Merge "Revert "Enable genrule sandboxing by default"" into main am: 2db3a45d8d
am: af1f9a68f2
Original change: https://android-review.googlesource.com/c/platform/build/+/2794133 Change-Id: I9ed8bbba3daa906d0ba9b960323b619bdcd60778 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
4d06f4d22a
3 changed files with 1 additions and 16 deletions
|
@ -1,14 +1,5 @@
|
||||||
# Build System Changes for Android.mk/Android.bp Writers
|
# Build System Changes for Android.mk/Android.bp Writers
|
||||||
|
|
||||||
## Soong genrules are now sandboxed
|
|
||||||
|
|
||||||
Previously, soong genrules could access any files in the source tree, without specifying them as
|
|
||||||
inputs. This makes them incorrect in incremental builds, and incompatible with RBE and Bazel.
|
|
||||||
|
|
||||||
Now, genrules are sandboxed so they can only access their listed srcs. Modules denylisted in
|
|
||||||
genrule/allowlists.go are exempt from this. You can also set `BUILD_BROKEN_GENRULE_SANDBOXING`
|
|
||||||
in board config to disable this behavior.
|
|
||||||
|
|
||||||
## Partitions are no longer affected by previous builds
|
## Partitions are no longer affected by previous builds
|
||||||
|
|
||||||
Partition builds used to include everything in their staging directories, and building an
|
Partition builds used to include everything in their staging directories, and building an
|
||||||
|
|
|
@ -188,7 +188,6 @@ _build_broken_var_list := \
|
||||||
BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE \
|
BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE \
|
||||||
BUILD_BROKEN_VINTF_PRODUCT_COPY_FILES \
|
BUILD_BROKEN_VINTF_PRODUCT_COPY_FILES \
|
||||||
BUILD_BROKEN_INCORRECT_PARTITION_IMAGES \
|
BUILD_BROKEN_INCORRECT_PARTITION_IMAGES \
|
||||||
BUILD_BROKEN_GENRULE_SANDBOXING \
|
|
||||||
|
|
||||||
_build_broken_var_list += \
|
_build_broken_var_list += \
|
||||||
$(foreach m,$(AVAILABLE_BUILD_MODULE_TYPES) \
|
$(foreach m,$(AVAILABLE_BUILD_MODULE_TYPES) \
|
||||||
|
|
|
@ -16,10 +16,6 @@ endif
|
||||||
# PRODUCT_AFDO_PROFILES takes precedence over product-agnostic profiles in AFDO_PROFILES
|
# PRODUCT_AFDO_PROFILES takes precedence over product-agnostic profiles in AFDO_PROFILES
|
||||||
ALL_AFDO_PROFILES := $(PRODUCT_AFDO_PROFILES) $(AFDO_PROFILES)
|
ALL_AFDO_PROFILES := $(PRODUCT_AFDO_PROFILES) $(AFDO_PROFILES)
|
||||||
|
|
||||||
ifneq (,$(filter-out environment undefined,$(origin GENRULE_SANDBOXING)))
|
|
||||||
$(error GENRULE_SANDBOXING can only be provided via an environment variable, use BUILD_BROKEN_GENRULE_SANDBOXING to disable genrule sandboxing in board config)
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(WRITE_SOONG_VARIABLES),true)
|
ifeq ($(WRITE_SOONG_VARIABLES),true)
|
||||||
|
|
||||||
# Create soong.variables with copies of makefile settings. Runs every build,
|
# Create soong.variables with copies of makefile settings. Runs every build,
|
||||||
|
@ -285,8 +281,7 @@ $(call add_json_list, BuildBrokenPluginValidation, $(BUILD_BROKEN_PLUGIN
|
||||||
$(call add_json_bool, BuildBrokenClangProperty, $(filter true,$(BUILD_BROKEN_CLANG_PROPERTY)))
|
$(call add_json_bool, BuildBrokenClangProperty, $(filter true,$(BUILD_BROKEN_CLANG_PROPERTY)))
|
||||||
$(call add_json_bool, BuildBrokenClangAsFlags, $(filter true,$(BUILD_BROKEN_CLANG_ASFLAGS)))
|
$(call add_json_bool, BuildBrokenClangAsFlags, $(filter true,$(BUILD_BROKEN_CLANG_ASFLAGS)))
|
||||||
$(call add_json_bool, BuildBrokenClangCFlags, $(filter true,$(BUILD_BROKEN_CLANG_CFLAGS)))
|
$(call add_json_bool, BuildBrokenClangCFlags, $(filter true,$(BUILD_BROKEN_CLANG_CFLAGS)))
|
||||||
# Use the value of GENRULE_SANDBOXING if set, otherwise use the inverse of BUILD_BROKEN_GENRULE_SANDBOXING
|
$(call add_json_bool, GenruleSandboxing, $(filter true,$(GENRULE_SANDBOXING)))
|
||||||
$(call add_json_bool, GenruleSandboxing, $(if $(GENRULE_SANDBOXING),$(filter true,$(GENRULE_SANDBOXING)),$(if $(filter true,$(BUILD_BROKEN_GENRULE_SANDBOXING)),,true)))
|
|
||||||
$(call add_json_bool, BuildBrokenEnforceSyspropOwner, $(filter true,$(BUILD_BROKEN_ENFORCE_SYSPROP_OWNER)))
|
$(call add_json_bool, BuildBrokenEnforceSyspropOwner, $(filter true,$(BUILD_BROKEN_ENFORCE_SYSPROP_OWNER)))
|
||||||
$(call add_json_bool, BuildBrokenTrebleSyspropNeverallow, $(filter true,$(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW)))
|
$(call add_json_bool, BuildBrokenTrebleSyspropNeverallow, $(filter true,$(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW)))
|
||||||
$(call add_json_bool, BuildBrokenUsesSoongPython2Modules, $(filter true,$(BUILD_BROKEN_USES_SOONG_PYTHON2_MODULES)))
|
$(call add_json_bool, BuildBrokenUsesSoongPython2Modules, $(filter true,$(BUILD_BROKEN_USES_SOONG_PYTHON2_MODULES)))
|
||||||
|
|
Loading…
Reference in a new issue