,
bp: `
java_library {
name: "bcp_lib1",
@@ -7687,17 +7687,58 @@
}
`,
bootJars: []string{"bcp_lib1", "bcp_lib2"},
- modulesPackages: map[string][]string{
- "myapex": []string{
+ bcpPermittedPackages: map[string][]string{
+ "bcp_lib1": []string{
"foo.bar",
},
+ "bcp_lib2": []string{
+ "foo.bar",
+ },
+ },
+ },
+ {
+ name: "Updateable Bootclasspath apex jar not satisfying allowed module packages.",
+ expectedError: "",
+ bp: `
+ java_library {
+ name: "bcp_lib_restricted",
+ srcs: ["lib1/src/*.java"],
+ apex_available: ["myapex"],
+ permitted_packages: ["foo.bar"],
+ sdk_version: "none",
+ min_sdk_version: "29",
+ system_modules: "none",
+ }
+ java_library {
+ name: "bcp_lib_unrestricted",
+ srcs: ["lib2/src/*.java"],
+ apex_available: ["myapex"],
+ permitted_packages: ["foo.bar", "bar.baz"],
+ sdk_version: "none",
+ min_sdk_version: "29",
+ system_modules: "none",
+ }
+ apex {
+ name: "myapex",
+ key: "myapex.key",
+ java_libs: ["bcp_lib_restricted", "bcp_lib_unrestricted"],
+ updatable: true,
+ min_sdk_version: "29",
+ }
+ `,
+ bootJars: []string{"bcp_lib1", "bcp_lib2"},
+ bcpPermittedPackages: map[string][]string{
+ "bcp_lib1_non_updateable": []string{
+ "foo.bar",
+ },
+ // bcp_lib2_updateable has no entry here since updateable bcp can contain new packages - tracking via an allowlist is not necessary
},
},
}
for _, tc := range testcases {
t.Run(tc.name, func(t *testing.T) {
- rules := createApexPermittedPackagesRules(tc.modulesPackages)
- testApexPermittedPackagesRules(t, tc.expectedError, tc.bp, tc.bootJars, rules)
+ rules := createBcpPermittedPackagesRules(tc.bcpPermittedPackages)
+ testBootJarPermittedPackagesRules(t, tc.expectedError, tc.bp, tc.bootJars, rules)
})
}
}