diff options
| author | 2024-11-01 21:21:25 +0000 | |
|---|---|---|
| committer | 2024-11-01 22:28:27 +0000 | |
| commit | 2a7bf750e7fed942ecdb7f0b80b8fb226f584d61 (patch) | |
| tree | 3923ad45435f22e62b063f0dfa3511cbaa52d372 | |
| parent | 0da5ae93286f56ac444306f9d4b101f9955763b8 (diff) | |
Add a neverallow rule for prebuilt_* module types
This change adds a neverallow rule to the following module types:
- prebuilt_usr_srec
- prebuilt_priv_app
- prebuilt_rfs
- prebuilt_framework
- prebuilt_res
- prebuilt_wlc_upt
- prebuilt_odm
that these modules cannot be defined in bp files, but can only be auto
generated by other modules.
Test: m nothing --no-skip-soong-tests
Bug: 375053752
Change-Id: Ie1b73966d8ada3863c29f9aca710aa8c735286dd
| -rw-r--r-- | android/base_module_context.go | 8 | ||||
| -rw-r--r-- | android/neverallow.go | 40 | ||||
| -rw-r--r-- | android/neverallow_test.go | 28 |
3 files changed, 76 insertions, 0 deletions
diff --git a/android/base_module_context.go b/android/base_module_context.go index e24ce9d2b..223b5341d 100644 --- a/android/base_module_context.go +++ b/android/base_module_context.go @@ -87,6 +87,10 @@ type BaseModuleContext interface { // This method shouldn't be used directly, prefer the type-safe android.OtherModuleProvider instead. otherModuleProvider(m blueprint.Module, provider blueprint.AnyProviderKey) (any, bool) + // OtherModuleIsAutoGenerated returns true if the module is auto generated by another module + // instead of being defined in Android.bp file. + OtherModuleIsAutoGenerated(m blueprint.Module) bool + // Provider returns the value for a provider for the current module. If the value is // not set it returns nil and false. It panics if called before the appropriate // mutator or GenerateBuildActions pass for the provider. The value returned may be a deep @@ -275,6 +279,10 @@ func (b *baseModuleContext) otherModuleProvider(m blueprint.Module, provider blu return b.bp.OtherModuleProvider(m, provider) } +func (b *baseModuleContext) OtherModuleIsAutoGenerated(m blueprint.Module) bool { + return b.bp.OtherModuleIsAutoGenerated(m) +} + func (b *baseModuleContext) provider(provider blueprint.AnyProviderKey) (any, bool) { return b.bp.Provider(provider) } diff --git a/android/neverallow.go b/android/neverallow.go index 44ac2cd6c..7fb22bf13 100644 --- a/android/neverallow.go +++ b/android/neverallow.go @@ -63,6 +63,7 @@ func init() { AddNeverAllowRules(createLimitDirgroupRule()...) AddNeverAllowRules(createFilesystemIsAutoGeneratedRule()) AddNeverAllowRules(createKotlinPluginRule()...) + AddNeverAllowRules(createPrebuiltEtcBpDefineRule()) } // Add a NeverAllow rule to the set of rules to apply. @@ -321,6 +322,23 @@ func createKotlinPluginRule() []Rule { } } +// These module types are introduced to convert PRODUCT_COPY_FILES to Soong, +// and is only intended to be used by filesystem_creator. +func createPrebuiltEtcBpDefineRule() Rule { + return NeverAllow(). + ModuleType( + "prebuilt_usr_srec", + "prebuilt_priv_app", + "prebuilt_rfs", + "prebuilt_framework", + "prebuilt_res", + "prebuilt_wlc_upt", + "prebuilt_odm", + ). + DefinedInBpFile(). + Because("module type not allowed to be defined in bp file") +} + func neverallowMutator(ctx BottomUpMutatorContext) { m, ok := ctx.Module().(Module) if !ok { @@ -354,6 +372,10 @@ func neverallowMutator(ctx BottomUpMutatorContext) { continue } + if !n.appliesToBpDefinedModule(ctx) { + continue + } + ctx.ModuleErrorf("violates " + n.String()) } } @@ -477,6 +499,8 @@ type Rule interface { WithoutMatcher(properties string, matcher ValueMatcher) Rule + DefinedInBpFile() Rule + Because(reason string) Rule } @@ -498,6 +522,8 @@ type rule struct { unlessProps ruleProperties onlyBootclasspathJar bool + + definedInBp bool } // Create a new NeverAllow rule. @@ -571,6 +597,13 @@ func (r *rule) WithoutMatcher(properties string, matcher ValueMatcher) Rule { return r } +// DefinedInBpFile specifies that this rule applies to modules that are defined +// in bp files, and does not apply to modules that are auto generated by other modules. +func (r *rule) DefinedInBpFile() Rule { + r.definedInBp = true + return r +} + func selectMatcher(expected string) ValueMatcher { if expected == "*" { return anyMatcherInstance @@ -665,6 +698,13 @@ func (r *rule) appliesToProperties(ctx BottomUpMutatorContext, properties []inte return includeProps && !excludeProps } +func (r *rule) appliesToBpDefinedModule(ctx BottomUpMutatorContext) bool { + if !r.definedInBp { + return true + } + return !ctx.OtherModuleIsAutoGenerated(ctx.Module()) == r.definedInBp +} + func StartsWith(prefix string) ValueMatcher { return &startsWithMatcher{prefix} } diff --git a/android/neverallow_test.go b/android/neverallow_test.go index caec8c7d9..c74d5ff58 100644 --- a/android/neverallow_test.go +++ b/android/neverallow_test.go @@ -374,6 +374,20 @@ var neverallowTests = []struct { `is_auto_generated property is only allowed for filesystem modules in build/soong/fsgen directory`, }, }, + // Test for the rule restricting use of prebuilt_* module + { + name: `"prebuilt_usr_srec" defined in Android.bp file`, + fs: map[string][]byte{ + "a/b/Android.bp": []byte(` + prebuilt_usr_srec { + name: "foo", + } + `), + }, + expectedErrors: []string{ + `module type not allowed to be defined in bp file`, + }, + }, } var prepareForNeverAllowTest = GroupFixturePreparers( @@ -383,6 +397,7 @@ var prepareForNeverAllowTest = GroupFixturePreparers( ctx.RegisterModuleType("java_library_host", newMockJavaLibraryModule) ctx.RegisterModuleType("java_device_for_host", newMockJavaLibraryModule) ctx.RegisterModuleType("filesystem", newMockFilesystemModule) + ctx.RegisterModuleType("prebuilt_usr_srec", newMockPrebuiltUsrSrecModule) }), ) @@ -482,3 +497,16 @@ func newMockJavaLibraryModule() Module { func (p *mockJavaLibraryModule) GenerateAndroidBuildActions(ModuleContext) { } + +type mockPrebuiltUsrSrecModule struct { + ModuleBase +} + +func (p *mockPrebuiltUsrSrecModule) GenerateAndroidBuildActions(ModuleContext) { +} + +func newMockPrebuiltUsrSrecModule() Module { + m := &mockPrebuiltUsrSrecModule{} + InitAndroidModule(m) + return m +} |