commit d4ea5a867ea6824e8ee7c48f84954c292bf4c489
author Alan Stokes <alanstokes@google.com> Thu Nov 10 12:17:42 2022 +0000
committer Alan Stokes <alanstokes@google.com> Fri Nov 11 10:07:54 2022 +0000
tree 32e5bfd6e8f027bc2dc58d4951628d1344d63546
parent 8737672c398be23247ef836712b8240c253ca266

Split out restricted header

Remove the "restricted" functions from vm_payload.h and move them into
vm_payload_restricted.h. Update build rules so that we use
vm_payload_restricted.h in the places we need to.

The restricted APIs will not be made available for priv apps, so they
don't need to be in the headers made available to priv apps.

Add a test to make sure the restricted APIs are in fact restricted.

Bug: 243512108
Test: atest MicrodroidTests ComposTestCase
Change-Id: I0bf0618b1fb572075ba7fb55644300ae1784cada

microdroid/vm_payload/Android.bp

diff --git a/microdroid/vm_payload/Android.bp b/microdroid/vm_payload/Android.bp
index 8d78444..e153f92 100644
--- a/microdroid/vm_payload/Android.bp
+++ b/microdroid/vm_payload/Android.bp
@@ -29,7 +29,7 @@
 
 rust_bindgen {
     name: "libvm_payload_bindgen",
-    wrapper_src: "include/vm_payload.h",
+    wrapper_src: "include-restricted/vm_payload_restricted.h",
     crate_name: "vm_payload_bindgen",
     source_stem: "bindings",
     apex_available: ["com.android.compos"],
@@ -41,5 +41,15 @@
 
 cc_library_headers {
     name: "vm_payload_headers",
+    apex_available: ["com.android.compos"],
     export_include_dirs: ["include"],
 }
+
+cc_library_headers {
+    name: "vm_payload_restricted_headers",
+    header_libs: ["vm_payload_headers"],
+    export_header_lib_headers: ["vm_payload_headers"],
+    export_include_dirs: ["include-restricted"],
+    apex_available: ["com.android.compos"],
+    visibility: ["//packages/modules/Virtualization:__subpackages__"],
+}