Merge changes from topic "privapp_allowlist_prop" am: 717840fdfc am: cbc478d1d5 am: 8478c113bf
Original change: https://android-review.googlesource.com/c/platform/build/soong/+/2188697 Change-Id: I71ce87a11b318f7ae3a9817788d973849feba840 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Sam Delmerico
Automerger Merge Worker
58
java/app.go
58
java/app.go
@@ -33,8 +33,17 @@ import (
|
||||
|
||||
func init() {
|
||||
RegisterAppBuildComponents(android.InitRegistrationContext)
|
||||
pctx.HostBinToolVariable("ModifyAllowlistCmd", "modify_permissions_allowlist")
|
||||
}
|
||||
|
||||
var (
|
||||
modifyAllowlist = pctx.AndroidStaticRule("modifyAllowlist",
|
||||
blueprint.RuleParams{
|
||||
Command: "${ModifyAllowlistCmd} $in $packageName $out",
|
||||
CommandDeps: []string{"${ModifyAllowlistCmd}"},
|
||||
}, "packageName")
|
||||
)
|
||||
|
||||
func RegisterAppBuildComponents(ctx android.RegistrationContext) {
|
||||
ctx.RegisterModuleType("android_app", AndroidAppFactory)
|
||||
ctx.RegisterModuleType("android_test", AndroidTestFactory)
|
||||
@@ -115,6 +124,9 @@ type appProperties struct {
|
||||
// Prefer using other specific properties if build behaviour must be changed; avoid using this
|
||||
// flag for anything but neverallow rules (unless the behaviour change is invisible to owners).
|
||||
Updatable *bool
|
||||
|
||||
// Specifies the file that contains the allowlist for this app.
|
||||
Privapp_allowlist *string `android:"path"`
|
||||
}
|
||||
|
||||
// android_app properties that can be overridden by override_android_app
|
||||
@@ -179,6 +191,8 @@ type AndroidApp struct {
|
||||
android.ApexBundleDepsInfo
|
||||
|
||||
javaApiUsedByOutputFile android.ModuleOutPath
|
||||
|
||||
privAppAllowlist android.OptionalPath
|
||||
}
|
||||
|
||||
func (a *AndroidApp) IsInstallable() bool {
|
||||
@@ -205,6 +219,10 @@ func (a *AndroidApp) JniCoverageOutputs() android.Paths {
|
||||
return a.jniCoverageOutputs
|
||||
}
|
||||
|
||||
func (a *AndroidApp) PrivAppAllowlist() android.OptionalPath {
|
||||
return a.privAppAllowlist
|
||||
}
|
||||
|
||||
var _ AndroidLibraryDependency = (*AndroidApp)(nil)
|
||||
|
||||
type Certificate struct {
|
||||
@@ -269,6 +287,10 @@ func (a *AndroidApp) OverridablePropertiesDepsMutator(ctx android.BottomUpMutato
|
||||
ctx.AddDependency(ctx.Module(), certificateTag, cert)
|
||||
}
|
||||
|
||||
if a.appProperties.Privapp_allowlist != nil && !Bool(a.appProperties.Privileged) {
|
||||
ctx.PropertyErrorf("privapp_allowlist", "privileged must be set in order to use privapp_allowlist")
|
||||
}
|
||||
|
||||
for _, cert := range a.appProperties.Additional_certificates {
|
||||
cert = android.SrcIsModule(cert)
|
||||
if cert != "" {
|
||||
@@ -598,6 +620,27 @@ func (a *AndroidApp) InstallApkName() string {
|
||||
return a.installApkName
|
||||
}
|
||||
|
||||
func (a *AndroidApp) createPrivappAllowlist(ctx android.ModuleContext) *android.OutputPath {
|
||||
if a.appProperties.Privapp_allowlist == nil {
|
||||
return nil
|
||||
}
|
||||
if a.overridableAppProperties.Package_name == nil {
|
||||
ctx.PropertyErrorf("privapp_allowlist", "package_name must be set to use privapp_allowlist")
|
||||
}
|
||||
packageName := *a.overridableAppProperties.Package_name
|
||||
fileName := "privapp_allowlist_" + packageName + ".xml"
|
||||
outPath := android.PathForModuleOut(ctx, fileName).OutputPath
|
||||
ctx.Build(pctx, android.BuildParams{
|
||||
Rule: modifyAllowlist,
|
||||
Input: android.PathForModuleSrc(ctx, *a.appProperties.Privapp_allowlist),
|
||||
Output: outPath,
|
||||
Args: map[string]string{
|
||||
"packageName": packageName,
|
||||
},
|
||||
})
|
||||
return &outPath
|
||||
}
|
||||
|
||||
func (a *AndroidApp) generateAndroidBuildActions(ctx android.ModuleContext) {
|
||||
var apkDeps android.Paths
|
||||
|
||||
@@ -733,18 +776,27 @@ func (a *AndroidApp) generateAndroidBuildActions(ctx android.ModuleContext) {
|
||||
BuildBundleModule(ctx, bundleFile, a.exportPackage, jniJarFile, dexJarFile)
|
||||
a.bundleFile = bundleFile
|
||||
|
||||
allowlist := a.createPrivappAllowlist(ctx)
|
||||
if allowlist != nil {
|
||||
a.privAppAllowlist = android.OptionalPathForPath(allowlist)
|
||||
}
|
||||
|
||||
apexInfo := ctx.Provider(android.ApexInfoProvider).(android.ApexInfo)
|
||||
|
||||
// Install the app package.
