Merge "Create Make flags to set source tree as ReadOnly in soong builds"

        "path.go",

        "proc_sync.go",

        "rbe.go",

        "sandbox_config.go",

        "signal.go",

        "soong.go",

        "test_build.go",

            "config_linux.go",

            "sandbox_linux.go",

        ],

        testSrcs: [

            "sandbox_linux_test.go",

        ],

    },

}

	katiSuffix      string

	targetDevice    string

	targetDeviceDir string

	sandboxConfig   *SandboxConfig

	// Autodetected

	totalRAM uint64

func NewConfig(ctx Context, args ...string) Config {

	ret := &configImpl{

		environ:       OsEnvironment(),

		sandboxConfig: &SandboxConfig{},

	}

	// Default matching ninja

		// Extra environment variables to be exported to ninja

		"BUILD_BROKEN_NINJA_USES_ENV_VARS",

		// Used to restrict write access to source tree

		"BUILD_BROKEN_SRC_DIR_IS_WRITABLE",

		"BUILD_BROKEN_SRC_DIR_RW_ALLOWLIST",

		// Not used, but useful to be in the soong.log

		"BOARD_VNDK_VERSION",

	config.SetNinjaArgs(strings.Fields(makeVars["NINJA_GOALS"]))

	config.SetTargetDevice(makeVars["TARGET_DEVICE"])

	config.SetTargetDeviceDir(makeVars["TARGET_DEVICE_DIR"])

	config.sandboxConfig.SetSrcDirIsRO(makeVars["BUILD_BROKEN_SRC_DIR_IS_WRITABLE"] == "false")

	config.sandboxConfig.SetSrcDirRWAllowlist(strings.Fields(makeVars["BUILD_BROKEN_SRC_DIR_RW_ALLOWLIST"]))

	config.SetBuildBrokenDupRules(makeVars["BUILD_BROKEN_DUP_RULES"] == "true")

	config.SetBuildBrokenUsesNetwork(makeVars["BUILD_BROKEN_USES_NETWORK"] == "true")

// Copyright 2021 Google Inc. All rights reserved.

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

//     http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.

package build

type SandboxConfig struct {

	srcDirIsRO        bool

	srcDirRWAllowlist []string

}

func (sc *SandboxConfig) SetSrcDirIsRO(ro bool) {

	sc.srcDirIsRO = ro

}

func (sc *SandboxConfig) SrcDirIsRO() bool {

	return sc.srcDirIsRO

}

func (sc *SandboxConfig) SetSrcDirRWAllowlist(allowlist []string) {

	sc.srcDirRWAllowlist = allowlist

}

func (sc *SandboxConfig) SrcDirRWAllowlist() []string {

	return sc.srcDirRWAllowlist

}

func (c *Cmd) wrapSandbox() {

	wd, _ := os.Getwd()

	var srcDirMountFlag string

	if c.config.sandboxConfig.SrcDirIsRO() {

		srcDirMountFlag = "-R"

	} else {

		srcDirMountFlag = "-B" //Read-Write

	}

	sandboxArgs := []string{

		// The executable to run

		"-x", c.Path,

		// Mount a writable tmp dir

		"-B", "/tmp",

		// Mount source are read-write

		"-B", sandboxConfig.srcDir,

		// Mount source

		srcDirMountFlag, sandboxConfig.srcDir,

		//Mount out dir as read-write

		"-B", sandboxConfig.outDir,

		"-q",

	}

	// Mount srcDir RW allowlists as Read-Write

	if len(c.config.sandboxConfig.SrcDirRWAllowlist()) > 0 && !c.config.sandboxConfig.SrcDirIsRO() {

		errMsg := `Product source tree has been set as ReadWrite, RW allowlist not necessary.

			To recover, either

			1. Unset BUILD_BROKEN_SRC_DIR_IS_WRITABLE #or

			2. Unset BUILD_BROKEN_SRC_DIR_RW_ALLOWLIST`

		c.ctx.Fatalln(errMsg)

	}

	for _, srcDirChild := range c.config.sandboxConfig.SrcDirRWAllowlist() {

		sandboxArgs = append(sandboxArgs, "-B", srcDirChild)

	}

	if _, err := os.Stat(sandboxConfig.distDir); !os.IsNotExist(err) {

		//Mount dist dir as read-write if it already exists

		sandboxArgs = append(sandboxArgs, "-B", sandboxConfig.distDir)