diff options
author | 2025-01-13 06:19:21 -0800 | |
---|---|---|
committer | 2025-01-13 06:19:21 -0800 | |
commit | 54654537adc8af442933a33b661ffd649b5c625c (patch) | |
tree | 9ac68f1770c2512d4500651644314594ac5eacc6 /android/neverallow.go | |
parent | 441178015f358cbfd330b6b5a4f80966d9d4bc02 (diff) | |
parent | 47afbddc1776954fb42f110e45afc9c5be24af09 (diff) |
Merge "neverallow: Adding support for extra Trusty VM build" into main
Diffstat (limited to 'android/neverallow.go')
-rw-r--r-- | android/neverallow.go | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/android/neverallow.go b/android/neverallow.go index e12e8b771..cf0b29779 100644 --- a/android/neverallow.go +++ b/android/neverallow.go @@ -291,16 +291,20 @@ func createLimitDirgroupRule() []Rule { return []Rule{ NeverAllow(). ModuleType("dirgroup"). - WithMatcher("visibility", NotInList([]string{"//trusty/vendor/google/aosp/scripts"})).Because(reason), + WithMatcher("visibility", NotInList([]string{"//trusty/vendor/google/aosp/scripts", "//trusty/vendor/google/proprietary/scripts"})).Because(reason), NeverAllow(). ModuleType("dirgroup"). - Without("visibility", "//trusty/vendor/google/aosp/scripts").Because(reason), + WithoutMatcher("visibility", InAllowedList([]string{"//trusty/vendor/google/aosp/scripts", "//trusty/vendor/google/proprietary/scripts"})).Because(reason), NeverAllow(). ModuleType("genrule"). Without("name", "trusty-arm64.lk.elf.gen"). Without("name", "trusty-arm64-virt-test-debug.lk.elf.gen"). Without("name", "trusty-x86_64.lk.elf.gen"). Without("name", "trusty-x86_64-test.lk.elf.gen"). + Without("name", "trusty-arm64.wv.lk.elf.gen"). + Without("name", "trusty-arm64-virt-test-debug.wv.lk.elf.gen"). + Without("name", "trusty-x86_64.wv.lk.elf.gen"). + Without("name", "trusty-x86_64-test.wv.lk.elf.gen"). WithMatcher("dir_srcs", isSetMatcherInstance).Because(reason), NeverAllow(). ModuleType("genrule"). @@ -308,6 +312,10 @@ func createLimitDirgroupRule() []Rule { Without("name", "trusty-arm64-virt-test-debug.lk.elf.gen"). Without("name", "trusty-x86_64.lk.elf.gen"). Without("name", "trusty-x86_64-test.lk.elf.gen"). + Without("name", "trusty-arm64.wv.lk.elf.gen"). + Without("name", "trusty-arm64-virt-test-debug.wv.lk.elf.gen"). + Without("name", "trusty-x86_64.wv.lk.elf.gen"). + Without("name", "trusty-x86_64-test.wv.lk.elf.gen"). With("keep_gendir", "true").Because(reason), } } @@ -474,6 +482,18 @@ func (m *notInListMatcher) String() string { return ".not-in-list(" + strings.Join(m.allowed, ",") + ")" } +type InListMatcher struct { + allowed []string +} + +func (m *InListMatcher) Test(value string) bool { + return InList(value, m.allowed) +} + +func (m *InListMatcher) String() string { + return ".in-list(" + strings.Join(m.allowed, ",") + ")" +} + type isSetMatcher struct{} func (m *isSetMatcher) Test(value string) bool { @@ -752,6 +772,10 @@ func NotInList(allowed []string) ValueMatcher { return ¬InListMatcher{allowed} } +func InAllowedList(allowed []string) ValueMatcher { + return &InListMatcher{allowed} +} + // assorted utils func cleanPaths(paths []string) []string { |