Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bb678f82 authored by Jihoon Kang's avatar Jihoon Kang
Browse files

Implement detecting container violations. 

This change introduces a method to detect violating inter-container
dependencies between modules. The method is run in
`ModuleBase.GenerateBuildActions`, after the container info provider is
set. Given that the provider of the direct dependencies would have been
set at this time, the method utilizes this information to determine
the violations, which are introduced in https://r.android.com/3141104.

Note that this enforcement does not turn all inter-container
dependencies as errors. Instead, it will only turn dependencies that
matches the pre-defined violations into errors. Even if the dependency
matches the violation, an error will not be thrown if the dependency
satisfies any of the exception functions (e.g. the dependent module is
stubs, or the two modules belong to the same apexes).

Test: m nothing --no-skip-soong-tests
Bug: 338660802
Change-Id: I36e9cd956c5a076a53635be0c6ff27f77725516e
parent 601939d0

android/apex.go

+12 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ package android 


import (

	"fmt"

	"reflect"

	"slices"

	"sort"

	"strconv"
@@ -145,6 +146,17 @@ func (i ApexInfo) InApexModule(apexModuleName string) bool { 
	return false

}



// To satisfy the comparable interface

func (i ApexInfo) Equal(other any) bool {

	otherApexInfo, ok := other.(ApexInfo)

	return ok && i.ApexVariationName == otherApexInfo.ApexVariationName &&

		i.MinSdkVersion == otherApexInfo.MinSdkVersion &&

		i.Updatable == otherApexInfo.Updatable &&

		i.UsePlatformApis == otherApexInfo.UsePlatformApis &&

		reflect.DeepEqual(i.InApexVariants, otherApexInfo.InApexVariants) &&

		reflect.DeepEqual(i.InApexModules, otherApexInfo.InApexModules)

}



// ApexTestForInfo stores the contents of APEXes for which this module is a test - although this

// module is not part of the APEX - and thus has access to APEX internals.

type ApexTestForInfo struct {

android/container.go

+65 −0
Original line number Diff line number Diff line
@@ -15,8 +15,10 @@ 
package android



import (

	"fmt"

	"reflect"

	"slices"

	"strings"



	"github.com/google/blueprint"

)
@@ -395,6 +397,40 @@ func (c *ContainersInfo) UpdatableApex() bool { 


var ContainersInfoProvider = blueprint.NewProvider[ContainersInfo]()



func satisfyAllowedExceptions(ctx ModuleContext, allowedExceptionLabels []exceptionHandleFuncLabel, m, dep Module) bool {

	for _, label := range allowedExceptionLabels {

		if exceptionHandleFunctionsTable[label](ctx, m, dep) {

			return true

		}

	}

	return false

}



func (c *ContainersInfo) GetViolations(mctx ModuleContext, m, dep Module, depInfo ContainersInfo) []string {

	var violations []string



	// Any containers that the module belongs to but the dependency does not belong to must be examined.

	_, containersUniqueToModule, _ := ListSetDifference(c.belongingContainers, depInfo.belongingContainers)



	// Apex container should be examined even if both the module and the dependency belong to

	// the apex container to check that the two modules belong to the same apex.

	if InList(ApexContainer, c.belongingContainers) && !InList(ApexContainer, containersUniqueToModule) {

		containersUniqueToModule = append(containersUniqueToModule, ApexContainer)

	}



	for _, containerUniqueToModule := range containersUniqueToModule {

		for _, restriction := range containerUniqueToModule.restricted {

			if InList(restriction.dependency, depInfo.belongingContainers) {

				if !satisfyAllowedExceptions(mctx, restriction.allowedExceptions, m, dep) {

					violations = append(violations, restriction.errorMessage)

				}

			}

		}

	}



	return violations

}



func generateContainerInfo(ctx ModuleContext) ContainersInfo {

	var containers []*container
@@ -436,3 +472,32 @@ func setContainerInfo(ctx ModuleContext) { 
		SetProvider(ctx, ContainersInfoProvider, containersInfo)

	}

}



func checkContainerViolations(ctx ModuleContext) {

	if _, ok := ctx.Module().(InstallableModule); ok {

		containersInfo, _ := getContainerModuleInfo(ctx, ctx.Module())

		ctx.VisitDirectDepsIgnoreBlueprint(func(dep Module) {

			if !dep.Enabled(ctx) {

				return

			}



			// Pre-existing violating dependencies are tracked in containerDependencyViolationAllowlist.

