manual merge of 2ef16cfcd4 to rvc-dev-plus-aosp

Test: I solemnly swear I tested this conflict resolution.
Bug: None
Change-Id: I768c3fe568fee764cb0b533e73a3fef719adf30c
This commit is contained in:
Colin Cross
2020-06-12 17:48:44 -07:00
14 changed files with 70 additions and 68 deletions

View File

@@ -1163,8 +1163,8 @@ func (c *config) EnforceSystemCertificate() bool {
return Bool(c.productVariables.EnforceSystemCertificate)
}
func (c *config) EnforceSystemCertificateWhitelist() []string {
return c.productVariables.EnforceSystemCertificateWhitelist
func (c *config) EnforceSystemCertificateAllowList() []string {
return c.productVariables.EnforceSystemCertificateAllowList
}
func (c *config) EnforceProductPartitionInterface() bool {

View File

@@ -166,7 +166,7 @@ func createMediaRules() []Rule {
}
func createJavaDeviceForHostRules() []Rule {
javaDeviceForHostProjectsWhitelist := []string{
javaDeviceForHostProjectsAllowedList := []string{
"external/guava",
"external/robolectric-shadows",
"framework/layoutlib",
@@ -174,14 +174,14 @@ func createJavaDeviceForHostRules() []Rule {
return []Rule{
NeverAllow().
NotIn(javaDeviceForHostProjectsWhitelist...).
NotIn(javaDeviceForHostProjectsAllowedList...).
ModuleType("java_device_for_host", "java_host_for_device").
Because("java_device_for_host can only be used in whitelisted projects"),
Because("java_device_for_host can only be used in allowed projects"),
}
}
func createCcSdkVariantRules() []Rule {
sdkVersionOnlyWhitelist := []string{
sdkVersionOnlyAllowedList := []string{
// derive_sdk_prefer32 has stem: "derive_sdk" which conflicts with the derive_sdk.
// This sometimes works because the APEX modules that contain derive_sdk and
// derive_sdk_prefer32 suppress the platform installation rules, but fails when
@@ -194,7 +194,7 @@ func createCcSdkVariantRules() []Rule {
"vendor/xts/gts-tests/hostsidetests/gamedevicecert/apps/javatests",
}
platformVariantPropertiesWhitelist := []string{
platformVariantPropertiesAllowedList := []string{
// android_native_app_glue and libRSSupport use native_window.h but target old
// sdk versions (minimum and 9 respectively) where libnativewindow didn't exist,
// so they can't add libnativewindow to shared_libs to get the header directory
@@ -206,13 +206,13 @@ func createCcSdkVariantRules() []Rule {
return []Rule{
NeverAllow().
NotIn(sdkVersionOnlyWhitelist...).
NotIn(sdkVersionOnlyAllowedList...).
WithMatcher("sdk_variant_only", isSetMatcherInstance).
Because("sdk_variant_only can only be used in whitelisted projects"),
Because("sdk_variant_only can only be used in allowed projects"),
NeverAllow().
NotIn(platformVariantPropertiesWhitelist...).
NotIn(platformVariantPropertiesAllowedList...).
WithMatcher("platform.shared_libs", isSetMatcherInstance).
Because("platform variant properties can only be used in whitelisted projects"),
Because("platform variant properties can only be used in allowed projects"),
}
}

View File

@@ -212,7 +212,7 @@ var neverallowTests = []struct {
}`),
},
expectedErrors: []string{
"java_device_for_host can only be used in whitelisted projects",
"java_device_for_host can only be used in allowed projects",
},
},
// Libcore rule tests
@@ -261,46 +261,46 @@ var neverallowTests = []struct {
},
// CC sdk rule tests
{
name: `"sdk_variant_only" outside whitelist`,
name: `"sdk_variant_only" outside allowed list`,
fs: map[string][]byte{
"Android.bp": []byte(`
cc_library {
name: "outside_whitelist",
name: "outside_allowed_list",
sdk_version: "current",
sdk_variant_only: true,
}`),
},
expectedErrors: []string{
`module "outside_whitelist": violates neverallow`,
`module "outside_allowed_list": violates neverallow`,
},
},
{
name: `"sdk_variant_only: false" outside whitelist`,
name: `"sdk_variant_only: false" outside allowed list`,
fs: map[string][]byte{
"Android.bp": []byte(`
cc_library {
name: "outside_whitelist",
name: "outside_allowed_list",
sdk_version: "current",
sdk_variant_only: false,
}`),
},
expectedErrors: []string{
`module "outside_whitelist": violates neverallow`,
`module "outside_allowed_list": violates neverallow`,
},
},
{
name: `"platform" outside whitelist`,
name: `"platform" outside allowed list`,
fs: map[string][]byte{
"Android.bp": []byte(`
cc_library {
name: "outside_whitelist",
name: "outside_allowed_list",
platform: {
shared_libs: ["libfoo"],
},
}`),
},
expectedErrors: []string{
`module "outside_whitelist": violates neverallow`,
`module "outside_allowed_list": violates neverallow`,
},
},
{

