resolve merge conflicts of 4cbab13de1
to rvc-dev-plus-aosp am: 8fae3c8472
am: d3080ae30c
am: ff3173188b
Original change: https://googleplex-android-review.googlesource.com/c/platform/build/+/11856223 Change-Id: I9bece0f6b5e992dbac012f25bfa41c1cffa5bef6
This commit is contained in:
commit
9d8f932969
19 changed files with 75 additions and 72 deletions
|
@ -3,7 +3,7 @@ ifeq (true,$(non_system_module))
|
|||
ifneq (,$(filter $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))%,$(LOCAL_CERTIFICATE)))
|
||||
CERTIFICATE_VIOLATION_MODULES += $(LOCAL_MODULE)
|
||||
ifeq (true,$(PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT))
|
||||
$(if $(filter $(LOCAL_MODULE),$(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST)),,\
|
||||
$(if $(filter $(LOCAL_MODULE),$(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST)),,\
|
||||
$(call pretty-error,The module in product partition cannot be signed with certificate in system.))
|
||||
endif
|
||||
endif
|
||||
|
|
|
@ -84,7 +84,7 @@ ifneq ($(NATIVE_COVERAGE),true)
|
|||
my_native_coverage := false
|
||||
endif
|
||||
|
||||
# Exclude directories from manual binder interface whitelisting.
|
||||
# Exclude directories from checking allowed manual binder interface lists.
|
||||
# TODO(b/145621474): Move this check into IInterface.h when clang-tidy no longer uses absolute paths.
|
||||
ifneq (,$(filter $(addsuffix %,$(ALLOWED_MANUAL_INTERFACE_PATHS)),$(LOCAL_PATH)))
|
||||
my_cflags += -DDO_NOT_CHECK_MANUAL_BINDER_INTERFACES
|
||||
|
|
|
@ -149,6 +149,7 @@ $(KATI_obsolete_var \
|
|||
2ND_TARGET_PROJECT_SYSTEM_INCLUDES \
|
||||
,Project include variables have been removed)
|
||||
$(KATI_obsolete_var TARGET_PREFER_32_BIT TARGET_PREFER_32_BIT_APPS TARGET_PREFER_32_BIT_EXECUTABLES)
|
||||
$(KATI_obsolete_var PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST,Use PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST.)
|
||||
|
||||
# Used to force goals to build. Only use for conditionally defined goals.
|
||||
.PHONY: FORCE
|
||||
|
@ -676,7 +677,7 @@ HOST_JDK_TOOLS_JAR := $(ANDROID_JAVA8_HOME)/lib/tools.jar
|
|||
|
||||
APICHECK_COMMAND := $(JAVA) -Xmx4g -jar $(APICHECK) --no-banner --compatible-output=yes
|
||||
|
||||
# Boolean variable determining if the whitelist for compatible properties is enabled
|
||||
# Boolean variable determining if the allow list for compatible properties is enabled
|
||||
PRODUCT_COMPATIBLE_PROPERTY := false
|
||||
ifneq ($(PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE),)
|
||||
PRODUCT_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE)
|
||||
|
|
47
core/main.mk
47
core/main.mk
|
@ -200,8 +200,8 @@ $(KATI_obsolete_var PRODUCT_FULL_TREBLE,\
|
|||
variables like PRODUCT_SEPOLICY_SPLIT should be used until that is \
|
||||
possible.)
