From afaeb6ae5f38aa93340b43077e6ddf662d09c85e Mon Sep 17 00:00:00 2001 From: Bob Badour Date: Mon, 25 Oct 2021 16:59:56 -0700 Subject: [PATCH] compliance package documentation Bug: 68860345 Bug: 151177513 Bug: 151953481 Test: m all Test: m systemlicense Test: m listshare; out/soong/host/linux-x86/bin/listshare ... Test: m checkshare; out/soong/host/linux-x86/bin/checkshare ... Test: m dumpgraph; out/soong/host/linux-x86/dumpgraph ... Test: m dumpresolutions; out/soong/host/linux-x86/dumpresolutions ... where ... is the path to the .meta_lic file for the system image. In my case if $ export PRODUCT=$(realpath $ANDROID_PRODUCT_OUT --relative-to=$PWD) ... can be expressed as: ${PRODUCT}/gen/META/lic_intermediates/${PRODUCT}/system.img.meta_lic Change-Id: I5d48eababce7bba39795d3668eee86b332cbe43d --- tools/compliance/Android.bp | 1 + tools/compliance/doc.go | 77 +++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 tools/compliance/doc.go diff --git a/tools/compliance/Android.bp b/tools/compliance/Android.bp index ee4a102c24..afb3080d3d 100644 --- a/tools/compliance/Android.bp +++ b/tools/compliance/Android.bp @@ -51,6 +51,7 @@ bootstrap_go_package { "actionset.go", "condition.go", "conditionset.go", + "doc.go", "graph.go", "policy/policy.go", "policy/resolve.go", diff --git a/tools/compliance/doc.go b/tools/compliance/doc.go new file mode 100644 index 0000000000..a47c1cfef0 --- /dev/null +++ b/tools/compliance/doc.go @@ -0,0 +1,77 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +/* + +Package compliance provides an approved means for reading, consuming, and +analyzing license metadata graphs. + +Assuming the license metadata and dependencies are fully and accurately +recorded in the build system, any discrepancy between the official policy for +open source license compliance and this code is a bug in this code. + +A few principal types to understand are LicenseGraph, LicenseCondition, and +ResolutionSet. + +LicenseGraph +------------ + +A LicenseGraph is an immutable graph of the targets and dependencies reachable +from a specific set of root targets. In general, the root targets will be the +artifacts in a release or distribution. While conceptually immutable, parts of +the graph may be loaded or evaluated lazily. + +LicenseCondition +---------------- + +A LicenseCondition is an immutable tuple pairing a condition name with an +originating target. e.g. Per current policy, a static library licensed under an +MIT license would pair a "notice" condition with the static library target, and +a dynamic license licensed under GPL would pair a "restricted" condition with +the dynamic library target. + +ResolutionSet +------------- + +A ResolutionSet is an immutable set of `AttachesTo`, `ActsOn`, `Resolves` +tuples describing how license conditions apply to targets. + +`AttachesTo` is the trigger for acting. Distribution of the target invokes +the policy. + +`ActsOn` is the target to share, give notice for, hide etc. + +`Resolves` is the license condition that the action resolves. + +Remember: Each license condition pairs a condition name with an originating +target so each resolution in a ResolutionSet has two targets it applies to and +one target from which it originates, all of which may be the same target. + +For most condition types, `ActsOn` and `Resolves.Origin` will be the same +target. For example, a notice condition policy means attribution or notice must +be given for the target where the condition originates. Likewise, a proprietary +condition policy means the privacy of the target where the condition originates +must be respected. i.e. The thing acted on is the origin. + +Restricted conditions are different. The infectious nature of restricted often +means sharing code that is not the target where the restricted condition +originates. Linking an MIT library to a GPL library implies a policy to share +the MIT library despite the MIT license having no source sharing requirement. + +In this case, one or more resolution tuples will have the MIT license module in +`ActsOn` and the restricted condition originating at the GPL library module in +`Resolves`. These tuples will `AttachTo` every target that depends on the GPL +library because shipping any of those targets trigger the policy to share the +code. +*/ +package compliance