Add property for incremental nsjail genrules

Normally genrule sandboxes run the build command in a clean state.
Setting keep_gendir as true, along with use_nsjail, will keep $(genDir)
so the genrule can be incrementally built.

Bug: 381459587
Test: build with and without the flag
Change-Id: I07bbea965f7b644ee8c8d2ead5b6abdd1f0c9aa6

1 files changed, 8 insertions, 1 deletions

diff --git a/android/neverallow.go b/android/neverallow.go
index 7f7ffa781..1213704bc 100644
--- a/android/neverallow.go
+++ b/android/neverallow.go
@@ -282,7 +282,7 @@ func createLimitNdkExportRule() []Rule {
 }
 
 func createLimitDirgroupRule() []Rule {
-	reason := "dirgroup module and dir_srcs property of genrule is allowed only to Trusty build rule."
+	reason := "dirgroup module and dir_srcs / keep_gendir property of genrule is allowed only to Trusty build rule."
 	return []Rule{
 		NeverAllow().
 			ModuleType("dirgroup").
@@ -297,6 +297,13 @@ func createLimitDirgroupRule() []Rule {
 			Without("name", "trusty-x86_64.lk.elf.gen").
 			Without("name", "trusty-x86_64-test.lk.elf.gen").
 			WithMatcher("dir_srcs", isSetMatcherInstance).Because(reason),
+		NeverAllow().
+			ModuleType("genrule").
+			Without("name", "trusty-arm64.lk.elf.gen").
+			Without("name", "trusty-arm64-virt-test-debug.lk.elf.gen").
+			Without("name", "trusty-x86_64.lk.elf.gen").
+			Without("name", "trusty-x86_64-test.lk.elf.gen").
+			With("keep_gendir", "true").Because(reason),
 	}
 }