From a4b7eed0bd9fafd3290d65b3c98c539cf6ec62fa Mon Sep 17 00:00:00 2001
From: Jingwen Chen <jingwen@google.com>
Date: Fri, 7 Oct 2022 09:54:16 +0000
Subject: [PATCH] bp2build: disallow bp2build_available definition with
 neverallow.

..other than the specified directories.

Test: CI

Bug: 251197532
Fixes: 251197532
Change-Id: Iec6407c915d2554bbfb62aea4591783208c4f633
---
 android/neverallow.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/android/neverallow.go b/android/neverallow.go
index 00078a025..274523806 100644
--- a/android/neverallow.go
+++ b/android/neverallow.go
@@ -58,6 +58,7 @@ func init() {
 	AddNeverAllowRules(createMakefileGoalRules()...)
 	AddNeverAllowRules(createInitFirstStageRules()...)
 	AddNeverAllowRules(createProhibitFrameworkAccessRules()...)
+	AddNeverAllowRules(createBp2BuildRules()...)
 }
 
 // Add a NeverAllow rule to the set of rules to apply.
@@ -65,6 +66,24 @@ func AddNeverAllowRules(rules ...Rule) {
 	neverallows = append(neverallows, rules...)
 }
 
+func createBp2BuildRules() []Rule {
+	rules := []Rule{}
+	bp2buildAvailableAllowedDirs := []string{
+		// Can we just allowlist these modules in allowlists.go?
+		"bionic/libc",
+	}
+
+	for _, dir := range bp2buildAvailableAllowedDirs {
+		rule := NeverAllow().
+			With("bazel_module.bp2build_available", "true").
+			NotIn(dir).
+			Because("disallowed usages of bp2build_available for custom conversion")
+		rules = append(rules, rule)
+	}
+
+	return rules
+}
+
 func createIncludeDirsRules() []Rule {
 	notInIncludeDir := []string{
 		"art",