Loading android/api_levels.go +1 −0 Original line number Diff line number Diff line Loading @@ -73,6 +73,7 @@ func getApiLevelsMap(config Config) map[string]int { "O-MR1": 27, "P": 28, "Q": 29, "R": 30, } for i, codename := range config.PlatformVersionActiveCodenames() { apiLevelsMap[codename] = baseApiLevel + i Loading android/module.go +1 −0 Original line number Diff line number Diff line Loading @@ -247,6 +247,7 @@ type Module interface { Disable() Enabled() bool Target() Target Owner() string InstallInData() bool InstallInTestcases() bool InstallInSanitizerDir() bool Loading android/neverallow.go +41 −0 Original line number Diff line number Diff line Loading @@ -199,6 +199,7 @@ func createCcSdkVariantRules() []Rule { "prebuilts/ndk", "tools/test/graphicsbenchmark/apps/sample_app", "tools/test/graphicsbenchmark/functional_tests/java", "vendor/xts/gts-tests/hostsidetests/gamedevicecert/apps/javatests", } platformVariantPropertiesAllowedList := []string{ Loading Loading @@ -274,6 +275,10 @@ func neverallowMutator(ctx BottomUpMutatorContext) { continue } if !n.appliesToBootclasspathJar(ctx) { continue } ctx.ModuleErrorf("violates " + n.String()) } } Loading Loading @@ -332,6 +337,18 @@ func (m *regexMatcher) String() string { return ".regexp(" + m.re.String() + ")" } type notInListMatcher struct { allowed []string } func (m *notInListMatcher) Test(value string) bool { return !InList(value, m.allowed) } func (m *notInListMatcher) String() string { return ".not-in-list(" + strings.Join(m.allowed, ",") + ")" } type isSetMatcher struct{} func (m *isSetMatcher) Test(value string) bool { Loading Loading @@ -363,6 +380,8 @@ type Rule interface { NotModuleType(types ...string) Rule BootclasspathJar() Rule With(properties, value string) Rule WithMatcher(properties string, matcher ValueMatcher) Rule Loading Loading @@ -390,6 +409,8 @@ type rule struct { props []ruleProperty unlessProps []ruleProperty onlyBootclasspathJar bool } // Create a new NeverAllow rule. Loading Loading @@ -465,6 +486,11 @@ func (r *rule) Because(reason string) Rule { return r } func (r *rule) BootclasspathJar() Rule { r.onlyBootclasspathJar = true return r } func (r *rule) String() string { s := "neverallow" for _, v := range r.paths { Loading @@ -491,6 +517,9 @@ func (r *rule) String() string { for _, v := range r.osClasses { s += " os:" + v.String() } if r.onlyBootclasspathJar { s += " inBcp" } if len(r.reason) != 0 { s += " which is restricted because " + r.reason } Loading Loading @@ -519,6 +548,14 @@ func (r *rule) appliesToDirectDeps(ctx BottomUpMutatorContext) bool { return matches } func (r *rule) appliesToBootclasspathJar(ctx BottomUpMutatorContext) bool { if !r.onlyBootclasspathJar { return true } return InList(ctx.ModuleName(), ctx.Config().BootJars()) } func (r *rule) appliesToOsClass(osClass OsClass) bool { if len(r.osClasses) == 0 { return true Loading Loading @@ -555,6 +592,10 @@ func Regexp(re string) ValueMatcher { return ®exMatcher{r} } func NotInList(allowed []string) ValueMatcher { return ¬InListMatcher{allowed} } // assorted utils func cleanPaths(paths []string) []string { Loading apex/androidmk.go +3 −0 Original line number Diff line number Diff line Loading @@ -108,6 +108,9 @@ func (a *apexBundle) androidMkForFiles(w io.Writer, apexBundleName, apexName, mo fmt.Fprintln(w, "LOCAL_PATH :=", moduleDir) } fmt.Fprintln(w, "LOCAL_MODULE :=", moduleName) if fi.module != nil && fi.module.Owner() != "" { fmt.Fprintln(w, "LOCAL_MODULE_OWNER :=", fi.module.Owner()) } // /apex/<apex_name>/{lib|framework|...