|
||||
|
||||
# Sets ro.actionable_compatible_property.enabled to know on runtime whether the whitelist
|
||||
# of actionable compatible properties is enabled or not.
|
||||
# Sets ro.actionable_compatible_property.enabled to know on runtime whether the
|
||||
# allowed list of actionable compatible properties is enabled or not.
|
||||
ifeq ($(PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE),true)
|
||||
ADDITIONAL_SYSTEM_PROPERTIES += ro.actionable_compatible_property.enabled=false
|
||||
else
|
||||
|
@ -1190,7 +1190,7 @@ ifdef FULL_BUILD
|
|||
ifneq (true,$(ALLOW_MISSING_DEPENDENCIES))
|
||||
# Check to ensure that all modules in PRODUCT_PACKAGES exist (opt in per product)
|
||||
ifeq (true,$(PRODUCT_ENFORCE_PACKAGES_EXIST))
|
||||
_whitelist := $(PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST)
|
||||
_allow_list := $(PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST)
|
||||
_modules := $(PRODUCT_PACKAGES)
|
||||
# Strip :32 and :64 suffixes
|
||||
_modules := $(patsubst %:32,%,$(_modules))
|
||||
|
@ -1199,10 +1199,10 @@ ifdef FULL_BUILD
|
|||
# existence if either <module> or the <module>_32 variant.
|
||||
_nonexistent_modules := $(foreach m,$(_modules), \
|
||||
$(if $(or $(ALL_MODULES.$(m).PATH),$(call get-modules-for-2nd-arch,TARGET,$(m))),,$(m)))
|
||||
$(call maybe-print-list-and-error,$(filter-out $(_whitelist),$(_nonexistent_modules)),\
|
||||
$(call maybe-print-list-and-error,$(filter-out $(_allow_list),$(_nonexistent_modules)),\
|
||||
$(INTERNAL_PRODUCT) includes non-existent modules in PRODUCT_PACKAGES)
|
||||
$(call maybe-print-list-and-error,$(filter-out $(_nonexistent_modules),$(_whitelist)),\
|
||||
$(INTERNAL_PRODUCT) includes redundant whitelist entries for non-existent PRODUCT_PACKAGES)
|
||||
$(call maybe-print-list-and-error,$(filter-out $(_nonexistent_modules),$(_allow_list)),\
|
||||
$(INTERNAL_PRODUCT) includes redundant allow list entries for non-existent PRODUCT_PACKAGES)
|
||||
endif
|
||||
|
||||
# Check to ensure that all modules in PRODUCT_HOST_PACKAGES exist
|
||||
|
@ -1246,21 +1246,21 @@ ifdef FULL_BUILD
|
|||
is_asan := $(if $(filter address,$(SANITIZE_TARGET)),true)
|
||||
ifneq (true,$(or $(is_asan),$(DISABLE_ARTIFACT_PATH_REQUIREMENTS)))
|
||||
# Fakes don't get installed, and NDK stubs aren't installed to device.
|
||||
static_whitelist_patterns := $(TARGET_OUT_FAKE)/% $(SOONG_OUT_DIR)/ndk/%
|
||||
static_allowed_patterns := $(TARGET_OUT_FAKE)/% $(SOONG_OUT_DIR)/ndk/%
|
||||
# RROs become REQUIRED by the source module, but are always placed on the vendor partition.
|
||||
static_whitelist_patterns += %__auto_generated_rro_product.apk
|
||||
static_whitelist_patterns += %__auto_generated_rro_vendor.apk
|
||||
static_allowed_patterns += %__auto_generated_rro_product.apk
|
||||
static_allowed_patterns += %__auto_generated_rro_vendor.apk
|
||||
# Auto-included targets are not considered
|
||||
static_whitelist_patterns += $(call product-installed-files,)
|
||||
static_allowed_patterns += $(call product-installed-files,)
|
||||
# $(PRODUCT_OUT)/apex is where shared libraries in APEXes get installed.
|
||||
# The path can be considered as a fake path, as the shared libraries
|
||||
# are installed there just to have symbols files for them under
|
||||
# $(PRODUCT_OUT)/symbols/apex for debugging purpose. The /apex directory
|
||||
# is never compiled into a filesystem image.
|
||||
static_whitelist_patterns += $(PRODUCT_OUT)/apex/%
|
||||
static_allowed_patterns += $(PRODUCT_OUT)/apex/%
|
||||
ifeq (true,$(BOARD_USES_SYSTEM_OTHER_ODEX))
