1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
|
// Copyright 2019 Google Inc. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package android
import (
"fmt"
"regexp"
"strings"
"sync"
)
// Enforces visibility rules between modules.
//
// Two stage process:
// * First stage works bottom up to extract visibility information from the modules, parse it,
// create visibilityRule structures and store them in a map keyed by the module's
// qualifiedModuleName instance, i.e. //<pkg>:<name>. The map is stored in the context rather
// than a global variable for testing. Each test has its own Config so they do not share a map
// and so can be run in parallel.
//
// * Second stage works top down and iterates over all the deps for each module. If the dep is in
// the same package then it is automatically visible. Otherwise, for each dep it first extracts
// its visibilityRule from the config map. If one could not be found then it assumes that it is
// publicly visible. Otherwise, it calls the visibility rule to check that the module can see
// the dependency. If it cannot then an error is reported.
//
// TODO(b/130631145) - Make visibility work properly with prebuilts.
// TODO(b/130796911) - Make visibility work properly with defaults.
// Patterns for the values that can be specified in visibility property.
const (
packagePattern = `//([^/:]+(?:/[^/:]+)*)`
namePattern = `:([^/:]+)`
visibilityRulePattern = `^(?:` + packagePattern + `)?(?:` + namePattern + `)?$`
)
var visibilityRuleRegexp = regexp.MustCompile(visibilityRulePattern)
// Qualified id for a module
type qualifiedModuleName struct {
// The package (i.e. directory) in which the module is defined, without trailing /
pkg string
// The name of the module.
name string
}
func (q qualifiedModuleName) String() string {
return fmt.Sprintf("//%s:%s", q.pkg, q.name)
}
// A visibility rule is associated with a module and determines which other modules it is visible
// to, i.e. which other modules can depend on the rule's module.
type visibilityRule interface {
// Check to see whether this rules matches m.
// Returns true if it does, false otherwise.
matches(m qualifiedModuleName) bool
String() string
}
// A compositeRule is a visibility rule composed from other visibility rules.
// This array will only be [] if all the rules are invalid and will behave as if visibility was
// ["//visibility:private"].
type compositeRule []visibilityRule
// A compositeRule matches if and only if any of its rules matches.
func (c compositeRule) matches(m qualifiedModuleName) bool {
for _, r := range c {
if r.matches(m) {
return true
}
}
return false
}
func (r compositeRule) String() string {
s := make([]string, 0, len(r))
for _, r := range r {
s = append(s, r.String())
}
return "[" + strings.Join(s, ", ") + "]"
}
// A packageRule is a visibility rule that matches modules in a specific package (i.e. directory).
type packageRule struct {
pkg string
}
func (r packageRule) matches(m qualifiedModuleName) bool {
return m.pkg == r.pkg
}
func (r packageRule) String() string {
return fmt.Sprintf("//%s:__pkg__", r.pkg)
}
// A subpackagesRule is a visibility rule that matches modules in a specific package (i.e.
// directory) or any of its subpackages (i.e. subdirectories).
type subpackagesRule struct {
pkgPrefix string
}
func (r subpackagesRule) matches(m qualifiedModuleName) bool {
return isAncestor(r.pkgPrefix, m.pkg)
}
func isAncestor(p1 string, p2 string) bool {
return strings.HasPrefix(p2+"/", p1+"/")
}
func (r subpackagesRule) String() string {
return fmt.Sprintf("//%s:__subpackages__", r.pkgPrefix)
}
var visibilityRuleMap = NewOnceKey("visibilityRuleMap")
// The map from qualifiedModuleName to visibilityRule.
func moduleToVisibilityRuleMap(ctx BaseModuleContext) *sync.Map {
return ctx.Config().Once(visibilityRuleMap, func() interface{} {
return &sync.Map{}
}).(*sync.Map)
}
// Visibility is not dependent on arch so this must be registered before the arch phase to avoid
// having to process multiple variants for each module.
func registerVisibilityRuleGatherer(ctx RegisterMutatorsContext) {
ctx.BottomUp("visibilityRuleGatherer", visibilityRuleGatherer).Parallel()
}
// This must be registered after the deps have been resolved.
func registerVisibilityRuleEnforcer(ctx RegisterMutatorsContext) {
ctx.TopDown("visibilityRuleEnforcer", visibilityRuleEnforcer).Parallel()
}
// Gathers the visibility rules, parses the visibility properties, stores them in a map by
// qualifiedModuleName for retrieval during enforcement.