} pathWhenActivated := filepath.Join("$(PRODUCT_OUT)", "apex", apexName, fi.installDir) var modulePath string Loading apex/apex.go +103 −8 Original line number Diff line number Diff line Loading @@ -100,6 +100,13 @@ func makeApexAvailableBaseline() map[string][]string { // // Module separator // m["com.android.appsearch"] = []string{ "icing-java-proto-lite", "libprotobuf-java-lite", } // // Module separator // m["com.android.bluetooth.updatable"] = []string{ "android.hardware.audio.common@5.0", "android.hardware.bluetooth.a2dp@1.0", Loading Loading @@ -182,6 +189,19 @@ func makeApexAvailableBaseline() map[string][]string { // // Module separator // m["com.android.extservices"] = []string{ "error_prone_annotations", "ExtServices-core", "ExtServices", "libtextclassifier-java", "libz_current", "textclassifier-statsd", "TextClassifierNotificationLibNoManifest", "TextClassifierServiceLibNoManifest", } // // Module separator // m["com.android.neuralnetworks"] = []string{ "android.hardware.neuralnetworks@1.0", "android.hardware.neuralnetworks@1.1", Loading Loading @@ -297,7 +317,6 @@ func makeApexAvailableBaseline() map[string][]string { "libpdx_headers", "libpdx_uds", "libprocinfo", "libsonivox", "libspeexresampler", "libspeexresampler", "libstagefright_esds", Loading Loading @@ -334,6 +353,7 @@ func makeApexAvailableBaseline() map[string][]string { "android.hardware.configstore@1.1", "android.hardware.graphics.allocator@2.0", "android.hardware.graphics.allocator@3.0", "android.hardware.graphics.allocator@4.0", "android.hardware.graphics.bufferqueue@1.0", "android.hardware.graphics.bufferqueue@2.0", "android.hardware.graphics.common-ndk_platform", Loading @@ -346,6 +366,7 @@ func makeApexAvailableBaseline() map[string][]string { "android.hardware.graphics.mapper@4.0", "android.hardware.media.bufferpool@2.0", "android.hardware.media.c2@1.0", "android.hardware.media.c2@1.1", "android.hardware.media.omx@1.0", "android.hardware.media@1.0", "android.hardware.media@1.0", Loading Loading @@ -439,6 +460,7 @@ func makeApexAvailableBaseline() map[string][]string { "libpdx_headers", "libscudo_wrapper", "libsfplugin_ccodec_utils", "libspeexresampler", "libstagefright_amrnb_common", "libstagefright_amrnbdec", "libstagefright_amrnbenc", Loading Loading @@ -481,6 +503,8 @@ func makeApexAvailableBaseline() map[string][]string { // Module separator // m["com.android.permission"] = []string{ "car-ui-lib", "iconloader", "kotlin-annotations", "kotlin-stdlib", "kotlin-stdlib-jdk7", Loading @@ -490,6 +514,17 @@ func makeApexAvailableBaseline() map[string][]string { "kotlinx-coroutines-core", "kotlinx-coroutines-core-nodeps", "permissioncontroller-statsd", "GooglePermissionController", "PermissionController", "SettingsLibActionBarShadow", "SettingsLibAppPreference", "SettingsLibBarChartPreference", "SettingsLibLayoutPreference", "SettingsLibProgressBar", "SettingsLibSearchWidget", "SettingsLibSettingsTheme", "SettingsLibRestrictedLockUtils", "SettingsLibHelpUtils", } // // Module separator Loading Loading @@ -648,6 +683,55 @@ func makeApexAvailableBaseline() map[string][]string { return m } // DO NOT EDIT! These are the package prefixes that are exempted from being AOT'ed by ART. // Adding code to the bootclasspath in new packages will cause issues on module update. func qModulesPackages() map[string][]string { return map[string][]string{ "com.android.conscrypt": []string{ "android.net.ssl", "com.android.org.conscrypt", }, "com.android.media": []string{ "android.media", }, } } // DO NOT EDIT! These are the package prefixes that are exempted from being AOT'ed by ART. // Adding code to the bootclasspath in new packages will cause issues on module update. func rModulesPackages() map[string][]string { return map[string][]string{ "com.android.mediaprovider": []string{ "android.provider", }, "com.android.permission": []string{ "android.permission", "android.app.role", "com.android.permission", "com.android.role", }, "com.android.sdkext": []string{ "android.os.ext", }, "com.android.os.statsd": []string{ "android.app", "android.os", "android.util", "com.android.internal.statsd", "com.android.server.stats", }, "com.android.wifi": []string{ "com.android.server.wifi", "com.android.wifi.x", "android.hardware.wifi", "android.net.wifi", }, "com.android.tethering": []string{ "android.net", }, } } func init() { android.RegisterModuleType("apex", BundleFactory) android.RegisterModuleType("apex_test", testApexBundleFactory) Loading @@ -665,6 +749,24 @@ func init() { sort.Strings(*apexFileContextsInfos) ctx.Strict("APEX_FILE_CONTEXTS_INFOS", strings.Join(*apexFileContextsInfos, " ")) }) android.AddNeverAllowRules(createApexPermittedPackagesRules(qModulesPackages())...) android.AddNeverAllowRules(createApexPermittedPackagesRules(rModulesPackages())...) } func createApexPermittedPackagesRules(modules_packages map[string][]string) []android.Rule { rules := make([]android.Rule, 0, len(modules_packages)) for module_name, module_packages := range modules_packages { permitted_packages_rule := android.NeverAllow(). BootclasspathJar(). With("apex_available", module_name). WithMatcher("permitted_packages", android.NotInList(module_packages)). Because("jars that are part of the " + module_name + " module may only allow these packages: " + strings.Join(module_packages, ",") + ". Please jarjar or move code around.") rules = append(rules, permitted_packages_rule) } return rules } func RegisterPreDepsMutators(ctx android.RegisterMutatorsContext) { Loading Loading @@ -1971,13 +2073,6 @@ func (a *apexBundle) checkStaticLinkingToStubLibraries(ctx android.ModuleContext return false } // TODO(jiyong) remove this check when R is published to AOSP. Currently, libstatssocket // is capable of providing a stub variant, but is being statically linked from the bluetooth // APEX. if toName == "libstatssocket" { return false } // The dynamic linker and crash_dump tool in the runtime APEX is the only exception to this rule. // It can't make the static dependencies dynamic because it can't // do the dynamic linking for itself. Loading Loading
android/api_levels.go +1 −0 Original line number Diff line number Diff line Loading @@ -73,6 +73,7 @@ func getApiLevelsMap(config Config) map[string]int { "O-MR1": 27, "P": 28, "Q": 29, "R": 30, } for i, codename := range config.PlatformVersionActiveCodenames() { apiLevelsMap[codename] = baseApiLevel + i Loading
android/module.go +1 −0 Original line number Diff line number Diff line Loading @@ -247,6 +247,7 @@ type Module interface { Disable() Enabled() bool Target() Target Owner() string InstallInData() bool InstallInTestcases() bool InstallInSanitizerDir() bool Loading
android/neverallow.go +41 −0 Original line number Diff line number Diff line Loading @@ -199,6 +199,7 @@ func createCcSdkVariantRules() []Rule { "prebuilts/ndk", "tools/test/graphicsbenchmark/apps/sample_app", "tools/test/graphicsbenchmark/functional_tests/java", "vendor/xts/gts-tests/hostsidetests/gamedevicecert/apps/javatests", } platformVariantPropertiesAllowedList := []string{ Loading Loading @@ -274,6 +275,10 @@ func neverallowMutator(ctx BottomUpMutatorContext) { continue } if !n.appliesToBootclasspathJar(ctx) { continue } ctx.ModuleErrorf("violates " + n.String()) } } Loading Loading @@ -332,6 +337,18 @@ func (m *regexMatcher) String() string { return ".regexp(" + m.re.String() + ")" } type notInListMatcher struct { allowed []string } func (m *notInListMatcher) Test(value string) bool { return !InList(value, m.allowed) } func (m *notInListMatcher) String() string { return ".not-in-list(" + strings.Join(m.allowed, ",") + ")" } type isSetMatcher struct{} func (m *isSetMatcher) Test(value string) bool { Loading Loading @@ -363,6 +380,8 @@ type Rule interface { NotModuleType(types ...string) Rule BootclasspathJar() Rule With(properties, value string) Rule WithMatcher(properties string, matcher ValueMatcher) Rule Loading Loading @@ -390,6 +409,8 @@ type rule struct { props []ruleProperty unlessProps []ruleProperty