Gitiles
Code Review Sign In
review.blissroms.org / platform_build_make / 7ace0d60ef59bb5d5ff0b22d51d3a85b626eaa0c^! / . / core / main.mk
commit7ace0d60ef59bb5d5ff0b22d51d3a85b626eaa0c[log] [tgz]
authorJaekyun Seok <jaekyun@google.com>Fri Jan 20 13:17:12 2017 +0900
committerJaekyun Seok <jaekyun@google.com>Wed Jan 25 13:00:25 2017 +0900
tree0f05663ee8a5d7551a95d8b96d04e6390a7ac154
parent96c81711c1e752e55c94c59e55ae02352e8146d2 [diff] [blame]
Prevent abuse of property overrides

To prevent abuse of PRODUCT_*PROPERTY_OVERRIDES and
ADDITIONAL*PROPERTIES, the following rules should be applied.

- Mark PRODUCT_*PROPERTY_OVERRIDES readonly after reading product
 specs.
- Disallow any changes on ADDITIONAL*PROPERTIES from product specs
 and BoardConfig.mk.
- Mark ADDITIONAL*PROPERTIES readonly before reading Android.mk
 files.

Test: building succeeded on marlin-userdebug.
Bug: 34116668
Change-Id: I93d8de086ec85ba787165a156bdcc7df04310be1
(cherry picked from commit 294286d95c7647c1c20c3537f065c21e85371695)

diff --git a/core/main.mk b/core/main.mk
index 391f239..017b818 100644
--- a/core/main.mk
+++ b/core/main.mk

@@ -230,6 +230,31 @@
 EMMA_INSTRUMENT := true
 endif
 
+#
+# -----------------------------------------------------------------
+# Validate ADDITIONAL_DEFAULT_PROPERTIES.
+ifneq ($(ADDITIONAL_DEFAULT_PROPERTIES),)
+$(error ADDITIONAL_DEFAULT_PROPERTIES must not be set before here: $(ADDITIONAL_DEFAULT_PROPERTIES))
+endif
+
+#
+# -----------------------------------------------------------------
+# Validate ADDITIONAL_BUILD_PROPERTIES.
+ifneq ($(ADDITIONAL_BUILD_PROPERTIES),)
+$(error ADDITIONAL_BUILD_PROPERTIES must not be set before here: $(ADDITIONAL_BUILD_PROPERTIES))
+endif
+
+#
+# -----------------------------------------------------------------
+# Add the product-defined properties to the build properties.
+ifdef PRODUCT_SHIPPING_API_LEVEL
+ADDITIONAL_BUILD_PROPERTIES += \
+  ro.product.first_api_level=$(PRODUCT_SHIPPING_API_LEVEL)
+endif
+ADDITIONAL_BUILD_PROPERTIES := \
+  $(ADDITIONAL_BUILD_PROPERTIES) \
+  $(PRODUCT_PROPERTY_OVERRIDES)
+
 # Bring in standard build system definitions.
 include $(BUILD_SYSTEM)/definitions.mk
 
@@ -447,8 +472,12 @@
 FULL_BUILD := true
 
 # Before we go and include all of the module makefiles, mark the PRODUCT_*
-# values readonly so that they won't be modified.
+# and ADDITIONAL*PROPERTIES values readonly so that they won't be modified.
 $(call readonly-product-vars)
+ADDITIONAL_DEFAULT_PROPERTIES := $(strip $(ADDITIONAL_DEFAULT_PROPERTIES))
+.KATI_READONLY := ADDITIONAL_DEFAULT_PROPERTIES
+ADDITIONAL_BUILD_PROPERTIES := $(strip $(ADDITIONAL_BUILD_PROPERTIES))
+.KATI_READONLY := ADDITIONAL_BUILD_PROPERTIES
 
 ifneq ($(ONE_SHOT_MAKEFILE),)
 # We've probably been invoked by the "mm" shell function