From 0db999c45e4dc5c6544492d26728604fddce6011 Mon Sep 17 00:00:00 2001 From: Steven Moreland Date: Tue, 3 Sep 2024 22:06:24 +0000 Subject: [PATCH] ndk_library: limit exports The NDK should stand alone, and the libbinder_ndk case is created because libbinder_ndk in the NDK used to contain extra C++ headers, but these were moved into the SDK to be next to AIDL. Since many modules depend on these headers, exports are only allowed for this case. Bug: 357711733 Test: build with neverallow breaking, for instance: error: frameworks/wilhelm/Android.bp:56:1: module "libOpenSLES.ndk" variant "android_x86_64_silvermont_sdk_shared_21": violates neverallow requirements. Not allowed: module types: ["ndk_library"] properties matching: "Export_header_libs" matches: .is-set EXCEPT in dirs: ["frameworks/native/libs/binder/ndk/"] Change-Id: I9a32d3cb7f644fb5dbc1e8072894f2f585b2cd6d --- android/neverallow.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/android/neverallow.go b/android/neverallow.go index 0f363e78f..7f6999dfa 100644 --- a/android/neverallow.go +++ b/android/neverallow.go @@ -60,6 +60,7 @@ func init() { AddNeverAllowRules(createCcStubsRule()) AddNeverAllowRules(createJavaExcludeStaticLibsRule()) AddNeverAllowRules(createProhibitHeaderOnlyRule()) + AddNeverAllowRules(createLimitNdkExportRule()...) } // Add a NeverAllow rule to the set of rules to apply. @@ -266,6 +267,22 @@ func createProhibitHeaderOnlyRule() Rule { Because("headers_only can only be used for generating framework-minus-apex headers for non-updatable modules") } +func createLimitNdkExportRule() []Rule { + reason := "If the headers you're trying to export are meant to be a part of the NDK, they should be exposed by an ndk_headers module. If the headers shouldn't be a part of the NDK, the headers should instead be exposed from a separate `cc_library_headers` which consumers depend on." + // DO NOT ADD HERE - please consult danalbert@ + // b/357711733 + return []Rule{ + NeverAllow(). + NotIn("frameworks/native/libs/binder/ndk"). + ModuleType("ndk_library"). + WithMatcher("export_header_libs", isSetMatcherInstance).Because(reason), + NeverAllow().ModuleType("ndk_library").WithMatcher("export_generated_headers", isSetMatcherInstance).Because(reason), + NeverAllow().ModuleType("ndk_library").WithMatcher("export_include_dirs", isSetMatcherInstance).Because(reason), + NeverAllow().ModuleType("ndk_library").WithMatcher("export_shared_lib_headers", isSetMatcherInstance).Because(reason), + NeverAllow().ModuleType("ndk_library").WithMatcher("export_static_lib_headers", isSetMatcherInstance).Because(reason), + } +} + func neverallowMutator(ctx BottomUpMutatorContext) { m, ok := ctx.Module().(Module) if !ok {