103eb0f9bc
Defer edge creation.
Don't create edges until the count is known to avoid repeated allocate+
copy operatios.
Limit resolutions.
Allow only a single resolution condition set per target, and overwrite
intermediate results. Reduces memory and obviates allocations.
Propagate fewer conditions.
Instead of propagating notice conditions to parents in graph during
initial resolve, leave them on leaf node, and attach to ancestors in
the final walk. Reduces copies.
Parallelize resolutions.
Use goroutines, mutexes, and waitgroups to resolve branches of the
graph in parallel. Makes better use of available cores.
Don't accumulate resolutions inside non-containers.
During the final resolution walk, only attach actions to ancestors from
the root down until the 1st non-aggregate. Prevents an explosion of
copies in the lower levels of the graph.
Drop origin for scale.
Tracking the origin of every potential origin for every restricted
condition does not scale. By dropping origin, propagating from top
to bottom can prune many redundant paths avoiding an exponential
explosion.
Conditions as bitmask.
Use bit masks for license conditions and condition sets. Reduces maps
and allocations.
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Test: m systemlicense
Test: m listshare; out/soong/host/linux-x86/bin/listshare ...
Test: m checkshare; out/soong/host/linux-x86/bin/checkshare ...
Test: m dumpgraph; out/soong/host/linux-x86/dumpgraph ...
Test: m dumpresolutions; out/soong/host/linux-x86/dumpresolutions ...
where ... is the path to the .meta_lic file for the system image. In my
case if
$ export PRODUCT=$(realpath $ANDROID_PRODUCT_OUT --relative-to=$PWD)
... can be expressed as:
${PRODUCT}/gen/META/lic_intermediates/${PRODUCT}/system.img.meta_lic
Change-Id: Ia2ec1b818de6122c239fbd0824754f1d65daffd3
259 lines
10 KiB
Go
259 lines
10 KiB
Go
// Copyright 2021 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package compliance
|
|
|
|
import (
|
|
"regexp"
|
|
"strings"
|
|
)
|
|
|
|
var (
|
|
// RecognizedAnnotations identifies the set of annotations that have
|
|
// meaning for compliance policy.
|
|
RecognizedAnnotations = map[string]string{
|
|
// used in readgraph.go to avoid creating 1000's of copies of the below 3 strings.
|
|
"static": "static",
|
|
"dynamic": "dynamic",
|
|
"toolchain": "toolchain",
|
|
}
|
|
|
|
// ImpliesUnencumbered lists the condition names representing an author attempt to disclaim copyright.
|
|
ImpliesUnencumbered = LicenseConditionSet(UnencumberedCondition)
|
|
|
|
// ImpliesPermissive lists the condition names representing copyrighted but "licensed without policy requirements".
|
|
ImpliesPermissive = LicenseConditionSet(PermissiveCondition)
|
|
|
|
// ImpliesNotice lists the condition names implying a notice or attribution policy.
|
|
ImpliesNotice = LicenseConditionSet(UnencumberedCondition | PermissiveCondition | NoticeCondition | ReciprocalCondition |
|
|
RestrictedCondition | RestrictedClasspathExceptionCondition | WeaklyRestrictedCondition |
|
|
ProprietaryCondition | ByExceptionOnlyCondition)
|
|
|
|
// ImpliesReciprocal lists the condition names implying a local source-sharing policy.
|
|
ImpliesReciprocal = LicenseConditionSet(ReciprocalCondition)
|
|
|
|
// Restricted lists the condition names implying an infectious source-sharing policy.
|
|
ImpliesRestricted = LicenseConditionSet(RestrictedCondition | RestrictedClasspathExceptionCondition | WeaklyRestrictedCondition)
|
|
|
|
// ImpliesProprietary lists the condition names implying a confidentiality policy.
|
|
ImpliesProprietary = LicenseConditionSet(ProprietaryCondition)
|
|
|
|
// ImpliesByExceptionOnly lists the condition names implying a policy for "license review and approval before use".
|
|
ImpliesByExceptionOnly = LicenseConditionSet(ProprietaryCondition | ByExceptionOnlyCondition)
|
|
|
|
// ImpliesPrivate lists the condition names implying a source-code privacy policy.
|
|
ImpliesPrivate = LicenseConditionSet(ProprietaryCondition)
|
|
|
|
// ImpliesShared lists the condition names implying a source-code sharing policy.
|
|
ImpliesShared = LicenseConditionSet(ReciprocalCondition | RestrictedCondition | RestrictedClasspathExceptionCondition | WeaklyRestrictedCondition)
|
|
)
|
|
|
|
var (
|
|
anyLgpl = regexp.MustCompile(`^SPDX-license-identifier-LGPL.*`)
|
|
versionedGpl = regexp.MustCompile(`^SPDX-license-identifier-GPL-\p{N}.*`)
|
|
genericGpl = regexp.MustCompile(`^SPDX-license-identifier-GPL$`)
|
|
ccBySa = regexp.MustCompile(`^SPDX-license-identifier-CC-BY.*-SA.*`)
|
|
)
|
|
|
|
|
|
// LicenseConditionSetFromNames returns a set containing the recognized `names` and
|
|
// silently ignoring or discarding the unrecognized `names`.
