aboutsummaryrefslogtreecommitdiffstats
path: root/build/rules/contrib_restricted.policy
blob: c98d74e56933d347ba64acc4db91d6573737dfe6 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
# == Rules for contrib/restricted section ==
#
# NOTE: rules should be ordered from specific to generic (first matching rule is used)
# See rule syntax docs: https://wiki.yandex-team.ru/devrules/overall/peerdirprohibition/

# scale_ipp filter for ffmpeg use Intel IPP hence it is nonfree
ALLOW strm/cv/ffmpeg_adcv/toshik_filters -> contrib/restricted/ffmpeg-3-scale-ipp

# libzvbi is GPL
ALLOW strm/cv/ffmpeg_adcv/libavcodec -> contrib/restricted/libzvbi

# CityHash-1.0.2 is a specific version hardwired into ClickHouse public interface
ALLOW clickhouse -> contrib/restricted/cityhash-1.0.2
ALLOW library/cpp/clickhouse -> contrib/restricted/cityhash-1.0.2
ALLOW saas/library/hash_to_block_mode -> contrib/restricted/cityhash-1.0.2

# dragonbox is a specific library for float formatting
ALLOW clickhouse -> contrib/restricted/dragonbox

# same rules for restricted set of sources in YQL
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/cityhash-1.0.2
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/boost
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/dragonbox
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/fast_float

# fast_float is a faster alternative to double-conversion for float parsing.
# ClickHouse uses the best libraries for performance, that's why it changes them with insane speed.
# Arcadia is not ready for this, that's why we added this library in restricted.
ALLOW clickhouse -> contrib/restricted/fast_float

# ClickHouse uses hash-table from abseil-cpp for better performance in CacheDictionaries and SSDCacheDictionaries,
# because it the best best open source hash table framework (swiss hash tables, hash functions)
ALLOW clickhouse -> contrib/restricted/abseil-cpp

# TurboBase64 is a fast vectorized library for encoding/decoding base64.
ALLOW clickhouse -> contrib/restricted/turbo_base64

# For HBase client: CONTRIB-1790
ALLOW passport/infra -> contrib/restricted/thrift

# keyutils is LGPL: CONTRIB-2236
ALLOW passport/infra -> contrib/restricted/keyutils

# For Apache Arrow: CONTRIB-1662
ALLOW mds -> contrib/restricted/uriparser

# For patched imagemagick CONTRIB-1902
ALLOW mds -> contrib/restricted/ImageMagickMDS

# https://st.yandex-team.ru/CONTRIB-2020
ALLOW weather -> contrib/restricted/range-v3

# https://st.yandex-team.ru/CONTRIB-2492
ALLOW weather -> contrib/restricted/aviso-fes

# ALSA library is LGPL
ALLOW yandex_io -> contrib/restricted/alsa-lib
ALLOW smart_devices -> contrib/restricted/alsa-lib

# Avahi is LGPL
ALLOW yandex_io -> contrib/restricted/avahi

# GLib is LGPL
ALLOW maps/libs/img -> contrib/restricted/glib
ALLOW maps/renderer/libs/svgrenderer -> contrib/restricted/glib
ALLOW market/cataloger -> contrib/restricted/glib
ALLOW market/idx/feeds/feedparser -> contrib/restricted/glib
ALLOW metrika/core/libs/statdaemons -> contrib/restricted/glib
ALLOW metrika/core/libs/strconvert -> contrib/restricted/glib
ALLOW yandex_io -> contrib/restricted/glib

# GStreamer is LGPL
ALLOW yandex_io -> contrib/restricted/gstreamer
ALLOW yandex_io -> contrib/restricted/gst-plugins-base
ALLOW yandex_io -> contrib/restricted/gst-plugins-good
ALLOW yandex_io -> contrib/restricted/gst-plugins-bad
ALLOW yandex_io -> contrib/restricted/patched/gst-libav

# mpg123 is LGPL
ALLOW extsearch/audio/kernel/recoglib -> contrib/restricted/mpg123

# OpenAL Soft is LGPL
ALLOW yandex_io -> contrib/restricted/openal-soft
ALLOW speechkit -> contrib/restricted/openal-soft

# rubberband is a GPL audio stretching library
ALLOW dict/mt/video -> contrib/restricted/rubberband

# Allowed subset of abseil is exported via library/
ALLOW library/cpp/containers/absl_flat_hash -> contrib/restricted/abseil-cpp/absl/container
ALLOW library/cpp/containers/absl_tstring_flat_hash -> contrib/restricted/abseil-cpp-tstring/y_absl/container

# spdlog is just yet another best logging engine
# The best logging engine, however, is to be designed in CPPCOM-20
ALLOW quasar/backend/src/base -> contrib/restricted/spdlog
ALLOW crypta/lib/native/log -> contrib/restricted/spdlog
ALLOW yandex_io -> contrib/restricted/spdlog
ALLOW smart_devices/tools/launcher2 -> contrib/restricted/spdlog
ALLOW smart_devices/tools/updater -> contrib/restricted/spdlog

# cmph is a limited-use library
ALLOW ads/yacontext -> contrib/restricted/cmph

# http-parser is a low-level parser for http bytestream.
# Consider using high-level alternatives.
ALLOW mds -> contrib/restricted/http-parser
ALLOW taxi/uservices -> contrib/restricted/http-parser
ALLOW yt/yt/core/http -> contrib/restricted/http-parser
ALLOW yweb/robot/fetcher/fetcher/user/http -> contrib/restricted/http-parser

