tequilaOS/platform_build_soong
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_build_soong/ui/build/paths/config.go
Dan Willemsen a14704c12b Add path interposer 
This will allow us to track (and eventually limit) the commands that the
build references via $PATH. These are mostly implicit dependencies on
the host system -- for Linux, we assume something similar to Ubuntu
14.04 with a few extra packages, but this will let us better define
that.

This will not catch uses of tools with absolute paths (/bin/bash, etc),
but most uses shouldn't be relying on absolute path names anyways.

Adds ~400ms on the first startup, ~140ms on subsequent runs, and
overhead of a few ms for every forwarded execution.

Test: m
Test: build/soong/build_test.bash
Test: Add `gcc --version`, TEMPORARY_DISABLE_PATH_RESTRICTIONS=true m
Change-Id: Id68cbb1c8ceef65bbbb10751e83722c7662d2351
2018-05-18 13:24:36 -07:00

150 lines
3.6 KiB
Go
Raw Blame History

// Copyright 2018 Google Inc. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package paths
type PathConfig struct {
// Whether to create the symlink in the new PATH for this tool.
Symlink bool
// Whether to log about usages of this tool to the soong.log
Log bool
// Whether to exit with an error instead of invoking the underlying tool.
Error bool
}
var Allowed = PathConfig{
Symlink: true,
Log: false,
Error: false,
}
var Forbidden = PathConfig{
Symlink: false,
Log: true,
Error: true,
}
// The configuration used if the tool is not listed in the config below.
// Currently this will create the symlink, but log a warning. In the future,
// I expect this to move closer to Forbidden.
var Missing = PathConfig{
Symlink: true,
Log: true,
Error: false,
}
func GetConfig(name string) PathConfig {
if config, ok := Configuration[name]; ok {
return config
}
return Missing
}
var Configuration = map[string]PathConfig{
"awk": Allowed,
"basename": Allowed,
"bash": Allowed,
"bzip2": Allowed,
"cat": Allowed,
"chmod": Allowed,
"cmp": Allowed,
"comm": Allowed,
"cp": Allowed,
"cut": Allowed,
"date": Allowed,
"dd": Allowed,
"diff": Allowed,
"dirname": Allowed,
"echo": Allowed,
"egrep": Allowed,
"env": Allowed,
"expr": Allowed,
"find": Allowed,
"getconf": Allowed,
"getopt": Allowed,
"git": Allowed,
"grep": Allowed,
"gzip": Allowed,
"head": Allowed,
"hexdump": Allowed,
"hostname": Allowed,
"jar": Allowed,
"java": Allowed,
"javap": Allowed,
"ln": Allowed,
"ls": Allowed,
"m4": Allowed,
"make": Allowed,
"md5sum": Allowed,
"mkdir": Allowed,
"mktemp": Allowed,
"mv": Allowed,
"openssl": Allowed,
"patch": Allowed,
"perl": Allowed,
"pstree": Allowed,
"python": Allowed,
"python2.7": Allowed,
"python3": Allowed,
"readlink": Allowed,
"realpath": Allowed,
"rm": Allowed,
"rsync": Allowed,
"runalarm": Allowed,
"sed": Allowed,
"setsid": Allowed,
"sh": Allowed,
"sha256sum": Allowed,
"sha512sum": Allowed,
"sort": Allowed,
"stat": Allowed,
"sum": Allowed,
"tar": Allowed,
"tail": Allowed,
"touch": Allowed,
"tr": Allowed,
"true": Allowed,
"uname": Allowed,
"uniq": Allowed,
"unzip": Allowed,
"wc": Allowed,
"which": Allowed,
"whoami": Allowed,
"xargs": Allowed,
"xmllint": Allowed,
"xz": Allowed,
"zip": Allowed,
"zipinfo": Allowed,
// Host toolchain is removed. In-tree toolchain should be used instead.
// GCC also can't find cc1 with this implementation.
"ar": Forbidden,
"as": Forbidden,
"cc": Forbidden,
"clang": Forbidden,
"clang++": Forbidden,
"gcc": Forbidden,
"g++": Forbidden,
"ld": Forbidden,
"ld.bfd": Forbidden,
"ld.gold": Forbidden,
"pkg-config": Forbidden,
// We've got prebuilts of these
//"dtc": Forbidden,
//"lz4": Forbidden,
//"lz4c": Forbidden,
}
Reference in a new issue View git blame Copy permalink