Not entirely sure what the history behind requiring only libcore
projects use this, but it is a bit annoying to have to allow-list every
use.
Bug: 173606718
Test: m nothing
Change-Id: I66f71e67d3f17e7f983c8537dff537fe8419da95
The modules sources have been moved, update the sdk variant whitelist.
Bug: 156286599
Test: m
Exempt-From-Owner-Approval: cherry-pick from internal
Change-Id: Idbd02b17b1c741f1dc20a3742ff57e8469a846c0
Merged-In: Idbd02b17b1c741f1dc20a3742ff57e8469a846c0
Allow modules under art/test to use `sdk_version: "none"`. This is so
that ART run-test module definitions can use the same settings as
Libcore tests:
sdk_version: "none",
system_modules: "core-all-system-modules",
Test: m nothing
Bug: 147814778
Change-Id: Ibb74d6a06a6609be511403c51ca7a02204bf606f
Q+ and R+ mainline modules may only add code in a restricted set of Java
package prefixes, that may never be changed.
If a mainline module owns the Java package prefix "foo.bar", it may have
classes in "foo.bar", "foo.bar.baz", "foo.bar.baz.bat" etc.
Test: m
Bug: 156725734
Change-Id: I30bf510ed473309871469bf439d7c81575450931
ART tests need to explicitly control the compression.
Bug: 157239179
Test: "atest ArtGtestsTarget" with http://go/aog/1302773
Change-Id: I4490aa0a61fa71f830feb6a46dffd8d20fccfc66
ART tests need to explicitly control the compression.
Bug: 157239179
Test: "atest ArtGtestsTarget" with http://go/aog/1302773
Change-Id: I4490aa0a61fa71f830feb6a46dffd8d20fccfc66
Merged-In: I4490aa0a61fa71f830feb6a46dffd8d20fccfc66
Compiling native modules against the NDK disables platform features
like ASAN. For anything shipped on the system image there is no
reason to compile against the NDK. Add a new mutator to Soong that
creates a platform and an SDK variant for modules that set
sdk_version, and ignore sdk_version for the platform variant. The
SDK variant will be used for embedding in APKs that may be installed
on older platforms. Apexes use their own variants that enforce
backwards compatibility.
Test: sdk_test.go
Test: TestJNIPackaging
Bug: 149591340
Change-Id: I7d72934aaee2e1326cc0ba5f29f51f14feec4521
Merged-In: I7d72934aaee2e1326cc0ba5f29f51f14feec4521
(cherry picked from commit 82e192c3ae)
This exposes test func on ValueMatcher and helpers relevant for testing neverallows.
Bug: 153333044
Test: m
Change-Id: Ied07cd33afa537f9d7aa3c33e59f4ac985901a0f
Merged-In: Ied07cd33afa537f9d7aa3c33e59f4ac985901a0f
Exempt-From-Owner-Approval: clean cherry-pick
(cherry picked from commit c5570ac9b1)
This exposes test func on ValueMatcher and helpers relevant for testing neverallows.
Bug: 153333044
Test: m
Change-Id: Ied07cd33afa537f9d7aa3c33e59f4ac985901a0f
Allow the platform stubs to specify sdk_version: none,
and add generic support for a regexp matcher.
Bug: 144149403
Test: m
Change-Id: Icaece0d9797bace8ae9741f7a029b9ea57fcbbb9
Merged-In: Icaece0d9797bace8ae9741f7a029b9ea57fcbbb9
Allow the platform stubs to specify sdk_version: none,
and add generic support for a regexp matcher.
Bug: 144149403
Test: m
Change-Id: Icaece0d9797bace8ae9741f7a029b9ea57fcbbb9
Revert submission 1242911-sdk_version_variant
Reason for revert: b/153394225
Reverted Changes:
Ife99745fb:Use libnativewindow for platform variant of libagq...
I1bae84c43:Use libnativewindow for platform variant of androi...
I6e6021ed3:Use stl to depend on libc++
Ife99745fb:Use libnativewindow for platform variant of libRSS...
I2c9f439b9:Fix static dependency on libprotobuf-cpp-lite-ndk
Iff2aff9cf:Set sdk_version for cc_genrules used by modules wi...
I7d72934aa:Add sdk mutator for native modules
Ief378a007:Use sdk variant of Soong modules when LOCAL_SDK_VE...
Bug: 149591340
Change-Id: I798fa902c779469c6382b6699351e5d12bf14785
Fixes: 153394225
Compiling native modules against the NDK disables platform features
like ASAN. For anything shipped on the system image there is no
reason to compile against the NDK. Add a new mutator to Soong that
creates a platform and an SDK variant for modules that set
sdk_version, and ignore sdk_version for the platform variant. The
SDK variant will be used for embedding in APKs that may be installed
on older platforms. Apexes use their own variants that enforce
backwards compatibility.
Test: sdk_test.go
Test: TestJNIPackaging
Bug: 149591340
Change-Id: I7d72934aaee2e1326cc0ba5f29f51f14feec4521
We actually want some targets (in particular, the MediaProvider apk)
to link against framework-mediaprovider.
The gist of what the neverallow rule achieves (disallow general use)
is achieved equally well with visibility rules, which
framework-mediaprovider already has.
