Change permitted_packages check to be per-jar rather than per-apex
(cherry-pick of ag/17524387 into aosp)
Summary:
- updates the Q and R maps, the new keys are the bcp jars and not the
apexes. neverallow build rules ensure that these bcp jars have a
restricted set of permitted_packages
- remove BootclasspathJar from the neverallow rule. This is no longer
necessary since the keys in the maps are the bootjars themselves, and
not apexes
Bug: 205289292
Test: In build/soong, go test ./apex
Change-Id: Icb91de934181a8b6f085e03a0ce8c5e08504ff94
Merged-In: Icb91de934181a8b6f085e03a0ce8c5e08504ff94
(cherry picked from commit 440ff9672846ecbc6d607ae65ea6826c49552756)
diff --git a/apex/apex.go b/apex/apex.go
index e49e42e..2fe17da 100644
--- a/apex/apex.go
+++ b/apex/apex.go
@@ -3278,19 +3278,18 @@
}
func init() {
- android.AddNeverAllowRules(createApexPermittedPackagesRules(qModulesPackages())...)
- android.AddNeverAllowRules(createApexPermittedPackagesRules(rModulesPackages())...)
+ android.AddNeverAllowRules(createBcpPermittedPackagesRules(qBcpPackages())...)
+ android.AddNeverAllowRules(createBcpPermittedPackagesRules(rBcpPackages())...)
}
-func createApexPermittedPackagesRules(modules_packages map[string][]string) []android.Rule {
- rules := make([]android.Rule, 0, len(modules_packages))
- for module_name, module_packages := range modules_packages {
+func createBcpPermittedPackagesRules(bcpPermittedPackages map[string][]string) []android.Rule {
+ rules := make([]android.Rule, 0, len(bcpPermittedPackages))
+ for jar, permittedPackages := range bcpPermittedPackages {
permittedPackagesRule := android.NeverAllow().
- BootclasspathJar().
- With("apex_available", module_name).
- WithMatcher("permitted_packages", android.NotInList(module_packages)).
- Because("jars that are part of the " + module_name +
- " module may only use these package prefixes: " + strings.Join(module_packages, ",") +
+ With("name", jar).
+ WithMatcher("permitted_packages", android.NotInList(permittedPackages)).
+ Because(jar +
+ " bootjar may only use these package prefixes: " + strings.Join(permittedPackages, ",") +
". Please consider the following alternatives:\n" +
" 1. If the offending code is from a statically linked library, consider " +
"removing that dependency and using an alternative already in the " +
@@ -3299,6 +3298,7 @@
" 3. Jarjar the offending code. Please be mindful of the potential system " +
"health implications of bundling that code, particularly if the offending jar " +
"is part of the bootclasspath.")
+
rules = append(rules, permittedPackagesRule)
}
return rules
@@ -3306,13 +3306,13 @@
// DO NOT EDIT! These are the package prefixes that are exempted from being AOT'ed by ART.
// Adding code to the bootclasspath in new packages will cause issues on module update.
-func qModulesPackages() map[string][]string {
+func qBcpPackages() map[string][]string {
return map[string][]string{
- "com.android.conscrypt": []string{
+ "conscrypt": []string{
"android.net.ssl",
"com.android.org.conscrypt",
},
- "com.android.media": []string{
+ "updatable-media": []string{
"android.media",
},
}
@@ -3320,34 +3320,34 @@
// DO NOT EDIT! These are the package prefixes that are exempted from being AOT'ed by ART.
// Adding code to the bootclasspath in new packages will cause issues on module update.
-func rModulesPackages() map[string][]string {
+func rBcpPackages() map[string][]string {
return map[string][]string{
- "com.android.mediaprovider": []string{
+ "framework-mediaprovider": []string{
"android.provider",
},
- "com.android.permission": []string{
+ "framework-permission": []string{
"android.permission",
"android.app.role",
"com.android.permission",
"com.android.role",
},
- "com.android.sdkext": []string{
+ "framework-sdkextensions": []string{
"android.os.ext",
},
- "com.android.os.statsd": []string{
+ "framework-statsd": []string{
"android.app",
"android.os",
"android.util",
"com.android.internal.statsd",
"com.android.server.stats",
},
- "com.android.wifi": []string{
+ "framework-wifi": []string{
"com.android.server.wifi",
"com.android.wifi.x",
"android.hardware.wifi",
"android.net.wifi",
},
- "com.android.tethering": []string{
+ "framework-tethering": []string{
"android.net",
},
}