[Ravenwood] Support "partial allowlisting".
- Now, the policy file supports a new directive "allow-annotation",
which
allows annotations on a per-member bases, which allows to expose a method
with @RavenwoodKeep without allowing more annotations in the same class.
This feature could potentially replace the original "annotation
allowlist txt", but it doesn't do that yet. Specifically, even when a
class has an "allow-annotation", we still won't allow using a class-wide
annotations on it.
For now, using "allow-annotation" with a "field" or a "package" isn't
supported, only because there may not be a good use case anyway.
Mechanically, it's not too hard to support them.
Another issue is the original allowlist actually supports suffix matching
(in addition to prefix matching), which the policy file doesn't support
yet. Suffix matching isn't used yet, but we might use it for classes
like EventLogTags or aflag generated classes.
- Implementation wise, this new "allow-annotation" directive couldn't
be embedded in the current filter chain mechanism. So now we create
another, smaller filter chain just to store "allow-annotation".
- Also made some clean up:
- Fixed run-test-manually.sh
- Removed unused file, hoststubgen-test-policy-override.txt
Flag: EXEMPT host test change only
Bug: 379892071
Test: $ANDROID_BUILD_TOP/frameworks/base/ravenwood/scripts/run-ravenwood-tests.sh -s
Test: Manual test: Add @RavenwoodKeep to random members of BroadcastReceiver
and ensure it won't build.
Change-Id: I23563e7f5b1bd1de1f2b2fe6d0d260095e6a7e9e
28 files changed