onlyBootclasspathJar bool } // Create a new NeverAllow rule. Loading Loading @@ -465,6 +486,11 @@ func (r *rule) Because(reason string) Rule { return r } func (r *rule) BootclasspathJar() Rule { r.onlyBootclasspathJar = true return r } func (r *rule) String() string { s := "neverallow" for _, v := range r.paths { Loading @@ -491,6 +517,9 @@ func (r *rule) String() string { for _, v := range r.osClasses { s += " os:" + v.String() } if r.onlyBootclasspathJar { s += " inBcp" } if len(r.reason) != 0 { s += " which is restricted because " + r.reason } Loading Loading @@ -519,6 +548,14 @@ func (r *rule) appliesToDirectDeps(ctx BottomUpMutatorContext) bool { return matches } func (r *rule) appliesToBootclasspathJar(ctx BottomUpMutatorContext) bool { if !r.onlyBootclasspathJar { return true } return InList(ctx.ModuleName(), ctx.Config().BootJars()) } func (r *rule) appliesToOsClass(osClass OsClass) bool { if len(r.osClasses) == 0 { return true Loading Loading @@ -555,6 +592,10 @@ func Regexp(re string) ValueMatcher { return ®exMatcher{r} } func NotInList(allowed []string) ValueMatcher { return ¬InListMatcher{allowed} } // assorted utils func cleanPaths(paths []string) []string { Loading
apex/androidmk.go +3 −0 Original line number Diff line number Diff line Loading @@ -108,6 +108,9 @@ func (a *apexBundle) androidMkForFiles(w io.Writer, apexBundleName, apexName, mo fmt.Fprintln(w, "LOCAL_PATH :=", moduleDir) } fmt.Fprintln(w, "LOCAL_MODULE :=", moduleName) if fi.module != nil && fi.module.Owner() != "" { fmt.Fprintln(w, "LOCAL_MODULE_OWNER :=", fi.module.Owner()) } // /apex/<apex_name>/{lib|framework|...} pathWhenActivated := filepath.Join("$(PRODUCT_OUT)", "apex", apexName, fi.installDir) var modulePath string Loading
apex/apex.go +103 −8 Original line number Diff line number Diff line Loading @@ -100,6 +100,13 @@ func makeApexAvailableBaseline() map[string][]string { // // Module separator // m["com.android.appsearch"] = []string{ "icing-java-proto-lite", "libprotobuf-java-lite", } // // Module separator // m["com.android.bluetooth.updatable"] = []string{ "android.hardware.audio.common@5.0", "android.hardware.bluetooth.a2dp@1.0", Loading Loading @@ -182,6 +189,19 @@ func makeApexAvailableBaseline() map[string][]string { // // Module separator // m["com.android.extservices"] = []string{ "error_prone_annotations", "ExtServices-core", "ExtServices", "libtextclassifier-java", "libz_current", "textclassifier-statsd", "TextClassifierNotificationLibNoManifest", "TextClassifierServiceLibNoManifest", } // // Module separator // m["com.android.neuralnetworks"] = []string{ "android.hardware.neuralnetworks@1.0", "android.hardware.neuralnetworks@1.1", Loading Loading @@ -297,7 +317,6 @@ func makeApexAvailableBaseline() map[string][]string { "libpdx_headers", "libpdx_uds", "libprocinfo", "libsonivox", "libspeexresampler", "libspeexresampler", "libstagefright_esds", Loading Loading @@ -334,6 +353,7 @@ func makeApexAvailableBaseline() map[string][]string { "android.hardware.configstore@1.1", "android.hardware.graphics.allocator@2.0", "android.hardware.graphics.allocator@3.0", "android.hardware.graphics.allocator@4.0", "android.hardware.graphics.bufferqueue@1.0", "android.hardware.graphics.bufferqueue@2.0", "android.hardware.graphics.common-ndk_platform", Loading @@ -346,6 +366,7 @@ func makeApexAvailableBaseline() map[string][]string { "android.hardware.graphics.mapper@4.0", "android.hardware.media.bufferpool@2.0", "android.hardware.media.c2@1.0", "android.hardware.media.c2@1.1", "android.hardware.media.omx@1.0", "android.hardware.media@1.0", "android.hardware.media@1.0", Loading Loading @@ -439,6 +460,7 @@ func makeApexAvailableBaseline() map[string][]string { "libpdx_headers", "libscudo_wrapper", "libsfplugin_ccodec_utils", "libspeexresampler", "libstagefright_amrnb_common", "libstagefright_amrnbdec", "libstagefright_amrnbenc", Loading