Move aidl_camera_build_version to build number allowlist
This allows us to get most of the benefits of genrule sandboxing,
and defer deciding what to do about the build number until later.
Bug: 307824623
Test: m aidl_camera_build_version
Change-Id: Ib3f4dd6d270ac56d068593c95ee40db44962b845
diff --git a/genrule/genrule.go b/genrule/genrule.go
index b8b9968..4043420 100644
--- a/genrule/genrule.go
+++ b/genrule/genrule.go
@@ -243,13 +243,27 @@
}
}
+var buildNumberAllowlistKey = android.NewOnceKey("genruleBuildNumberAllowlistKey")
+
// This allowlist should be kept to the bare minimum, it's
// intended for things that existed before the build number
// was tightly controlled. Prefer using libbuildversion
// via the use_version_lib property of cc modules.
-var genrule_build_number_allowlist = map[string]bool{
- "build/soong/tests:gen": true,
- "tools/tradefederation/core:tradefed_zip": true,
+// This is a function instead of a global map so that
+// soong plugins cannot add entries to the allowlist
+func isModuleInBuildNumberAllowlist(ctx android.ModuleContext) bool {
+ allowlist := ctx.Config().Once(buildNumberAllowlistKey, func() interface{} {
+ return map[string]bool{
+ // go/keep-sorted start
+ "build/soong/tests:gen": true,
+ "hardware/google/camera/common/hal/aidl_service:aidl_camera_build_version": true,
+ "tools/tradefederation/core:tradefed_zip": true,
+ // go/keep-sorted end
+ }
+ }).(map[string]bool)
+
+ _, ok := allowlist[ctx.ModuleDir()+":"+ctx.ModuleName()]
+ return ok
}
// generateCommonBuildActions contains build action generation logic
@@ -547,7 +561,7 @@
cmd.ImplicitTools(tools)
cmd.ImplicitPackagedTools(packagedTools)
if proptools.Bool(g.properties.Uses_order_only_build_number_file) {
- if _, ok := genrule_build_number_allowlist[ctx.ModuleDir()+":"+ctx.ModuleName()]; !ok {
+ if !isModuleInBuildNumberAllowlist(ctx) {
ctx.ModuleErrorf("Only allowlisted modules may use uses_order_only_build_number_file: true")
}
cmd.OrderOnly(ctx.Config().BuildNumberFile(ctx))