Prevent abuse of property overrides
To prevent abuse of PRODUCT_*PROPERTY_OVERRIDES and
ADDITIONAL*PROPERTIES, the following rules should be applied.
- Mark PRODUCT_*PROPERTY_OVERRIDES readonly after reading product
specs.
- Disallow any changes on ADDITIONAL*PROPERTIES from product specs
and BoardConfig.mk.
- Mark ADDITIONAL*PROPERTIES readonly before reading Android.mk
files.
Test: building succeeded on marlin-userdebug.
Bug: 34116668
Change-Id: I93d8de086ec85ba787165a156bdcc7df04310be1
(cherry picked from commit 294286d95c7647c1c20c3537f065c21e85371695)
diff --git a/core/Makefile b/core/Makefile
index 1dc3f52..b31758e 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -74,12 +74,12 @@
# default.prop
INSTALLED_DEFAULT_PROP_TARGET := $(TARGET_ROOT_OUT)/default.prop
ALL_DEFAULT_INSTALLED_MODULES += $(INSTALLED_DEFAULT_PROP_TARGET)
-ADDITIONAL_DEFAULT_PROPERTIES := \
+FINAL_DEFAULT_PROPERTIES := \
$(call collapse-pairs, $(ADDITIONAL_DEFAULT_PROPERTIES))
-ADDITIONAL_DEFAULT_PROPERTIES += \
+FINAL_DEFAULT_PROPERTIES += \
$(call collapse-pairs, $(PRODUCT_DEFAULT_PROPERTY_OVERRIDES))
-ADDITIONAL_DEFAULT_PROPERTIES := $(call uniq-pairs-by-first-component, \
- $(ADDITIONAL_DEFAULT_PROPERTIES),=)
+FINAL_DEFAULT_PROPERTIES := $(call uniq-pairs-by-first-component, \
+ $(FINAL_DEFAULT_PROPERTIES),=)
intermediate_system_build_prop := $(call intermediates-dir-for,ETC,system_build_prop)/build.prop
@@ -89,7 +89,7 @@
$(hide) echo "#" > $@; \
echo "# ADDITIONAL_DEFAULT_PROPERTIES" >> $@; \
echo "#" >> $@;
- $(hide) $(foreach line,$(ADDITIONAL_DEFAULT_PROPERTIES), \
+ $(hide) $(foreach line,$(FINAL_DEFAULT_PROPERTIES), \
echo "$(line)" >> $@;)
$(hide) echo "#" >> $@; \
echo "# BOOTIMAGE_BUILD_PROPERTIES" >> $@; \
@@ -103,10 +103,10 @@
# build.prop
INSTALLED_BUILD_PROP_TARGET := $(TARGET_OUT)/build.prop
ALL_DEFAULT_INSTALLED_MODULES += $(INSTALLED_BUILD_PROP_TARGET)
-ADDITIONAL_BUILD_PROPERTIES := \
+FINAL_BUILD_PROPERTIES := \
$(call collapse-pairs, $(ADDITIONAL_BUILD_PROPERTIES))
-ADDITIONAL_BUILD_PROPERTIES := $(call uniq-pairs-by-first-component, \
- $(ADDITIONAL_BUILD_PROPERTIES),=)
+FINAL_BUILD_PROPERTIES := $(call uniq-pairs-by-first-component, \
+ $(FINAL_BUILD_PROPERTIES),=)
# A list of arbitrary tags describing the build configuration.
# Force ":=" so we can use +=
@@ -256,12 +256,12 @@
echo "#" >> $@; \
cat $(file) >> $@; \
fi;)
- $(if $(ADDITIONAL_BUILD_PROPERTIES), \
+ $(if $(FINAL_BUILD_PROPERTIES), \
$(hide) echo >> $@; \
echo "#" >> $@; \
echo "# ADDITIONAL_BUILD_PROPERTIES" >> $@; \
echo "#" >> $@; )
- $(hide) $(foreach line,$(ADDITIONAL_BUILD_PROPERTIES), \
+ $(hide) $(foreach line,$(FINAL_BUILD_PROPERTIES), \
echo "$(line)" >> $@;)
$(hide) cat $(INSTALLED_ANDROID_INFO_TXT_TARGET) | grep 'require version-' | sed -e 's/require version-/ro.build.expect./g' >> $@
$(hide) build/tools/post_process_props.py $@ $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_PROPERTY_BLACKLIST)
diff --git a/core/main.mk b/core/main.mk
index 391f239..017b818 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -230,6 +230,31 @@
EMMA_INSTRUMENT := true
endif
+#
+# -----------------------------------------------------------------
+# Validate ADDITIONAL_DEFAULT_PROPERTIES.