|
||||
if (Bool(a.Module.properties.Installable) || ctx.Host()) && apexInfo.IsForPlatform() &&
|
||||
!a.appProperties.PreventInstall {
|
||||
|
||||
shouldInstallAppPackage := (Bool(a.Module.properties.Installable) || ctx.Host()) && apexInfo.IsForPlatform() && !a.appProperties.PreventInstall
|
||||
if shouldInstallAppPackage {
|
||||
var extraInstalledPaths android.Paths
|
||||
for _, extra := range a.extraOutputFiles {
|
||||
installed := ctx.InstallFile(a.installDir, extra.Base(), extra)
|
||||
extraInstalledPaths = append(extraInstalledPaths, installed)
|
||||
}
|
||||
ctx.InstallFile(a.installDir, a.outputFile.Base(), a.outputFile, extraInstalledPaths...)
|
||||
|
||||
if a.privAppAllowlist.Valid() {
|
||||
installPath := android.PathForModuleInstall(ctx, "etc", "permissions")
|
||||
ctx.InstallFile(installPath, a.privAppAllowlist.Path().Base(), a.privAppAllowlist.Path())
|
||||
}
|
||||
}
|
||||
|
||||
a.buildAppDependencyInfo(ctx)
|
||||
|
||||
@@ -423,6 +423,10 @@ func (a *AndroidAppImport) ProvenanceMetaDataFile() android.OutputPath {
|
||||
return a.provenanceMetaDataFile
|
||||
}
|
||||
|
||||
func (a *AndroidAppImport) PrivAppAllowlist() android.OptionalPath {
|
||||
return android.OptionalPath{}
|
||||
}
|
||||
|
||||
var dpiVariantGroupType reflect.Type
|
||||
var archVariantGroupType reflect.Type
|
||||
var supportedDpis = []string{"ldpi", "mdpi", "hdpi", "xhdpi", "xxhdpi", "xxxhdpi"}
|
||||
|
||||
@@ -3539,3 +3539,51 @@ func TestTargetSdkVersionMtsTests(t *testing.T) {
|
||||
android.AssertStringDoesContain(t, testCase.desc, manifestFixerArgs, "--targetSdkVersion "+testCase.targetSdkVersionExpected)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPrivappAllowlist(t *testing.T) {
|
||||
testJavaError(t, "privileged must be set in order to use privapp_allowlist", `
|
||||
android_app {
|
||||
name: "foo",
|
||||
srcs: ["a.java"],
|
||||
privapp_allowlist: "perms.xml",
|
||||
}
|
||||
`)
|
||||
|
||||
result := PrepareForTestWithJavaDefaultModules.RunTestWithBp(
|
||||
t,
|
||||
`
|
||||
android_app {
|
||||
name: "foo",
|
||||
srcs: ["a.java"],
|
||||
privapp_allowlist: "perms.xml",
|
||||
privileged: true,
|
||||
package_name: "com.android.foo",
|
||||
sdk_version: "current",
|
||||
}
|
||||
override_android_app {
|
||||
name: "bar",
|
||||
base: "foo",
|
||||
package_name: "com.google.android.foo",
|
||||
}
|
||||
`,
|
||||
)
|
||||
app := result.ModuleForTests("foo", "android_common")
|
||||
overrideApp := result.ModuleForTests("foo", "android_common_bar")
|
||||
|
||||
// verify that privapp allowlist is created
|
||||
app.Output("out/soong/.intermediates/foo/android_common/privapp_allowlist_com.android.foo.xml")
|
||||
overrideApp.Output("out/soong/.intermediates/foo/android_common_bar/privapp_allowlist_com.google.android.foo.xml")
|
||||
expectedAllowlist := "perms.xml"
|
||||
actualAllowlist := app.Rule("modifyAllowlist").Input.String()
|
||||
if expectedAllowlist != actualAllowlist {
|
||||
t.Errorf("expected allowlist to be %q; got %q", expectedAllowlist, actualAllowlist)
|
||||
}
|
||||
overrideActualAllowlist := overrideApp.Rule("modifyAllowlist").Input.String()
|
||||
if expectedAllowlist != overrideActualAllowlist {
|
||||
t.Errorf("expected override allowlist to be %q; got %q", expectedAllowlist, overrideActualAllowlist)
|
||||
}
|
||||
|
||||
// verify that permissions are copied to device
|
||||
app.Output("out/soong/target/product/test_device/system/etc/permissions/privapp_allowlist_com.android.foo.xml")
|
||||
overrideApp.Output("out/soong/target/product/test_device/system/etc/permissions/privapp_allowlist_com.google.android.foo.xml")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user