Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2dc6827e authored by Cole Faust's avatar Cole Faust
Browse files

Remove BUILD_BROKEN_GENRULE_SANDBOXING 

Genrule sandboxing has been the default for a long time now, remove
the flag to disable sandboxing.

Bug: 414874576
Test: Presubmits
Change-Id: I3f9a05d74ac3de0216286d345f0bfb08de0f4926
parent 49c20850

Changes.md

+2 −4
Original line number Original line Diff line number Diff line
@@ -3,11 +3,9 @@ 
## Soong genrules are now sandboxed

## Soong genrules are now sandboxed





Previously, soong genrules could access any files in the source tree, without specifying them as

Previously, soong genrules could access any files in the source tree, without specifying them as

inputs. This makes them incorrect in incremental builds, and incompatible with RBE and Bazel.

inputs. This makes them incorrect in incremental builds, and incompatible with RBE.





Now, genrules are sandboxed so they can only access their listed srcs. Modules denylisted in

Now, genrules are sandboxed so they can only access their listed srcs.

genrule/allowlists.go are exempt from this. You can also set `BUILD_BROKEN_GENRULE_SANDBOXING`

in board config to disable this behavior.





## Partitions are no longer affected by previous builds

## Partitions are no longer affected by previous builds

core/board_config.mk

+0 −1
Original line number Original line Diff line number Diff line
@@ -186,7 +186,6 @@ _build_broken_var_list := \ 
  BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE \

  BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE \

  BUILD_BROKEN_VINTF_PRODUCT_COPY_FILES \

  BUILD_BROKEN_VINTF_PRODUCT_COPY_FILES \

  BUILD_BROKEN_INCORRECT_PARTITION_IMAGES \

  BUILD_BROKEN_INCORRECT_PARTITION_IMAGES \

  BUILD_BROKEN_GENRULE_SANDBOXING \

  BUILD_BROKEN_DONT_CHECK_SYSTEMSDK \

  BUILD_BROKEN_DONT_CHECK_SYSTEMSDK \





_build_broken_var_list += \

_build_broken_var_list += \

core/config.mk

+1 −0
Original line number Original line Diff line number Diff line
@@ -108,6 +108,7 @@ $(KATI_obsolete_var TARGET_ROOT_OUT_SBIN_UNSTRIPPED,/sbin has been removed, use 
$(KATI_obsolete_var BUILD_BROKEN_PHONY_TARGETS)

$(KATI_obsolete_var BUILD_BROKEN_PHONY_TARGETS)

$(KATI_obsolete_var BUILD_BROKEN_DUP_COPY_HEADERS)

$(KATI_obsolete_var BUILD_BROKEN_DUP_COPY_HEADERS)

$(KATI_obsolete_var BUILD_BROKEN_ENG_DEBUG_TAGS)

$(KATI_obsolete_var BUILD_BROKEN_ENG_DEBUG_TAGS)

$(KATI_obsolete_var BUILD_BROKEN_GENRULE_SANDBOXING)

$(KATI_obsolete_export It is a global setting. See $(CHANGES_URL)#export_keyword)

$(KATI_obsolete_export It is a global setting. See $(CHANGES_URL)#export_keyword)

$(KATI_obsolete_var BUILD_BROKEN_ANDROIDMK_EXPORTS)

$(KATI_obsolete_var BUILD_BROKEN_ANDROIDMK_EXPORTS)

$(KATI_obsolete_var PRODUCT_NOTICE_SPLIT_OVERRIDE,Stop using this, keep calm, and carry on.)

$(KATI_obsolete_var PRODUCT_NOTICE_SPLIT_OVERRIDE,Stop using this, keep calm, and carry on.)

core/soong_config.mk

+0 −6
Original line number Original line Diff line number Diff line
@@ -15,10 +15,6 @@ endif 
# PRODUCT_AFDO_PROFILES takes precedence over product-agnostic profiles in AFDO_PROFILES

# PRODUCT_AFDO_PROFILES takes precedence over product-agnostic profiles in AFDO_PROFILES

ALL_AFDO_PROFILES := $(PRODUCT_AFDO_PROFILES) $(AFDO_PROFILES)

ALL_AFDO_PROFILES := $(PRODUCT_AFDO_PROFILES) $(AFDO_PROFILES)





ifneq (,$(filter-out environment undefined,$(origin GENRULE_SANDBOXING)))

  $(error GENRULE_SANDBOXING can only be provided via an environment variable, use BUILD_BROKEN_GENRULE_SANDBOXING to disable genrule sandboxing in board config)

endif



ifeq ($(WRITE_SOONG_VARIABLES),true)

ifeq ($(WRITE_SOONG_VARIABLES),true)





# Create soong.variables with copies of makefile settings.  Runs every build,

# Create soong.variables with copies of makefile settings.  Runs every build,
@@ -297,8 +293,6 @@ $(call add_json_list, BuildBrokenPluginValidation, $(BUILD_BROKEN_PLUGIN 
$(call add_json_bool, BuildBrokenClangProperty,            $(filter true,$(BUILD_BROKEN_CLANG_PROPERTY)))

$(call add_json_bool, BuildBrokenClangProperty,            $(filter true,$(BUILD_BROKEN_CLANG_PROPERTY)))

$(call add_json_bool, BuildBrokenClangAsFlags,             $(filter true,$(BUILD_BROKEN_CLANG_ASFLAGS)))

$(call add_json_bool, BuildBrokenClangAsFlags,             $(filter true,$(BUILD_BROKEN_CLANG_ASFLAGS)))

$(call add_json_bool, BuildBrokenClangCFlags,              $(filter true,$(BUILD_BROKEN_CLANG_CFLAGS)))

$(call add_json_bool, BuildBrokenClangCFlags,              $(filter true,$(BUILD_BROKEN_CLANG_CFLAGS)))

# Use the value of GENRULE_SANDBOXING if set, otherwise use the inverse of BUILD_BROKEN_GENRULE_SANDBOXING

$(call add_json_bool, GenruleSandboxing,                   $(if $(GENRULE_SANDBOXING),$(filter true,$(GENRULE_SANDBOXING)),$(if $(filter true,$(BUILD_BROKEN_GENRULE_SANDBOXING)),,true)))

$(call add_json_bool, BuildBrokenEnforceSyspropOwner,      $(filter true,$(BUILD_BROKEN_ENFORCE_SYSPROP_OWNER)))

$(call add_json_bool, BuildBrokenEnforceSyspropOwner,      $(filter true,$(BUILD_BROKEN_ENFORCE_SYSPROP_OWNER)))

$(call add_json_bool, BuildBrokenTrebleSyspropNeverallow,  $(filter true,$(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW)))

$(call add_json_bool, BuildBrokenTrebleSyspropNeverallow,  $(filter true,$(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW)))

$(call add_json_bool, BuildBrokenVendorPropertyNamespace,  $(filter true,$(BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE)))

$(call add_json_bool, BuildBrokenVendorPropertyNamespace,  $(filter true,$(BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE)))