|
||||
# Allow system_other odex space optimization.
|
||||
static_whitelist_patterns += \
|
||||
static_allowed_patterns += \
|
||||
$(TARGET_OUT_SYSTEM_OTHER)/%.odex \
|
||||
$(TARGET_OUT_SYSTEM_OTHER)/%.vdex \
|
||||
$(TARGET_OUT_SYSTEM_OTHER)/%.art
|
||||
|
@ -1276,31 +1276,32 @@ $(call dist-for-goals,droidcore,$(CERTIFICATE_VIOLATION_MODULES_FILENAME))
|
|||
$(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\
|
||||
$(eval requirements := $(PRODUCTS.$(makefile).ARTIFACT_PATH_REQUIREMENTS)) \
|
||||
$(eval ### Verify that the product only produces files inside its path requirements.) \
|
||||
$(eval whitelist := $(PRODUCTS.$(makefile).ARTIFACT_PATH_WHITELIST)) \
|
||||
$(eval allowed := $(PRODUCTS.$(makefile).ARTIFACT_PATH_ALLOWED_LIST)) \
|
||||
$(eval path_patterns := $(call resolve-product-relative-paths,$(requirements),%)) \
|
||||
$(eval whitelist_patterns := $(call resolve-product-relative-paths,$(whitelist))) \
|
||||
$(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \
|
||||
$(eval files := $(call product-installed-files, $(makefile))) \
|
||||
$(eval offending_files := $(filter-out $(path_patterns) $(whitelist_patterns) $(static_whitelist_patterns),$(files))) \
|
||||
$(eval offending_files := $(filter-out $(path_patterns) $(allowed_patterns) $(static_allowed_patterns),$(files))) \
|
||||
$(call maybe-print-list-and-error,$(offending_files),\
|
||||
$(makefile) produces files outside its artifact path requirement. \
|
||||
Allowed paths are $(subst $(space),$(comma)$(space),$(addsuffix *,$(requirements)))) \
|
||||
$(eval unused_whitelist := $(filter-out $(files),$(whitelist_patterns))) \
|
||||
$(call maybe-print-list-and-error,$(unused_whitelist),$(makefile) includes redundant whitelist entries in its artifact path requirement.) \
|
||||
$(eval unused_allowed := $(filter-out $(files),$(allowed_patterns))) \
|
||||
$(call maybe-print-list-and-error,$(unused_allowed),$(makefile) includes redundant allowed entries in its artifact path requirement.) \
|
||||
$(eval ### Optionally verify that nothing else produces files inside this artifact path requirement.) \
|
||||
$(eval extra_files := $(filter-out $(files) $(HOST_OUT)/%,$(product_target_FILES))) \
|
||||
$(eval files_in_requirement := $(filter $(path_patterns),$(extra_files))) \
|
||||
$(eval all_offending_files += $(files_in_requirement)) \
|
||||
$(eval whitelist := $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST)) \
|
||||
$(eval whitelist_patterns := $(call resolve-product-relative-paths,$(whitelist))) \
|
||||
$(eval offending_files := $(filter-out $(whitelist_patterns),$(files_in_requirement))) \
|
||||
$(eval allowed := $(strip $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST) \
|
||||
$(PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST))) \
|
||||
$(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \
|
||||
$(eval offending_files := $(filter-out $(allowed_patterns),$(files_in_requirement))) \
|
||||
$(eval enforcement := $(PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS)) \
|
||||
$(if $(enforcement),\
|
||||
$(call maybe-print-list-and-error,$(offending_files),\
|
||||
$(INTERNAL_PRODUCT) produces files inside $(makefile)s artifact path requirement. \
|
||||
$(PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT)) \
|
||||
$(eval unused_whitelist := $(if $(filter true strict,$(enforcement)),\
|
||||
$(foreach p,$(whitelist_patterns),$(if $(filter $(p),$(extra_files)),,$(p))))) \
|
||||
$(call maybe-print-list-and-error,$(unused_whitelist),$(INTERNAL_PRODUCT) includes redundant artifact path requirement whitelist entries.) \
|
||||
$(eval unused_allowed := $(if $(filter true strict,$(enforcement)),\
|
||||
$(foreach p,$(allowed_patterns),$(if $(filter $(p),$(extra_files)),,$(p))))) \
|
||||
$(call maybe-print-list-and-error,$(unused_allowed),$(INTERNAL_PRODUCT) includes redundant artifact path requirement allowed list entries.) \
|
||||
) \
|
||||
)
|
||||
$(PRODUCT_OUT)/offending_artifacts.txt:
