Using SDK (current, system_current, module_current, or <api_version>)
while at the same time depending on "framework" doesn't make sense
because framework anyway provides all APIs including hidden ones. This
is not only uncessary but also error prone because the availability of a
private method in a class depends on whether the class is part of the
SDK or not.
Add a neverallow rule for prohibiting that. Note that "core_*" SDKs are
allowed because there's no overlap between "framework" and the core-Java
SDKs.
Bug: 227528906
Test: m nothing on git_master
Change-Id: I0605075aef20c75db084beeedcbf49a642573e69
(cherry-pick of ag/17524387 into aosp)
Summary:
- updates the Q and R maps, the new keys are the bcp jars and not the
apexes. neverallow build rules ensure that these bcp jars have a
restricted set of permitted_packages
- remove BootclasspathJar from the neverallow rule. This is no longer
necessary since the keys in the maps are the bootjars themselves, and
not apexes
Bug: 205289292
Test: In build/soong, go test ./apex
Change-Id: Icb91de934181a8b6f085e03a0ce8c5e08504ff94
Merged-In: Icb91de934181a8b6f085e03a0ce8c5e08504ff94
(cherry picked from commit 440ff96728)
This reverts commit 1fdd6ca88a.
Reason for revert: b/205289292 tracks the real fix for this
Test: presubmit
Change-Id: I5a2edaf4f930dafa26659f85d9425e9041c72275
Merged-In: I5a2edaf4f930dafa26659f85d9425e9041c72275
The ART AOT exemption only applies to Q/R/S, so module jars that have
min_sdk T+ do not need to follow the module package restriction, even if
they are part of a Q/R/S module (but not loaded on Q/R/S).
Relax the restriction to only apply to jars that have min_sdk before T.
Bug: 208773835
Test: m (runs apex tests)
Change-Id: I2c3ad8984ca05ad763bf6162bd478f93ab4ee650
Revert submission 1795972-Convert security/Android.mk to Android.bp
Reason for revert: http://b/206976319 Broken build 7928060 on aosp-master on sdk_arm64-sdk
Reverted Changes:
I0e0e7f677:Split property and file contexts modules
I5596d6f00:Add seapp_contexts to allowlist of makefile goal
If685e5ccc:Convert security/Android.mk to Android.bp
Change-Id: I8cf8c0bc2f88172bb3bfa850bbd7ce6daa170c3d
This is an interim solution before seapp_contexts and seapp_neverallows
are migrated into Soong. CtsSecurityHostTests needs these two modules.
Bug: 194096505
Test: build
Change-Id: I5596d6f00b957afd86c752501c1e83b3d4089d9e
The Android SDK has been built with Make up until now, monolithically,
then split up into several sdk-repo zip files for different purposes.
The Mac and Windows SDKs really only need to contain the platform-tools
and build-tools pieces, but due to this monolithic sdk zip, we had to
build the whole SDK first.
This adds an `android_sdk_repo_host` module that can build these
platform-tools and build-tools zips.
Bug: 187222815
Change-Id: I55809e1d7447dd65e22461f921b2b8abb6d5f822
Revert "Add ramdisk_available to init_first_stage's deps"
Revert submission 15071196-init_first_stage_soong
Reason for revert: fixes b/192248690
Reverted Changes:
I23cf4f975:Add ramdisk_available to init_first_stage's deps
Icd98c7e24:Add ramdisk_available to init_first_stage's deps
If9da9ba16:Add ramdisk_available to init_first_stage's deps
Ibc8668029:Add ramdisk_available to init_first_stage's deps
I3b4b8c475:Add ramdisk_available to init_first_stage's deps
I59cd149e0:Completely migrate init first stage to Soong
I36d789578:Add ramdisk_available to init_first_stage's deps
I2a0daa612:Add BUILD_USES_RECOVERY_AS_BOOT to soong config
Ic76c325ce:Directly create ramdisk dirs in ramdisk image rule...
I4c5374deb:Add BOARD_BUILD_SYSTEM_ROOT_IMAGE to config vars
I8aab5faf3:Add ramdisk_available to init_first_stage's deps
I9d5a10661:Add ramdisk_available to init_first_stage's deps
Iaa2edeb4a:Add ramdisk_available to init_first_stage's deps
I7cb582ca0:Update init_first_stage
I06091d15e:Add ramdisk_available to init_first_stage's deps
I8bdb8dda3:Add ramdisk_available to init_first_stage's deps
I7436b8dd1:Add ramdisk_available to init_first_stage's deps
I39693fd86:Add ramdisk_available to init_first_stage's deps
I0a9ba90f0:Add ramdisk_available to init_first_stage's deps
Ib66b4c4ea:Add ramdisk_available to init_first_stage's deps
I31ce63d23:Add ramdisk_available to init_first_stage's deps
Icb580f97c:Add ramdisk_available to init_first_stage's deps
I044a075b7:Add ramdisk_available to init_first_stage's deps
I33164a7e7:Fix ndk and aml arch order
Ib8d92904a:Add ramdisk_available to sysprop_library
Ibc3516453:Add install_in_root to cc_binary
Change-Id: I3f48a1bee726c7c2b38c9bdc501b2a32337eaab7
To support init_first_stage, install_in_root property is added to
cc_binary. The output is installed to {partition}, rather than
{partition}/{mount_point}/bin.
