BUILD.gn: Add a check generated files are in allowed dirs.
This is important so that we know that the list of allowed directories
is in sync with other parts of the build in follow-up commits.
BUG=dawn:22
Change-Id: I202bec55b510989e43acf497956e2937c9a2f60a
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/11360
Reviewed-by: Austin Eng <enga@chromium.org>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
diff --git a/generator/generator_lib.gni b/generator/generator_lib.gni
index d3698f2..10c560d 100644
--- a/generator/generator_lib.gni
+++ b/generator/generator_lib.gni
@@ -35,6 +35,11 @@
#
# jinja2_path: Optional Jinja2 installation path.
#
+# allowed_output_dirs: Optional list of directories that are the only
+# directories in which files of `outputs` are allowed to be (and not
+# in children directories). Generation will fail if an output isn't
+# in a directory in the list.
+#
# root_dir: Optional root source dir for Python dependencies
# computation. Defaults to "${generator_lib_dir}/..". Any dependency
# outside of this directory is considered a system file and will be
@@ -111,6 +116,19 @@
rebase_path(_expected_outputs_file, root_build_dir),
]
+ # Check that all of the outputs are in a directory that's allowed. This is
+ # useful to keep the list of directories in sink with other parts of the
+ # build.
+ if (defined(invoker.allowed_output_dirs)) {
+ _allowed_output_dirs_file = "${_gen_dir}/${target_name}.allowed_output_dirs"
+ write_file(_allowed_output_dirs_file, invoker.allowed_output_dirs)
+
+ _generator_args += [
+ "--allowed-output-dirs-file",
+ rebase_path(_allowed_output_dirs_file, root_build_dir),
+ ]
+ }
+
# The code generator invocation that will write the JSON tarball, check the
# outputs are what's expected and write a depfile for Ninja.
action(_json_tarball_target) {