|
||||
|
|
|
@ -321,14 +321,15 @@ _product_list_vars += PRODUCT_EXTRA_VNDK_VERSIONS
|
|||
# partitions uses PLATFORM_VNDK_VERSION.
|
||||
_product_single_value_var += PRODUCT_PRODUCT_VNDK_VERSION
|
||||
|
||||
# Whether the whitelist of actionable compatible properties should be disabled or not
|
||||
# Whether the list of allowed of actionable compatible properties should be disabled or not
|
||||
_product_single_value_vars += PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE
|
||||
|
||||
_product_single_value_vars += PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS
|
||||
_product_single_value_vars += PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT
|
||||
_product_list_vars += PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST
|
||||
_product_list_vars += PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST
|
||||
_product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT
|
||||
_product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST
|
||||
_product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST
|
||||
|
||||
# List of modules that should be forcefully unmarked from being LOCAL_PRODUCT_MODULE, and hence
|
||||
# installed on /system directory by default.
|
||||
|
@ -448,19 +449,19 @@ endef
|
|||
define require-artifacts-in-path
|
||||
$(eval current_mk := $(strip $(word 1,$(_include_stack)))) \
|
||||
$(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_REQUIREMENTS := $(strip $(1))) \
|
||||
$(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_WHITELIST := $(strip $(2))) \
|
||||
$(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_ALLOWED_LIST := $(strip $(2))) \
|
||||
$(eval ARTIFACT_PATH_REQUIREMENT_PRODUCTS := \
|
||||
$(sort $(ARTIFACT_PATH_REQUIREMENT_PRODUCTS) $(current_mk)))
|
||||
endef
|
||||
|
||||
# Makes including non-existent modules in PRODUCT_PACKAGES an error.
|
||||
# $(1): whitelist of non-existent modules to allow.
|
||||
# $(1): list of non-existent modules to allow.
|
||||
define enforce-product-packages-exist
|
||||
$(eval current_mk := $(strip $(word 1,$(_include_stack)))) \
|
||||
$(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST := true) \
|
||||
$(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST := $(1)) \
|
||||
$(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST := $(1)) \
|
||||
$(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST) \
|
||||
$(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST)
|
||||
$(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST)
|
||||
endef
|
||||
|
||||
#
|
||||
|
@ -582,7 +583,7 @@ define strip-product-vars
|
|||
$(foreach v,\
|
||||
$(_product_var_list) \
|
||||
PRODUCT_ENFORCE_PACKAGES_EXIST \
|
||||
PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST, \
|
||||
PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST, \
|
||||
$(eval $(v) := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).$(v)))) \
|
||||
$(eval get-product-var = $$(if $$(filter $$(1),$$(INTERNAL_PRODUCT)),$$($$(2)),$$(PRODUCTS.$$(strip $$(1)).$$(2)))) \
|
||||
$(KATI_obsolete_var PRODUCTS.$(INTERNAL_PRODUCT).$(v),Use $(v) instead) \
|
||||
|
|
|
@ -280,7 +280,7 @@ $(foreach pair,$(PRODUCT_UPDATABLE_BOOT_JARS), \
|
|||
$(error A jar in PRODUCT_UPDATABLE_BOOT_JARS must not be in PRODUCT_BOOT_JARS, but $(jar) is)))
|
||||
|
||||
ENFORCE_SYSTEM_CERTIFICATE := $(PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT)
|
||||
ENFORCE_SYSTEM_CERTIFICATE_WHITELIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST)
|
||||
ENFORCE_SYSTEM_CERTIFICATE_ALLOW_LIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST)
|
||||
|
||||
PRODUCT_OTA_PUBLIC_KEYS := $(sort $(PRODUCT_OTA_PUBLIC_KEYS))
|
||||
PRODUCT_EXTRA_RECOVERY_KEYS := $(sort $(PRODUCT_EXTRA_RECOVERY_KEYS))
