android_frameworks_base/tools/lint/Android.bp

// Copyright (C) 2021 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package {
    // See: http://go/android-license-faq
    // A large-scale-change added 'default_applicable_licenses' to import
    // all of the 'license_kinds' from "frameworks_base_license"
    // to get the below license kinds:
    //   SPDX-license-identifier-Apache-2.0
    default_applicable_licenses: ["frameworks_base_license"],
}

java_library_host {
    name: "AndroidFrameworkLintChecker",
    srcs: ["checks/src/main/java/**/*.kt"],
    plugins: ["auto_service_plugin"],
    libs: [
        "auto_service_annotations",
        "lint_api",
    ],
}

java_test_host {
    name: "AndroidFrameworkLintCheckerTest",
    srcs: ["checks/src/test/java/**/*.kt"],
    static_libs: [
        "AndroidFrameworkLintChecker",
        "junit",
        "lint",
        "lint_tests",
    ],
    test_options: {
        unit_test: true,
    },
}
Introduce Android lint checks around Binder.clearCallingIdentity() Introduce a lint detector that finds the following issues: 1. Unused token of Binder.clearCallingIdentity() - The token from Binder.clearCallingIdentity() has to be used in Binder.restoreCallingIdentity(). 2. Non-final token of Binder.clearCallingIdentity() - The variable assigned to the result of Binder.clearCallingIdentity() has to be final to prevent it from being overwritten. 3. Nested calls of Binder.clearCallingIdentity() - The identity can be cleared again once it has been restored with the result of the first call of Binder.clearCallingIdentity(). 4. Binder.restoreCallingIdentity() is not in finally block - Binder.restoreCallingIdentity() has to be in finally block to prevent the calling application from running with the system identity. 5. Use of caller-aware methods after Binder.clearCallingIdentity() - Caller-aware methods use the caller's identity to perform operations, so after Binder.clearCallingIdentity() these methods will be using the sysem identity instead of the original caller's identity. The lint check is enabled on platform_service_defaults, which means it will be enabled on all "services.XXX" modules. The linter issues encountered in existing code are reported in the hotlist "security_checker_bugs" (b/hotlists/3279139). To compile a lint report, pick a service (e.g services.accessibility), run the test command and view it as lint-report.html. The lint report won't be generated if you just build the module (i.e m services.accessibility won't produce the lint report). Lint report can be found in out/soong/.intermediates/frameworks/base/services/accessibility/services.accessibility/android_common/lint All tests pass in gradle, but need to run on Soong when it's implemented (b/162368644). Bug: 157626959 Test: m out/soong/.intermediates/frameworks/base/services/accessibility/services.accessibility/android_common/lint/lint-report.html Test: google-chrome out/soong/.intermediates/frameworks/base/services/accessibility/services.accessibility/android_common/lint/lint-report.html Test: ./gradlew test Change-Id: I9814e9fbc36989c816900d900c6adec3e07802f7 2021-06-11 09:53:48 +00:00			`// Copyright (C) 2021 The Android Open Source Project`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package {`
			`// See: http://go/android-license-faq`
			`// A large-scale-change added 'default_applicable_licenses' to import`
			`// all of the 'license_kinds' from "frameworks_base_license"`
			`// to get the below license kinds:`
			`// SPDX-license-identifier-Apache-2.0`
			`default_applicable_licenses: ["frameworks_base_license"],`
			`}`

			`java_library_host {`
			`name: "AndroidFrameworkLintChecker",`
			`srcs: ["checks/src/main/java/*/.kt"],`
			`plugins: ["auto_service_plugin"],`
			`libs: [`
			`"auto_service_annotations",`
			`"lint_api",`
			`],`
			`}`

Enable Android Lint tests for AndroidFrameworkLintChecker Create AndroidFrameworkLintCheckerTest module and add .allowMissingSdk(true) to all tests to enable tests running on gerrit. "unit_test: true" marks the module as a unit test target which runs it on the host without a device and it automatically gets onboarded in the presubmit. Bug: 157626959 Test: atest AndroidFrameworkLintCheckerTest --host Change-Id: I66c6e331e72dfca45d341a49eb43fbd73ccd28ff 2021-07-01 15:41:33 +00:00			`java_test_host {`
			`name: "AndroidFrameworkLintCheckerTest",`
			`srcs: ["checks/src/test/java/*/.kt"],`
			`static_libs: [`
			`"AndroidFrameworkLintChecker",`
			`"junit",`
			`"lint",`
			`"lint_tests",`
			`],`
			`test_options: {`
			`unit_test: true,`
			`},`
			`}`