Merge "Enforce permitted_packages for Q+ and R+ modules" into rvc-dev

This commit is contained in:
TreeHugger Robot
2020-06-22 17:55:16 +00:00
committed by Android (Google) Code Review
3 changed files with 242 additions and 0 deletions

View File

@@ -688,6 +688,55 @@ func makeApexAvailableBaseline() map[string][]string {
return m
}
// DO NOT EDIT! These are the package prefixes that are exempted from being AOT'ed by ART.
// Adding code to the bootclasspath in new packages will cause issues on module update.
func qModulesPackages() map[string][]string {
return map[string][]string{
"com.android.conscrypt": []string{
"android.net.ssl",
"com.android.org.conscrypt",
},
"com.android.media": []string{
"android.media",
},
}
}
// DO NOT EDIT! These are the package prefixes that are exempted from being AOT'ed by ART.
// Adding code to the bootclasspath in new packages will cause issues on module update.
func rModulesPackages() map[string][]string {
return map[string][]string{
"com.android.mediaprovider": []string{
"android.provider",
},
"com.android.permission": []string{
"android.permission",
"android.app.role",
"com.android.permission",
"com.android.role",
},
"com.android.sdkext": []string{
"android.os.ext",
},
"com.android.os.statsd": []string{
"android.app",
"android.os",
"android.util",
"com.android.internal.statsd",
"com.android.server.stats",
},
"com.android.wifi": []string{
"com.android.server.wifi",
"com.android.wifi.x",
"android.hardware.wifi",
"android.net.wifi",
},
"com.android.tethering": []string{
"android.net",
},
}
}
func init() {
android.RegisterModuleType("apex", BundleFactory)
android.RegisterModuleType("apex_test", testApexBundleFactory)
@@ -705,6 +754,24 @@ func init() {
sort.Strings(*apexFileContextsInfos)
ctx.Strict("APEX_FILE_CONTEXTS_INFOS", strings.Join(*apexFileContextsInfos, " "))
})
android.AddNeverAllowRules(createApexPermittedPackagesRules(qModulesPackages())...)
android.AddNeverAllowRules(createApexPermittedPackagesRules(rModulesPackages())...)
}
func createApexPermittedPackagesRules(modules_packages map[string][]string) []android.Rule {
rules := make([]android.Rule, 0, len(modules_packages))
for module_name, module_packages := range modules_packages {
permitted_packages_rule := android.NeverAllow().
BootclasspathJar().
With("apex_available", module_name).
WithMatcher("permitted_packages", android.NotInList(module_packages)).
Because("jars that are part of the " + module_name +
" module may only allow these packages: " + strings.Join(module_packages, ",") +
". Please jarjar or move code around.")
rules = append(rules, permitted_packages_rule)
}
return rules
}
func RegisterPreDepsMutators(ctx android.RegisterMutatorsContext) {