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
# be set to a particular module class to enable warnings and errors for that
|
||||
# subtype.
|
||||
|
||||
whitelisted_modules := framework-res__auto_generated_rro
|
||||
allowed_modules := framework-res__auto_generated_rro
|
||||
|
||||
|
||||
ifeq (,$(JAVA_SDK_ENFORCEMENT_ERROR))
|
||||
|
@ -14,7 +14,7 @@ ifeq (,$(JAVA_SDK_ENFORCEMENT_ERROR))
|
|||
endif
|
||||
|
||||
ifeq ($(LOCAL_SDK_VERSION)$(LOCAL_PRIVATE_PLATFORM_APIS),)
|
||||
ifeq (,$(filter $(LOCAL_MODULE),$(whitelisted_modules)))
|
||||
ifeq (,$(filter $(LOCAL_MODULE),$(allowed_modules)))
|
||||
ifneq ($(JAVA_SDK_ENFORCEMENT_WARNING)$(JAVA_SDK_ENFORCEMENT_ERROR),)
|
||||
my_message := Must specify LOCAL_SDK_VERSION or LOCAL_PRIVATE_PLATFORM_APIS,
|
||||
ifeq ($(LOCAL_MODULE_CLASS),$(JAVA_SDK_ENFORCEMENT_ERROR))
|
||||
|
|
|
@ -182,7 +182,7 @@ $(call add_json_list, PackageNameOverrides, $(PRODUCT_PACKAGE_NAME_
|
|||
$(call add_json_list, CertificateOverrides, $(PRODUCT_CERTIFICATE_OVERRIDES))
|
||||
|
||||
$(call add_json_bool, EnforceSystemCertificate, $(ENFORCE_SYSTEM_CERTIFICATE))
|
||||
$(call add_json_list, EnforceSystemCertificateWhitelist, $(ENFORCE_SYSTEM_CERTIFICATE_WHITELIST))
|
||||
$(call add_json_list, EnforceSystemCertificateAllowList, $(ENFORCE_SYSTEM_CERTIFICATE_ALLOW_LIST))
|
||||
|
||||
$(call add_json_list, ProductHiddenAPIStubs, $(PRODUCT_HIDDENAPI_STUBS))
|
||||
$(call add_json_list, ProductHiddenAPIStubsSystem, $(PRODUCT_HIDDENAPI_STUBS_SYSTEM))
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
#
|
||||
# Rules to check if classes in the boot jars are from the whitelisted packages.
|
||||
# Rules to check if classes in the boot jars are from the list of allowed packages.
|
||||
#
|
||||
|
||||
ifneq ($(SKIP_BOOT_JARS_CHECK),true)
|
||||
|
@ -44,14 +44,14 @@ built_boot_jars := $(foreach j, $(boot_jars), \
|
|||
$(call intermediates-dir-for, JAVA_LIBRARIES, $(j),,COMMON)/classes.jar)
|
||||
|
||||
script := build/make/core/tasks/check_boot_jars/check_boot_jars.py
|
||||
whitelist_file := build/make/core/tasks/check_boot_jars/package_whitelist.txt
|
||||
allowed_file := build/make/core/tasks/check_boot_jars/package_allowed_list.txt
|
||||
|
||||
$(stamp): PRIVATE_BOOT_JARS := $(built_boot_jars)
|
||||
$(stamp): PRIVATE_SCRIPT := $(script)
|
||||
$(stamp): PRIVATE_WHITELIST := $(whitelist_file)
|
||||
$(stamp) : $(built_boot_jars) $(script) $(whitelist_file)
|
||||
$(stamp): PRIVATE_ALLOWED := $(allowed_file)
|
||||
$(stamp) : $(built_boot_jars) $(script) $(allowed_file)
|
||||
@echo "Check package name for $(PRIVATE_BOOT_JARS)"
|
||||
$(hide) $(PRIVATE_SCRIPT) $(PRIVATE_WHITELIST) $(PRIVATE_BOOT_JARS)
|
||||
$(hide) $(PRIVATE_SCRIPT) $(PRIVATE_ALLOWED) $(PRIVATE_BOOT_JARS)
|
||||
$(hide) mkdir -p $(dir $@) && touch $@
|
||||
|
||||
.PHONY: check-boot-jars
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"""
|
||||
Check boot jars.
|
||||
|
||||
Usage: check_boot_jars.py <package_whitelist_file> <jar1> <jar2> ...
|
||||
Usage: check_boot_jars.py <package_allow_list_file> <jar1> <jar2> ...
