From 192600a7d0c512315da01e93c677805e6c2d3b82 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Tue, 3 Aug 2021 07:52:17 +0000 Subject: [PATCH 1/2] Revert "Revert "Prohibit static executable in APEX"" This reverts commit 2125aab5043c05953505563ed505a7e64fc9f668. Reason for revert: relanding along with a forward fix Change-Id: Ib0283ca6beefa2f3073860287d00553ad0af6317 --- apex/apex.go | 30 ++++++++++++++++++++++++++++++ apex/apex_test.go | 30 +++++++++++++++++++++++++++--- 2 files changed, 57 insertions(+), 3 deletions(-) diff --git a/apex/apex.go b/apex/apex.go index 0857946ea..e8bb9b7ac 100644 --- a/apex/apex.go +++ b/apex/apex.go @@ -1696,6 +1696,7 @@ func (a *apexBundle) GenerateAndroidBuildActions(ctx android.ModuleContext) { a.checkUpdatable(ctx) a.checkMinSdkVersion(ctx) a.checkStaticLinkingToStubLibraries(ctx) + a.checkStaticExecutables(ctx) if len(a.properties.Tests) > 0 && !a.testApex { ctx.PropertyErrorf("tests", "property allowed only in apex_test module type") return @@ -2487,6 +2488,35 @@ func (a *apexBundle) checkApexAvailability(ctx android.ModuleContext) { }) } +// checkStaticExecutable ensures that executables in an APEX are not static. +func (a *apexBundle) checkStaticExecutables(ctx android.ModuleContext) { + ctx.VisitDirectDepsBlueprint(func(module blueprint.Module) { + if ctx.OtherModuleDependencyTag(module) != executableTag { + return + } + if cc, ok := module.(*cc.Module); ok && cc.StaticExecutable() { + apex := a.ApexVariationName() + exec := ctx.OtherModuleName(module) + if isStaticExecutableAllowed(apex, exec) { + return + } + ctx.ModuleErrorf("executable %s is static", ctx.OtherModuleName(module)) + } + }) +} + +// A small list of exceptions where static executables are allowed in APEXes. +func isStaticExecutableAllowed(apex string, exec string) bool { + m := map[string][]string{ + "com.android.runtime": []string{ + "linker", + "linkerconfig", + }, + } + execNames, ok := m[apex] + return ok && android.InList(exec, execNames) +} + // Collect information for opening IDE project files in java/jdeps.go. func (a *apexBundle) IDEInfo(dpInfo *android.IdeInfo) { dpInfo.Deps = append(dpInfo.Deps, a.properties.Java_libs...) diff --git a/apex/apex_test.go b/apex/apex_test.go index f58bf6cc5..1645c9978 100644 --- a/apex/apex_test.go +++ b/apex/apex_test.go @@ -374,7 +374,6 @@ func TestBasicApex(t *testing.T) { symlinks: ["foo_link_"], symlink_preferred_arch: true, system_shared_libs: [], - static_executable: true, stl: "none", apex_available: [ "myapex", "com.android.gki.*" ], } @@ -2494,7 +2493,6 @@ func TestFilesInSubDir(t *testing.T) { srcs: ["mylib.cpp"], relative_install_path: "foo/bar", system_shared_libs: [], - static_executable: true, stl: "none", apex_available: [ "myapex" ], } @@ -2554,7 +2552,6 @@ func TestFilesInSubDirWhenNativeBridgeEnabled(t *testing.T) { name: "mybin", relative_install_path: "foo/bar", system_shared_libs: [], - static_executable: true, stl: "none", apex_available: [ "myapex" ], native_bridge_supported: true, @@ -8188,6 +8185,33 @@ func TestApexJavaCoverage(t *testing.T) { } } +func TestProhibitStaticExecutable(t *testing.T) { + testApexError(t, `executable mybin is static`, ` + apex { + name: "myapex", + key: "myapex.key", + binaries: ["mybin"], + min_sdk_version: "29", + } + + apex_key { + name: "myapex.key", + public_key: "testkey.avbpubkey", + private_key: "testkey.pem", + } + + cc_binary { + name: "mybin", + srcs: ["mylib.cpp"], + relative_install_path: "foo/bar", + static_executable: true, + system_shared_libs: [], + stl: "none", + apex_available: [ "myapex" ], + } + `) +} + func TestMain(m *testing.M) { os.Exit(m.Run()) } From d12979d09ad0279dc85016634a478719c8327080 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Tue, 3 Aug 2021 13:36:09 +0900 Subject: [PATCH 2/2] static rust binaries are also prohibited in APEXes Also fixes a bug that the test runs for host APEXes like com.android.art.host. Bug: 185971244 Test: m Test: build mainline_modules target on aosp-master Change-Id: Ie2012adbf2f4eda5454d5eaa30f128fb1e20ad37 --- apex/apex.go | 8 +++++++- apex/apex_test.go | 24 ++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/apex/apex.go b/apex/apex.go index e8bb9b7ac..58faa68be 100644 --- a/apex/apex.go +++ b/apex/apex.go @@ -2490,11 +2490,17 @@ func (a *apexBundle) checkApexAvailability(ctx android.ModuleContext) { // checkStaticExecutable ensures that executables in an APEX are not static. func (a *apexBundle) checkStaticExecutables(ctx android.ModuleContext) { + // No need to run this for host APEXes + if ctx.Host() { + return + } + ctx.VisitDirectDepsBlueprint(func(module blueprint.Module) { if ctx.OtherModuleDependencyTag(module) != executableTag { return } - if cc, ok := module.(*cc.Module); ok && cc.StaticExecutable() { + + if l, ok := module.(cc.LinkableInterface); ok && l.StaticExecutable() { apex := a.ApexVariationName() exec := ctx.OtherModuleName(module) if isStaticExecutableAllowed(apex, exec) { diff --git a/apex/apex_test.go b/apex/apex_test.go index 1645c9978..41bfcea49 100644 --- a/apex/apex_test.go +++ b/apex/apex_test.go @@ -8208,6 +8208,30 @@ func TestProhibitStaticExecutable(t *testing.T) { system_shared_libs: [], stl: "none", apex_available: [ "myapex" ], + min_sdk_version: "29", + } + `) + + testApexError(t, `executable mybin.rust is static`, ` + apex { + name: "myapex", + key: "myapex.key", + binaries: ["mybin.rust"], + min_sdk_version: "29", + } + + apex_key { + name: "myapex.key", + public_key: "testkey.avbpubkey", + private_key: "testkey.pem", + } + + rust_binary { + name: "mybin.rust", + srcs: ["foo.rs"], + static_executable: true, + apex_available: ["myapex"], + min_sdk_version: "29", } `) }