From 3c306f3d1dc816170b6578ec77534154ede79314 Mon Sep 17 00:00:00 2001
From: Jiyong Park <jiyong@google.com>
Date: Tue, 5 Apr 2022 15:29:53 +0900
Subject: [PATCH] Don't allow using framework and SDK at the same time.

Using SDK (current, system_current, module_current, or <api_version>)
while at the same time depending on "framework" doesn't make sense
because framework anyway provides all APIs including hidden ones. This
is not only uncessary but also error prone because the availability of a
private method in a class depends on whether the class is part of the
SDK or not.

Add a neverallow rule for prohibiting that. Note that "core_*" SDKs are
allowed because there's no overlap between "framework" and the core-Java
SDKs.

Bug: 227528906
Test: m nothing on git_master
Change-Id: I0605075aef20c75db084beeedcbf49a642573e69
---
 android/neverallow.go      | 10 ++++++++++
 android/neverallow_test.go | 15 +++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/android/neverallow.go b/android/neverallow.go
index f87cebbc9..aa47bcaeb 100644
--- a/android/neverallow.go
+++ b/android/neverallow.go
@@ -57,6 +57,7 @@ func init() {
 	AddNeverAllowRules(createUncompressDexRules()...)
 	AddNeverAllowRules(createMakefileGoalRules()...)
 	AddNeverAllowRules(createInitFirstStageRules()...)
+	AddNeverAllowRules(createProhibitFrameworkAccessRules()...)
 }
 
 // Add a NeverAllow rule to the set of rules to apply.
@@ -228,6 +229,15 @@ func createInitFirstStageRules() []Rule {
 	}
 }
 
+func createProhibitFrameworkAccessRules() []Rule {
+	return []Rule{
+		NeverAllow().
+			With("libs", "framework").
+			WithoutMatcher("sdk_version", Regexp("(core_.*|^$)")).
+			Because("framework can't be used when building against SDK"),
+	}
+}
+
 func neverallowMutator(ctx BottomUpMutatorContext) {
 	m, ok := ctx.Module().(Module)
 	if !ok {
diff --git a/android/neverallow_test.go b/android/neverallow_test.go
index 8afe9e046..86f1a378f 100644
--- a/android/neverallow_test.go
+++ b/android/neverallow_test.go
@@ -327,6 +327,21 @@ var neverallowTests = []struct {
 			"Only boot images may be imported as a makefile goal.",
 		},
 	},
+	// Tests for the rule prohibiting the use of framework
+	{
+		name: "prohibit framework",
+		fs: map[string][]byte{
+			"Android.bp": []byte(`
+				java_library {
+					name: "foo",
+					libs: ["framework"],
+					sdk_version: "current",
+				}`),
+		},
+		expectedErrors: []string{
+			"framework can't be used when building against SDK",
+		},
+	},
 }
 
 var prepareForNeverAllowTest = GroupFixturePreparers(