diff options
Diffstat (limited to 'android/neverallow.go')
| -rw-r--r-- | android/neverallow.go | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/android/neverallow.go b/android/neverallow.go index e93763b7b..041c9a0f8 100644 --- a/android/neverallow.go +++ b/android/neverallow.go @@ -60,6 +60,7 @@ func init() { AddNeverAllowRules(createCcStubsRule()) AddNeverAllowRules(createProhibitHeaderOnlyRule()) AddNeverAllowRules(createLimitNdkExportRule()...) + AddNeverAllowRules(createLimitDirgroupRule()...) } // Add a NeverAllow rule to the set of rules to apply. @@ -275,6 +276,23 @@ func createLimitNdkExportRule() []Rule { } } +func createLimitDirgroupRule() []Rule { + reason := "dirgroup module and dir_srcs property of genrule is allowed only to Trusty build rule." + return []Rule{ + NeverAllow(). + ModuleType("dirgroup"). + WithMatcher("visibility", NotInList([]string{"//trusty/vendor/google/aosp/scripts"})).Because(reason), + NeverAllow(). + ModuleType("dirgroup"). + Without("visibility", "//trusty/vendor/google/aosp/scripts").Because(reason), + NeverAllow(). + ModuleType("genrule"). + Without("name", "lk.elf.arm64"). + Without("name", "lk.elf.x86_64"). + WithMatcher("dir_srcs", isSetMatcherInstance).Because(reason), + } +} + func neverallowMutator(ctx BottomUpMutatorContext) { m, ok := ctx.Module().(Module) if !ok { |