From 50cd6b2a18e16e3bd45ed87e690ea0e2afbc9f61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20Ciche=C5=84ski?= Date: Tue, 17 Oct 2023 17:34:34 +0000 Subject: [PATCH] Revert "Enable genrule sandboxing by default" Revert submission 2782270-genrule_sandboxing_by_default Reason for revert: Potential culprit for b/305851039 and many other build breakages - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted. Reverted changes: /q/submissionid:2782270-genrule_sandboxing_by_default Change-Id: I3a8eb5d3a6a9e0d51ed7798c99187e9ca236b7bd --- Changes.md | 9 --------- core/board_config.mk | 1 - core/soong_config.mk | 7 +------ 3 files changed, 1 insertion(+), 16 deletions(-) diff --git a/Changes.md b/Changes.md index fc15e601b6..6c0cf7020e 100644 --- a/Changes.md +++ b/Changes.md @@ -1,14 +1,5 @@ # Build System Changes for Android.mk/Android.bp Writers -## Soong genrules are now sandboxed - -Previously, soong genrules could access any files in the source tree, without specifying them as -inputs. This makes them incorrect in incremental builds, and incompatible with RBE and Bazel. - -Now, genrules are sandboxed so they can only access their listed srcs. Modules denylisted in -genrule/allowlists.go are exempt from this. You can also set `BUILD_BROKEN_GENRULE_SANDBOXING` -in board config to disable this behavior. - ## Partitions are no longer affected by previous builds Partition builds used to include everything in their staging directories, and building an diff --git a/core/board_config.mk b/core/board_config.mk index a0e5d36dac..eb4c5ecfd1 100644 --- a/core/board_config.mk +++ b/core/board_config.mk @@ -188,7 +188,6 @@ _build_broken_var_list := \ BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE \ BUILD_BROKEN_VINTF_PRODUCT_COPY_FILES \ BUILD_BROKEN_INCORRECT_PARTITION_IMAGES \ - BUILD_BROKEN_GENRULE_SANDBOXING \ _build_broken_var_list += \ $(foreach m,$(AVAILABLE_BUILD_MODULE_TYPES) \ diff --git a/core/soong_config.mk b/core/soong_config.mk index 5bf06dc4f4..e541c123df 100644 --- a/core/soong_config.mk +++ b/core/soong_config.mk @@ -15,10 +15,6 @@ endif # PRODUCT_AFDO_PROFILES takes precedence over product-agnostic profiles in AFDO_PROFILES ALL_AFDO_PROFILES := $(PRODUCT_AFDO_PROFILES) $(AFDO_PROFILES) -ifneq (,$(filter-out environment undefined,$(origin GENRULE_SANDBOXING))) - $(error GENRULE_SANDBOXING can only be provided via an environment variable, use BUILD_BROKEN_GENRULE_SANDBOXING to disable genrule sandboxing in board config) -endif - ifeq ($(WRITE_SOONG_VARIABLES),true) # Create soong.variables with copies of makefile settings. Runs every build, @@ -284,8 +280,7 @@ $(call add_json_list, BuildBrokenPluginValidation, $(BUILD_BROKEN_PLUGIN $(call add_json_bool, BuildBrokenClangProperty, $(filter true,$(BUILD_BROKEN_CLANG_PROPERTY))) $(call add_json_bool, BuildBrokenClangAsFlags, $(filter true,$(BUILD_BROKEN_CLANG_ASFLAGS))) $(call add_json_bool, BuildBrokenClangCFlags, $(filter true,$(BUILD_BROKEN_CLANG_CFLAGS))) -# Use the value of GENRULE_SANDBOXING if set, otherwise use the inverse of BUILD_BROKEN_GENRULE_SANDBOXING -$(call add_json_bool, GenruleSandboxing, $(if $(GENRULE_SANDBOXING),$(filter true,$(GENRULE_SANDBOXING)),$(if $(filter true,$(BUILD_BROKEN_GENRULE_SANDBOXING)),,true))) +$(call add_json_bool, GenruleSandboxing, $(filter true,$(GENRULE_SANDBOXING))) $(call add_json_bool, BuildBrokenEnforceSyspropOwner, $(filter true,$(BUILD_BROKEN_ENFORCE_SYSPROP_OWNER))) $(call add_json_bool, BuildBrokenTrebleSyspropNeverallow, $(filter true,$(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW))) $(call add_json_bool, BuildBrokenUsesSoongPython2Modules, $(filter true,$(BUILD_BROKEN_USES_SOONG_PYTHON2_MODULES))) -- GitLab