bp2build: disallow bp2build_available definition with neverallow.

..other than the specified directories. Test: CI Bug: 251197532 Fixes: 251197532 Change-Id: Iec6407c915d2554bbfb62aea4591783208c4f633
2022-10-07 09:54:16 +00:00
parent 538911b686
commit a4b7eed0bd
1 changed files with 19 additions and 0 deletions
--- a/android/neverallow.go
+++ b/android/neverallow.go
@@ -58,6 +58,7 @@ func init() {
 	AddNeverAllowRules(createMakefileGoalRules()...)
 	AddNeverAllowRules(createInitFirstStageRules()...)
 	AddNeverAllowRules(createProhibitFrameworkAccessRules()...)
+	AddNeverAllowRules(createBp2BuildRules()...)
 }

 // Add a NeverAllow rule to the set of rules to apply.
@@ -65,6 +66,24 @@ func AddNeverAllowRules(rules ...Rule) {
 	neverallows = append(neverallows, rules...)
 }

+func createBp2BuildRules() []Rule {
+	rules := []Rule{}
+	bp2buildAvailableAllowedDirs := []string{
+		// Can we just allowlist these modules in allowlists.go?
+		"bionic/libc",
+	}
+
+	for _, dir := range bp2buildAvailableAllowedDirs {
+		rule := NeverAllow().
+			With("bazel_module.bp2build_available", "true").
+			NotIn(dir).
+			Because("disallowed usages of bp2build_available for custom conversion")
+		rules = append(rules, rule)
+	}
+
+	return rules
+}
+
 func createIncludeDirsRules() []Rule {
 	notInIncludeDir := []string{
 		"art",