//
// See ../README.md#Visibility for information on the format of the visibility rules.
func visibilityRuleGatherer(ctx BottomUpMutatorContext) {
m, ok := ctx.Module().(Module)
if !ok {
return
}
qualified := createQualifiedModuleName(ctx)
visibility := m.base().commonProperties.Visibility
if visibility != nil {
rule := parseRules(ctx, qualified.pkg, visibility)
if rule != nil {
moduleToVisibilityRuleMap(ctx).Store(qualified, rule)
}
}
}
func parseRules(ctx BottomUpMutatorContext, currentPkg string, visibility []string) compositeRule {
ruleCount := len(visibility)
if ruleCount == 0 {
// This prohibits an empty list as its meaning is unclear, e.g. it could mean no visibility and
// it could mean public visibility. Requiring at least one rule makes the owner's intent
// clearer.
ctx.PropertyErrorf("visibility", "must contain at least one visibility rule")
return nil
}
rules := make(compositeRule, 0, ruleCount)
for _, v := range visibility {
ok, pkg, name := splitRule(ctx, v, currentPkg)
if !ok {
// Visibility rule is invalid so ignore it. Keep going rather than aborting straight away to
// ensure all the rules on this module are checked.
ctx.PropertyErrorf("visibility",
"invalid visibility pattern %q must match"+
" //<package>:<module>, //<package> or :<module>",
v)
continue
}
if pkg == "visibility" {
if ruleCount != 1 {
ctx.PropertyErrorf("visibility", "cannot mix %q with any other visibility rules", v)
continue
}
switch name {
case "private":
rules = append(rules, packageRule{currentPkg})
continue
case "public":
return nil
case "legacy_public":
ctx.PropertyErrorf("visibility", "//visibility:legacy_public must not be used")
return nil
default:
ctx.PropertyErrorf("visibility", "unrecognized visibility rule %q", v)
continue
}
}
// If the current directory is not in the vendor tree then there are some additional
// restrictions on the rules.
if !isAncestor("vendor", currentPkg) {
if !isAllowedFromOutsideVendor(pkg, name) {
ctx.PropertyErrorf("visibility",
"%q is not allowed. Packages outside //vendor cannot make themselves visible to specific"+
" targets within //vendor, they can only use //vendor:__subpackages__.", v)
continue
}
}
// Create the rule
var r visibilityRule
switch name {
case "__pkg__":
r = packageRule{pkg}
case "__subpackages__":
r = subpackagesRule{pkg}
default:
ctx.PropertyErrorf("visibility", "unrecognized visibility rule %q", v)
continue
}
rules = append(rules, r)
}
return rules
}
func isAllowedFromOutsideVendor(pkg string, name string) bool {
if pkg == "vendor" {
if name == "__subpackages__" {
return true
}
return false
}
return !isAncestor("vendor", pkg)
}
func splitRule(ctx BaseModuleContext, ruleExpression string, currentPkg string) (bool, string, string) {
// Make sure that the rule is of the correct format.
matches := visibilityRuleRegexp.FindStringSubmatch(ruleExpression)
if ruleExpression == "" || matches == nil {
return false, "", ""
}
// Extract the package and name.
pkg := matches[1]
name := matches[2]
// Normalize the short hands
if pkg == "" {
pkg = currentPkg
}
if name == "" {
name = "__pkg__"
}
return true, pkg, name
}
func visibilityRuleEnforcer(ctx TopDownMutatorContext) {
_, ok := ctx.Module().(Module)
if !ok {
return
}
qualified := createQualifiedModuleName(ctx)
moduleToVisibilityRule := moduleToVisibilityRuleMap(ctx)
// Visit all the dependencies making sure that this module has access to them all.
ctx.VisitDirectDeps(func(dep Module) {
depName := ctx.OtherModuleName(dep)
depDir := ctx.OtherModuleDir(dep)
depQualified := qualifiedModuleName{depDir, depName}
// Targets are always visible to other targets in their own package.
if depQualified.pkg == qualified.pkg {
return
}
rule, ok := moduleToVisibilityRule.Load(depQualified)
if ok {
if !rule.(compositeRule).matches(qualified) {
ctx.ModuleErrorf(
"depends on %s which is not visible to this module; %s is only visible to %s",
depQualified, depQualified, rule)
}
}
})
}
func createQualifiedModuleName(ctx BaseModuleContext) qualifiedModuleName {
moduleName := ctx.ModuleName()
dir := ctx.ModuleDir()
qualified := qualifiedModuleName{dir, moduleName}
return qualified
}
|
