diff options
| author | 2023-05-18 18:20:28 +0000 | |
|---|---|---|
| committer | 2023-05-18 18:20:28 +0000 | |
| commit | 33cc80eb1f84d607da1a70b76d8dc0370b51a89a (patch) | |
| tree | dbc665bd7ac9254dbd0929c2b054b6644d55d699 /android/plugin.go | |
| parent | 0b2cb610104910611a157df99ba36ebe87986032 (diff) | |
Revert "Revert "Restrict plugins to an existing allowlist""
This reverts commit b20a12553ef65a6401dfe0f67ab8b882da0f89db.
Reason for revert: Rollforward with fix
soong-ca-certificates-apex was missing from allowlist
Test: verify fixes CI breakages
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dfe4a9e4dd088f42ba5e0a3c4f7777c253d378d3)
Merged-In: I00687bd2962dbdaaf55189ca4aa82183264eb8d7
Change-Id: I00687bd2962dbdaaf55189ca4aa82183264eb8d7
Diffstat (limited to 'android/plugin.go')
| -rw-r--r-- | android/plugin.go | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/android/plugin.go b/android/plugin.go new file mode 100644 index 000000000..c9d1338f8 --- /dev/null +++ b/android/plugin.go @@ -0,0 +1,140 @@ +// Copyright 2022 Google Inc. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package android + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "os" + "strings" + + "github.com/google/blueprint" +) + +func init() { + RegisterPluginSingletonBuildComponents(InitRegistrationContext) +} + +func RegisterPluginSingletonBuildComponents(ctx RegistrationContext) { + ctx.RegisterSingletonType("plugins", pluginSingletonFactory) +} + +// pluginSingleton is a singleton to handle allowlisting of the final Android-<product_name>.mk file +// output. +func pluginSingletonFactory() Singleton { + return &pluginSingleton{} +} + +type pluginSingleton struct{} + +var allowedPluginsByName = map[string]bool{ + "aidl-soong-rules": true, + "arm_compute_library_nn_driver": true, + "cuttlefish-soong-rules": true, + "gki-soong-rules": true, + "hidl-soong-rules": true, + "kernel-config-soong-rules": true, + "soong-angle-codegen": true, + "soong-api": true, + "soong-art": true, + "soong-ca-certificates": true, + "soong-ca-certificates-apex": true, + "soong-clang": true, + "soong-clang-prebuilts": true, + "soong-csuite": true, + "soong-fluoride": true, + "soong-fs_config": true, + "soong-icu": true, + "soong-java-config-error_prone": true, + "soong-libchrome": true, + "soong-llvm": true, + "soong-robolectric": true, + "soong-rust-prebuilts": true, + "soong-selinux": true, + "soong-wayland-protocol-codegen": true, + "treble_report_app": true, + "treble_report_local": true, + "treble_report_module": true, + "vintf-compatibility-matrix-soong-rules": true, + "xsdc-soong-rules": true, +} + +const ( + internalPluginsPath = "vendor/google/build/soong/internal_plugins.json" +) + +type pluginProvider interface { + IsPluginFor(string) bool +} + +func maybeAddInternalPluginsToAllowlist(ctx SingletonContext) { + if path := ExistentPathForSource(ctx, internalPluginsPath); path.Valid() { + ctx.AddNinjaFileDeps(path.String()) + absPath := absolutePath(path.String()) + var moreAllowed map[string]bool + data, err := ioutil.ReadFile(absPath) + if err != nil { + ctx.Errorf("Failed to open internal plugins path %q %q", internalPluginsPath, err) + } + if err := json.Unmarshal(data, &moreAllowed); err != nil { + fmt.Fprintf(os.Stderr, "Internal plugins file %q did not parse correctly: %q", data, err) + } + for k, v := range moreAllowed { + allowedPluginsByName[k] = v + } + } +} + +func (p *pluginSingleton) GenerateBuildActions(ctx SingletonContext) { + for _, p := range ctx.DeviceConfig().BuildBrokenPluginValidation() { + allowedPluginsByName[p] = true + } + maybeAddInternalPluginsToAllowlist(ctx) + + disallowedPlugins := map[string]bool{} + ctx.VisitAllModulesBlueprint(func(module blueprint.Module) { + if ctx.ModuleType(module) != "bootstrap_go_package" { + return + } + + p, ok := module.(pluginProvider) + if !ok || !p.IsPluginFor("soong_build") { + return + } + + name := ctx.ModuleName(module) + if _, ok := allowedPluginsByName[name]; ok { + return + } + + dir := ctx.ModuleDir(module) + + // allow use of plugins within Soong to not allowlist everything + if strings.HasPrefix(dir, "build/soong") { + return + } + + // allow third party users outside of external to create new plugins, i.e. non-google paths + // under vendor or hardware + if !strings.HasPrefix(dir, "external/") && IsThirdPartyPath(dir) { + return + } + disallowedPlugins[name] = true + }) + if len(disallowedPlugins) > 0 { + ctx.Errorf("New plugins are not supported; however %q were found. Please reach out to the build team or use BUILD_BROKEN_PLUGIN_VALIDATION (see Changes.md for more info).", SortedStringKeys(disallowedPlugins)) + } +} |