Add property for incremental nsjail genrules Normally genrule sandboxes run the build command in a clean state. Setting keep_gendir as true, along with use_nsjail, will keep $(genDir) so the genrule can be incrementally built. Bug: 381459587 Test: build with and without the flag Change-Id: I07bbea965f7b644ee8c8d2ead5b6abdd1f0c9aa6

commit: 7195b065b61af4c82fa4e45fc0d9783d1a01ac53 [log] [tgz]
author: Inseob Kim <inseob@google.com> Fri Nov 29 15:40:49 2024 +0900
committer: Inseob Kim <inseob@google.com> Tue Dec 03 13:55:24 2024 +0900
tree: 51ff29b834d602ffe2d6d1938f7f0816866b7cc2
parent: b385f9eb529c9a308711b43990c12e1ca185d234 [diff] [blame]
diff --git a/android/neverallow.go b/android/neverallow.go
index 7f7ffa7..1213704 100644
--- a/android/neverallow.go
+++ b/android/neverallow.go

@@ -282,7 +282,7 @@
 }
 
 func createLimitDirgroupRule() []Rule {
-	reason := "dirgroup module and dir_srcs property of genrule is allowed only to Trusty build rule."
+	reason := "dirgroup module and dir_srcs / keep_gendir property of genrule is allowed only to Trusty build rule."
 	return []Rule{
 		NeverAllow().
 			ModuleType("dirgroup").
@@ -297,6 +297,13 @@
 			Without("name", "trusty-x86_64.lk.elf.gen").
 			Without("name", "trusty-x86_64-test.lk.elf.gen").
 			WithMatcher("dir_srcs", isSetMatcherInstance).Because(reason),
+		NeverAllow().
+			ModuleType("genrule").
+			Without("name", "trusty-arm64.lk.elf.gen").
+			Without("name", "trusty-arm64-virt-test-debug.lk.elf.gen").
+			Without("name", "trusty-x86_64.lk.elf.gen").
+			Without("name", "trusty-x86_64-test.lk.elf.gen").
+			With("keep_gendir", "true").Because(reason),
 	}
 }
commit	7195b065b61af4c82fa4e45fc0d9783d1a01ac53	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Fri Nov 29 15:40:49 2024 +0900
committer	Inseob Kim <inseob@google.com>	Tue Dec 03 13:55:24 2024 +0900
tree	51ff29b834d602ffe2d6d1938f7f0816866b7cc2
parent	b385f9eb529c9a308711b43990c12e1ca185d234 [diff] [blame]