Add a module_path_check for vendor files

When this is enabled we ensure that files from the vendor directory
get installed to /system/vendor/* instead of elsewhere in /system/*.

This changes the PRODUCT_RESTRICT_VENDOR_FILES variable
to accept "owner", "path", "owner path", or "all".
"true" will still only enforce vendor file owner restrictions.

Change-Id: I4598130a590ad56976e011f4cb2a9f5f227d5732

1 files changed, 34 insertions, 16 deletions

diff --git a/core/tasks/module_owner_check.mk b/core/tasks/vendor_module_check.mk
index 453e718..c2d6c78 100644
--- a/core/tasks/module_owner_check.mk
+++ b/core/tasks/vendor_module_check.mk
@@ -15,7 +15,6 @@
 #
 
 # Restrict the vendor module owners here.
-
 _vendor_owner_whitelist := \
 	broadcom \
 	csr \
@@ -26,36 +25,55 @@ _vendor_owner_whitelist := \
 	ti
 
 
-ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_RESTRICT_VENDOR_FILES))
+ifneq (,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_RESTRICT_VENDOR_FILES))
 
-ifneq (,$(filter vendor/%, $(PRODUCT_PACKAGE_OVERLAYS) $(DEVICE_PACKAGE_OVERLAYS)))
-$(error Error: Product "$(TARGET_PRODUCT)" can not have overlay in vendor tree: \
-    $(filter vendor/%, $(PRODUCT_PACKAGE_OVERLAYS) $(DEVICE_PACKAGE_OVERLAYS)))
-endif
-ifneq (,$(filter vendor/%, $(PRODUCT_COPY_FILES)))
-$(error Error: Product "$(TARGET_PRODUCT)" can not have PRODUCT_COPY_FILES from vendor tree: \
-    $(filter vendor/%, $(PRODUCT_COPY_FILES)))
-endif
-
-_owner_check_modules := $(sort $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGES))
+_check_modules := $(sort $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGES))
 
 # expand with the required modules
 # $(1) the module name set to expand
 define _expand_required_modules
 $(eval _erm_new_modules:=)\
 $(foreach m, $(1), $(eval r:=$(ALL_MODULES.$(m).REQUIRED))\
-  $(if $(r), $(if $(filter $(_owner_check_modules), $(r)),,\
-    $(eval _owner_check_modules := $(_owner_check_modules) $(r))\
+  $(if $(r), $(if $(filter $(_check_modules), $(r)),,\
+    $(eval _check_modules := $(_check_modules) $(r))\
     $(eval _erm_new_modules := $(_erm_new_modules) $(r)))))\
 $(if $(_erm_new_modules), $(call _expand_required_modules, $(_erm_new_modules)))
 endef
 
-$(call _expand_required_modules, $(_owner_check_modules))
+$(call _expand_required_modules, $(_check_modules))
+
+
+# Restrict owners
+ifneq (,$(filter true owner all, $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_RESTRICT_VENDOR_FILES)))
 
-$(foreach m, $(_owner_check_modules), \
+ifneq (,$(filter vendor/%, $(PRODUCT_PACKAGE_OVERLAYS) $(DEVICE_PACKAGE_OVERLAYS)))
+$(error Error: Product "$(TARGET_PRODUCT)" can not have overlay in vendor tree: \
+    $(filter vendor/%, $(PRODUCT_PACKAGE_OVERLAYS) $(DEVICE_PACKAGE_OVERLAYS)))
+endif
+ifneq (,$(filter vendor/%, $(PRODUCT_COPY_FILES)))
+$(error Error: Product "$(TARGET_PRODUCT)" can not have PRODUCT_COPY_FILES from vendor tree: \
+    $(filter vendor/%, $(PRODUCT_COPY_FILES)))
+endif
+
+$(foreach m, $(_check_modules), \
   $(if $(filter vendor/%, $(ALL_MODULES.$(m).PATH)),\
     $(if $(filter $(_vendor_owner_whitelist), $(ALL_MODULES.$(m).OWNER)),,\
       $(error Error: vendor module "$(m)" in $(ALL_MODULES.$(m).PATH) with unknown owner \
         "$(ALL_MODULES.$(m).OWNER)" in product "$(TARGET_PRODUCT)"))))
 
 endif
+
+
+# Restrict paths
+ifneq (,$(filter path all, $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_RESTRICT_VENDOR_FILES)))
+
+$(foreach m, $(_check_modules), \
+  $(if $(filter vendor/%, $(ALL_MODULES.$(m).PATH)),\
+    $(if $(filter $(TARGET_OUT_VENDOR)/%, $(ALL_MODULES.$(m).INSTALLED)),,\
+      $(error Error: vendor module "$(m)" in $(ALL_MODULES.$(m).PATH) \
+        in product "$(TARGET_PRODUCT)" being installed to \
+        $(ALL_MODULES.$(m).INSTALLED) which is not in the vendor tree))))
+
+endif
+
+endif