diff options
| author | 2025-03-10 15:52:36 -0700 | |
|---|---|---|
| committer | 2025-03-10 16:16:33 -0700 | |
| commit | 55c03f03869351d6316bb41ecd1140e42df2dbec (patch) | |
| tree | 2782a39e1efc0dce506470100f6360766a67e92b | |
| parent | d98a99722186fbd0500c0dae8e7fe49364987fc6 (diff) | |
Prevent smuggling modules through neverallow rules
Soong config module types would change the module type that neverallow
sees, which can allow modules to get by the neverallow rules.
Make the neverallow rules operate on the base module type instead of
the soong config module type.
Test: go test
Change-Id: Icf8ef0d5c83f1027efe54ca21bbb6d5292921099
| -rw-r--r-- | android/module.go | 5 | ||||
| -rw-r--r-- | android/neverallow.go | 3 | ||||
| -rw-r--r-- | android/neverallow_test.go | 25 | ||||
| -rw-r--r-- | android/soong_config_modules.go | 4 |
4 files changed, 36 insertions, 1 deletions
diff --git a/android/module.go b/android/module.go index 3d643f915..c6c4fd838 100644 --- a/android/module.go +++ b/android/module.go @@ -520,6 +520,11 @@ type baseProperties struct { // names of other modules to install on target if this module is installed Target_required []string `android:"arch_variant"` + + // If this is a soong config module, this property will be set to the name of the original + // module type. This is used by neverallow to ensure you can't bypass a ModuleType() matcher + // just by creating a soong config module type. + Soong_config_base_module_type *string `blueprint:"mutated"` } type distProperties struct { diff --git a/android/neverallow.go b/android/neverallow.go index eca8eb36d..a7bfd2dfa 100644 --- a/android/neverallow.go +++ b/android/neverallow.go @@ -412,7 +412,8 @@ func neverallowMutator(ctx BottomUpMutatorContext) { continue } - if !n.appliesToModuleType(ctx.ModuleType()) { + modType := proptools.StringDefault(m.base().baseProperties.Soong_config_base_module_type, ctx.ModuleType()) + if !n.appliesToModuleType(modType) { continue } diff --git a/android/neverallow_test.go b/android/neverallow_test.go index c74d5ff58..3ccc883af 100644 --- a/android/neverallow_test.go +++ b/android/neverallow_test.go @@ -388,6 +388,30 @@ var neverallowTests = []struct { `module type not allowed to be defined in bp file`, }, }, + // Test the a neverallowed module type can't be smuggled through a soong config module type + { + name: `smuggling module types through soong config modules`, + fs: map[string][]byte{ + "a/b/Android.bp": []byte(` + soong_config_bool_variable { + name: "my_var", + } + soong_config_module_type { + name: "smuggled_prebuilt_usr_srec", + module_type: "prebuilt_usr_srec", + config_namespace: "ANDROID", + variables: ["my_var"], + properties: ["enabled"], + } + smuggled_prebuilt_usr_srec { + name: "foo", + } + `), + }, + expectedErrors: []string{ + `module type not allowed to be defined in bp file`, + }, + }, } var prepareForNeverAllowTest = GroupFixturePreparers( @@ -399,6 +423,7 @@ var prepareForNeverAllowTest = GroupFixturePreparers( ctx.RegisterModuleType("filesystem", newMockFilesystemModule) ctx.RegisterModuleType("prebuilt_usr_srec", newMockPrebuiltUsrSrecModule) }), + PrepareForTestWithSoongConfigModuleBuildComponents, ) func TestNeverallow(t *testing.T) { diff --git a/android/soong_config_modules.go b/android/soong_config_modules.go index e0b1d7cbe..a61c9d33d 100644 --- a/android/soong_config_modules.go +++ b/android/soong_config_modules.go @@ -506,6 +506,10 @@ func configModuleFactory(factory blueprint.ModuleFactory, moduleType *soongconfi conditionalProps := proptools.CloneEmptyProperties(conditionalFactoryProps) props = append(props, conditionalProps.Interface()) + if m, ok := module.(Module); ok { + m.base().baseProperties.Soong_config_base_module_type = &moduleType.BaseModuleType + } + // Regular Soong operation wraps the existing module factory with a // conditional on Soong config variables by reading the product // config variables from Make. |