|
|
func LicenseConditionSetFromNames(tn *TargetNode, names ...string) LicenseConditionSet {
|
|
cs := NewLicenseConditionSet()
|
|
for _, name := range names {
|
|
if name == "restricted" {
|
|
if 0 == len(tn.LicenseKinds()) {
|
|
cs = cs.Plus(RestrictedCondition)
|
|
continue
|
|
}
|
|
hasLgpl := false
|
|
hasClasspath := false
|
|
hasGeneric := false
|
|
for _, kind := range tn.LicenseKinds() {
|
|
if strings.HasSuffix(kind, "-with-classpath-exception") {
|
|
cs = cs.Plus(RestrictedClasspathExceptionCondition)
|
|
hasClasspath = true
|
|
} else if anyLgpl.MatchString(kind) {
|
|
cs = cs.Plus(WeaklyRestrictedCondition)
|
|
hasLgpl = true
|
|
} else if versionedGpl.MatchString(kind) {
|
|
cs = cs.Plus(RestrictedCondition)
|
|
} else if genericGpl.MatchString(kind) {
|
|
hasGeneric = true
|
|
} else if kind == "legacy_restricted" || ccBySa.MatchString(kind) {
|
|
cs = cs.Plus(RestrictedCondition)
|
|
} else {
|
|
cs = cs.Plus(RestrictedCondition)
|
|
}
|
|
}
|
|
if hasGeneric && !hasLgpl && !hasClasspath {
|
|
cs = cs.Plus(RestrictedCondition)
|
|
}
|
|
continue
|
|
}
|
|
if lc, ok := RecognizedConditionNames[name]; ok {
|
|
cs |= LicenseConditionSet(lc)
|
|
}
|
|
}
|
|
return cs
|
|
}
|
|
|
|
|
|
// Resolution happens in three phases:
|
|
//
|
|
// 1. A bottom-up traversal propagates (restricted) license conditions up to
|
|
// targets from dendencies as needed.
|
|
//
|
|
// 2. For each condition of interest, a top-down traversal propagates
|
|
// (restricted) conditions down from targets into linked dependencies.
|
|
//
|
|
// 3. Finally, a walk of the shipped target nodes attaches resolutions to the
|
|
// ancestor nodes from the root down to and including the first non-container.
|
|
//
|
|
// e.g. If a disk image contains a binary bin1 that links a library liba, the
|
|
// notice requirement for liba gets attached to the disk image and to bin1.
|
|
// Because liba doesn't actually get shipped as a separate artifact, but only
|
|
// as bits in bin1, it has no actions 'attached' to it. The actions attached
|
|
// to the image and to bin1 'act on' liba by providing notice.
|
|
//
|
|
// The behavior of the 3 phases gets controlled by the 3 functions below.
|
|
//
|
|
// The first function controls what happens during the bottom-up propagation.
|
|
// Restricted conditions propagate up all non-toolchain dependencies; except,
|
|
// some do not propagate up dynamic links, which may depend on whether the
|
|
// modules are independent.
|
|
//
|
|
// The second function controls what happens during the top-down propagation.
|
|
// Restricted conditions propagate down as above with the added caveat that
|
|
// inherited restricted conditions do not propagate from pure aggregates to
|
|
// their dependencies.
|
|
//
|
|
// The final function controls which conditions apply/get attached to ancestors
|
|
// depending on the types of dependencies involved. All conditions apply across
|
|
// normal derivation dependencies. No conditions apply across toolchain
|
|
// dependencies. Some restricted conditions apply across dynamic link
|
|
// dependencies.
|
|
//
|
|
// Not all restricted licenses are create equal. Some have special rules or
|
|
// exceptions. e.g. LGPL or "with classpath excption".
|
|
|
|
|
|
// depConditionsPropagatingToTarget returns the conditions which propagate up an
|
|
// edge from dependency to target.
|
|
//
|
|
// This function sets the policy for the bottom-up propagation and how conditions
|
|
// flow up the graph from dependencies to targets.
|
|
//
|
|
// If a pure aggregation is built into a derivative work that is not a pure
|
|
// aggregation, per policy it ceases to be a pure aggregation in the context of
|
|
// that derivative work. The `treatAsAggregate` parameter will be false for
|
|
// non-aggregates and for aggregates in non-aggregate contexts.
