Loading core/app_certificate_validate.mk +1 −1 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ ifeq (true,$(non_system_module)) ifneq (,$(filter $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))%,$(LOCAL_CERTIFICATE))) CERTIFICATE_VIOLATION_MODULES += $(LOCAL_MODULE) ifeq (true,$(PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT)) $(if $(filter $(LOCAL_MODULE),$(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST)),,\ $(if $(filter $(LOCAL_MODULE),$(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST)),,\ $(call pretty-error,The module in product partition cannot be signed with certificate in system.)) endif endif Loading core/binary.mk +1 −1 Original line number Diff line number Diff line Loading @@ -84,7 +84,7 @@ ifneq ($(NATIVE_COVERAGE),true) my_native_coverage := false endif # Exclude directories from manual binder interface whitelisting. # Exclude directories from checking allowed manual binder interface lists. # TODO(b/145621474): Move this check into IInterface.h when clang-tidy no longer uses absolute paths. ifneq (,$(filter $(addsuffix %,$(ALLOWED_MANUAL_INTERFACE_PATHS)),$(LOCAL_PATH))) my_cflags += -DDO_NOT_CHECK_MANUAL_BINDER_INTERFACES Loading core/config.mk +2 −1 Original line number Diff line number Diff line Loading @@ -149,6 +149,7 @@ $(KATI_obsolete_var \ 2ND_TARGET_PROJECT_SYSTEM_INCLUDES \ ,Project include variables have been removed) $(KATI_obsolete_var TARGET_PREFER_32_BIT TARGET_PREFER_32_BIT_APPS TARGET_PREFER_32_BIT_EXECUTABLES) $(KATI_obsolete_var PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST,Use PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST.) # Used to force goals to build. Only use for conditionally defined goals. .PHONY: FORCE Loading Loading @@ -676,7 +677,7 @@ HOST_JDK_TOOLS_JAR := $(ANDROID_JAVA8_HOME)/lib/tools.jar APICHECK_COMMAND := $(JAVA) -Xmx4g -jar $(APICHECK) --no-banner --compatible-output=yes # Boolean variable determining if the whitelist for compatible properties is enabled # Boolean variable determining if the allow list for compatible properties is enabled PRODUCT_COMPATIBLE_PROPERTY := false ifneq ($(PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE),) PRODUCT_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE) Loading core/main.mk +24 −23 Original line number Diff line number Diff line Loading @@ -198,8 +198,8 @@ $(KATI_obsolete_var PRODUCT_FULL_TREBLE,\ variables like PRODUCT_SEPOLICY_SPLIT should be used until that is \ possible.) # Sets ro.actionable_compatible_property.enabled to know on runtime whether the whitelist # of actionable compatible properties is enabled or not. # Sets ro.actionable_compatible_property.enabled to know on runtime whether the # allowed list of actionable compatible properties is enabled or not. ifeq ($(PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE),true) ADDITIONAL_SYSTEM_PROPERTIES += ro.actionable_compatible_property.enabled=false else Loading Loading @@ -1190,7 +1190,7 @@ ifdef FULL_BUILD ifneq (true,$(ALLOW_MISSING_DEPENDENCIES)) # Check to ensure that all modules in PRODUCT_PACKAGES exist (opt in per product) ifeq (true,$(PRODUCT_ENFORCE_PACKAGES_EXIST)) _whitelist := $(PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST) _allow_list := $(PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST) _modules := $(PRODUCT_PACKAGES) # Strip :32 and :64 suffixes _modules := $(patsubst %:32,%,$(_modules)) Loading @@ -1199,10 +1199,10 @@ ifdef FULL_BUILD # existence if either <module> or the <module>_32 variant. _nonexistent_modules := $(foreach m,$(_modules), \ $(if $(or $(ALL_MODULES.