Gitiles
Code Review Sign In
review.blissroms.org / platform_build_make / 427d8557280dd21f4e7848b5633f43071c9a3454^! / . / core / main.mk
commit427d8557280dd21f4e7848b5633f43071c9a3454[log] [tgz]
authorAnton Hansson <hansson@google.com>Tue Jun 05 17:53:09 2018 +0100
committerAnton Hansson <hansson@google.com>Thu Jun 14 11:35:05 2018 +0100
tree1f16472e1c9cb0423e4409fd49e2afab4fc49f8c
parent2b0ea222c1e4118cf228ca75281ea68f2d74f29c [diff] [blame]
Add support enforcing all path requirements.

Setting PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS to be non-empty will
verify that when an inherited product file makes an path requirement
claim, no files other than the ones it produces are allowed inside its
paths. This allows more rigorous control of what goes where, and
specifically stops accidental inclusion of modules in the wrong places
(which is very easy to do otherwise).

In order to enable iterative improvements to current offenders, support
for a whitelist is also added (via the new
PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST property). Verification is
done that this variable corresponds to exactly the list of current
offenders.

Example use:
  PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS := true
  PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST := system/priv-app/Dialer/Dialer.apk

Bug: 80410283
Test: In a downstream CL specifying the above.
Change-Id: I58047db08bde34da21759cfc55f398892b1c809a

diff --git a/core/main.mk b/core/main.mk
index 01dc0c1..d831ad0 100644
--- a/core/main.mk
+++ b/core/main.mk

@@ -965,6 +965,17 @@
   $(call maybe-print-list-and-error,$(offending_files),$(makefile) produces files outside its artifact path requirement.) \
   $(eval unused_whitelist := $(filter-out $(files),$(whitelist_patterns))) \
   $(call maybe-print-list-and-error,$(unused_whitelist),$(makefile) includes redundant whitelist entries in its artifact path requirement.) \
+  $(eval ### Optionally verify that nothing else produces files inside this artifact path requirement.) \
+  $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS),\
+    $(eval extra_files := $(filter-out $(files) $(HOST_OUT)/%,$(product_FILES))) \
+    $(eval whitelist := $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST)) \
+    $(eval whitelist_patterns := $(call resolve-product-relative-paths,$(whitelist))) \
+    $(eval files_in_requirement := $(filter $(path_patterns),$(extra_files))) \
+    $(eval offending_files := $(filter-out $(whitelist_patterns),$(files_in_requirement))) \
+    $(call maybe-print-list-and-error,$(offending_files),$(INTERNAL_PRODUCT) produces files inside $(makefile)s artifact path requirement.) \
+    $(eval unused_whitelist := $(filter-out $(extra_files),$(whitelist_patterns))) \
+    $(call maybe-print-list-and-error,$(unused_whitelist),$(INTERNAL_PRODUCT) includes redundant artifact path requirement whitelist entries.) \
+  ) \
 )
 
 ifeq (0,1)