|
|
func depConditionsPropagatingToTarget(lg *LicenseGraph, e *TargetEdge, depConditions LicenseConditionSet, treatAsAggregate bool) LicenseConditionSet {
|
|
result := LicenseConditionSet(0x0000)
|
|
if edgeIsDerivation(e) {
|
|
result |= depConditions & ImpliesRestricted
|
|
return result
|
|
}
|
|
if !edgeIsDynamicLink(e) {
|
|
return result
|
|
}
|
|
|
|
result |= depConditions & LicenseConditionSet(RestrictedCondition)
|
|
if 0 != (depConditions & LicenseConditionSet(RestrictedClasspathExceptionCondition)) && !edgeNodesAreIndependentModules(e) {
|
|
result |= LicenseConditionSet(RestrictedClasspathExceptionCondition)
|
|
}
|
|
return result
|
|
}
|
|
|
|
// targetConditionsPropagatingToDep returns the conditions which propagate down
|
|
// an edge from target to dependency.
|
|
//
|
|
// This function sets the policy for the top-down traversal and how conditions
|
|
// flow down the graph from targets to dependencies.
|
|
//
|
|
// If a pure aggregation is built into a derivative work that is not a pure
|
|
// aggregation, per policy it ceases to be a pure aggregation in the context of
|
|
// that derivative work. The `treatAsAggregate` parameter will be false for
|
|
// non-aggregates and for aggregates in non-aggregate contexts.
|
|
func targetConditionsPropagatingToDep(lg *LicenseGraph, e *TargetEdge, targetConditions LicenseConditionSet, treatAsAggregate bool) LicenseConditionSet {
|
|
result := targetConditions
|
|
|
|
// reverse direction -- none of these apply to things depended-on, only to targets depending-on.
|
|
result = result.Minus(UnencumberedCondition, PermissiveCondition, NoticeCondition, ReciprocalCondition, ProprietaryCondition, ByExceptionOnlyCondition)
|
|
|
|
if !edgeIsDerivation(e) && !edgeIsDynamicLink(e) {
|
|
// target is not a derivative work of dependency and is not linked to dependency
|
|
result = result.Difference(ImpliesRestricted)
|
|
return result
|
|
}
|
|
if treatAsAggregate {
|
|
// If the author of a pure aggregate licenses it restricted, apply restricted to immediate dependencies.
|
|
// Otherwise, restricted does not propagate back down to dependencies.
|
|
if !LicenseConditionSetFromNames(e.target, e.target.proto.LicenseConditions...).MatchesAnySet(ImpliesRestricted) {
|
|
result = result.Difference(ImpliesRestricted)
|
|
}
|
|
return result
|
|
}
|
|
if edgeIsDerivation(e) {
|
|
return result
|
|
}
|
|
result = result.Minus(WeaklyRestrictedCondition)
|
|
if edgeNodesAreIndependentModules(e) {
|
|
result = result.Minus(RestrictedClasspathExceptionCondition)
|
|
}
|
|
return result
|
|
}
|
|
|
|
// conditionsAttachingAcrossEdge returns the subset of conditions in `universe`
|
|
// that apply across edge `e`.
|
|
//
|
|
// This function sets the policy for attaching actions to ancestor nodes in the
|
|
// final resolution walk.
|
|
func conditionsAttachingAcrossEdge(lg *LicenseGraph, e *TargetEdge, universe LicenseConditionSet) LicenseConditionSet {
|
|
result := universe
|
|
if edgeIsDerivation(e) {
|
|
return result
|
|
}
|
|
if !edgeIsDynamicLink(e) {
|
|
return NewLicenseConditionSet()
|
|
}
|
|
|
|
result &= LicenseConditionSet(RestrictedCondition | RestrictedClasspathExceptionCondition)
|
|
if 0 != (result & LicenseConditionSet(RestrictedClasspathExceptionCondition)) && edgeNodesAreIndependentModules(e) {
|
|
result &= LicenseConditionSet(RestrictedCondition)
|
|
}
|
|
return result
|
|
}
|
|
|
|
|
|
// edgeIsDynamicLink returns true for edges representing shared libraries
|
|
// linked dynamically at runtime.
|
|
func edgeIsDynamicLink(e *TargetEdge) bool {
|
|
return e.annotations.HasAnnotation("dynamic")
|
|
}
|
|
|
|
// edgeIsDerivation returns true for edges where the target is a derivative
|
|
// work of dependency.
|
|
func edgeIsDerivation(e *TargetEdge) bool {
|
|
isDynamic := e.annotations.HasAnnotation("dynamic")
|
|
isToolchain := e.annotations.HasAnnotation("toolchain")
|
|
return !isDynamic && !isToolchain
|
|
}
|
|
|
|
// edgeNodesAreIndependentModules returns true for edges where the target and
|
|
// dependency are independent modules.
|
|
func edgeNodesAreIndependentModules(e *TargetEdge) bool {
|
|
return e.target.PackageName() != e.dependency.PackageName()
|
|
}
|