$(m).PATH),$(call get-modules-for-2nd-arch,TARGET,$(m))),,$(m))) $(call maybe-print-list-and-error,$(filter-out $(_whitelist),$(_nonexistent_modules)),\ $(call maybe-print-list-and-error,$(filter-out $(_allow_list),$(_nonexistent_modules)),\ $(INTERNAL_PRODUCT) includes non-existent modules in PRODUCT_PACKAGES) $(call maybe-print-list-and-error,$(filter-out $(_nonexistent_modules),$(_whitelist)),\ $(INTERNAL_PRODUCT) includes redundant whitelist entries for non-existent PRODUCT_PACKAGES) $(call maybe-print-list-and-error,$(filter-out $(_nonexistent_modules),$(_allow_list)),\ $(INTERNAL_PRODUCT) includes redundant allow list entries for non-existent PRODUCT_PACKAGES) endif # Check to ensure that all modules in PRODUCT_HOST_PACKAGES exist Loading Loading @@ -1246,21 +1246,21 @@ ifdef FULL_BUILD is_asan := $(if $(filter address,$(SANITIZE_TARGET)),true) ifneq (true,$(or $(is_asan),$(DISABLE_ARTIFACT_PATH_REQUIREMENTS))) # Fakes don't get installed, and NDK stubs aren't installed to device. static_whitelist_patterns := $(TARGET_OUT_FAKE)/% $(SOONG_OUT_DIR)/ndk/% static_allowed_patterns := $(TARGET_OUT_FAKE)/% $(SOONG_OUT_DIR)/ndk/% # RROs become REQUIRED by the source module, but are always placed on the vendor partition. static_whitelist_patterns += %__auto_generated_rro_product.apk static_whitelist_patterns += %__auto_generated_rro_vendor.apk static_allowed_patterns += %__auto_generated_rro_product.apk static_allowed_patterns += %__auto_generated_rro_vendor.apk # Auto-included targets are not considered static_whitelist_patterns += $(call product-installed-files,) static_allowed_patterns += $(call product-installed-files,) # $(PRODUCT_OUT)/apex is where shared libraries in APEXes get installed. # The path can be considered as a fake path, as the shared libraries # are installed there just to have symbols files for them under # $(PRODUCT_OUT)/symbols/apex for debugging purpose. The /apex directory # is never compiled into a filesystem image. static_whitelist_patterns += $(PRODUCT_OUT)/apex/% static_allowed_patterns += $(PRODUCT_OUT)/apex/% ifeq (true,$(BOARD_USES_SYSTEM_OTHER_ODEX)) # Allow system_other odex space optimization. static_whitelist_patterns += \ static_allowed_patterns += \ $(TARGET_OUT_SYSTEM_OTHER)/%.odex \ $(TARGET_OUT_SYSTEM_OTHER)/%.vdex \ $(TARGET_OUT_SYSTEM_OTHER)/%.art Loading @@ -1276,31 +1276,32 @@ $(call dist-for-goals,droidcore,$(CERTIFICATE_VIOLATION_MODULES_FILENAME)) $(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\ $(eval requirements := $(PRODUCTS.$(makefile).ARTIFACT_PATH_REQUIREMENTS)) \ $(eval ### Verify that the product only produces files inside its path requirements.) \ $(eval whitelist := $(PRODUCTS.$(makefile).ARTIFACT_PATH_WHITELIST)) \ $(eval allowed := $(PRODUCTS.$(makefile).ARTIFACT_PATH_ALLOWED_LIST)) \ $(eval path_patterns := $(call resolve-product-relative-paths,$(requirements),%)) \ $(eval whitelist_patterns := $(call resolve-product-relative-paths,$(whitelist))) \ $(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \ $(eval files := $(call product-installed-files, $(makefile))) \ $(eval offending_files := $(filter-out $(path_patterns) $(whitelist_patterns) $(static_whitelist_patterns),$(files))) \ $(eval offending_files := $(filter-out $(path_patterns) $(allowed_patterns) $(static_allowed_patterns),$(files))) \ $(call maybe-print-list-and-error,$(offending_files),\ $(makefile) produces files outside its artifact path requirement. \ Allowed paths are $(subst $(space),$(comma)$(space),$(addsuffix *,$(requirements)))) \ $(eval unused_whitelist := $(filter-out $(files),$(whitelist_patterns))) \ $(call maybe-print-list-and-error,$(unused_whitelist),$(makefile) includes redundant whitelist entries in its artifact path requirement.) \ $(eval unused_allowed := $(filter-out $(files),$(allowed_patterns))) \ $(call maybe-print-list-and-error,$(unused_allowed),$(makefile) includes redundant allowed entries in its artifact path requirement.) \ $(eval ### Optionally verify that nothing else produces files inside this artifact path requirement.) \ $(eval extra_files := $(filter-out $(files) $(HOST_OUT)/%,$(product_target_FILES))) \ $(eval files_in_requirement := $(filter $(path_patterns),$(extra_files))) \ $(eval all_offending_files += $(files_in_requirement)) \ $(eval whitelist := $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST)) \ $(eval whitelist_patterns := $(call resolve-product-relative-paths,$(whitelist))) \ $(eval offending_files := $(filter-out $(whitelist_patterns),$(files_in_requirement))) \ $(eval allowed := $(strip $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST) \ $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST))) \ $(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \ $(eval offending_files := $(filter-out $(allowed_patterns),$(files_in_requirement))) \ $(eval enforcement := $(PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS)) \ $(if $(enforcement),\ $(call maybe-print-list-and-error,$(offending_files),\ $(INTERNAL_PRODUCT) produces files inside $(makefile)s artifact path requirement. \ $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT)) \ $(eval unused_whitelist := $(if $(filter true strict,$(enforcement)),\ $(foreach p,$(whitelist_patterns),$(if $(filter $(p),$(extra_files)),,$(p))))) \ $(call maybe-print-list-and-error,$(unused_whitelist),$(INTERNAL_PRODUCT) includes redundant artifact path requirement whitelist entries.) \ $(eval unused_allowed := $(if $(filter true strict,$(enforcement)),\ $(foreach p,$(allowed_patterns),$(if $(filter $(p),$(extra_files)),,$(p))))) \ $(call maybe-print-list-and-error,$(unused_allowed),$(INTERNAL_PRODUCT) includes redundant artifact path requirement allowed list entries.) \ ) \ ) $(PRODUCT_OUT)/offending_artifacts.txt: Loading core/product.mk +8 −7 Original line number Diff line number Diff line Loading @@ -328,14 +328,15 @@ _product_list_vars += PRODUCT_EXTRA_VNDK_VERSIONS # partitions uses PLATFORM_VNDK_VERSION. _product_single_value_var += PRODUCT_PRODUCT_VNDK_VERSION # Whether the whitelist of actionable compatible properties should be disabled or not # Whether the list of allowed of actionable compatible properties should be disabled or not _product_single_value_vars += PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE _product_single_value_vars += PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS _product_single_value_vars += PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT _product_list_vars += PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST _product_list_vars += PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST _product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT _product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST _product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST # List of modules that should be forcefully unmarked from being LOCAL_PRODUCT_MODULE, and hence # installed on /system directory by default. Loading Loading @@ -455,19 +456,19 @@ endef define require-artifacts-in-path $(eval current_mk := $(strip $(word 1,$(_include_stack)))) \ $(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_REQUIREMENTS := $(strip $(1))) \ $(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_WHITELIST := $(strip $(2))) \ $(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_ALLOWED_LIST := $(strip $(2))) \ $(eval ARTIFACT_PATH_REQUIREMENT_PRODUCTS := \ $(sort $(ARTIFACT_PATH_REQUIREMENT_PRODUCTS) $(current_mk))) endef # Makes including non-existent modules in PRODUCT_PACKAGES an error. # $(1): whitelist of non-existent modules to allow. # $(1): list of non-existent modules to allow. define enforce-product-packages-exist $(eval current_mk := $(strip $(word 1,$(_include_stack)))) \ $(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST := true) \ $(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST := $(1)) \ $(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST := $(1)) \ $(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST) \ $(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST) $(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST) endef # Loading Loading @@ -589,7 +590,7 @@ define strip-product-vars $(foreach v,\ $(_product_var_list) \ PRODUCT_ENFORCE_PACKAGES_EXIST \ PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST, \ PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST, \ $(eval $(v) := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).$(v)))) \ $(eval get-product-var = $$(if $$(filter $$(1),$$(INTERNAL_PRODUCT)),$$($$(2)),$$(PRODUCTS.$$(strip $$(1)).$$(2)))) \ $(KATI_obsolete_var PRODUCTS.$(INTERNAL_PRODUCT).$(v),Use $(v) instead) \ Loading Loading
