Merge "Revert "Revert "Prevent runtime module paths being used in...

var neverallows = []Rule{}

func init() {

	AddNeverAllowRules(createIncludeDirsRules()...)

	AddNeverAllowRules(createTrebleRules()...)

	AddNeverAllowRules(createLibcoreRules()...)

	AddNeverAllowRules(createMediaRules()...)

	neverallows = append(neverallows, rules...)

}

func createIncludeDirsRules() []Rule {

	// The list of paths that cannot be referenced using include_dirs

	paths := []string{

		"art",

		"libcore",

		"libnativehelper",

		"external/apache-harmony",

		"external/apache-xml",

		"external/boringssl",

		"external/bouncycastle",

		"external/conscrypt",

		"external/icu",

		"external/okhttp",

		"external/vixl",

		"external/wycheproof",

		"system/core/libnativebridge",

		"system/core/libnativehelper",

	}

	// Create a composite matcher that will match if the value starts with any of the restricted

	// paths. A / is appended to the prefix to ensure that restricting path X does not affect paths

	// XY.

	rules := make([]Rule, 0, len(paths))

	for _, path := range paths {

		rule :=

			NeverAllow().

				WithMatcher("include_dirs", StartsWith(path+"/")).

				Because("include_dirs is deprecated, all usages of '" + path + "' have been migrated" +

					" to use alternate mechanisms and so can no longer be used.")

		rules = append(rules, rule)

	}

	return rules

}

func createTrebleRules() []Rule {

	return []Rule{

		NeverAllow().

var anyMatcherInstance = &anyMatcher{}

type startsWithMatcher struct {

	prefix string

}

func (m *startsWithMatcher) test(value string) bool {

	return strings.HasPrefix(value, m.prefix)

}

func (m *startsWithMatcher) String() string {

	return ".starts-with(" + m.prefix + ")"

}

type ruleProperty struct {

	fields  []string // e.x.: Vndk.Enabled

	matcher ValueMatcher

	With(properties, value string) Rule

	WithMatcher(properties string, matcher ValueMatcher) Rule

	Without(properties, value string) Rule

	WithoutMatcher(properties string, matcher ValueMatcher) Rule

	Because(reason string) Rule

}

}

func (r *rule) With(properties, value string) Rule {

	return r.WithMatcher(properties, selectMatcher(value))

}

func (r *rule) WithMatcher(properties string, matcher ValueMatcher) Rule {

	r.props = append(r.props, ruleProperty{

		fields:  fieldNamesForProperties(properties),

		matcher: selectMatcher(value),

		matcher: matcher,

	})

	return r

}

func (r *rule) Without(properties, value string) Rule {

	return r.WithoutMatcher(properties, selectMatcher(value))

}

func (r *rule) WithoutMatcher(properties string, matcher ValueMatcher) Rule {

	r.unlessProps = append(r.unlessProps, ruleProperty{

		fields:  fieldNamesForProperties(properties),

		matcher: selectMatcher(value),

		matcher: matcher,

	})

	return r

}

	return includeProps && !excludeProps

}

func StartsWith(prefix string) ValueMatcher {

	return &startsWithMatcher{prefix}

}

// assorted utils

func cleanPaths(paths []string) []string {

	fs            map[string][]byte

	expectedError string

}{

	// include_dir rule tests

	{

		name: "include_dir not allowed to reference art",

		fs: map[string][]byte{

			"other/Blueprints": []byte(`

				cc_library {

					name: "libother",

					include_dirs: ["art/libdexfile/include"],

				}`),

		},

		expectedError: "all usages of 'art' have been migrated",

	},

	{

		name: "include_dir can reference another location",

		fs: map[string][]byte{

			"other/Blueprints": []byte(`

				cc_library {

					name: "libother",

					include_dirs: ["another/include"],

				}`),

		},

	},

	// Treble rule tests

	{

		name: "no vndk.enabled under vendor directory",

		fs: map[string][]byte{

}

type mockCcLibraryProperties struct {

	Include_dirs     []string

	Vendor_available *bool

	Vndk struct {