Using SDK (current, system_current, module_current, or <api_version>)
while at the same time depending on "framework" doesn't make sense
because framework anyway provides all APIs including hidden ones. This
is not only uncessary but also error prone because the availability of a
private method in a class depends on whether the class is part of the
SDK or not.
Add a neverallow rule for prohibiting that. Note that "core_*" SDKs are
allowed because there's no overlap between "framework" and the core-Java
SDKs.
Bug: 227528906
Test: m nothing on git_master
Change-Id: I0605075aef20c75db084beeedcbf49a642573e69
This reverts commit 1fdd6ca88a.
Reason for revert: b/205289292 tracks the real fix for this
Test: presubmit
Change-Id: I5a2edaf4f930dafa26659f85d9425e9041c72275
Merged-In: I5a2edaf4f930dafa26659f85d9425e9041c72275
The ART AOT exemption only applies to Q/R/S, so module jars that have
min_sdk T+ do not need to follow the module package restriction, even if
they are part of a Q/R/S module (but not loaded on Q/R/S).
Relax the restriction to only apply to jars that have min_sdk before T.
Bug: 208773835
Test: m (runs apex tests)
Change-Id: I2c3ad8984ca05ad763bf6162bd478f93ab4ee650
Revert submission 1795972-Convert security/Android.mk to Android.bp
Reason for revert: http://b/206976319 Broken build 7928060 on aosp-master on sdk_arm64-sdk
Reverted Changes:
I0e0e7f677:Split property and file contexts modules
I5596d6f00:Add seapp_contexts to allowlist of makefile goal
If685e5ccc:Convert security/Android.mk to Android.bp
Change-Id: I8cf8c0bc2f88172bb3bfa850bbd7ce6daa170c3d
This is an interim solution before seapp_contexts and seapp_neverallows
are migrated into Soong. CtsSecurityHostTests needs these two modules.
Bug: 194096505
Test: build
Change-Id: I5596d6f00b957afd86c752501c1e83b3d4089d9e
Further restrictions on a restricting build configuration. Before, we
restricted certain paths from being included. Now, we restrict certain
paths from including.
This adds system/libfmq for now, but I'm planning to add more in the
future, as they are cleaned up.
Bug: 35624006
Test: m nothing
Change-Id: I913f190f93ab63059ee0372d342daa8f5584806b
Adds PrepareForTestWithNeverallowRules to make it easy to test
neverallow rules. Avoid exporting any unnecessary neverallow related
methods from the android package.
Bug: 181070625
Test: m nothing
Change-Id: Idfc6955cb23f1a4d1790be7879388154b03f3980
Not entirely sure what the history behind requiring only libcore
projects use this, but it is a bit annoying to have to allow-list every
use.
Bug: 173606718
Test: m nothing
Change-Id: I66f71e67d3f17e7f983c8537dff537fe8419da95
Prepare for using Config when adding singletons by passing
Config to NewTestContext and NewContext instead of to ctx.Register.
This will enable a followup change to store SingletonMakeVarsProviders
registered on the Context in the Config, which is necessary to run
multiple tests in parallel without data races.
Test: all soong tests
Change-Id: Id229629a4e42ff4487d317241673837726c075fc
This reverts commit 323dc60712.
Reason for revert: Possible cause of test instability
Bug: 170513220
Test: soong tests
Change-Id: Iee168e9fbb4210569e6cffcc23e60d111403abb8
Putting t.Parallel() in each test makes them run in parallel.
Additional t.Parallel() could be added to each subtest, although
that requires making a local copy of the loop variable for
table driven tests.
Test: m checkbuild
Change-Id: I5d9869ead441093f4d7c5757f2447385333a95a4
ART tests need to explicitly control the compression.
Bug: 157239179
Test: "atest ArtGtestsTarget" with http://go/aog/1302773
Change-Id: I4490aa0a61fa71f830feb6a46dffd8d20fccfc66
Merged-In: I4490aa0a61fa71f830feb6a46dffd8d20fccfc66
This exposes test func on ValueMatcher and helpers relevant for testing neverallows.
Bug: 153333044
Test: m
Change-Id: Ied07cd33afa537f9d7aa3c33e59f4ac985901a0f
Allow the platform stubs to specify sdk_version: none,
and add generic support for a regexp matcher.
Bug: 144149403
Test: m
Change-Id: Icaece0d9797bace8ae9741f7a029b9ea57fcbbb9
Revert submission 1242911-sdk_version_variant
Reason for revert: b/153394225
Reverted Changes:
Ife99745fb:Use libnativewindow for platform variant of libagq...
I1bae84c43:Use libnativewindow for platform variant of androi...
I6e6021ed3:Use stl to depend on libc++
Ife99745fb:Use libnativewindow for platform variant of libRSS...
I2c9f439b9:Fix static dependency on libprotobuf-cpp-lite-ndk
Iff2aff9cf:Set sdk_version for cc_genrules used by modules wi...