View File

@@ -319,7 +319,7 @@ type productVariables struct {
PackageNameOverrides []string `json:",omitempty"`
EnforceSystemCertificate *bool `json:",omitempty"`
EnforceSystemCertificateWhitelist []string `json:",omitempty"`
EnforceSystemCertificateAllowList []string `json:",omitempty"`
ProductHiddenAPIStubs []string `json:",omitempty"`
ProductHiddenAPIStubsSystem []string `json:",omitempty"`

View File

@@ -64,13 +64,14 @@ var (
usesTag = dependencyTag{name: "uses"}
androidAppTag = dependencyTag{name: "androidApp", payload: true}
rroTag = dependencyTag{name: "rro", payload: true}
apexAvailWl = makeApexAvailableWhitelist()
inverseApexAvailWl = invertApexWhiteList(apexAvailWl)
apexAvailBaseline = makeApexAvailableBaseline()
inverseApexAvailBaseline = invertApexBaseline(apexAvailBaseline)
)
// Transform the map of apex -> modules to module -> apexes.
func invertApexWhiteList(m map[string][]string) map[string][]string {
func invertApexBaseline(m map[string][]string) map[string][]string {
r := make(map[string][]string)
for apex, modules := range m {
for _, module := range modules {
@@ -80,16 +81,16 @@ func invertApexWhiteList(m map[string][]string) map[string][]string {
return r
}
// Retrieve the while list of apexes to which the supplied module belongs.
func WhitelistedApexAvailable(moduleName string) []string {
return inverseApexAvailWl[normalizeModuleName(moduleName)]
// Retrieve the baseline of apexes to which the supplied module belongs.
func BaselineApexAvailable(moduleName string) []string {
return inverseApexAvailBaseline[normalizeModuleName(moduleName)]
}
// This is a map from apex to modules, which overrides the
// apex_available setting for that particular module to make
// it available for the apex regardless of its setting.
// TODO(b/147364041): remove this
func makeApexAvailableWhitelist() map[string][]string {
func makeApexAvailableBaseline() map[string][]string {
// The "Module separator"s below are employed to minimize merge conflicts.
m := make(map[string][]string)
//
@@ -906,17 +907,17 @@ func apexUsesMutator(mctx android.BottomUpMutatorContext) {
}
var (
useVendorWhitelistKey = android.NewOnceKey("useVendorWhitelist")
useVendorAllowListKey = android.NewOnceKey("useVendorAllowList")
)
// useVendorWhitelist returns the list of APEXes which are allowed to use_vendor.
// useVendorAllowList returns the list of APEXes which are allowed to use_vendor.
// When use_vendor is used, native modules are built with __ANDROID_VNDK__ and __ANDROID_APEX__,
// which may cause compatibility issues. (e.g. libbinder)
// Even though libbinder restricts its availability via 'apex_available' property and relies on
// yet another macro __ANDROID_APEX_<NAME>__, we restrict usage of "use_vendor:" from other APEX modules
// to avoid similar problems.
func useVendorWhitelist(config android.Config) []string {
return config.Once(useVendorWhitelistKey, func() interface{} {
func useVendorAllowList(config android.Config) []string {
return config.Once(useVendorAllowListKey, func() interface{} {
return []string{
// swcodec uses "vendor" variants for smaller size
"com.android.media.swcodec",
@@ -925,11 +926,11 @@ func useVendorWhitelist(config android.Config) []string {
}).([]string)
}
// setUseVendorWhitelistForTest overrides useVendorWhitelist and must be
// called before the first call to useVendorWhitelist()
func setUseVendorWhitelistForTest(config android.Config, whitelist []string) {
config.Once(useVendorWhitelistKey, func() interface{} {
return whitelist
// setUseVendorAllowListForTest overrides useVendorAllowList and must be
// called before the first call to useVendorAllowList()
func setUseVendorAllowListForTest(config android.Config, allowList []string) {
config.Once(useVendorAllowListKey, func() interface{} {
return allowList
})
}
@@ -1027,7 +1028,7 @@ type apexBundleProperties struct {
// List of providing APEXes' names so that this APEX can depend on provided shared libraries.
Uses []string
// A txt file containing list of files that are whitelisted to be included in this APEX.
// A txt file containing list of files that are allowed to be included in this APEX.
Whitelisted_files *string
// package format of this apex variant; could be non-flattened, flattened, or zip.
@@ -1367,7 +1368,7 @@ func (a *apexBundle) combineProperties(ctx android.BottomUpMutatorContext) {
}
func (a *apexBundle) DepsMutator(ctx android.BottomUpMutatorContext) {
if proptools.Bool(a.properties.Use_vendor) && !android.InList(a.Name(), useVendorWhitelist(ctx.Config())) {
if proptools.Bool(a.properties.Use_vendor) && !android.InList(a.Name(), useVendorAllowList(ctx.Config())) {
ctx.PropertyErrorf("use_vendor", "not allowed to set use_vendor: true")
}
@@ -1839,7 +1840,7 @@ func (a *apexBundle) checkApexAvailability(ctx android.ModuleContext) {
return false
}
if to.AvailableFor(apexName) || whitelistedApexAvailable(apexName, toName) {
if to.AvailableFor(apexName) || baselineApexAvailable(apexName, toName) {
return true
}
ctx.ModuleErrorf("%q requires %q that is not available for the APEX. Dependency path:%s", fromName, toName, ctx.GetPathString(true))
@@ -2271,16 +2272,16 @@ func (a *apexBundle) checkJavaStableSdkVersion(ctx android.ModuleContext) {
})
}
func whitelistedApexAvailable(apex, moduleName string) bool {
func baselineApexAvailable(apex, moduleName string) bool {
key := apex
moduleName = normalizeModuleName(moduleName)
if val, ok := apexAvailWl[key]; ok && android.InList(moduleName, val) {
if val, ok := apexAvailBaseline[key]; ok && android.InList(moduleName, val) {
return true
}
key = android.AvailableToAnyApex
if val, ok := apexAvailWl[key]; ok && android.InList(moduleName, val) {
if val, ok := apexAvailBaseline[key]; ok && android.InList(moduleName, val) {
return true
}

