Restrict the scope of overly broad ProGuard rule
Bug: b:315973491
Change-Id: I88930411e7d9024e266b26e90e4fcbbf40e1a5e9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5123335
Auto-Submit: Etienne Dechamps <edechamps@google.com>
Reviewed-by: Sam Maier <smaier@chromium.org>
Commit-Queue: Sam Maier <smaier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1254491}
diff --git a/base/android/proguard/chromium_code.flags b/base/android/proguard/chromium_code.flags
index 6393108..865f6ef7 100644
--- a/base/android/proguard/chromium_code.flags
+++ b/base/android/proguard/chromium_code.flags
@@ -4,9 +4,18 @@
# Contains flags that can be safely shared with Cronet, and thus would be
# appropriate for third-party apps to include.
+#
+# IMPORTANT: MAKE SURE ALL RULES IN THIS FILE ARE ADEQUATELY SCOPED TO ONLY
+# AFFECT CHROMIUM CODE (typically that means the rule should have a restriction
+# on something under `org.chromium`). These rules are shipped in Cronet which is
+# a library used by a variety of downstream apps. ProGuard operates at the app
+# level, not the library level. It doesn't automatically scope rules shipped
+# in libraries. In other words: when downstream apps run ProGuard, these rules
+# will be applied to their entire app. It is our responsibility to ensure the
+# rules we ship in this way don't end up affecting code that is not ours.
# Allow unused native methods to be removed, but prevent renaming on those that are kept.
--keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class !cr_allowunused,** {
+-keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class !cr_allowunused,org.chromium.base.library_loader.LinkerJni {
native <methods>;
}
diff --git a/chrome/android/expectations/monochrome_64_32_public_bundle.proguard_flags.expected b/chrome/android/expectations/monochrome_64_32_public_bundle.proguard_flags.expected
index 9e7eb08..17e22eee 100644
--- a/chrome/android/expectations/monochrome_64_32_public_bundle.proguard_flags.expected
+++ b/chrome/android/expectations/monochrome_64_32_public_bundle.proguard_flags.expected
@@ -213,9 +213,18 @@
# Contains flags that can be safely shared with Cronet, and thus would be
# appropriate for third-party apps to include.
+#
+# IMPORTANT: MAKE SURE ALL RULES IN THIS FILE ARE ADEQUATELY SCOPED TO ONLY
+# AFFECT CHROMIUM CODE (typically that means the rule should have a restriction
+# on something under `org.chromium`). These rules are shipped in Cronet which is
+# a library used by a variety of downstream apps. ProGuard operates at the app
+# level, not the library level. It doesn't automatically scope rules shipped
+# in libraries. In other words: when downstream apps run ProGuard, these rules
+# will be applied to their entire app. It is our responsibility to ensure the
+# rules we ship in this way don't end up affecting code that is not ours.
# Allow unused native methods to be removed, but prevent renaming on those that are kept.
--keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class !cr_allowunused,** {
+-keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class !cr_allowunused,org.chromium.base.library_loader.LinkerJni {
native <methods>;
}
@@ -451,6 +460,11 @@
@org.jni_zero.CalledByNativeUnchecked <methods>;
}
+# Allow unused native methods to be removed, but prevent renaming on those that are kept.
+-keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class org.jni_zero.*,J.N,J.*_N {
+ native <methods>;
+}
+
# File: ../../chrome/android/features/start_surface/proguard.flags
# Copyright 2019 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
diff --git a/chrome/android/expectations/monochrome_public_bundle.proguard_flags.expected b/chrome/android/expectations/monochrome_public_bundle.proguard_flags.expected
index 9e7eb08..17e22eee 100644
--- a/chrome/android/expectations/monochrome_public_bundle.proguard_flags.expected
+++ b/chrome/android/expectations/monochrome_public_bundle.proguard_flags.expected
@@ -213,9 +213,18 @@
# Contains flags that can be safely shared with Cronet, and thus would be
# appropriate for third-party apps to include.
+#
+# IMPORTANT: MAKE SURE ALL RULES IN THIS FILE ARE ADEQUATELY SCOPED TO ONLY
+# AFFECT CHROMIUM CODE (typically that means the rule should have a restriction
+# on something under `org.chromium`). These rules are shipped in Cronet which is
+# a library used by a variety of downstream apps. ProGuard operates at the app
+# level, not the library level. It doesn't automatically scope rules shipped
+# in libraries. In other words: when downstream apps run ProGuard, these rules
+# will be applied to their entire app. It is our responsibility to ensure the
+# rules we ship in this way don't end up affecting code that is not ours.
# Allow unused native methods to be removed, but prevent renaming on those that are kept.
--keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class !cr_allowunused,** {
+-keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class !cr_allowunused,org.chromium.base.library_loader.LinkerJni {
native <methods>;
}
@@ -451,6 +460,11 @@
@org.jni_zero.CalledByNativeUnchecked <methods>;
}
+# Allow unused native methods to be removed, but prevent renaming on those that are kept.
+-keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class org.jni_zero.*,J.N,J.*_N {
+ native <methods>;
+}
+
# File: ../../chrome/android/features/start_surface/proguard.flags
# Copyright 2019 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
diff --git a/components/cronet/android/cronet_combined_impl_native_proguard_golden.cfg b/components/cronet/android/cronet_combined_impl_native_proguard_golden.cfg
index d806dbff..6fba4cd7 100644
--- a/components/cronet/android/cronet_combined_impl_native_proguard_golden.cfg
+++ b/components/cronet/android/cronet_combined_impl_native_proguard_golden.cfg
@@ -5,9 +5,18 @@
# Contains flags that can be safely shared with Cronet, and thus would be
# appropriate for third-party apps to include.
+#
+# IMPORTANT: MAKE SURE ALL RULES IN THIS FILE ARE ADEQUATELY SCOPED TO ONLY
+# AFFECT CHROMIUM CODE (typically that means the rule should have a restriction
+# on something under `org.chromium`). These rules are shipped in Cronet which is
+# a library used by a variety of downstream apps. ProGuard operates at the app
+# level, not the library level. It doesn't automatically scope rules shipped
+# in libraries. In other words: when downstream apps run ProGuard, these rules
+# will be applied to their entire app. It is our responsibility to ensure the
+# rules we ship in this way don't end up affecting code that is not ours.
# Allow unused native methods to be removed, but prevent renaming on those that are kept.
--keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class !cr_allowunused,** {
+-keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class !cr_allowunused,org.chromium.base.library_loader.LinkerJni {
native <methods>;
}
@@ -219,3 +228,8 @@
-keepclasseswithmembers,includedescriptorclasses,allowaccessmodification class ** {
@org.jni_zero.CalledByNativeUnchecked <methods>;
}
+
+# Allow unused native methods to be removed, but prevent renaming on those that are kept.
+-keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class org.jni_zero.*,J.N,J.*_N {
+ native <methods>;
+}
diff --git a/third_party/jni_zero/proguard.flags b/third_party/jni_zero/proguard.flags
index 3097917..cadffdd 100644
--- a/third_party/jni_zero/proguard.flags
+++ b/third_party/jni_zero/proguard.flags
@@ -12,3 +12,8 @@
-keepclasseswithmembers,includedescriptorclasses,allowaccessmodification class ** {
@org.jni_zero.CalledByNativeUnchecked <methods>;
}
+
+# Allow unused native methods to be removed, but prevent renaming on those that are kept.
+-keepclasseswithmembernames,includedescriptorclasses,allowaccessmodification class org.jni_zero.*,J.N,J.*_N {
+ native <methods>;
+}
