summaryrefslogtreecommitdiff
path: root/android/neverallow.go
diff options
context:
space:
mode:
author Orlando Arbildo <oarbildo@google.com> 2025-01-13 06:19:21 -0800
committer Gerrit Code Review <noreply-gerritcodereview@google.com> 2025-01-13 06:19:21 -0800
commit54654537adc8af442933a33b661ffd649b5c625c (patch)
tree9ac68f1770c2512d4500651644314594ac5eacc6 /android/neverallow.go
parent441178015f358cbfd330b6b5a4f80966d9d4bc02 (diff)
parent47afbddc1776954fb42f110e45afc9c5be24af09 (diff)
Merge "neverallow: Adding support for extra Trusty VM build" into main
Diffstat (limited to 'android/neverallow.go')
-rw-r--r--android/neverallow.go28
1 files changed, 26 insertions, 2 deletions
diff --git a/android/neverallow.go b/android/neverallow.go
index e12e8b771..cf0b29779 100644
--- a/android/neverallow.go
+++ b/android/neverallow.go
@@ -291,16 +291,20 @@ func createLimitDirgroupRule() []Rule {
return []Rule{
NeverAllow().
ModuleType("dirgroup").
- WithMatcher("visibility", NotInList([]string{"//trusty/vendor/google/aosp/scripts"})).Because(reason),
+ WithMatcher("visibility", NotInList([]string{"//trusty/vendor/google/aosp/scripts", "//trusty/vendor/google/proprietary/scripts"})).Because(reason),
NeverAllow().
ModuleType("dirgroup").
- Without("visibility", "//trusty/vendor/google/aosp/scripts").Because(reason),
+ WithoutMatcher("visibility", InAllowedList([]string{"//trusty/vendor/google/aosp/scripts", "//trusty/vendor/google/proprietary/scripts"})).Because(reason),
NeverAllow().
ModuleType("genrule").
Without("name", "trusty-arm64.lk.elf.gen").
Without("name", "trusty-arm64-virt-test-debug.lk.elf.gen").
Without("name", "trusty-x86_64.lk.elf.gen").
Without("name", "trusty-x86_64-test.lk.elf.gen").
+ Without("name", "trusty-arm64.wv.lk.elf.gen").
+ Without("name", "trusty-arm64-virt-test-debug.wv.lk.elf.gen").
+ Without("name", "trusty-x86_64.wv.lk.elf.gen").
+ Without("name", "trusty-x86_64-test.wv.lk.elf.gen").
WithMatcher("dir_srcs", isSetMatcherInstance).Because(reason),
NeverAllow().
ModuleType("genrule").
@@ -308,6 +312,10 @@ func createLimitDirgroupRule() []Rule {
Without("name", "trusty-arm64-virt-test-debug.lk.elf.gen").
Without("name", "trusty-x86_64.lk.elf.gen").
Without("name", "trusty-x86_64-test.lk.elf.gen").
+ Without("name", "trusty-arm64.wv.lk.elf.gen").
+ Without("name", "trusty-arm64-virt-test-debug.wv.lk.elf.gen").
+ Without("name", "trusty-x86_64.wv.lk.elf.gen").
+ Without("name", "trusty-x86_64-test.wv.lk.elf.gen").
With("keep_gendir", "true").Because(reason),
}
}
@@ -474,6 +482,18 @@ func (m *notInListMatcher) String() string {
return ".not-in-list(" + strings.Join(m.allowed, ",") + ")"
}
+type InListMatcher struct {
+ allowed []string
+}
+
+func (m *InListMatcher) Test(value string) bool {
+ return InList(value, m.allowed)
+}
+
+func (m *InListMatcher) String() string {
+ return ".in-list(" + strings.Join(m.allowed, ",") + ")"
+}
+
type isSetMatcher struct{}
func (m *isSetMatcher) Test(value string) bool {
@@ -752,6 +772,10 @@ func NotInList(allowed []string) ValueMatcher {
return &notInListMatcher{allowed}
}
+func InAllowedList(allowed []string) ValueMatcher {
+ return &InListMatcher{allowed}
+}
+
// assorted utils
func cleanPaths(paths []string) []string {