View File

@@ -1143,7 +1143,7 @@ func TestApexDependsOnLLNDKTransitively(t *testing.T) {
symbol_file: "",
}
`, func(fs map[string][]byte, config android.Config) {
setUseVendorWhitelistForTest(config, []string{"myapex"})
setUseVendorAllowListForTest(config, []string{"myapex"})
}, withUnbundledBuild)
// Ensure that LLNDK dep is not included
@@ -1870,7 +1870,7 @@ func TestUseVendor(t *testing.T) {
apex_available: [ "myapex" ],
}
`, func(fs map[string][]byte, config android.Config) {
setUseVendorWhitelistForTest(config, []string{"myapex"})
setUseVendorAllowListForTest(config, []string{"myapex"})
})
inputsList := []string{}
@@ -1903,9 +1903,9 @@ func TestUseVendorRestriction(t *testing.T) {
private_key: "testkey.pem",
}
`, func(fs map[string][]byte, config android.Config) {
setUseVendorWhitelistForTest(config, []string{""})
setUseVendorAllowListForTest(config, []string{""})
})
// no error with whitelist
// no error with allow list
testApex(t, `
apex {
name: "myapex",
@@ -1918,7 +1918,7 @@ func TestUseVendorRestriction(t *testing.T) {
private_key: "testkey.pem",
}
`, func(fs map[string][]byte, config android.Config) {
setUseVendorWhitelistForTest(config, []string{"myapex"})
setUseVendorAllowListForTest(config, []string{"myapex"})
})
}
@@ -3683,7 +3683,7 @@ func TestApexUsesFailsIfUseVenderMismatch(t *testing.T) {
private_key: "testkey.pem",
}
`, func(fs map[string][]byte, config android.Config) {
setUseVendorWhitelistForTest(config, []string{"myapex"})
setUseVendorAllowListForTest(config, []string{"myapex"})
})
}

View File

@@ -165,13 +165,13 @@ var (
diffApexContentRule = pctx.StaticRule("diffApexContentRule", blueprint.RuleParams{
Command: `diff --unchanged-group-format='' \` +
`--changed-group-format='%<' \` +
`${image_content_file} ${whitelisted_files_file} || (` +
`${image_content_file} ${allowed_files_file} || (` +
`echo -e "New unexpected files were added to ${apex_module_name}." ` +
` "To fix the build run following command:" && ` +
`echo "system/apex/tools/update_whitelist.sh ${whitelisted_files_file} ${image_content_file}" && ` +
`echo "system/apex/tools/update_allowed_list.sh ${allowed_files_file} ${image_content_file}" && ` +
`exit 1); touch ${out}`,
Description: "Diff ${image_content_file} and ${whitelisted_files_file}",
}, "image_content_file", "whitelisted_files_file", "apex_module_name")
Description: "Diff ${image_content_file} and ${allowed_files_file}",
}, "image_content_file", "allowed_files_file", "apex_module_name")
)
func (a *apexBundle) buildManifest(ctx android.ModuleContext, provideNativeLibs, requireNativeLibs []string) {
@@ -402,7 +402,7 @@ func (a *apexBundle) buildUnflattenedApex(ctx android.ModuleContext) {
},
})
implicitInputs = append(implicitInputs, imageContentFile)
whitelistedFilesFile := android.PathForModuleSrc(ctx, proptools.String(a.properties.Whitelisted_files))
allowedFilesFile := android.PathForModuleSrc(ctx, proptools.String(a.properties.Whitelisted_files))
phonyOutput := android.PathForModuleOut(ctx, a.Name()+"-diff-phony-output")
ctx.Build(pctx, android.BuildParams{
@@ -411,7 +411,7 @@ func (a *apexBundle) buildUnflattenedApex(ctx android.ModuleContext) {
Output: phonyOutput,
Description: "diff apex image content",
Args: map[string]string{
"whitelisted_files_file": whitelistedFilesFile.String(),
"allowed_files_file": allowedFilesFile.String(),
"image_content_file": imageContentFile.String(),
"apex_module_name": a.Name(),
},