core/app_certificate_validate.mk +1 −1 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ ifeq (true,$(non_system_module)) ifneq (,$(filter $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))%,$(LOCAL_CERTIFICATE))) CERTIFICATE_VIOLATION_MODULES += $(LOCAL_MODULE) ifeq (true,$(PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT)) $(if $(filter $(LOCAL_MODULE),$(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST)),,\ $(if $(filter $(LOCAL_MODULE),$(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST)),,\ $(call pretty-error,The module in product partition cannot be signed with certificate in system.)) endif endif Loading
core/binary.mk +1 −1 Original line number Diff line number Diff line Loading @@ -84,7 +84,7 @@ ifneq ($(NATIVE_COVERAGE),true) my_native_coverage := false endif # Exclude directories from manual binder interface whitelisting. # Exclude directories from checking allowed manual binder interface lists. # TODO(b/145621474): Move this check into IInterface.h when clang-tidy no longer uses absolute paths. ifneq (,$(filter $(addsuffix %,$(ALLOWED_MANUAL_INTERFACE_PATHS)),$(LOCAL_PATH))) my_cflags += -DDO_NOT_CHECK_MANUAL_BINDER_INTERFACES Loading
core/config.mk +2 −1 Original line number Diff line number Diff line Loading @@ -149,6 +149,7 @@ $(KATI_obsolete_var \ 2ND_TARGET_PROJECT_SYSTEM_INCLUDES \ ,Project include variables have been removed) $(KATI_obsolete_var TARGET_PREFER_32_BIT TARGET_PREFER_32_BIT_APPS TARGET_PREFER_32_BIT_EXECUTABLES) $(KATI_obsolete_var PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST,Use PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST.) # Used to force goals to build. Only use for conditionally defined goals. .PHONY: FORCE Loading Loading @@ -676,7 +677,7 @@ HOST_JDK_TOOLS_JAR := $(ANDROID_JAVA8_HOME)/lib/tools.jar APICHECK_COMMAND := $(JAVA) -Xmx4g -jar $(APICHECK) --no-banner --compatible-output=yes # Boolean variable determining if the whitelist for compatible properties is enabled # Boolean variable determining if the allow list for compatible properties is enabled PRODUCT_COMPATIBLE_PROPERTY := false ifneq ($(PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE),) PRODUCT_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE) Loading
core/main.mk +24 −23 Original line number Diff line number Diff line Loading @@ -198,8 +198,8 @@ $(KATI_obsolete_var PRODUCT_FULL_TREBLE,\ variables like PRODUCT_SEPOLICY_SPLIT should be used until that is \ possible.) # Sets ro.actionable_compatible_property.enabled to know on runtime whether the whitelist # of actionable compatible properties is enabled or not. # Sets ro.actionable_compatible_property.enabled to know on runtime whether the # allowed list of actionable compatible properties is enabled or not. ifeq ($(PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE),true) ADDITIONAL_SYSTEM_PROPERTIES += ro.actionable_compatible_property.enabled=false else Loading Loading @@ -1190,7 +1190,7 @@ ifdef FULL_BUILD ifneq (true,$(ALLOW_MISSING_DEPENDENCIES)) # Check to ensure that all modules in PRODUCT_PACKAGES exist (opt in per product) ifeq (true,$(PRODUCT_ENFORCE_PACKAGES_EXIST)) _whitelist := $(PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST) _allow_list := $(PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST) _modules := $(PRODUCT_PACKAGES) # Strip :32 and :64 suffixes _modules := $(patsubst %:32,%,$(_modules)) Loading @@ -1199,10 +1199,10 @@ ifdef FULL_BUILD # existence if either <module> or the <module>_32 variant. _nonexistent_modules := $(foreach m,$(_modules), \ $(if $(or $(ALL_MODULES.