Merge "Revert^2 "Enable genrule sandboxing by default"" into main
This commit is contained in:
		| @@ -1,5 +1,14 @@ | ||||
| # Build System Changes for Android.mk/Android.bp Writers | ||||
|  | ||||
| ## Soong genrules are now sandboxed | ||||
|  | ||||
| Previously, soong genrules could access any files in the source tree, without specifying them as | ||||
| inputs. This makes them incorrect in incremental builds, and incompatible with RBE and Bazel. | ||||
|  | ||||
| Now, genrules are sandboxed so they can only access their listed srcs. Modules denylisted in | ||||
| genrule/allowlists.go are exempt from this. You can also set `BUILD_BROKEN_GENRULE_SANDBOXING` | ||||
| in board config to disable this behavior. | ||||
|  | ||||
| ## Partitions are no longer affected by previous builds | ||||
|  | ||||
| Partition builds used to include everything in their staging directories, and building an | ||||
|   | ||||
| @@ -188,6 +188,7 @@ _build_broken_var_list := \ | ||||
|   BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE \ | ||||
|   BUILD_BROKEN_VINTF_PRODUCT_COPY_FILES \ | ||||
|   BUILD_BROKEN_INCORRECT_PARTITION_IMAGES \ | ||||
|   BUILD_BROKEN_GENRULE_SANDBOXING \ | ||||
|  | ||||
| _build_broken_var_list += \ | ||||
|   $(foreach m,$(AVAILABLE_BUILD_MODULE_TYPES) \ | ||||
|   | ||||
| @@ -16,6 +16,10 @@ endif | ||||
| # PRODUCT_AFDO_PROFILES takes precedence over product-agnostic profiles in AFDO_PROFILES | ||||
| ALL_AFDO_PROFILES := $(PRODUCT_AFDO_PROFILES) $(AFDO_PROFILES) | ||||
|  | ||||
| ifneq (,$(filter-out environment undefined,$(origin GENRULE_SANDBOXING))) | ||||
|   $(error GENRULE_SANDBOXING can only be provided via an environment variable, use BUILD_BROKEN_GENRULE_SANDBOXING to disable genrule sandboxing in board config) | ||||
| endif | ||||
|  | ||||
| ifeq ($(WRITE_SOONG_VARIABLES),true) | ||||
|  | ||||
| # Create soong.variables with copies of makefile settings.  Runs every build, | ||||
| @@ -281,7 +285,8 @@ $(call add_json_list, BuildBrokenPluginValidation,         $(BUILD_BROKEN_PLUGIN | ||||
| $(call add_json_bool, BuildBrokenClangProperty,            $(filter true,$(BUILD_BROKEN_CLANG_PROPERTY))) | ||||
| $(call add_json_bool, BuildBrokenClangAsFlags,             $(filter true,$(BUILD_BROKEN_CLANG_ASFLAGS))) | ||||
| $(call add_json_bool, BuildBrokenClangCFlags,              $(filter true,$(BUILD_BROKEN_CLANG_CFLAGS))) | ||||
| $(call add_json_bool, GenruleSandboxing,                   $(filter true,$(GENRULE_SANDBOXING))) | ||||
| # Use the value of GENRULE_SANDBOXING if set, otherwise use the inverse of BUILD_BROKEN_GENRULE_SANDBOXING | ||||
| $(call add_json_bool, GenruleSandboxing,                   $(if $(GENRULE_SANDBOXING),$(filter true,$(GENRULE_SANDBOXING)),$(if $(filter true,$(BUILD_BROKEN_GENRULE_SANDBOXING)),,true))) | ||||
| $(call add_json_bool, BuildBrokenEnforceSyspropOwner,      $(filter true,$(BUILD_BROKEN_ENFORCE_SYSPROP_OWNER))) | ||||
| $(call add_json_bool, BuildBrokenTrebleSyspropNeverallow,  $(filter true,$(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW))) | ||||
| $(call add_json_bool, BuildBrokenUsesSoongPython2Modules,  $(filter true,$(BUILD_BROKEN_USES_SOONG_PYTHON2_MODULES))) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user