Add a module_path_check for vendor files
When this is enabled we ensure that files from the vendor directory
get installed to /system/vendor/* instead of elsewhere in /system/*.
This changes the PRODUCT_RESTRICT_VENDOR_FILES variable
to accept "owner", "path", "owner path", or "all".
"true" will still only enforce vendor file owner restrictions.
Change-Id: I4598130a590ad56976e011f4cb2a9f5f227d5732
diff --git a/core/tasks/module_owner_check.mk b/core/tasks/vendor_module_check.mk
similarity index 65%
rename from core/tasks/module_owner_check.mk
rename to core/tasks/vendor_module_check.mk
index 453e718..c2d6c78 100644
--- a/core/tasks/module_owner_check.mk
+++ b/core/tasks/vendor_module_check.mk
@@ -15,7 +15,6 @@
#
# Restrict the vendor module owners here.
-
_vendor_owner_whitelist := \
broadcom \
csr \
@@ -26,7 +25,26 @@
ti
-ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_RESTRICT_VENDOR_FILES))
+ifneq (,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_RESTRICT_VENDOR_FILES))
+
+_check_modules := $(sort $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGES))
+
+# expand with the required modules
+# $(1) the module name set to expand
+define _expand_required_modules
+$(eval _erm_new_modules:=)\
+$(foreach m, $(1), $(eval r:=$(ALL_MODULES.$(m).REQUIRED))\
+ $(if $(r), $(if $(filter $(_check_modules), $(r)),,\
+ $(eval _check_modules := $(_check_modules) $(r))\
+ $(eval _erm_new_modules := $(_erm_new_modules) $(r)))))\
+$(if $(_erm_new_modules), $(call _expand_required_modules, $(_erm_new_modules)))
+endef
+
+$(call _expand_required_modules, $(_check_modules))
+
+
+# Restrict owners
+ifneq (,$(filter true owner all, $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_RESTRICT_VENDOR_FILES)))
ifneq (,$(filter vendor/%, $(PRODUCT_PACKAGE_OVERLAYS) $(DEVICE_PACKAGE_OVERLAYS)))
$(error Error: Product "$(TARGET_PRODUCT)" can not have overlay in vendor tree: \
@@ -37,25 +55,25 @@
$(filter vendor/%, $(PRODUCT_COPY_FILES)))
endif
-_owner_check_modules := $(sort $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGES))
-
-# expand with the required modules
-# $(1) the module name set to expand
-define _expand_required_modules
-$(eval _erm_new_modules:=)\
-$(foreach m, $(1), $(eval r:=$(ALL_MODULES.$(m).REQUIRED))\
- $(if $(r), $(if $(filter $(_owner_check_modules), $(r)),,\
- $(eval _owner_check_modules := $(_owner_check_modules) $(r))\
- $(eval _erm_new_modules := $(_erm_new_modules) $(r)))))\
-$(if $(_erm_new_modules), $(call _expand_required_modules, $(_erm_new_modules)))
-endef
-
-$(call _expand_required_modules, $(_owner_check_modules))
-
-$(foreach m, $(_owner_check_modules), \
+$(foreach m, $(_check_modules), \
$(if $(filter vendor/%, $(ALL_MODULES.$(m).PATH)),\
$(if $(filter $(_vendor_owner_whitelist), $(ALL_MODULES.$(m).OWNER)),,\
$(error Error: vendor module "$(m)" in $(ALL_MODULES.$(m).PATH) with unknown owner \
"$(ALL_MODULES.$(m).OWNER)" in product "$(TARGET_PRODUCT)"))))
endif
+
+
+# Restrict paths
+ifneq (,$(filter path all, $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_RESTRICT_VENDOR_FILES)))
+
+$(foreach m, $(_check_modules), \
+ $(if $(filter vendor/%, $(ALL_MODULES.$(m).PATH)),\
+ $(if $(filter $(TARGET_OUT_VENDOR)/%, $(ALL_MODULES.$(m).INSTALLED)),,\
+ $(error Error: vendor module "$(m)" in $(ALL_MODULES.$(m).PATH) \
+ in product "$(TARGET_PRODUCT)" being installed to \
+ $(ALL_MODULES.$(m).INSTALLED) which is not in the vendor tree))))
+
+endif
+
+endif