			// If this dependency is allowlisted, do not check for violation.

			// If not, check if this dependency matches any restricted dependency and

			// satisfies any exception functions, which allows bypassing the

			// restriction. If all of the exceptions are not satisfied, throw an error.

			if depContainersInfo, ok := getContainerModuleInfo(ctx, dep); ok {

				if allowedViolations, ok := ContainerDependencyViolationAllowlist[ctx.ModuleName()]; ok && InList(dep.Name(), allowedViolations) {

					return

				} else {

					violations := containersInfo.GetViolations(ctx, ctx.Module(), dep, depContainersInfo)

					if len(violations) > 0 {

						errorMessage := fmt.Sprintf("%s cannot depend on %s. ", ctx.ModuleName(), dep.Name())

						errorMessage += strings.Join(violations, " ")

						ctx.ModuleErrorf(errorMessage)

					}

				}

			}

		})

	}

}

android/module.go

+3 −0
Original line number Diff line number Diff line
@@ -1798,6 +1798,9 @@ func (m *ModuleBase) GenerateBuildActions(blueprintCtx blueprint.ModuleContext) 
	}



	setContainerInfo(ctx)

	if ctx.Config().Getenv("DISABLE_CONTAINER_CHECK") != "true" {

		checkContainerViolations(ctx)

	}



	m.licenseMetadataFile = PathForModuleOut(ctx, "meta_lic")

apex/aconfig_test.go

+12 −0
Original line number Diff line number Diff line
@@ -74,6 +74,8 @@ func TestValidationAcrossContainersExportedPass(t *testing.T) { 
					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

		},

		{
@@ -122,6 +124,8 @@ func TestValidationAcrossContainersExportedPass(t *testing.T) { 
					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

		},

		{
@@ -345,6 +349,8 @@ func TestValidationAcrossContainersNotExportedFail(t *testing.T) { 
					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

			expectedError: `.*my_java_library_foo/myapex depends on my_java_aconfig_library_foo/otherapex/production across containers`,

		},
@@ -392,6 +398,8 @@ func TestValidationAcrossContainersNotExportedFail(t *testing.T) { 
					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

			expectedError: `.*my_android_app_foo/myapex depends on my_java_aconfig_library_foo/otherapex/production across containers`,

		},
@@ -693,6 +701,8 @@ func TestValidationAcrossContainersNotExportedFail(t *testing.T) { 
					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

			expectedError: `.*my_android_app_foo/myapex depends on my_java_aconfig_library_foo/otherapex/production across containers`,

		},
@@ -769,6 +779,8 @@ func TestValidationNotPropagateAcrossShared(t *testing.T) { 
					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

		},

	}

apex/apex_test.go

+59 −4
Original line number Diff line number Diff line
@@ -4893,6 +4893,7 @@ func TestPrebuiltExportDexImplementationJars(t *testing.T) { 
		java_import {

			name: "libfoo",

			jars: ["libfoo.jar"],

			sdk_version: "core_current",

		}



		java_sdk_library_import {
@@ -4933,6 +4934,22 @@ func TestPrebuiltExportDexImplementationJars(t *testing.T) { 
	t.Run("prebuilt with source preferred", func(t *testing.T) {