View File

@@ -514,7 +514,7 @@ func (compiler *baseCompiler) compilerFlags(ctx ModuleContext, flags Flags, deps
flags.Local.CFlags = append(flags.Local.CFlags, "-fopenmp")
}
// Exclude directories from manual binder interface whitelisting.
// Exclude directories from manual binder interface allowed list.
//TODO(b/145621474): Move this check into IInterface.h when clang-tidy no longer uses absolute paths.
if android.HasAnyPrefix(ctx.ModuleDir(), allowedManualInterfacePaths) {
flags.Local.CFlags = append(flags.Local.CFlags, "-DDO_NOT_CHECK_MANUAL_BINDER_INTERFACES")

View File

@@ -691,9 +691,9 @@ func processMainCert(m android.ModuleBase, certPropValue string, certificates []
systemCertPath := ctx.Config().DefaultAppCertificateDir(ctx).String()
if strings.HasPrefix(certPath, systemCertPath) {
enforceSystemCert := ctx.Config().EnforceSystemCertificate()
whitelist := ctx.Config().EnforceSystemCertificateWhitelist()
allowed := ctx.Config().EnforceSystemCertificateAllowList()
if enforceSystemCert && !inList(m.Name(), whitelist) {
if enforceSystemCert && !inList(m.Name(), allowed) {
ctx.PropertyErrorf("certificate", "The module in product partition cannot be signed with certificate in system.")
}
}

View File

@@ -51,7 +51,7 @@ type DeviceForHost struct {
// java_device_for_host makes the classes.jar output of a device java_library module available to host
// java_library modules.
//
// It is rarely necessary, and its usage is restricted to a few whitelisted projects.
// It is rarely necessary, and its usage is restricted to a few allowed projects.
func DeviceForHostFactory() android.Module {
module := &DeviceForHost{}
@@ -68,7 +68,7 @@ type HostForDevice struct {
// java_host_for_device makes the classes.jar output of a host java_library module available to device
// java_library modules.
//
// It is rarely necessary, and its usage is restricted to a few whitelisted projects.
// It is rarely necessary, and its usage is restricted to a few allowed projects.
func HostForDeviceFactory() android.Module {
module := &HostForDevice{}

View File

@@ -1,5 +1,5 @@
# Additional owner/reviewers for rust rules, including parent directory owners.
per-file * = chh@google.com, ivanlozano@google.com, jeffv@google.com, srhines@google.com
# Limited owners/reviewers of the whitelist.
per-file whitelist.go = chh@google.com, ivanlozano@google.com, jeffv@google.com, jgalenson@google.com, srhines@google.com
# Limited owners/reviewers of the allowed list.
per-file allowed_list.go = chh@google.com, ivanlozano@google.com, jeffv@google.com, jgalenson@google.com, srhines@google.com

View File

@@ -10,7 +10,7 @@ bootstrap_go_package {
"arm64_device.go",
"global.go",
"toolchain.go",
"whitelist.go",
"allowed_list.go",
"x86_darwin_host.go",
"x86_linux_host.go",
"x86_device.go",

View File

@@ -22,6 +22,7 @@ import (
"android/soong/apex"
"android/soong/cc"
"github.com/google/blueprint"
"github.com/google/blueprint/proptools"
@@ -700,8 +701,8 @@ func (s *snapshotBuilder) AddPrebuiltModule(member android.SdkMember, moduleType
if apexAware, ok := variant.(interface{ ApexAvailable() []string }); ok {
apexAvailable := apexAware.ApexAvailable()
// Add in any white listed apex available settings.
apexAvailable = append(apexAvailable, apex.WhitelistedApexAvailable(member.Name())...)
// Add in any baseline apex available settings.
apexAvailable = append(apexAvailable, apex.BaselineApexAvailable(member.Name())...)
if len(apexAvailable) > 0 {
// Remove duplicates and sort.