|
||||
"""
|
||||
import logging
|
||||
import os.path
|
||||
|
@ -12,12 +12,12 @@ import subprocess
|
|||
import sys
|
||||
|
||||
|
||||
# The compiled whitelist RE.
|
||||
whitelist_re = None
|
||||
# The compiled allow list RE.
|
||||
allow_list_re = None
|
||||
|
||||
|
||||
def LoadWhitelist(filename):
|
||||
""" Load and compile whitelist regular expressions from filename.
|
||||
def LoadAllowList(filename):
|
||||
""" Load and compile allow list regular expressions from filename.
|
||||
"""
|
||||
lines = []
|
||||
with open(filename, 'r') as f:
|
||||
|
@ -27,19 +27,19 @@ def LoadWhitelist(filename):
|
|||
continue
|
||||
lines.append(line)
|
||||
combined_re = r'^(%s)$' % '|'.join(lines)
|
||||
global whitelist_re
|
||||
global allow_list_re
|
||||
try:
|
||||
whitelist_re = re.compile(combined_re)
|
||||
allow_list_re = re.compile(combined_re)
|
||||
except re.error:
|
||||
logging.exception(
|
||||
'Cannot compile package whitelist regular expression: %r',
|
||||
'Cannot compile package allow list regular expression: %r',
|
||||
combined_re)
|
||||
whitelist_re = None
|
||||
allow_list_re = None
|
||||
return False
|
||||
return True
|
||||
|
||||
|
||||
def CheckJar(whitelist_path, jar):
|
||||
def CheckJar(allow_list_path, jar):
|
||||
"""Check a jar file.
|
||||
"""
|
||||
# Get the list of files inside the jar file.
|
||||
|
@ -53,10 +53,10 @@ def CheckJar(whitelist_path, jar):
|
|||
if f.endswith('.class'):
|
||||
package_name = os.path.dirname(f)
|
||||
package_name = package_name.replace('/', '.')
|
||||
if not package_name or not whitelist_re.match(package_name):
|
||||
if not package_name or not allow_list_re.match(package_name):
|
||||
print >> sys.stderr, ('Error: %s contains class file %s, whose package name %s is empty or'
|
||||
' not in the whitelist %s of packages allowed on the bootclasspath.'
|
||||
% (jar, f, package_name, whitelist_path))
|
||||
' not in the allow list %s of packages allowed on the bootclasspath.'
|
||||
% (jar, f, package_name, allow_list_path))
|
||||
return False
|
||||
return True
|
||||
|
||||
|
@ -65,14 +65,14 @@ def main(argv):
|
|||
if len(argv) < 2:
|
||||
print __doc__
|
||||
return 1
|
||||
whitelist_path = argv[0]
|
||||
allow_list_path = argv[0]
|
||||
|
||||
if not LoadWhitelist(whitelist_path):
|
||||
if not LoadAllowList(allow_list_path):
|
||||
return 1
|
||||
|
||||
passed = True
|
||||
for jar in argv[1:]:
|
||||
if not CheckJar(whitelist_path, jar):
|
||||
if not CheckJar(allow_list_path, jar):
|
||||
passed = False
|
||||
if not passed:
|
||||
return 1
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Boot jar package name whitelist.
