Prevent smuggling modules through neverallow rules

Soong config module types would change the module type that neverallow sees, which can allow modules to get by the neverallow rules. Make the neverallow rules operate on the base module type instead of the soong config module type. Test: go test Change-Id: Icf8ef0d5c83f1027efe54ca21bbb6d5292921099
author: Cole Faust <colefaust@google.com> 2025-03-10 15:52:36 -0700
committer: Cole Faust <colefaust@google.com> 2025-03-10 16:16:33 -0700
commit: 55c03f03869351d6316bb41ecd1140e42df2dbec (patch)
tree: 2782a39e1efc0dce506470100f6360766a67e92b /android/module.go
parent: d98a99722186fbd0500c0dae8e7fe49364987fc6 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/android/module.go b/android/module.go
index 3d643f915..c6c4fd838 100644
--- a/android/module.go
+++ b/android/module.go
@@ -520,6 +520,11 @@ type baseProperties struct {
 
 	// names of other modules to install on target if this module is installed
 	Target_required []string `android:"arch_variant"`
+
+	// If this is a soong config module, this property will be set to the name of the original
+	// module type. This is used by neverallow to ensure you can't bypass a ModuleType() matcher
+	// just by creating a soong config module type.
+	Soong_config_base_module_type *string `blueprint:"mutated"`
 }
 
 type distProperties struct {
author	Cole Faust <colefaust@google.com>	2025-03-10 15:52:36 -0700
committer	Cole Faust <colefaust@google.com>	2025-03-10 16:16:33 -0700
commit	55c03f03869351d6316bb41ecd1140e42df2dbec (patch)
tree	2782a39e1efc0dce506470100f6360766a67e92b /android/module.go
parent	d98a99722186fbd0500c0dae8e7fe49364987fc6 (diff)