Create Make flags to set source tree as ReadOnly in soong builds
The following two Make vars control RO/RW access to the source tree
1. BUILD_BROKEN_SRC_DIR_IS_WRITABLE
2. BUILD_BROKEN_SRC_DIR_RW_ALLOWLIST
By default, (1) will be truthy.
- this ensures that this CL is a non breaking change across all products
- different products can opt in to set is as "false"
Bug: 174726238
Test: from build/soong dir, ran go test ./ui/build
Change-Id: I4d55ac74f02b2a73194d31506a9010162620b25a
diff --git a/ui/build/sandbox_linux.go b/ui/build/sandbox_linux.go
index dab0e75..b0a6748 100644
--- a/ui/build/sandbox_linux.go
+++ b/ui/build/sandbox_linux.go
@@ -145,6 +145,13 @@
func (c *Cmd) wrapSandbox() {
wd, _ := os.Getwd()
+ var srcDirMountFlag string
+ if c.config.sandboxConfig.SrcDirIsRO() {
+ srcDirMountFlag = "-R"
+ } else {
+ srcDirMountFlag = "-B" //Read-Write
+ }
+
sandboxArgs := []string{
// The executable to run
"-x", c.Path,
@@ -184,8 +191,8 @@
// Mount a writable tmp dir
"-B", "/tmp",
- // Mount source are read-write
- "-B", sandboxConfig.srcDir,
+ // Mount source
+ srcDirMountFlag, sandboxConfig.srcDir,
//Mount out dir as read-write
"-B", sandboxConfig.outDir,
@@ -198,6 +205,18 @@
"-q",
}
+ // Mount srcDir RW allowlists as Read-Write
+ if len(c.config.sandboxConfig.SrcDirRWAllowlist()) > 0 && !c.config.sandboxConfig.SrcDirIsRO() {
+ errMsg := `Product source tree has been set as ReadWrite, RW allowlist not necessary.
+ To recover, either
+ 1. Unset BUILD_BROKEN_SRC_DIR_IS_WRITABLE #or
+ 2. Unset BUILD_BROKEN_SRC_DIR_RW_ALLOWLIST`
+ c.ctx.Fatalln(errMsg)
+ }
+ for _, srcDirChild := range c.config.sandboxConfig.SrcDirRWAllowlist() {
+ sandboxArgs = append(sandboxArgs, "-B", srcDirChild)
+ }
+
if _, err := os.Stat(sandboxConfig.distDir); !os.IsNotExist(err) {
//Mount dist dir as read-write if it already exists
sandboxArgs = append(sandboxArgs, "-B", sandboxConfig.distDir)