Check package restrictions for Java libs. am: 0975ee0de3

am: f81df9115f

Change-Id: I36ba3c8a96b0e566f79babf213e13737018bcb0c
This commit is contained in:
Vladimir Marko 2019-04-08 13:21:52 -07:00 committed by android-build-merger
commit d20a62f8e1
5 changed files with 119 additions and 0 deletions

View file

@ -79,6 +79,10 @@ func (library *Library) AndroidMk() android.AndroidMkData {
fmt.Fprintln(w, "LOCAL_EXPORT_SDK_LIBRARIES :=", strings.Join(library.exportedSdkLibs, " "))
}
if len(library.additionalCheckedModules) != 0 {
fmt.Fprintln(w, "LOCAL_ADDITIONAL_CHECKED_MODULE +=", strings.Join(library.additionalCheckedModules.Strings(), " "))
}
// Temporary hack: export sources used to compile framework.jar to Make
// to be used for droiddoc
// TODO(ccross): remove this once droiddoc is in soong

View file

@ -113,6 +113,15 @@ var (
},
"rulesFile")
packageCheck = pctx.AndroidStaticRule("packageCheck",
blueprint.RuleParams{
Command: "rm -f $out && " +
"${config.PackageCheckCmd} $in $packages && " +
"touch $out",
CommandDeps: []string{"${config.PackageCheckCmd}"},
},
"packages")
jetifier = pctx.AndroidStaticRule("jetifier",
blueprint.RuleParams{
Command: "${config.JavaCmd} -jar ${config.JetifierJar} -l error -o $out -i $in",
@ -356,6 +365,19 @@ func TransformJarJar(ctx android.ModuleContext, outputFile android.WritablePath,
})
}
func CheckJarPackages(ctx android.ModuleContext, outputFile android.WritablePath,
classesJar android.Path, permittedPackages []string) {
ctx.Build(pctx, android.BuildParams{
Rule: packageCheck,
Description: "packageCheck",
Output: outputFile,
Input: classesJar,
Args: map[string]string{
"packages": strings.Join(permittedPackages, " "),
},
})
}
func TransformJetifier(ctx android.ModuleContext, outputFile android.WritablePath,
inputFile android.Path) {
ctx.Build(pctx, android.BuildParams{

View file

@ -92,6 +92,7 @@ func init() {
pctx.SourcePathVariable("GenKotlinBuildFileCmd", "build/soong/scripts/gen-kotlin-build-file.sh")
pctx.SourcePathVariable("JarArgsCmd", "build/soong/scripts/jar-args.sh")
pctx.SourcePathVariable("PackageCheckCmd", "build/soong/scripts/package-check.sh")
pctx.HostBinToolVariable("ExtractJarPackagesCmd", "extract_jar_packages")
pctx.HostBinToolVariable("SoongZipCmd", "soong_zip")
pctx.HostBinToolVariable("MergeZipsCmd", "merge_zips")

View file

@ -117,6 +117,10 @@ type CompilerProperties struct {
// If set to true, include sources used to compile the module in to the final jar
Include_srcs *bool
// If not empty, classes are restricted to the specified packages and their sub-packages.
// This restriction is checked after applying jarjar rules and including static libs.
Permitted_packages []string
// List of modules to use as annotation processors
Plugins []string
@ -320,6 +324,9 @@ type Module struct {
// expanded Jarjar_rules
expandJarjarRules android.Path
// list of additional targets for checkbuild
additionalCheckedModules android.Paths
hiddenAPI
dexpreopter
}
@ -1196,6 +1203,19 @@ func (j *Module) compile(ctx android.ModuleContext, extraSrcJars ...android.Path
return
}
}
// Check package restrictions if necessary.
if len(j.properties.Permitted_packages) > 0 {
// Check packages and copy to package-checked file.
pkgckFile := android.PathForModuleOut(ctx, "package-check.stamp")
CheckJarPackages(ctx, pkgckFile, outputFile, j.properties.Permitted_packages)
j.additionalCheckedModules = append(j.additionalCheckedModules, pkgckFile)
if ctx.Failed() {
return
}
}
j.implementationJarFile = outputFile
if j.headerJarFile == nil {
j.headerJarFile = j.implementationJarFile

72
scripts/package-check.sh Executable file
View file

@ -0,0 +1,72 @@
#!/bin/bash
#
# Copyright (C) 2019 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -e
if [[ $# -le 1 ]]; then
cat <<EOF
Usage:
package-check.sh <jar-file> <package-list>
Checks that the class files in the <jar file> are in the <package-list> or
sub-packages.
EOF
exit 1
fi
jar_file=$1
shift
if [[ ! -f ${jar_file} ]]; then
echo "jar file \"${jar_file}\" does not exist."
exit 1
fi
prefixes=()
while [[ $# -ge 1 ]]; do
package="$1"
if [[ "${package}" = */* ]]; then
echo "Invalid package \"${package}\". Use dot notation for packages."
exit 1
fi
# Transform to a slash-separated path and add a trailing slash to enforce
# package name boundary.
prefixes+=("${package//\./\/}/")
shift
done
# Get the file names from the jar file.
zip_contents=`zipinfo -1 $jar_file`
# Check all class file names against the expected prefixes.
old_ifs=${IFS}
IFS=$'\n'
for zip_entry in ${zip_contents}; do
# Check the suffix.
if [[ "${zip_entry}" = *.class ]]; then
# Match against prefixes.
found=false
for prefix in ${prefixes[@]}; do
if [[ "${zip_entry}" = "${prefix}"* ]]; then
found=true
break
fi
done
if [[ "${found}" == "false" ]]; then
echo "Class file ${zip_entry} is outside specified packages."
exit 1
fi
fi
done
IFS=${old_ifs}