|
||||
# Boot jar package name allowed list.
|
||||
# Each line is interpreted as a regular expression.
|
||||
|
||||
###################################################
|
|
@ -15,7 +15,7 @@
|
|||
#
|
||||
|
||||
# Restrict the vendor module owners here.
|
||||
_vendor_owner_whitelist := \
|
||||
_vendor_owner_allowed_list := \
|
||||
asus \
|
||||
audience \
|
||||
atmel \
|
||||
|
@ -87,14 +87,14 @@ _vendor_check_copy_files := $(filter-out $(_vendor_exception_path_prefix),\
|
|||
$(filter vendor/%, $(PRODUCT_COPY_FILES)))
|
||||
ifneq (,$(_vendor_check_copy_files))
|
||||
$(foreach c, $(_vendor_check_copy_files), \
|
||||
$(if $(filter $(_vendor_owner_whitelist), $(call word-colon,3,$(c))),,\
|
||||
$(if $(filter $(_vendor_owner_allowed_list), $(call word-colon,3,$(c))),,\
|
||||
$(error Error: vendor PRODUCT_COPY_FILES file "$(c)" has unknown owner))\
|
||||
$(eval _vendor_module_owner_info += $(call word-colon,2,$(c)):$(call word-colon,3,$(c))))
|
||||
endif
|
||||
_vendor_check_copy_files :=
|
||||
|
||||
$(foreach m, $(_vendor_check_modules), \
|
||||
$(if $(filter $(_vendor_owner_whitelist), $(ALL_MODULES.$(m).OWNER)),,\
|
||||
$(if $(filter $(_vendor_owner_allowed_list), $(ALL_MODULES.$(m).OWNER)),,\
|
||||
$(error Error: vendor module "$(m)" in $(ALL_MODULES.$(m).PATH) with unknown owner \
|
||||
"$(ALL_MODULES.$(m).OWNER)" in product "$(TARGET_PRODUCT)"))\
|
||||
$(if $(ALL_MODULES.$(m).INSTALLED),\
|
||||
|
|
|
@ -33,7 +33,7 @@ ifeq (aosp_arm,$(TARGET_PRODUCT))
|
|||
PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS := relaxed
|
||||
endif
|
||||
|
||||
PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += \
|
||||
PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \
|
||||
|
||||
#
|
||||
# All components inherited here go to system_ext image
|
||||
|
|
|
@ -27,7 +27,7 @@ PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS := relaxed
|
|||
endif
|
||||
|
||||
# TODO (b/138382074): remove following setting after enable product/system_ext
|
||||
PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += \
|
||||
PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \
|
||||
system/product/% \
|
||||
system/system_ext/%
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
# This file lists emulator experimental modules added to PRODUCT_PACKAGES,
|
||||
# only included by targets sdk_phone_x86/64 and sdk_gphone_x86/64
|
||||
|
||||
PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST := \
|
||||
PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST := \
|
||||
system/lib/libemulator_multidisplay_jni.so \
|
||||
system/lib64/libemulator_multidisplay_jni.so \
|
||||
system/priv-app/MultiDisplayProvider/MultiDisplayProvider.apk \
|
||||
|
|
|
@ -28,5 +28,5 @@ PRODUCT_BRAND := generic
|
|||
PRODUCT_DEVICE := generic
|
||||
PRODUCT_NAME := generic
|
||||
|
||||
whitelist := product_manifest.xml
|
||||
$(call enforce-product-packages-exist,$(whitelist))
|
||||
allowed_list := product_manifest.xml
|
||||
$(call enforce-product-packages-exist,$(allowed_list))
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
#
|
||||
|
||||
# Exclude all files under system/product and system/system_ext
|
||||
PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += \
|
||||
PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \
|
||||
system/product/% \
|
||||
system/system_ext/%
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
include $(SRC_TARGET_DIR)/product/gsi_release.mk
|
||||
|
||||
PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += \
|
||||
PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \
|
||||
system/etc/init/init.legacy-gsi.rc \
|
||||
system/etc/init/gsi/init.vndk-27.rc \
|
||||
system/etc/ld.config.vndk_lite.txt \
|
||||
|
|
|
@ -131,13 +131,13 @@ PRODUCT_SYSTEM_MANUFACTURER := Android
|
|||
PRODUCT_SYSTEM_MODEL := mainline
|
||||
PRODUCT_SYSTEM_DEVICE := generic
|
||||
|
||||
_base_mk_whitelist :=
|
||||
_base_mk_allowed_list :=
|
||||
|
||||
_my_whitelist := $(_base_mk_whitelist)
|
||||
_my_allowed_list := $(_base_mk_allowed_list)
|
||||
|
||||
# For mainline, system.img should be mounted at /, so we include ROOT here.
|
||||
_my_paths := \
|
||||
$(TARGET_COPY_OUT_ROOT)/ \
|
||||
$(TARGET_COPY_OUT_SYSTEM)/ \
|
||||
|
||||
$(call require-artifacts-in-path, $(_my_paths), $(_my_whitelist))
|
||||
$(call require-artifacts-in-path, $(_my_paths), $(_my_allowed_list))
|
||||
|
|
Loading…
Reference in a new issue