From dbb31be41302aa4426006685e9c652de8074906a Mon Sep 17 00:00:00 2001 From: Ying Wang Date: Fri, 9 Dec 2011 15:11:57 -0800 Subject: Restrict vendor modules to help AOSP product distribution. Bug: 5692177 If you set "PRODUCT_RESTRICT_VENDOR_FILES := true" in a product configuration, this changes restricts that: - No overlays in the vendor tree. - No PRODUCT_COPY_FILES coming from the vendor tree. - Any referenced package with Android.mk in the vendor tree must have LOCAL_MODULE_OWNER set to a value that's compared against a whitelist stored in the core build system. Change-Id: I172b84c7c853e9a04bf9879ea8dec90bd5054230 --- core/tasks/module_owner_check.mk | 54 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 core/tasks/module_owner_check.mk (limited to 'core/tasks') diff --git a/core/tasks/module_owner_check.mk b/core/tasks/module_owner_check.mk new file mode 100644 index 0000000..e66b0fc --- /dev/null +++ b/core/tasks/module_owner_check.mk @@ -0,0 +1,54 @@ +# +# Copyright (C) 2011 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Restrict the vendor module owners here. + +_vendor_owner_whitelist := \ + + +ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_RESTRICT_VENDOR_FILES)) + +ifneq (,$(filter vendor/%, $(PRODUCT_PACKAGE_OVERLAYS) $(DEVICE_PACKAGE_OVERLAYS))) +$(error Error: Product "$(TARGET_PRODUCT)" can not have overlay in vendor tree: \ + $(filter vendor/%, $(PRODUCT_PACKAGE_OVERLAYS) $(DEVICE_PACKAGE_OVERLAYS))) +endif +ifneq (,$(filter vendor/%, $(PRODUCT_COPY_FILES))) +$(error Error: Product "$(TARGET_PRODUCT)" can not have PRODUCT_COPY_FILES from vendor tree: \ + $(filter vendor/%, $(PRODUCT_COPY_FILES))) +endif + +_owner_check_modules := $(sort $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGES)) + +# expand with the required modules +# $(1) the module name set to expand +define _expand_required_modules +$(eval _erm_new_modules:=)\ +$(foreach m, $(1), $(eval r:=$(ALL_MODULES.$(m).REQUIRED))\ + $(if $(r), $(if $(filter $(_owner_check_modules), $(r)),,\ + $(eval _owner_check_modules := $(_owner_check_modules) $(r))\ + $(eval _erm_new_modules := $(_erm_new_modules) $(r)))))\ +$(if $(_erm_new_modules), $(call _expand_required_modules, $(_erm_new_modules))) +endef + +$(call _expand_required_modules, $(_owner_check_modules)) + +$(foreach m, $(_owner_check_modules), \ + $(if $(filter vendor/%, $(ALL_MODULES.$(m).PATH)),\ + $(if $(filter $(_vendor_owner_whitelist), $(ALL_MODULES.$(m).OWNER)),,\ + $(error Error: vendor module "$(m)" in $(ALL_MODULES.$(m).PATH) with unknown owner \ + "$(ALL_MODULES.$(m).OWNER)" in product "$(TARGET_PRODUCT)")))) + +endif -- cgit v1.1