# Prefer using skynet for data distribution
ALLOW maps/infra/ecstatic -> contrib/restricted/libtorrent

# Consider using util / library/cpp/digest versions instead of a raw murmurhash functions.
#
# strm/common/go/pkg/murmur3 is a CGO binding to murmurhash, thus dependency is allowed
ALLOW strm/common/go/pkg/murmur3 -> contrib/restricted/murmurhash
ALLOW clickhouse -> contrib/restricted/murmurhash

# exiv2 is GPL-licensed. Only small subset of our libraries can use it.
ALLOW extsearch/images/chunks/exiftags -> contrib/restricted/exiv2
ALLOW maps/wikimap/mapspro/services/mrc/libs/common -> contrib/restricted/exiv2
ALLOW yweb/disk/ocraas -> contrib/restricted/exiv2

# Only allow boost in yandex projects listed below
ALLOW adfox -> contrib/restricted/boost
ALLOW ads -> contrib/restricted/boost
ALLOW advq -> contrib/restricted/boost
ALLOW alice/nlu -> contrib/restricted/boost
ALLOW alice/vins_contrib/crfsuitex -> contrib/restricted/boost
ALLOW clickhouse -> contrib/restricted/boost
ALLOW devtools -> contrib/restricted/boost
ALLOW extsearch/geo/poi_service/tools/storage_reader -> contrib/restricted/boost
ALLOW infra/contrib/pdns -> contrib/restricted/boost
ALLOW juggler/pongerd -> contrib/restricted/boost
ALLOW lbs/locator -> contrib/restricted/boost
ALLOW library/cpp/testing/boost_test$ -> contrib/restricted/boost/libs/test
ALLOW library/cpp/testing/boost_test_main$ -> contrib/restricted/boost/libs/test
ALLOW library/cpp/testing/gtest_boost_extensions -> contrib/restricted/boost
ALLOW logbroker/pipe-parser -> contrib/restricted/boost
ALLOW mail -> contrib/restricted/boost
ALLOW maps -> contrib/restricted/boost
ALLOW market/idx/feeds/feedparser -> contrib/restricted/boost
ALLOW market/idx/stats/src -> contrib/restricted/boost
ALLOW mds -> contrib/restricted/boost
ALLOW metrika -> contrib/restricted/boost
ALLOW netsys/tiles-vcdiff/gen-tiles -> contrib/restricted/boost
ALLOW orgvisits/dwellplaces -> contrib/restricted/boost
ALLOW orgvisits/heuristics -> contrib/restricted/boost
ALLOW orgvisits/library/soc -> contrib/restricted/boost
ALLOW quasar/backend -> contrib/restricted/boost
ALLOW regulargeo/research -> contrib/restricted/boost
ALLOW rem/python/geobase30 -> contrib/restricted/boost
ALLOW drive/contrib/cpp/telemetry -> contrib/restricted/boost
ALLOW smart_devices -> contrib/restricted/boost
ALLOW statbox/libstatbox -> contrib/restricted/boost
ALLOW taxi/uservices -> contrib/restricted/boost
ALLOW tools/idl -> contrib/restricted/boost
ALLOW voicetech/tools -> contrib/restricted/boost
ALLOW weather/archive/grid_api/lib -> contrib/restricted/boost
ALLOW yabs/telephony -> contrib/restricted/boost
ALLOW yandex_io -> contrib/restricted/boost
ALLOW yweb/robot/js -> contrib/restricted/boost
ALLOW market/access/server/env -> contrib/restricted/boost
ALLOW sdg/sdc -> contrib/restricted/boost
ALLOW search/meta/scatter/ant -> contrib/restricted/boost
ALLOW search/meta/scatter/ut -> contrib/restricted/boost

# use GTEST target in ya.make instead of PEERDIRing contrib/restricted/googletest
# and include <library/cpp/testing/gtest.h> instead of <gtest/gtest.h> (<gmock/gmock.h>)
ALLOW contrib -> contrib/restricted/googletest
ALLOW library/cpp/testing/gmock_in_unittest -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_boost_extensions -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_extensions -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_main -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_protobuf -> contrib/restricted/googletest
ALLOW library/python/testing/gtest/test/gtest -> contrib/restricted/googletest
# TODO remove this lines after they will switch to library/cpp/testing/gtest
ALLOW mail -> contrib/restricted/googletest
ALLOW maps/mobile/libs -> contrib/restricted/googletest
ALLOW maps/mobile/bundle -> contrib/restricted/googletest
ALLOW mds -> contrib/restricted/googletest
# A mere proxy to allow using gmock in libraries without being bound to specific test framework
# See IGNIETFERRO-1827 for details.
ALLOW library/cpp/testing/gmock -> contrib/restricted/googletest/googlemock

# allow usage of MIT part
ALLOW .* -> contrib/restricted/librseq/headeronly

# we use nfs-ganesha for Network File Store gateway
ALLOW cloud/filestore/gateway/nfs -> contrib/restricted/nfs_ganesha

ALLOW yandex_io -> contrib/restricted/patched/hostap_client

# Default policies:
#
# Do not restrict contrib
# All peerdirs to contrib/restricted from outside are prohibited
#
ALLOW contrib -> contrib/restricted
DENY .* -> contrib/restricted