		bp := `

		apex {

			name: "myapex",

			key: "myapex.key",

			updatable: false,

			java_libs: [

				"libfoo",

				"libbar",

			],

		}



		apex_key {

			name: "myapex.key",

			public_key: "testkey.avbpubkey",

			private_key: "testkey.pem",

		}



		prebuilt_apex {

			name: "myapex",

			arch: {
@@ -4949,10 +4966,21 @@ func TestPrebuiltExportDexImplementationJars(t *testing.T) { 
		java_import {

			name: "libfoo",

			jars: ["libfoo.jar"],

			apex_available: [

				"myapex",

			],

			compile_dex: true,

			sdk_version: "core_current",

		}



		java_library {

			name: "libfoo",

			srcs: ["foo/bar/MyClass.java"],

			apex_available: [

				"myapex",

			],

			compile_dex: true,

			sdk_version: "core_current",

		}



		java_sdk_library_import {
@@ -4960,12 +4988,21 @@ func TestPrebuiltExportDexImplementationJars(t *testing.T) { 
			public: {

				jars: ["libbar.jar"],

			},

			apex_available: [

				"myapex",

			],

			compile_dex: true,

		}



		java_sdk_library {

			name: "libbar",

			srcs: ["foo/bar/MyClass.java"],

			unsafe_ignore_missing_latest_api: true,

			apex_available: [

				"myapex",

			],

			compile_dex: true,

			sdk_version: "core_current",

		}

	`
@@ -4974,11 +5011,9 @@ func TestPrebuiltExportDexImplementationJars(t *testing.T) { 


		checkDexJarBuildPath(t, ctx, "prebuilt_libfoo")

		checkDexJarInstallPath(t, ctx, "prebuilt_libfoo")

		ensureNoSourceVariant(t, ctx, "libfoo")



		checkDexJarBuildPath(t, ctx, "prebuilt_libbar")

		checkDexJarInstallPath(t, ctx, "prebuilt_libbar")

		ensureNoSourceVariant(t, ctx, "libbar")

	})



	t.Run("prebuilt preferred with source", func(t *testing.T) {
@@ -5004,6 +5039,7 @@ func TestPrebuiltExportDexImplementationJars(t *testing.T) { 


		java_library {

			name: "libfoo",

			sdk_version: "core_current",

		}



		java_sdk_library_import {
@@ -5130,6 +5166,7 @@ func TestBootDexJarsFromSourcesAndPrebuilts(t *testing.T) { 
			jars: ["libfoo.jar"],

			apex_available: ["myapex"],

			permitted_packages: ["foo"],

			sdk_version: "core_current",

		}



		java_sdk_library_import {
@@ -5284,12 +5321,14 @@ func TestBootDexJarsFromSourcesAndPrebuilts(t *testing.T) { 
			name: "libfoo",

			jars: ["libfoo.jar"],

			apex_available: ["myapex"],

			sdk_version: "core_current",

		}



		java_library {

			name: "libfoo",

			srcs: ["foo/bar/MyClass.java"],

			apex_available: ["myapex"],

			sdk_version: "core_current",

		}



		java_sdk_library_import {
@@ -5381,6 +5420,7 @@ func TestBootDexJarsFromSourcesAndPrebuilts(t *testing.T) { 
			jars: ["libfoo.jar"],

			apex_available: ["myapex"],

			permitted_packages: ["foo"],

			sdk_version: "core_current",

		}



		java_library {
@@ -5388,6 +5428,7 @@ func TestBootDexJarsFromSourcesAndPrebuilts(t *testing.T) { 
			srcs: ["foo/bar/MyClass.java"],

			apex_available: ["myapex"],

			installable: true,

			sdk_version: "core_current",

		}



		java_sdk_library_import {
@@ -5478,6 +5519,7 @@ func TestBootDexJarsFromSourcesAndPrebuilts(t *testing.T) { 
			name: "libfoo",