+ifneq ($(ADDITIONAL_DEFAULT_PROPERTIES),)
+$(error ADDITIONAL_DEFAULT_PROPERTIES must not be set before here: $(ADDITIONAL_DEFAULT_PROPERTIES))
+endif
+
+#
+# -----------------------------------------------------------------
+# Validate ADDITIONAL_BUILD_PROPERTIES.
+ifneq ($(ADDITIONAL_BUILD_PROPERTIES),)
+$(error ADDITIONAL_BUILD_PROPERTIES must not be set before here: $(ADDITIONAL_BUILD_PROPERTIES))
+endif
+
+#
+# -----------------------------------------------------------------
+# Add the product-defined properties to the build properties.
+ifdef PRODUCT_SHIPPING_API_LEVEL
+ADDITIONAL_BUILD_PROPERTIES += \
+ ro.product.first_api_level=$(PRODUCT_SHIPPING_API_LEVEL)
+endif
+ADDITIONAL_BUILD_PROPERTIES := \
+ $(ADDITIONAL_BUILD_PROPERTIES) \
+ $(PRODUCT_PROPERTY_OVERRIDES)
+
# Bring in standard build system definitions.
include $(BUILD_SYSTEM)/definitions.mk
@@ -447,8 +472,12 @@
FULL_BUILD := true
# Before we go and include all of the module makefiles, mark the PRODUCT_*
-# values readonly so that they won't be modified.
+# and ADDITIONAL*PROPERTIES values readonly so that they won't be modified.
$(call readonly-product-vars)
+ADDITIONAL_DEFAULT_PROPERTIES := $(strip $(ADDITIONAL_DEFAULT_PROPERTIES))
+.KATI_READONLY := ADDITIONAL_DEFAULT_PROPERTIES
+ADDITIONAL_BUILD_PROPERTIES := $(strip $(ADDITIONAL_BUILD_PROPERTIES))
+.KATI_READONLY := ADDITIONAL_BUILD_PROPERTIES
ifneq ($(ONE_SHOT_MAKEFILE),)
# We've probably been invoked by the "mm" shell function
diff --git a/core/product_config.mk b/core/product_config.mk
index 295e263..8943429 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -354,18 +354,16 @@
# whitespace characters on either side of the '='.
PRODUCT_PROPERTY_OVERRIDES := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PROPERTY_OVERRIDES))
+.KATI_READONLY := PRODUCT_PROPERTY_OVERRIDES
PRODUCT_SHIPPING_API_LEVEL := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SHIPPING_API_LEVEL))
-ifdef PRODUCT_SHIPPING_API_LEVEL
-ADDITIONAL_BUILD_PROPERTIES += \
- ro.product.first_api_level=$(PRODUCT_SHIPPING_API_LEVEL)
-endif
# A list of property assignments, like "key = value", with zero or more
# whitespace characters on either side of the '='.
# used for adding properties to default.prop
PRODUCT_DEFAULT_PROPERTY_OVERRIDES := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_PROPERTY_OVERRIDES))
+.KATI_READONLY := PRODUCT_DEFAULT_PROPERTY_OVERRIDES
# Should we use the default resources or add any product specific overlays
PRODUCT_PACKAGE_OVERLAYS := \
@@ -377,11 +375,6 @@
PRODUCT_VENDOR_KERNEL_HEADERS := \
$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VENDOR_KERNEL_HEADERS)
-# Add the product-defined properties to the build properties.
-ADDITIONAL_BUILD_PROPERTIES := \
- $(ADDITIONAL_BUILD_PROPERTIES) \
- $(PRODUCT_PROPERTY_OVERRIDES)
-
# The OTA key(s) specified by the product config, if any. The names
# of these keys are stored in the target-files zip so that post-build
# signing tools can substitute them for the test key embedded by