C++: Make permissions check optional in cc_shared_library
The cc_shared_library_permissions mechanism was introduced to add control over
which cc_shared_libraries can export a given cc_library. If the repo is big
enough, the owner of a cc_library might want to prevent someone else in a
different package making their library part of the ABI of a public shared
library because that makes it harder to change the cc_library. This does not
apply accross repositories because a dependant repository can overwrite
anything from a repository dependency anyway.
However, it is becoming more apparent than even though this mechanism should
exist, it should not be enabled by default since most people don't need it. To
enable it pass the flag --//examples:enable_permissions_check=True.
RELNOTES:none
PiperOrigin-RevId: 363171677
Change-Id: I8afb3294806bb3053ee1279c6e9c5355089bccbb
diff --git a/.bazelci/presubmit.yml b/.bazelci/presubmit.yml
index c0dcbbd..680f7c2 100644
--- a/.bazelci/presubmit.yml
+++ b/.bazelci/presubmit.yml
@@ -55,10 +55,12 @@
build_flags:
- "--experimental_cc_shared_library"
- "--//examples:incompatible_link_once=True"
+ - "--//examples:enable_permissions_check=True"
test_flags:
- "--test_timeout=120"
- "--experimental_cc_shared_library"
- "--//examples:incompatible_link_once=True"
+ - "--//examples:enable_permissions_check=True"
test_targets:
- "//examples/test_cc_shared_library/..."
- "//examples/test_cc_shared_library/diamond_inheritance/..."
diff --git a/examples/BUILD b/examples/BUILD
index c770074..c7da75d 100644
--- a/examples/BUILD
+++ b/examples/BUILD
@@ -25,6 +25,12 @@
)
bool_flag(
+ name = "enable_permissions_check",
+ build_setting_default = False,
+ visibility = ["//visibility:public"],
+)
+
+bool_flag(
name = "experimental_debug",
build_setting_default = False,
visibility = ["//visibility:public"],
diff --git a/examples/experimental_cc_shared_library.bzl b/examples/experimental_cc_shared_library.bzl
index 4ebc6db..905bd27 100644
--- a/examples/experimental_cc_shared_library.bzl
+++ b/examples/experimental_cc_shared_library.bzl
@@ -162,6 +162,9 @@
return pattern.package == value.package and pattern.name == value.name
def _check_if_target_can_be_exported(target, current_label, permissions):
+ if permissions == None:
+ return True
+
if (target.workspace_name != current_label.workspace_name or
_same_package_or_above(current_label, target)):
return True
@@ -271,7 +274,7 @@
linker_input.owner,
ctx.label,
ctx.attr.exports_filter,
- ctx.attr.permissions,
+ _get_permissions(ctx),
):
exports[owner] = True
can_be_linked_statically = True
@@ -301,6 +304,11 @@
return True
+def _get_permissions(ctx):
+ if ctx.attr._enable_permissions_check[BuildSettingInfo].value:
+ return ctx.attr.permissions
+ return None
+
def _cc_shared_library_impl(ctx):
cc_common.check_experimental_cc_shared_library()
cc_toolchain = find_cc_toolchain(ctx)
@@ -318,7 +326,7 @@
fail("Trying to export a library already exported by a different shared library: " +
str(export.label))
- _check_if_target_should_be_exported_without_filter(export.label, ctx.label, ctx.attr.permissions)
+ _check_if_target_should_be_exported_without_filter(export.label, ctx.label, _get_permissions(ctx))
preloaded_deps_direct_labels = {}
preloaded_dep_merged_cc_info = None
@@ -457,6 +465,7 @@
"static_deps": attr.string_list(),
"user_link_flags": attr.string_list(),
"_cc_toolchain": attr.label(default = "@bazel_tools//tools/cpp:current_cc_toolchain"),
+ "_enable_permissions_check": attr.label(default = "//examples:enable_permissions_check"),
"_experimental_debug": attr.label(default = "//examples:experimental_debug"),
"_incompatible_link_once": attr.label(default = "//examples:incompatible_link_once"),
},