Bug: 152891096
Test: m nothing
Change-Id: Ic4b0a571985b9ad1dfdd56d45035f224a622700e
To build vndk-ext for product variants use `vndk.extends` property
with `product_specific: true` as for the vndk-ext for vendor
variants. For example:
cc_library {
name: "libvndk_ext_product",
product_specific: true,
vndk: {
enabled: true,
extends: "libvndk",
},
}
It will install the vndk-ext libs for product variants in
product/lib[64]/vndk/
Test: m nothing
Bug: 147778025
Change-Id: If1ee5be93c579abad302f44f18e6316f27e70019
Merged-In: If1ee5be93c579abad302f44f18e6316f27e70019
(cherry picked from commit 0ecf0b223f)
To build vndk-ext for product variants use `vndk.extends` property
with `product_specific: true` as for the vndk-ext for vendor
variants. For example:
cc_library {
name: "libvndk_ext_product",
product_specific: true,
vndk: {
enabled: true,
extends: "libvndk",
},
}
It will install the vndk-ext libs for product variants in
product/lib[64]/vndk/
Test: m nothing
Bug: 147778025
Change-Id: If1ee5be93c579abad302f44f18e6316f27e70019
Rename the two prefix-in-list funcs so that their usages are clearer.
Also find and replace all the code that essentially does either.
This introduces additional loops in some places, but I think the added
readability and simplicity outweighs the performance degradation, which
should be negligible anyway.
Test: m nothing
Test: TreeHugger
Change-Id: I37e2276ca0c815105ed0031f23c0b1264b480e4f
libhidlbase is now being built without intermediate static libraries.
This requires a different neverallow exception for the
'enforce_vintf_manifest' variable.
Bug: N/A
Test: N/A
Change-Id: I5b7f7fc8eb4ac37d658e60a491c39baa5ac137f8
The modules were moved from developement/build to frameworks/base.
In addition, they no longer uses 'sdk_version:"none"'. Reflect that
change here.
Bug: N/A
Test: m
Exempt-From-Owner-Approval: cherry-pick from internal
Merged-In: I6f69f7cb64a6ed3c2032a116500436eabe562dca
(cherry picked from commit 12cc126760)
Change-Id: I6f69f7cb64a6ed3c2032a116500436eabe562dca
The modules were moved from developement/build to frameworks/base.
In addition, they no longer uses 'sdk_version:"none"'. Reflect that
change here.
Bug: N/A
Test: m
Change-Id: I6f69f7cb64a6ed3c2032a116500436eabe562dca
Recent work has paved the way to get MediaStore.java building against
"core_platform", and this change is actually shifting MediaStore.java
inside the MediaProvider APEX boundary.
This involves defining a new "updatable-mediaprovider" library JAR
and ensuring that it's spliced into classpaths where needed to keep
everything building and working.
Note that the MediaProvider APK itself is still bundled, so we're
manually including the MediaStore.java when building that APK so that
we can continue referencing @hide symbols, but there's a STOPSHIP
comment to remove that once we get the APK building against
"system_current".
Bug: 144247087
Test: atest --test-mapping packages/providers/MediaProvider
Change-Id: I6d6da165848b934f4ca7ecfca7b97de6f97897e3
Makes testing individual rules easier by allowing them to be specified
per test rather than having to add them to the global defaults.
Bug: 138428610
Test: m nothing
Change-Id: Ic65a55dee2a02b6d33254753c047295dd5804408
Adds a neverallow InDirectDeps(deps) verb that will allow a neverallow
rule to restrict access to a specific dependency, irrespective of how
it is specified.
Bug: 137543088
Test: m nothing
Change-Id: I0c6bb702d55175e9b78b79e86e96924c5dd83efa
This reverts commit ff3d72f0bf.
Repplies original change now that issue causing build breakage has been
resolved.
Adds a new StartsWith(string) ValueMatcher along with
With[Out]Matcher(...) methods to support new restrictions that prevent
any paths into runtime module repositories from being added to the
include_dirs.
Test: m nothing
Bug: 35624006
Change-Id: I4c802ef25ef56f0f9b0b5e9d75531ea6f7475714
Adds a new StartsWith(string) ValueMatcher along with
With[Out]Matcher(...) methods to support new restrictions that prevent
any paths into runtime module repositories from being added to the
include_dirs.
Test: m nothing
Bug: 35624006
Change-Id: Ib954998e5fc190d8a11a8c6ac5f810cad927aac3
Make it easy to add additional ways of matching property values. Needed
to add support for a 'starts with' matcher that can be used to restrict
allowable values in include_dir.
Test: m nothing
Bug: 35624006
Change-Id: I82e7d95f08847bf294aac311968e1d9f3e4b385d
* Adds a Rule interface to hide the rule struct and expose the mutator
functions.
* Makes the neverallow() function public as NeverAllow().
* Adds AddNeverAllowRules func to add more rules.
* Moves the population of the builtin rules to init() function.
Bug: 136159343
Test: m droid
- changed a built in rule to cause build failure to ensure the
rules were still being applied, then reverted the change and
ran 'm droid' again.
Change-Id: Ie3a4456d1f6bc12c5b4931bf698333275347fdf0
Merged-In: Ie3a4456d1f6bc12c5b4931bf698333275347fdf0
(cherry picked from commit 18af090842)
(cherry picked from commit b1cacba022)
