Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a3639e62 authored by Spandan Das's avatar Spandan Das
Browse files

Create Make flags to set source tree as ReadOnly in soong builds 

The following two Make vars control RO/RW access to the source tree
1. BUILD_BROKEN_SRC_DIR_IS_WRITABLE
2. BUILD_BROKEN_SRC_DIR_RW_ALLOWLIST

By default, (1) will be truthy.
- this ensures that this CL is a non breaking change across all products
- different products can opt in to set is as "false"

Bug: 174726238
Test: from build/soong dir, ran go test ./ui/build
Change-Id: I4d55ac74f02b2a73194d31506a9010162620b25a
parent f6840284

ui/build/Android.bp

+4 −0
Original line number Diff line number Diff line
@@ -60,6 +60,7 @@ bootstrap_go_package { 
        "path.go",

        "proc_sync.go",

        "rbe.go",

        "sandbox_config.go",

        "signal.go",

        "soong.go",

        "test_build.go",
@@ -86,5 +87,8 @@ bootstrap_go_package { 
            "config_linux.go",

            "sandbox_linux.go",

        ],

        testSrcs: [

            "sandbox_linux_test.go",

        ],

    },

}

ui/build/config.go

+3 −1
Original line number Diff line number Diff line
@@ -57,6 +57,7 @@ type configImpl struct { 
	katiSuffix      string

	targetDevice    string

	targetDeviceDir string

	sandboxConfig   *SandboxConfig



	// Autodetected

	totalRAM uint64
@@ -121,6 +122,7 @@ func checkTopDir(ctx Context) { 
func NewConfig(ctx Context, args ...string) Config {

	ret := &configImpl{

		environ:       OsEnvironment(),

		sandboxConfig: &SandboxConfig{},

	}



	// Default matching ninja

ui/build/dumpvars.go

+6 −0
Original line number Diff line number Diff line
@@ -225,6 +225,10 @@ func runMakeProductConfig(ctx Context, config Config) { 
		// Extra environment variables to be exported to ninja

		"BUILD_BROKEN_NINJA_USES_ENV_VARS",



		// Used to restrict write access to source tree

		"BUILD_BROKEN_SRC_DIR_IS_WRITABLE",

		"BUILD_BROKEN_SRC_DIR_RW_ALLOWLIST",



		// Not used, but useful to be in the soong.log

		"BOARD_VNDK_VERSION",
@@ -280,6 +284,8 @@ func runMakeProductConfig(ctx Context, config Config) { 
	config.SetNinjaArgs(strings.Fields(makeVars["NINJA_GOALS"]))

	config.SetTargetDevice(makeVars["TARGET_DEVICE"])

	config.SetTargetDeviceDir(makeVars["TARGET_DEVICE_DIR"])

	config.sandboxConfig.SetSrcDirIsRO(makeVars["BUILD_BROKEN_SRC_DIR_IS_WRITABLE"] == "false")

	config.sandboxConfig.SetSrcDirRWAllowlist(strings.Fields(makeVars["BUILD_BROKEN_SRC_DIR_RW_ALLOWLIST"]))



	config.SetBuildBrokenDupRules(makeVars["BUILD_BROKEN_DUP_RULES"] == "true")

	config.SetBuildBrokenUsesNetwork(makeVars["BUILD_BROKEN_USES_NETWORK"] == "true")

ui/build/sandbox_config.go

0 → 100644
+36 −0
Original line number Diff line number Diff line 
// Copyright 2021 Google Inc. All rights reserved.

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

//     http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.



package build



type SandboxConfig struct {

	srcDirIsRO        bool

	srcDirRWAllowlist []string

}



func (sc *SandboxConfig) SetSrcDirIsRO(ro bool) {

	sc.srcDirIsRO = ro

}



func (sc *SandboxConfig) SrcDirIsRO() bool {

	return sc.srcDirIsRO

}



func (sc *SandboxConfig) SetSrcDirRWAllowlist(allowlist []string) {

	sc.srcDirRWAllowlist = allowlist

}



func (sc *SandboxConfig) SrcDirRWAllowlist() []string {

	return sc.srcDirRWAllowlist

}

ui/build/sandbox_linux.go

+21 −2
Original line number Diff line number Diff line
@@ -145,6 +145,13 @@ func (c *Cmd) sandboxSupported() bool { 
func (c *Cmd) wrapSandbox() {

	wd, _ := os.Getwd()



	var srcDirMountFlag string

	if c.config.sandboxConfig.SrcDirIsRO() {

		srcDirMountFlag = "-R"

	} else {

		srcDirMountFlag = "-B" //Read-Write

	}



	sandboxArgs := []string{

		// The executable to run

		"-x", c.Path,
@@ -184,8 +191,8 @@ func (c *Cmd) wrapSandbox() { 
		// Mount a writable tmp dir

		"-B", "/tmp",



		// Mount source are read-write

		"-B", sandboxConfig.srcDir,

		// Mount source

		srcDirMountFlag, sandboxConfig.srcDir,



		//Mount out dir as read-write

		"-B", sandboxConfig.outDir,
@@ -198,6 +205,18 @@ func (c *Cmd) wrapSandbox() { 
		"-q",

	}



	// Mount srcDir RW allowlists as Read-Write

	if len(c.config.sandboxConfig.SrcDirRWAllowlist()) > 0 && !c.config.sandboxConfig.SrcDirIsRO() {

		errMsg := `Product source tree has been set as ReadWrite, RW allowlist not necessary.

			To recover, either

			1. Unset BUILD_BROKEN_SRC_DIR_IS_WRITABLE #or

			2. Unset BUILD_BROKEN_SRC_DIR_RW_ALLOWLIST`

		c.ctx.Fatalln(errMsg)

	}

	for _, srcDirChild := range c.config.sandboxConfig.SrcDirRWAllowlist() {

		sandboxArgs = append(sandboxArgs, "-B", srcDirChild)

	}



	if _, err := os.Stat(sandboxConfig.distDir); !os.IsNotExist(err) {

		//Mount dist dir as read-write if it already exists

		sandboxArgs = append(sandboxArgs, "-B", sandboxConfig.distDir)