Rust: Forbid unsafe code in auto-generated code am: b27bde1b2b
Original change: https://android-review.googlesource.com/c/platform/system/tools/aidl/+/1708006
Change-Id: If5a1b316f1b25d5843570c9f5c746a8a3628b83b
diff --git a/generate_rust.cpp b/generate_rust.cpp
index f9bb146..9fd497b 100644
--- a/generate_rust.cpp
+++ b/generate_rust.cpp
@@ -353,6 +353,10 @@
const Options& options) {
CodeWriterPtr code_writer = io_delegate.GetCodeWriter(filename);
+ // Forbid the use of unsafe in auto-generated code.
+ // Unsafe code should only be allowed in libbinder_rs.
+ *code_writer << "#![forbid(unsafe_code)]\n";
+
*code_writer << "#![allow(non_upper_case_globals)]\n";
*code_writer << "#![allow(non_snake_case)]\n";
// Import IBinderInternal for transact()
@@ -723,6 +727,10 @@
const AidlTypenames& typenames, const IoDelegate& io_delegate) {
CodeWriterPtr code_writer = io_delegate.GetCodeWriter(filename);
+ // Forbid the use of unsafe in auto-generated code.
+ // Unsafe code should only be allowed in libbinder_rs.
+ *code_writer << "#![forbid(unsafe_code)]\n";
+
// Debug is always derived because all Rust AIDL types implement it
// ParcelFileDescriptor doesn't support any of the others because
// it's a newtype over std::fs::File which only implements Debug
@@ -750,6 +758,10 @@
const AidlTypenames& typenames, const IoDelegate& io_delegate) {
CodeWriterPtr code_writer = io_delegate.GetCodeWriter(filename);
+ // Forbid the use of unsafe in auto-generated code.
+ // Unsafe code should only be allowed in libbinder_rs.
+ *code_writer << "#![forbid(unsafe_code)]\n";
+
const auto& aidl_backing_type = enum_decl->GetBackingType();
auto backing_type = RustNameOf(aidl_backing_type, typenames, StorageMode::VALUE);
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/BackendType.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/BackendType.rs
index 5d8d059..c2d3828 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/BackendType.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/BackendType.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#![allow(non_upper_case_globals)]
use binder::declare_binder_enum;
declare_binder_enum! { BackendType : i8 {
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ByteEnum.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ByteEnum.rs
index 7961532..2d2dd61 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ByteEnum.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ByteEnum.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#![allow(non_upper_case_globals)]
use binder::declare_binder_enum;
declare_binder_enum! { ByteEnum : i8 {
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ConstantExpressionEnum.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ConstantExpressionEnum.rs
index e1dae7d..577e467 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ConstantExpressionEnum.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ConstantExpressionEnum.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#![allow(non_upper_case_globals)]
use binder::declare_binder_enum;
declare_binder_enum! { ConstantExpressionEnum : i32 {
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/DeprecatedEnum.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/DeprecatedEnum.rs
index 0d45d7d..d98aea2 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/DeprecatedEnum.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/DeprecatedEnum.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#![allow(non_upper_case_globals)]
use binder::declare_binder_enum;
declare_binder_enum! { DeprecatedEnum : i32 {
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/DeprecatedParcelable.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/DeprecatedParcelable.rs
index 266f397..79ea557 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/DeprecatedParcelable.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/DeprecatedParcelable.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#[derive(Debug)]
#[deprecated = "test"]
pub struct DeprecatedParcelable {
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/GenericStructuredParcelable.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/GenericStructuredParcelable.rs
index 7ea41c0..93fb68c 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/GenericStructuredParcelable.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/GenericStructuredParcelable.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#[derive(Debug)]
pub struct GenericStructuredParcelable {
pub a: i32,
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IDeprecated.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IDeprecated.rs
index 5920654..5c4aca4 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IDeprecated.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IDeprecated.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#![allow(non_upper_case_globals)]
#![allow(non_snake_case)]
#[allow(unused_imports)] use binder::IBinderInternal;
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/INamedCallback.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/INamedCallback.rs
index f8d1fba..a1c6753 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/INamedCallback.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/INamedCallback.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#![allow(non_upper_case_globals)]
#![allow(non_snake_case)]
#[allow(unused_imports)] use binder::IBinderInternal;
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/INewName.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/INewName.rs
index 70b6bd1..7227dcf 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/INewName.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/INewName.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#![allow(non_upper_case_globals)]
#![allow(non_snake_case)]
#[allow(unused_imports)] use binder::IBinderInternal;
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IOldName.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IOldName.rs
index a61d664..0e0ea04 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IOldName.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IOldName.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#![allow(non_upper_case_globals)]
#![allow(non_snake_case)]
#[allow(unused_imports)] use binder::IBinderInternal;
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ITestService.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ITestService.rs
index 2b3c43d..981cfeb 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ITestService.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ITestService.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#![allow(non_upper_case_globals)]
#![allow(non_snake_case)]
#[allow(unused_imports)] use binder::IBinderInternal;
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IntEnum.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IntEnum.rs
index ff9c6a9..c509efe 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IntEnum.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/IntEnum.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#![allow(non_upper_case_globals)]
use binder::declare_binder_enum;
declare_binder_enum! { IntEnum : i32 {
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/LongEnum.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/LongEnum.rs
index 548b711..c849f5a 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/LongEnum.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/LongEnum.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#![allow(non_upper_case_globals)]
use binder::declare_binder_enum;
declare_binder_enum! { LongEnum : i64 {
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/OtherParcelableForToString.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/OtherParcelableForToString.rs
index 2aec8e6..f95c6c1 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/OtherParcelableForToString.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/OtherParcelableForToString.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#[derive(Debug)]
pub struct OtherParcelableForToString {
pub field: String,
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ParcelableForToString.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ParcelableForToString.rs
index 603b54f..12cc540 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ParcelableForToString.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/ParcelableForToString.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#[derive(Debug)]
pub struct ParcelableForToString {
pub intValue: i32,
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/StructuredParcelable.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/StructuredParcelable.rs
index ac05dfa..b17bb70 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/StructuredParcelable.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/StructuredParcelable.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#[derive(Debug, Clone, PartialEq)]
pub struct StructuredParcelable {
pub shouldContainThreeFs: Vec<i32>,
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/Union.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/Union.rs
index 2435fdb..7fe83e5 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/Union.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/Union.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#[derive(Debug, Clone, PartialEq)]
pub enum Union {
Ns(Vec<i32>),
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/UnionWithFd.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/UnionWithFd.rs
index e6d1035..90f9f05 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/UnionWithFd.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/UnionWithFd.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#[derive(Debug)]
pub enum UnionWithFd {
Num(i32),
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/unions/EnumUnion.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/unions/EnumUnion.rs
index 8718bdc..10476d0 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/unions/EnumUnion.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/unions/EnumUnion.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#[derive(Debug, Clone, PartialEq)]
pub enum EnumUnion {
IntEnum(crate::mangled::_7_android_4_aidl_5_tests_7_IntEnum),
diff --git a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/unions/UnionInUnion.rs b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/unions/UnionInUnion.rs
index c874841..fc2de11 100644
--- a/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/unions/UnionInUnion.rs
+++ b/tests/golden_output/aidl-test-interface-rust-source/gen/android/aidl/tests/unions/UnionInUnion.rs
@@ -1,3 +1,4 @@
+#![forbid(unsafe_code)]
#[derive(Debug, Clone, PartialEq)]
pub enum UnionInUnion {
First(crate::mangled::_7_android_4_aidl_5_tests_6_unions_9_EnumUnion),