$(m).PATH),$(call get-modules-for-2nd-arch,TARGET,$(m))),,$(m))) $(call maybe-print-list-and-error,$(filter-out $(_whitelist),$(_nonexistent_modules)),\ $(call maybe-print-list-and-error,$(filter-out $(_allow_list),$(_nonexistent_modules)),\ $(INTERNAL_PRODUCT) includes non-existent modules in PRODUCT_PACKAGES) $(call maybe-print-list-and-error,$(filter-out $(_nonexistent_modules),$(_whitelist)),\ $(INTERNAL_PRODUCT) includes redundant whitelist entries for non-existent PRODUCT_PACKAGES) $(call maybe-print-list-and-error,$(filter-out $(_nonexistent_modules),$(_allow_list)),\ $(INTERNAL_PRODUCT) includes redundant allow list entries for non-existent PRODUCT_PACKAGES) endif # Check to ensure that all modules in PRODUCT_HOST_PACKAGES exist Loading Loading @@ -1246,21 +1246,21 @@ ifdef FULL_BUILD is_asan := $(if $(filter address,$(SANITIZE_TARGET)),true) ifneq (true,$(or $(is_asan),$(DISABLE_ARTIFACT_PATH_REQUIREMENTS))) # Fakes don't get installed, and NDK stubs aren't installed to device. static_whitelist_patterns := $(TARGET_OUT_FAKE)/% $(SOONG_OUT_DIR)/ndk/% static_allowed_patterns := $(TARGET_OUT_FAKE)/% $(SOONG_OUT_DIR)/ndk/% # RROs become REQUIRED by the source module, but are always placed on the vendor partition. static_whitelist_patterns += %__auto_generated_rro_product.apk static_whitelist_patterns += %__auto_generated_rro_vendor.apk static_allowed_patterns += %__auto_generated_rro_product.apk static_allowed_patterns += %__auto_generated_rro_vendor.apk # Auto-included targets are not considered static_whitelist_patterns += $(call product-installed-files,) static_allowed_patterns += $(call product-installed-files,) # $(PRODUCT_OUT)/apex is where shared libraries in APEXes get installed. # The path can be considered as a fake path, as the shared libraries # are installed there just to have symbols files for them under # $(PRODUCT_OUT)/symbols/apex for debugging purpose. The /apex directory # is never compiled into a filesystem image. static_whitelist_patterns += $(PRODUCT_OUT)/apex/% static_allowed_patterns += $(PRODUCT_OUT)/apex/% ifeq (true,$(BOARD_USES_SYSTEM_OTHER_ODEX)) # Allow system_other odex space optimization. static_whitelist_patterns += \ static_allowed_patterns += \ $(TARGET_OUT_SYSTEM_OTHER)/%.odex \ $(TARGET_OUT_SYSTEM_OTHER)/%.vdex \ $(TARGET_OUT_SYSTEM_OTHER)/%.art Loading @@ -1276,31 +1276,32 @@ $(call dist-for-goals,droidcore,$(CERTIFICATE_VIOLATION_MODULES_FILENAME)) $(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\ $(eval requirements := $(PRODUCTS.$(makefile).ARTIFACT_PATH_REQUIREMENTS)) \ $(eval ### Verify that the product only produces files inside its path requirements.) \ $(eval whitelist := $(PRODUCTS.$(makefile).ARTIFACT_PATH_WHITELIST)) \ $(eval allowed := $(PRODUCTS.$(makefile).ARTIFACT_PATH_ALLOWED_LIST)) \ $(eval path_patterns := $(call resolve-product-relative-paths,$(requirements),%)) \ $(eval whitelist_patterns := $(call resolve-product-relative-paths,$(whitelist))) \ $(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \ $(eval files := $(call product-installed-files, $(makefile))) \ $(eval offending_files := $(filter-out $(path_patterns) $(whitelist_patterns) $(static_whitelist_patterns),$(files))) \ $(eval offending_files := $(filter-out $(path_patterns) $(allowed_patterns) $(static_allowed_patterns),$(files))) \ $(call maybe-print-list-and-error,$(offending_files),\ $(makefile) produces files outside its artifact path requirement. \ Allowed paths are $(subst $(space),$(comma)$(space),$(addsuffix *,$(requirements)))) \ $(eval unused_whitelist := $(filter-out $(files),$(whitelist_patterns))) \ $(call maybe-print-list-and-error,$(unused_whitelist),$(makefile) includes redundant whitelist entries in its artifact path requirement.) \ $(eval unused_allowed := $(filter-out $(files),$(allowed_patterns))) \ $(call maybe-print-list-and-error,$(unused_allowed),$(makefile) includes redundant allowed entries in its artifact path requirement.) \ $(eval ### Optionally verify that nothing else produces files inside this artifact path requirement.) \ $(eval extra_files := $(filter-out $(files) $(HOST_OUT)/%,$(product_target_FILES))) \ $(eval files_in_requirement := $(filter $(path_patterns),$(extra_files))) \ $(eval all_offending_files += $(files_in_requirement)) \ $(eval whitelist := $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST)) \ $(eval whitelist_patterns := $(call resolve-product-relative-paths,$(whitelist))) \ $(eval offending_files := $(filter-out $(whitelist_patterns),$(files_in_requirement))) \ $(eval allowed := $(strip $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST) \ $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST))) \ $(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \ $(eval offending_files := $(filter-out $(allowed_patterns),$(files_in_requirement))) \ $(eval enforcement := $(PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS)) \ $(if $(enforcement),\ $(call maybe-print-list-and-error,$(offending_files),\ $(INTERNAL_PRODUCT) produces files inside $(makefile)s artifact path requirement. \ $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT)) \ $(eval unused_whitelist := $(if $(filter true strict,$(enforcement)),\ $(foreach p,$(whitelist_patterns),$(if $(filter $(p),$(extra_files)),,$(p))))) \ $(call maybe-print-list-and-error,$(unused_whitelist),$(INTERNAL_PRODUCT) includes redundant artifact path requirement whitelist entries.) \ $(eval unused_allowed := $(if $(filter true strict,$(enforcement)),\ $(foreach p,$(allowed_patterns),$(if $(filter $(p),$(extra_files)),,$(p))))) \ $(call maybe-print-list-and-error,$(unused_allowed),$(INTERNAL_PRODUCT) includes redundant artifact path requirement allowed list entries.) \ ) \ ) $(PRODUCT_OUT)/offending_artifacts.txt: Loading
core/product.mk +8 −7 Original line number Diff line number Diff line Loading @@ -328,14 +328,15 @@ _product_list_vars += PRODUCT_EXTRA_VNDK_VERSIONS # partitions uses PLATFORM_VNDK_VERSION. _product_single_value_var += PRODUCT_PRODUCT_VNDK_VERSION # Whether the whitelist of actionable compatible properties should be disabled or not # Whether the list of allowed of actionable compatible properties should be disabled or not _product_single_value_vars += PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE _product_single_value_vars += PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS _product_single_value_vars += PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT _product_list_vars += PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST _product_list_vars += PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_ALLOW_LIST _product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT _product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST _product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST # List of modules that should be forcefully unmarked from being LOCAL_PRODUCT_MODULE, and hence # installed on /system directory by default. Loading Loading @@ -455,19 +456,19 @@ endef define require-artifacts-in-path $(eval current_mk := $(strip $(word 1,$(_include_stack)))) \ $(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_REQUIREMENTS := $(strip $(1))) \ $(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_WHITELIST := $(strip $(2))) \ $(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_ALLOWED_LIST := $(strip $(2))) \ $(eval ARTIFACT_PATH_REQUIREMENT_PRODUCTS := \ $(sort $(ARTIFACT_PATH_REQUIREMENT_PRODUCTS) $(current_mk))) endef # Makes including non-existent modules in PRODUCT_PACKAGES an error. # $(1): whitelist of non-existent modules to allow. # $(1): list of non-existent modules to allow. define enforce-product-packages-exist $(eval current_mk := $(strip $(word 1,$(_include_stack)))) \ $(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST := true) \ $(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST := $(1)) \ $(eval PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST := $(1)) \ $(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST) \ $(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST) $(eval .KATI_READONLY := PRODUCTS.$(current_mk).PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST) endef # Loading Loading @@ -589,7 +590,7 @@ define strip-product-vars $(foreach v,\ $(_product_var_list) \ PRODUCT_ENFORCE_PACKAGES_EXIST \ PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST, \ PRODUCT_ENFORCE_PACKAGES_EXIST_ALLOW_LIST, \ $(eval $(v) := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).$(v)))) \ $(eval get-product-var = $$(if $$(filter $$(1),$$(INTERNAL_PRODUCT)),$$($$(2)),$$(PRODUCTS.$$(strip $$(1)).$$(2)))) \ $(KATI_obsolete_var PRODUCTS.$(INTERNAL_PRODUCT).$(v),Use $(v) instead) \ Loading