Loading @@ -481,6 +503,8 @@ func makeApexAvailableBaseline() map[string][]string { // Module separator // m["com.android.permission"] = []string{ "car-ui-lib", "iconloader", "kotlin-annotations", "kotlin-stdlib", "kotlin-stdlib-jdk7", Loading @@ -490,6 +514,17 @@ func makeApexAvailableBaseline() map[string][]string { "kotlinx-coroutines-core", "kotlinx-coroutines-core-nodeps", "permissioncontroller-statsd", "GooglePermissionController", "PermissionController", "SettingsLibActionBarShadow", "SettingsLibAppPreference", "SettingsLibBarChartPreference", "SettingsLibLayoutPreference", "SettingsLibProgressBar", "SettingsLibSearchWidget", "SettingsLibSettingsTheme", "SettingsLibRestrictedLockUtils", "SettingsLibHelpUtils", } // // Module separator Loading Loading @@ -648,6 +683,55 @@ func makeApexAvailableBaseline() map[string][]string { return m } // DO NOT EDIT! These are the package prefixes that are exempted from being AOT'ed by ART. // Adding code to the bootclasspath in new packages will cause issues on module update. func qModulesPackages() map[string][]string { return map[string][]string{ "com.android.conscrypt": []string{ "android.net.ssl", "com.android.org.conscrypt", }, "com.android.media": []string{ "android.media", }, } } // DO NOT EDIT! These are the package prefixes that are exempted from being AOT'ed by ART. // Adding code to the bootclasspath in new packages will cause issues on module update. func rModulesPackages() map[string][]string { return map[string][]string{ "com.android.mediaprovider": []string{ "android.provider", }, "com.android.permission": []string{ "android.permission", "android.app.role", "com.android.permission", "com.android.role", }, "com.android.sdkext": []string{ "android.os.ext", }, "com.android.os.statsd": []string{ "android.app", "android.os", "android.util", "com.android.internal.statsd", "com.android.server.stats", }, "com.android.wifi": []string{ "com.android.server.wifi", "com.android.wifi.x", "android.hardware.wifi", "android.net.wifi", }, "com.android.tethering": []string{ "android.net", }, } } func init() { android.RegisterModuleType("apex", BundleFactory) android.RegisterModuleType("apex_test", testApexBundleFactory) Loading @@ -665,6 +749,24 @@ func init() { sort.Strings(*apexFileContextsInfos) ctx.Strict("APEX_FILE_CONTEXTS_INFOS", strings.Join(*apexFileContextsInfos, " ")) }) android.AddNeverAllowRules(createApexPermittedPackagesRules(qModulesPackages())...) android.AddNeverAllowRules(createApexPermittedPackagesRules(rModulesPackages())...) } func createApexPermittedPackagesRules(modules_packages map[string][]string) []android.Rule { rules := make([]android.Rule, 0, len(modules_packages)) for module_name, module_packages := range modules_packages { permitted_packages_rule := android.NeverAllow(). BootclasspathJar(). With("apex_available", module_name). WithMatcher("permitted_packages", android.NotInList(module_packages)). Because("jars that are part of the " + module_name + " module may only allow these packages: " + strings.Join(module_packages, ",") + ". Please jarjar or move code around.") rules = append(rules, permitted_packages_rule) } return rules } func RegisterPreDepsMutators(ctx android.RegisterMutatorsContext) { Loading Loading @@ -1971,13 +2073,6 @@ func (a *apexBundle) checkStaticLinkingToStubLibraries(ctx android.ModuleContext return false } // TODO(jiyong) remove this check when R is published to AOSP. Currently, libstatssocket // is capable of providing a stub variant, but is being statically linked from the bluetooth // APEX. if toName == "libstatssocket" { return false } // The dynamic linker and crash_dump tool in the runtime APEX is the only exception to this rule. // It can't make the static dependencies dynamic because it can't // do the dynamic linking for itself. Loading
