Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build_soong / f39f6a4772dd54e2a10aebb3785e90ced1922421^1..f39f6a4772dd54e2a10aebb3785e90ced1922421 / .
commitf39f6a4772dd54e2a10aebb3785e90ced1922421[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Mon May 04 22:11:18 2020 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Mon May 04 22:11:18 2020 +0000
treee63a1346e0172deda063af20c73b0e298b94dac3
parentede50781442d2827e4571cd04a82dbc6f867a9e5 [diff]
parent347ba75679f4a2af4b602a274ad1e6acfe4dade0 [diff]
Merge changes I2e370952,I811cc8e1

* changes:
  Remove TEMPORARY_DISABLE_PATH_RESTRICTIONS
  nsjail: Always remount /tmp before src/out/dist

diff --git a/cmd/path_interposer/main.go b/cmd/path_interposer/main.go
index cd28b96..a4fe3e4 100644
--- a/cmd/path_interposer/main.go
+++ b/cmd/path_interposer/main.go

@@ -53,14 +53,7 @@
 		os.Exit(1)
 	}
 
-	disableError := false
-	if e, ok := os.LookupEnv("TEMPORARY_DISABLE_PATH_RESTRICTIONS"); ok {
-		disableError = e == "1" || e == "y" || e == "yes" || e == "on" || e == "true"
-	}
-
 	exitCode, err := Main(os.Stdout, os.Stderr, interposer, os.Args, mainOpts{
-		disableError: disableError,
-
 		sendLog:       paths.SendLog,
 		config:        paths.GetConfig,
 		lookupParents: lookupParents,
@@ -79,8 +72,6 @@
 socket at <interposer>_log.`)
 
 type mainOpts struct {
-	disableError bool
-
 	sendLog       func(logSocket string, entry *paths.LogEntry, done chan interface{})
 	config        func(name string) paths.PathConfig
 	lookupParents func() []paths.LogProcess
@@ -131,7 +122,7 @@
 			}, waitForLog)
 			defer func() { <-waitForLog }()
 		}
-		if config.Error && !opts.disableError {
+		if config.Error {
 			return 1, fmt.Errorf("%q is not allowed to be used. See https://android.googlesource.com/platform/build/+/master/Changes.md#PATH_Tools for more information.", base)
 		}
 	}

diff --git a/ui/build/path.go b/ui/build/path.go
index c34ba1b..7122927 100644
--- a/ui/build/path.go
+++ b/ui/build/path.go

@@ -177,9 +177,12 @@
 		execs = append(execs, parsePathDir(pathEntry)...)
 	}
 
-	allowAllSymlinks := config.Environment().IsEnvTrue("TEMPORARY_DISABLE_PATH_RESTRICTIONS")
+	if config.Environment().IsEnvTrue("TEMPORARY_DISABLE_PATH_RESTRICTIONS") {
+		ctx.Fatalln("TEMPORARY_DISABLE_PATH_RESTRICTIONS was a temporary migration method, and is now obsolete.")
+	}
+
 	for _, name := range execs {
-		if !paths.GetConfig(name).Symlink && !allowAllSymlinks {
+		if !paths.GetConfig(name).Symlink {
 			continue
 		}
 

diff --git a/ui/build/sandbox_linux.go b/ui/build/sandbox_linux.go
index 98eb028..dab0e75 100644
--- a/ui/build/sandbox_linux.go
+++ b/ui/build/sandbox_linux.go

@@ -181,15 +181,15 @@
 		// For now, just map everything. Make most things readonly.
 		"-R", "/",
 
+		// Mount a writable tmp dir
+		"-B", "/tmp",
+
 		// Mount source are read-write
 		"-B", sandboxConfig.srcDir,
 
 		//Mount out dir as read-write
 		"-B", sandboxConfig.outDir,
 
-		// Mount a writable tmp dir
-		"-B", "/tmp",
-
 		// Disable newcgroup for now, since it may require newer kernels
 		// TODO: try out cgroups
 		"--disable_clone_newcgroup",