Change resource shared apk acl to a validation action.
This is needed as we build a depset, and we can only verify the contents of that depset at execution time (without cracking it open with .to_list())
PiperOrigin-RevId: 529541442
Change-Id: I03d99bf0499f0c1ef927e3978cb7935580cd934a
diff --git a/rules/acls/shared_library_resource_linking.bzl b/rules/acls/shared_library_resource_linking.bzl
index 01c7a4d..47d03db 100644
--- a/rules/acls/shared_library_resource_linking.bzl
+++ b/rules/acls/shared_library_resource_linking.bzl
@@ -15,5 +15,7 @@
"""Allowlist for directly or transitively linking against shared resource apks."""
SHARED_LIBRARY_RESOURCE_LINKING_ALLOWLIST = [
- "//:__subpackages__",
+ "//tools/build_defs/android/test/dev/resources/shared_lib:app1_RESOURCES_DO_NOT_USE",
+ "//tools/build_defs/android/test/dev/resources/shared_lib:app2_RESOURCES_DO_NOT_USE",
+ "//tools/build_defs/android/test/dev/resources/shared_lib:app3_RESOURCES_DO_NOT_USE",
]
diff --git a/rules/resources.bzl b/rules/resources.bzl
index 1c8315c..7a4d5bf 100644
--- a/rules/resources.bzl
+++ b/rules/resources.bzl
@@ -573,8 +573,20 @@
if node_info.exports_manifest
])
- if (transitive_resource_apks or resource_apks) and not acls.in_shared_library_resource_linking_allowlist(str(ctx.label)):
- fail(str(ctx.label) + " not in shared_library_resource_linking_allowlist")
+ if not acls.in_shared_library_resource_linking_allowlist(str(ctx.label)):
+ # to_list() safe to use as we expect this to be an empty depset in the non-error case
+ all_res_apks = depset(
+ resource_apks,
+ transitive = transitive_resource_apks,
+ order = "preorder",
+ ).to_list()
+ if all_res_apks:
+ fail(
+ "%s has resource apks in the transitive closure without being allowlisted.\n%s" % (
+ ctx.label,
+ all_res_apks,
+ ),
+ )
# TODO(b/156763506): Add analysis tests to verify logic around when manifest merging is configured.
# TODO(b/154153771): Run the android merger if mergee_manifests or manifest values are present.
