Enforce permitted_packages for Q+ and R+ modules
Q+ and R+ mainline modules may only add code in a restricted set of Java package prefixes, that may never be changed. If a mainline module owns the Java package prefix "foo.bar", it may have classes in "foo.bar", "foo.bar.baz", "foo.bar.baz.bat" etc. Test: m Bug: 156725734 Change-Id: I30bf510ed473309871469bf439d7c81575450931
This commit is contained in:
Andrei Onea
@@ -253,6 +253,10 @@ func neverallowMutator(ctx BottomUpMutatorContext) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !n.appliesToBootclasspathJar(ctx) {
|
||||
continue
|
||||
}
|
||||
|
||||
ctx.ModuleErrorf("violates " + n.String())
|
||||
}
|
||||
}
|
||||
@@ -311,6 +315,18 @@ func (m *regexMatcher) String() string {
|
||||
return ".regexp(" + m.re.String() + ")"
|
||||
}
|
||||
|
||||
type notInListMatcher struct {
|
||||
allowed []string
|
||||
}
|
||||
|
||||
func (m *notInListMatcher) Test(value string) bool {
|
||||
return !InList(value, m.allowed)
|
||||
}
|
||||
|
||||
func (m *notInListMatcher) String() string {
|
||||
return ".not-in-list(" + strings.Join(m.allowed, ",") + ")"
|
||||
}
|
||||
|
||||
type isSetMatcher struct{}
|
||||
|
||||
func (m *isSetMatcher) Test(value string) bool {
|
||||
@@ -342,6 +358,8 @@ type Rule interface {
|
||||
|
||||
NotModuleType(types ...string) Rule
|
||||
|
||||
BootclasspathJar() Rule
|
||||
|
||||
With(properties, value string) Rule
|
||||
|
||||
WithMatcher(properties string, matcher ValueMatcher) Rule
|
||||
@@ -369,6 +387,8 @@ type rule struct {
|
||||
|
||||
props []ruleProperty
|
||||
unlessProps []ruleProperty
|
||||
|
||||
onlyBootclasspathJar bool
|
||||
}
|
||||
|
||||
// Create a new NeverAllow rule.
|
||||
@@ -444,6 +464,11 @@ func (r *rule) Because(reason string) Rule {
|
||||
return r
|
||||
}
|
||||
|
||||
func (r *rule) BootclasspathJar() Rule {
|
||||
r.onlyBootclasspathJar = true
|
||||
return r
|
||||
}
|
||||
|
||||
func (r *rule) String() string {
|
||||
s := "neverallow"
|
||||
for _, v := range r.paths {
|
||||
@@ -470,6 +495,9 @@ func (r *rule) String() string {
|
||||
for _, v := range r.osClasses {
|
||||
s += " os:" + v.String()
|
||||
}
|
||||
if r.onlyBootclasspathJar {
|
||||
s += " inBcp"
|
||||
}
|
||||
if len(r.reason) != 0 {
|
||||
s += " which is restricted because " + r.reason
|
||||
}
|
||||
@@ -498,6 +526,14 @@ func (r *rule) appliesToDirectDeps(ctx BottomUpMutatorContext) bool {
|
||||
return matches
|
||||
}
|
||||
|
||||
func (r *rule) appliesToBootclasspathJar(ctx BottomUpMutatorContext) bool {
|
||||
if !r.onlyBootclasspathJar {
|
||||
return true
|
||||
}
|
||||
|
||||
return InList(ctx.ModuleName(), ctx.Config().BootJars())
|
||||
}
|
||||
|
||||
func (r *rule) appliesToOsClass(osClass OsClass) bool {
|
||||
if len(r.osClasses) == 0 {
|
||||
return true
|
||||
@@ -534,6 +570,10 @@ func Regexp(re string) ValueMatcher {
|
||||
return ®exMatcher{r}
|
||||
}
|
||||
|
||||
func NotInList(allowed []string) ValueMatcher {
|
||||
return ¬InListMatcher{allowed}
|
||||
}
|
||||
|
||||
// assorted utils
|
||||
|
||||
func cleanPaths(paths []string) []string {
|
||||
|
||||
Reference in New Issue
Block a user