Merge changes Ia693c4a5,I8e5620d2 into main

import (

	"fmt"

	"reflect"

	"slices"

	"sort"

	"strconv"

	return false

}

// To satisfy the comparable interface

func (i ApexInfo) Equal(other any) bool {

	otherApexInfo, ok := other.(ApexInfo)

	return ok && i.ApexVariationName == otherApexInfo.ApexVariationName &&

		i.MinSdkVersion == otherApexInfo.MinSdkVersion &&

		i.Updatable == otherApexInfo.Updatable &&

		i.UsePlatformApis == otherApexInfo.UsePlatformApis &&

		reflect.DeepEqual(i.InApexVariants, otherApexInfo.InApexVariants) &&

		reflect.DeepEqual(i.InApexModules, otherApexInfo.InApexModules)

}

// ApexTestForInfo stores the contents of APEXes for which this module is a test - although this

// module is not part of the APEX - and thus has access to APEX internals.

type ApexTestForInfo struct {

package android

import (

	"fmt"

	"reflect"

	"slices"

	"strings"

	"github.com/google/blueprint"

)

var ContainersInfoProvider = blueprint.NewProvider[ContainersInfo]()

func satisfyAllowedExceptions(ctx ModuleContext, allowedExceptionLabels []exceptionHandleFuncLabel, m, dep Module) bool {

	for _, label := range allowedExceptionLabels {

		if exceptionHandleFunctionsTable[label](ctx, m, dep) {

			return true

		}

	}

	return false

}

func (c *ContainersInfo) GetViolations(mctx ModuleContext, m, dep Module, depInfo ContainersInfo) []string {

	var violations []string

	// Any containers that the module belongs to but the dependency does not belong to must be examined.

	_, containersUniqueToModule, _ := ListSetDifference(c.belongingContainers, depInfo.belongingContainers)

	// Apex container should be examined even if both the module and the dependency belong to

	// the apex container to check that the two modules belong to the same apex.

	if InList(ApexContainer, c.belongingContainers) && !InList(ApexContainer, containersUniqueToModule) {

		containersUniqueToModule = append(containersUniqueToModule, ApexContainer)

	}

	for _, containerUniqueToModule := range containersUniqueToModule {

		for _, restriction := range containerUniqueToModule.restricted {

			if InList(restriction.dependency, depInfo.belongingContainers) {

				if !satisfyAllowedExceptions(mctx, restriction.allowedExceptions, m, dep) {

					violations = append(violations, restriction.errorMessage)

				}

			}

		}

	}

	return violations

}

func generateContainerInfo(ctx ModuleContext) ContainersInfo {

	var containers []*container

		SetProvider(ctx, ContainersInfoProvider, containersInfo)

	}

}

func checkContainerViolations(ctx ModuleContext) {

	if _, ok := ctx.Module().(InstallableModule); ok {

		containersInfo, _ := getContainerModuleInfo(ctx, ctx.Module())

		ctx.VisitDirectDepsIgnoreBlueprint(func(dep Module) {

			if !dep.Enabled(ctx) {

				return

			}

			// Pre-existing violating dependencies are tracked in containerDependencyViolationAllowlist.

			// If this dependency is allowlisted, do not check for violation.

			// If not, check if this dependency matches any restricted dependency and

			// satisfies any exception functions, which allows bypassing the

			// restriction. If all of the exceptions are not satisfied, throw an error.

			if depContainersInfo, ok := getContainerModuleInfo(ctx, dep); ok {

				if allowedViolations, ok := ContainerDependencyViolationAllowlist[ctx.ModuleName()]; ok && InList(dep.Name(), allowedViolations) {

					return

				} else {

					violations := containersInfo.GetViolations(ctx, ctx.Module(), dep, depContainersInfo)

					if len(violations) > 0 {

						errorMessage := fmt.Sprintf("%s cannot depend on %s. ", ctx.ModuleName(), dep.Name())

						errorMessage += strings.Join(violations, " ")

						ctx.ModuleErrorf(errorMessage)

					}

				}

			}

		})

	}

}

		"net-utils-device-common-struct-base", // apex [com.android.tethering] -> system

	},

	"NfcNciApex": {

		"android.permission.flags-aconfig-java", // apex [com.android.nfcservices] -> apex [com.android.permission, test_com.android.permission]

	},

	"okhttp-norepackage": {

		"okhttp-android-util-log", // apex [com.android.adservices, com.android.devicelock, com.android.extservices] -> system

	},

	}

	setContainerInfo(ctx)

	if ctx.Config().Getenv("DISABLE_CONTAINER_CHECK") != "true" {

		checkContainerViolations(ctx)

	}

	ctx.licenseMetadataFile = PathForModuleOut(ctx, "meta_lic")

					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

		},

		{

					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

		},

		{

					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

			expectedError: `.*my_java_library_foo/myapex depends on my_java_aconfig_library_foo/otherapex/production across containers`,

		},

					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

			expectedError: `.*my_android_app_foo/myapex depends on my_java_aconfig_library_foo/otherapex/production across containers`,

		},

					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

			expectedError: `.*my_android_app_foo/myapex depends on my_java_aconfig_library_foo/otherapex/production across containers`,

		},

					apex_available: [

						"myapex",

					],

					sdk_version: "none",

					system_modules: "none",

				}`,

		},

	}