			jars: ["libfoo.jar"],

			apex_available: ["myapex"],

			sdk_version: "core_current",

		}



		java_library {
@@ -5486,6 +5528,7 @@ func TestBootDexJarsFromSourcesAndPrebuilts(t *testing.T) { 
			apex_available: ["myapex"],

			permitted_packages: ["foo"],

			installable: true,

			sdk_version: "core_current",

		}



		java_sdk_library_import {
@@ -5504,6 +5547,7 @@ func TestBootDexJarsFromSourcesAndPrebuilts(t *testing.T) { 
			apex_available: ["myapex"],

			permitted_packages: ["bar"],

			compile_dex: true,

			sdk_version: "core_current",

		}

	`
@@ -6098,6 +6142,7 @@ func TestApexWithTestHelperApp(t *testing.T) { 
			name: "TesterHelpAppFoo",

			srcs: ["foo/bar/MyClass.java"],

			apex_available: [ "myapex" ],

			sdk_version: "test_current",

		}



	`)
@@ -7700,7 +7745,7 @@ func TestSymlinksFromApexToSystem(t *testing.T) { 
			srcs: ["foo/bar/MyClass.java"],

			sdk_version: "none",

			system_modules: "none",

			libs: ["myotherjar"],

			static_libs: ["myotherjar"],

			apex_available: [

				"myapex",

				"myapex.updatable",
@@ -8361,6 +8406,7 @@ func TestUpdatable_should_not_set_generate_classpaths_proto(t *testing.T) { 
			apex_available: [

				"myapex",

			],

			sdk_version: "current",

		}



		systemserverclasspath_fragment {
@@ -9403,6 +9449,7 @@ func TestApexJavaCoverage(t *testing.T) { 
			srcs: ["mybootclasspathlib.java"],

			apex_available: ["myapex"],

			compile_dex: true,

			sdk_version: "current",

		}



		systemserverclasspath_fragment {
@@ -9718,6 +9765,7 @@ func TestSdkLibraryCanHaveHigherMinSdkVersion(t *testing.T) { 
				unsafe_ignore_missing_latest_api: true,

				min_sdk_version: "31",

				static_libs: ["util"],

				sdk_version: "core_current",

			}



			java_library {
@@ -9726,6 +9774,7 @@ func TestSdkLibraryCanHaveHigherMinSdkVersion(t *testing.T) { 
				apex_available: ["myapex"],

				min_sdk_version: "31",

				static_libs: ["another_util"],

				sdk_version: "core_current",

			}



			java_library {
@@ -9733,6 +9782,7 @@ func TestSdkLibraryCanHaveHigherMinSdkVersion(t *testing.T) { 
                srcs: ["a.java"],

				min_sdk_version: "31",

				apex_available: ["myapex"],

				sdk_version: "core_current",

			}

		`)

	})
@@ -9788,7 +9838,7 @@ func TestSdkLibraryCanHaveHigherMinSdkVersion(t *testing.T) { 
	})



	t.Run("bootclasspath_fragment jar must set min_sdk_version", func(t *testing.T) {

		preparer.ExtendWithErrorHandler(android.FixtureExpectsAtLeastOneErrorMatchingPattern(`module "mybootclasspathlib".*must set min_sdk_version`)).

		preparer.

			RunTestWithBp(t, `

				apex {

					name: "myapex",
@@ -9819,6 +9869,8 @@ func TestSdkLibraryCanHaveHigherMinSdkVersion(t *testing.T) { 
					apex_available: ["myapex"],

					compile_dex: true,

					unsafe_ignore_missing_latest_api: true,

					sdk_version: "current",

					min_sdk_version: "30",

				}

		`)

	})
@@ -10071,6 +10123,9 @@ func TestApexLintBcpFragmentSdkLibDeps(t *testing.T) { 
			key: "myapex.key",

			bootclasspath_fragments: ["mybootclasspathfragment"],

			min_sdk_version: "29",

			java_libs: [

				"jacocoagent",

			],

		}

		apex_key {

			name: "myapex.key",