Merge "Revert "Enable genrule sandboxing by default"" into main am: 2db3a45d8d am: af1f9a68f2

Original change: https://android-review.googlesource.com/c/platform/build/+/2794133

Change-Id: I9ed8bbba3daa906d0ba9b960323b619bdcd60778
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Mateusz Cicheński 2023-10-17 21:37:00 +00:00 committed by Automerger Merge Worker
commit 4d06f4d22a
3 changed files with 1 additions and 16 deletions

View file

@ -1,14 +1,5 @@
# Build System Changes for Android.mk/Android.bp Writers # Build System Changes for Android.mk/Android.bp Writers
## Soong genrules are now sandboxed
Previously, soong genrules could access any files in the source tree, without specifying them as
inputs. This makes them incorrect in incremental builds, and incompatible with RBE and Bazel.
Now, genrules are sandboxed so they can only access their listed srcs. Modules denylisted in
genrule/allowlists.go are exempt from this. You can also set `BUILD_BROKEN_GENRULE_SANDBOXING`
in board config to disable this behavior.
## Partitions are no longer affected by previous builds ## Partitions are no longer affected by previous builds
Partition builds used to include everything in their staging directories, and building an Partition builds used to include everything in their staging directories, and building an

View file

@ -188,7 +188,6 @@ _build_broken_var_list := \
BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE \ BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE \
BUILD_BROKEN_VINTF_PRODUCT_COPY_FILES \ BUILD_BROKEN_VINTF_PRODUCT_COPY_FILES \
BUILD_BROKEN_INCORRECT_PARTITION_IMAGES \ BUILD_BROKEN_INCORRECT_PARTITION_IMAGES \
BUILD_BROKEN_GENRULE_SANDBOXING \
_build_broken_var_list += \ _build_broken_var_list += \
$(foreach m,$(AVAILABLE_BUILD_MODULE_TYPES) \ $(foreach m,$(AVAILABLE_BUILD_MODULE_TYPES) \

View file

@ -16,10 +16,6 @@ endif
# PRODUCT_AFDO_PROFILES takes precedence over product-agnostic profiles in AFDO_PROFILES # PRODUCT_AFDO_PROFILES takes precedence over product-agnostic profiles in AFDO_PROFILES
ALL_AFDO_PROFILES := $(PRODUCT_AFDO_PROFILES) $(AFDO_PROFILES) ALL_AFDO_PROFILES := $(PRODUCT_AFDO_PROFILES) $(AFDO_PROFILES)
ifneq (,$(filter-out environment undefined,$(origin GENRULE_SANDBOXING)))
$(error GENRULE_SANDBOXING can only be provided via an environment variable, use BUILD_BROKEN_GENRULE_SANDBOXING to disable genrule sandboxing in board config)
endif
ifeq ($(WRITE_SOONG_VARIABLES),true) ifeq ($(WRITE_SOONG_VARIABLES),true)
# Create soong.variables with copies of makefile settings. Runs every build, # Create soong.variables with copies of makefile settings. Runs every build,
@ -285,8 +281,7 @@ $(call add_json_list, BuildBrokenPluginValidation, $(BUILD_BROKEN_PLUGIN
$(call add_json_bool, BuildBrokenClangProperty, $(filter true,$(BUILD_BROKEN_CLANG_PROPERTY))) $(call add_json_bool, BuildBrokenClangProperty, $(filter true,$(BUILD_BROKEN_CLANG_PROPERTY)))
$(call add_json_bool, BuildBrokenClangAsFlags, $(filter true,$(BUILD_BROKEN_CLANG_ASFLAGS))) $(call add_json_bool, BuildBrokenClangAsFlags, $(filter true,$(BUILD_BROKEN_CLANG_ASFLAGS)))
$(call add_json_bool, BuildBrokenClangCFlags, $(filter true,$(BUILD_BROKEN_CLANG_CFLAGS))) $(call add_json_bool, BuildBrokenClangCFlags, $(filter true,$(BUILD_BROKEN_CLANG_CFLAGS)))
# Use the value of GENRULE_SANDBOXING if set, otherwise use the inverse of BUILD_BROKEN_GENRULE_SANDBOXING $(call add_json_bool, GenruleSandboxing, $(filter true,$(GENRULE_SANDBOXING)))
$(call add_json_bool, GenruleSandboxing, $(if $(GENRULE_SANDBOXING),$(filter true,$(GENRULE_SANDBOXING)),$(if $(filter true,$(BUILD_BROKEN_GENRULE_SANDBOXING)),,true)))
$(call add_json_bool, BuildBrokenEnforceSyspropOwner, $(filter true,$(BUILD_BROKEN_ENFORCE_SYSPROP_OWNER))) $(call add_json_bool, BuildBrokenEnforceSyspropOwner, $(filter true,$(BUILD_BROKEN_ENFORCE_SYSPROP_OWNER)))
$(call add_json_bool, BuildBrokenTrebleSyspropNeverallow, $(filter true,$(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW))) $(call add_json_bool, BuildBrokenTrebleSyspropNeverallow, $(filter true,$(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW)))
$(call add_json_bool, BuildBrokenUsesSoongPython2Modules, $(filter true,$(BUILD_BROKEN_USES_SOONG_PYTHON2_MODULES))) $(call add_json_bool, BuildBrokenUsesSoongPython2Modules, $(filter true,$(BUILD_BROKEN_USES_SOONG_PYTHON2_MODULES)))