From 16bfa11b73a34be1f1c72d2ffe86702f85378e92 Mon Sep 17 00:00:00 2001 From: David Brazdil Date: Mon, 12 Mar 2018 14:17:58 +0000 Subject: Enable hidden API blacklist APIs which have not been explicitly greylisted have so far been put on the dark greylist. This patch changes the default to blacklist and therefore enables strict enforcement. Bug: 64382372 Test: make Test: device boots Change-Id: Id38dd14382e9c2f0e853698ad7df7e9602084336 --- Android.mk | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/Android.mk b/Android.mk index e2f88e8990bd..ee8fbe0f5ad1 100644 --- a/Android.mk +++ b/Android.mk @@ -861,39 +861,42 @@ include $(BUILD_STATIC_JAVA_LIBRARY) # ==== hiddenapi lists ======================================= -# Copy blacklist and light greylist over into the build folder. +# Copy light and dark greylist over into the build folder. # This is for ART buildbots which need to mock these lists and have alternative # rules for building them. Other rules in the build system should depend on the # files in the build folder. -$(eval $(call copy-one-file,frameworks/base/config/hiddenapi-blacklist.txt,\ - $(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST))) - # Temporarily merge light greylist from two files. Vendor list will become dark # grey once we remove the UI toast. $(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST): frameworks/base/config/hiddenapi-light-greylist.txt \ frameworks/base/config/hiddenapi-vendor-list.txt sort $^ > $@ +$(eval $(call copy-one-file,frameworks/base/config/hiddenapi-dark-greylist.txt,\ + $(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST))) + # Generate dark greylist as private API minus (blacklist plus light greylist). -$(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST): PRIVATE_API := $(INTERNAL_PLATFORM_PRIVATE_DEX_API_FILE) -$(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST): BLACKLIST := $(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST) -$(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST): LIGHT_GREYLIST := $(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) -$(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST): $(INTERNAL_PLATFORM_PRIVATE_DEX_API_FILE) \ - $(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST) \ - $(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) - if [ ! -z "`comm -12 <(sort $(BLACKLIST)) <(sort $(LIGHT_GREYLIST))`" ]; then \ - echo "There should be no overlap between $(BLACKLIST) and $(LIGHT_GREYLIST)" 1>&2; \ +$(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST): PRIVATE_API := $(INTERNAL_PLATFORM_PRIVATE_DEX_API_FILE) +$(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST): LIGHT_GREYLIST := $(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) +$(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST): DARK_GREYLIST := $(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST) +$(INTERNAL_PLATFORM_HIDDENAPI_BLACKLIST): $(INTERNAL_PLATFORM_PRIVATE_DEX_API_FILE) \ + $(INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST) \ + $(INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST) + if [ ! -z "`comm -12 <(sort $(LIGHT_GREYLIST)) <(sort $(DARK_GREYLIST))`" ]; then \ + echo "There should be no overlap between $(LIGHT_GREYLIST) and $(DARK_GREYLIST)" 1>&2; \ + comm -12 <(sort $(LIGHT_GREYLIST)) <(sort $(DARK_GREYLIST)) 1>&2; \ exit 1; \ - elif [ ! -z "`comm -13 <(sort $(PRIVATE_API)) <(sort $(BLACKLIST))`" ]; then \ - echo "$(BLACKLIST) must be a subset of $(PRIVATE_API)" 1>&2; \ - exit 2; \ elif [ ! -z "`comm -13 <(sort $(PRIVATE_API)) <(sort $(LIGHT_GREYLIST))`" ]; then \ echo "$(LIGHT_GREYLIST) must be a subset of $(PRIVATE_API)" 1>&2; \ + comm -13 <(sort $(PRIVATE_API)) <(sort $(LIGHT_GREYLIST)) 1>&2; \ + exit 2; \ + elif [ ! -z "`comm -13 <(sort $(PRIVATE_API)) <(sort $(DARK_GREYLIST))`" ]; then \ + echo "$(DARK_GREYLIST) must be a subset of $(PRIVATE_API)" 1>&2; \ + comm -13 <(sort $(PRIVATE_API)) <(sort $(DARK_GREYLIST)) 1>&2; \ exit 3; \ fi - comm -23 <(sort $(PRIVATE_API)) <(sort $(BLACKLIST) $(LIGHT_GREYLIST)) > $@ + comm -23 <(sort $(PRIVATE_API)) <(sort $(LIGHT_GREYLIST) $(DARK_GREYLIST)) > $@ # Include subdirectory makefiles # ============================================================ -- cgit v1.2.3-59-g8ed1b