Bug: 187196593
Test: build init_first_stage
Change-Id: Ibc351645308676ed188f748972eb6312c9cbd64f
Merged-In: Ibc351645308676ed188f748972eb6312c9cbd64f
To support init_first_stage, install_in_root property is added to
cc_binary. The output is installed to {partition}, rather than
{partition}/{mount_point}/bin.
Bug: 187196593
Test: build init_first_stage
Change-Id: Ibc351645308676ed188f748972eb6312c9cbd64f
Further restrictions on a restricting build configuration. Before, we
restricted certain paths from being included. Now, we restrict certain
paths from including.
This adds system/libfmq for now, but I'm planning to add more in the
future, as they are cleaned up.
Bug: 35624006
Test: m nothing
Change-Id: I913f190f93ab63059ee0372d342daa8f5584806b
Adds PrepareForTestWithNeverallowRules to make it easy to test
neverallow rules. Avoid exporting any unnecessary neverallow related
methods from the android package.
Bug: 181070625
Test: m nothing
Change-Id: Idfc6955cb23f1a4d1790be7879388154b03f3980
Not entirely sure what the history behind requiring only libcore
projects use this, but it is a bit annoying to have to allow-list every
use.
Bug: 173606718
Test: m nothing
Change-Id: I66f71e67d3f17e7f983c8537dff537fe8419da95
The modules sources have been moved, update the sdk variant whitelist.
Bug: 156286599
Test: m
Exempt-From-Owner-Approval: cherry-pick from internal
Change-Id: Idbd02b17b1c741f1dc20a3742ff57e8469a846c0
Merged-In: Idbd02b17b1c741f1dc20a3742ff57e8469a846c0
Allow modules under art/test to use `sdk_version: "none"`. This is so
that ART run-test module definitions can use the same settings as
Libcore tests:
sdk_version: "none",
system_modules: "core-all-system-modules",
Test: m nothing
Bug: 147814778
Change-Id: Ibb74d6a06a6609be511403c51ca7a02204bf606f
Q+ and R+ mainline modules may only add code in a restricted set of Java
package prefixes, that may never be changed.
If a mainline module owns the Java package prefix "foo.bar", it may have
classes in "foo.bar", "foo.bar.baz", "foo.bar.baz.bat" etc.
Test: m
Bug: 156725734
Change-Id: I30bf510ed473309871469bf439d7c81575450931
ART tests need to explicitly control the compression.
Bug: 157239179
Test: "atest ArtGtestsTarget" with http://go/aog/1302773
Change-Id: I4490aa0a61fa71f830feb6a46dffd8d20fccfc66
ART tests need to explicitly control the compression.
Bug: 157239179
Test: "atest ArtGtestsTarget" with http://go/aog/1302773
Change-Id: I4490aa0a61fa71f830feb6a46dffd8d20fccfc66
Merged-In: I4490aa0a61fa71f830feb6a46dffd8d20fccfc66
Compiling native modules against the NDK disables platform features
like ASAN. For anything shipped on the system image there is no
reason to compile against the NDK. Add a new mutator to Soong that
creates a platform and an SDK variant for modules that set
sdk_version, and ignore sdk_version for the platform variant. The
SDK variant will be used for embedding in APKs that may be installed
on older platforms. Apexes use their own variants that enforce
backwards compatibility.
Test: sdk_test.go
Test: TestJNIPackaging
Bug: 149591340
Change-Id: I7d72934aaee2e1326cc0ba5f29f51f14feec4521
Merged-In: I7d72934aaee2e1326cc0ba5f29f51f14feec4521
(cherry picked from commit 82e192c3ae)
This exposes test func on ValueMatcher and helpers relevant for testing neverallows.
Bug: 153333044
Test: m
Change-Id: Ied07cd33afa537f9d7aa3c33e59f4ac985901a0f
Merged-In: Ied07cd33afa537f9d7aa3c33e59f4ac985901a0f
Exempt-From-Owner-Approval: clean cherry-pick
(cherry picked from commit c5570ac9b1)
This exposes test func on ValueMatcher and helpers relevant for testing neverallows.
Bug: 153333044
Test: m
Change-Id: Ied07cd33afa537f9d7aa3c33e59f4ac985901a0f
Allow the platform stubs to specify sdk_version: none,
and add generic support for a regexp matcher.
Bug: 144149403
Test: m
Change-Id: Icaece0d9797bace8ae9741f7a029b9ea57fcbbb9
Merged-In: Icaece0d9797bace8ae9741f7a029b9ea57fcbbb9
Allow the platform stubs to specify sdk_version: none,
and add generic support for a regexp matcher.
Bug: 144149403
Test: m
Change-Id: Icaece0d9797bace8ae9741f7a029b9ea57fcbbb9