I7d72934aa:Add sdk mutator for native modules
Ief378a007:Use sdk variant of Soong modules when LOCAL_SDK_VE...
Bug: 149591340
Change-Id: I798fa902c779469c6382b6699351e5d12bf14785
Fixes: 153394225
Compiling native modules against the NDK disables platform features
like ASAN. For anything shipped on the system image there is no
reason to compile against the NDK. Add a new mutator to Soong that
creates a platform and an SDK variant for modules that set
sdk_version, and ignore sdk_version for the platform variant. The
SDK variant will be used for embedding in APKs that may be installed
on older platforms. Apexes use their own variants that enforce
backwards compatibility.
Test: sdk_test.go
Test: TestJNIPackaging
Bug: 149591340
Change-Id: I7d72934aaee2e1326cc0ba5f29f51f14feec4521
The filesystem object was available through ModuleContext.Fs(), but
gives too much access to the filesystem without enforicing correct
dependencies. In order to support sandboxing the soong_build
process move the filesystem into the Config. The next change will
make it private.
Bug: 146437378
Test: all Soong tests
Change-Id: I5d3ae9108f120fd335b21efd612aefa078378813
Avoid having to pass ModuleFactoryAdaptor to every call to
RegisterModuleType in a test by wrapping RegisterModuleType.
Test: all soong tests
Change-Id: If8847d16487de0479cc3020b728256922b3cadba
Makes testing individual rules easier by allowing them to be specified
per test rather than having to add them to the global defaults.
Bug: 138428610
Test: m nothing
Change-Id: Ic65a55dee2a02b6d33254753c047295dd5804408
Extracted some common code used by visibility_test.go and
neverallow_test.go into a new function CheckErrorsAgainstExpectations
in testing.go.
Bug: 138428610
Test: m nothing
Change-Id: I6996fa52968c387e38b4a67ffa59cd07c2d524e8
Merged-In: Iafbadf12c6ffdc4d9128fcfe7f15792df5cfd020
Extracted some common code used by visibility_test.go and
neverallow_test.go into a new function CheckErrorsAgainstExpectations
in testing.go.
(cherry picked from commit 8e47e8bc41)
Bug: 138428610
Test: m nothing
Change-Id: Iafbadf12c6ffdc4d9128fcfe7f15792df5cfd020
Adds a neverallow InDirectDeps(deps) verb that will allow a neverallow
rule to restrict access to a specific dependency, irrespective of how
it is specified.
Bug: 137543088
Test: m nothing
Change-Id: I0c6bb702d55175e9b78b79e86e96924c5dd83efa
This reverts commit ff3d72f0bf.
Repplies original change now that issue causing build breakage has been
resolved.
Adds a new StartsWith(string) ValueMatcher along with
With[Out]Matcher(...) methods to support new restrictions that prevent
any paths into runtime module repositories from being added to the
include_dirs.
Test: m nothing
Bug: 35624006
Change-Id: I4c802ef25ef56f0f9b0b5e9d75531ea6f7475714
Adds a new StartsWith(string) ValueMatcher along with
With[Out]Matcher(...) methods to support new restrictions that prevent
any paths into runtime module repositories from being added to the
include_dirs.
Test: m nothing
Bug: 35624006
Change-Id: Ib954998e5fc190d8a11a8c6ac5f810cad927aac3
Corrects an error message that refers to no_standard_libs.
Removes any tests that use no_standard_libs:true where possible as
there are duplicate tests for sdk_version:"none". Otherwise, switches
them over to use sdk_version:"none".
The androidmk mapping from LOCAL_NO_STANDARD_LIBRARIES to
no_standard_libs has also been removed. There was little point in
updating the tool to map it through to sdk_version:"none" as there are
only a couple of places where it is used, in art's test running mk
targets and in some unbundled packages to work around some limitation
in .mk based build.
Bug: 134566750
Test: m droid
Change-Id: I6413c9b1fe3e63b93753a6a017d2981e32b7e013
Where possible this duplicates any tests that use no_standard_libs:true
with ones that use sdk_version:"none". If not possible (e.g. in the
default targets included in java/testing.go) it switches some to use
sdk_version:"none" to ensure that there is no regression in the
behavior of no_standard_libs:true.
Follow up changes will switch all usages of no_standard_libs:true over
to use sdk_version:"none" at which point no_standard_libs will be
removed.
Bug: 134566750
Test: m droid
Change-Id: I5f0fd3daa980f6b223abe454cba7f25a97a39d7a
* changes:
Consolidate *MutatorContext and ModuleContext into BaseModuleContext
Add test for missing defaults modules with AllowMissingDependencies
Capture missing dependency error rules
Share buildDir for android/soong/android tests
Reimplement AddMissingDependencies
Add GenerateAndroidBuildActions to DefaultsModuleBase