build/rules/contrib_restricted.policy


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

# == Rules for contrib/restricted section ==
#
# NOTE: rules should be ordered from specific to generic (first matching rule is used)
# See rule syntax docs: https://wiki.yandex-team.ru/devrules/overall/peerdirprohibition/

# scale_ipp filter for ffmpeg use Intel IPP hence it is nonfree
ALLOW strm/cv/ffmpeg_adcv/toshik_filters -> contrib/restricted/ffmpeg-3-scale-ipp

# libzvbi is GPL
ALLOW strm/cv/ffmpeg_adcv/libavcodec -> contrib/restricted/libzvbi

# CityHash-1.0.2 is a specific version hardwired into ClickHouse public interface
ALLOW library/cpp/clickhouse -> contrib/restricted/cityhash-1.0.2
ALLOW ydb/library/arrow_clickhouse -> contrib/restricted/cityhash-1.0.2
ALLOW saas/library/hash_to_block_mode -> contrib/restricted/cityhash-1.0.2

# same rules for restricted set of sources in YQL
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/cityhash-1.0.2
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/boost
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/dragonbox
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/fast_float

# For HBase client: CONTRIB-1790
ALLOW passport/infra -> contrib/restricted/thrift

# keyutils is LGPL: CONTRIB-2236
ALLOW passport/infra -> contrib/restricted/keyutils

# For Apache Arrow: CONTRIB-1662
ALLOW mds -> contrib/restricted/uriparser

# For patched imagemagick CONTRIB-1902
ALLOW mds -> contrib/restricted/ImageMagickMDS

# https://st.yandex-team.ru/CONTRIB-2020
ALLOW weather -> contrib/restricted/range-v3

# https://st.yandex-team.ru/CONTRIB-2492
ALLOW weather -> contrib/restricted/aviso-fes

# gridpp is LGPL: CONTRIB-2707
ALLOW weather -> contrib/restricted/gridpp

# ALSA library is LGPL
ALLOW yandex_io -> contrib/restricted/alsa-lib
ALLOW smart_devices -> contrib/restricted/alsa-lib

# Avahi is LGPL
ALLOW yandex_io -> contrib/restricted/avahi

# GLib is LGPL
ALLOW maps/libs/img -> contrib/restricted/glib
ALLOW maps/renderer/libs/svgrenderer -> contrib/restricted/glib
ALLOW maps/renderer/libs/font -> contrib/restricted/fribidi
ALLOW market/cataloger -> contrib/restricted/glib
ALLOW market/idx/feeds/feedparser -> contrib/restricted/glib
ALLOW metrika/core/libs/statdaemons -> contrib/restricted/glib
ALLOW metrika/core/libs/strconvert -> contrib/restricted/glib
ALLOW yandex_io -> contrib/restricted/glib

# GStreamer is LGPL
ALLOW sdg/infra/rtsp_probe -> contrib/restricted/gstreamer
ALLOW sdg/infra/rtsp_probe -> contrib/restricted/gst-plugins-base
ALLOW sdg/infra/rtsp_probe -> contrib/restricted/gst-plugins-good
ALLOW sdg/infra/rtsp_probe -> contrib/restricted/gst-plugins-ugly
ALLOW sdg/infra/rtsp_probe -> contrib/restricted/gst-rtsp-server
ALLOW yandex_io -> contrib/restricted/gstreamer
ALLOW yandex_io -> contrib/restricted/gst-plugins-base
ALLOW yandex_io -> contrib/restricted/gst-plugins-good
ALLOW yandex_io -> contrib/restricted/gst-plugins-bad
ALLOW yandex_io -> contrib/restricted/patched/gst-libav

# mpg123 is LGPL
ALLOW extsearch/audio/kernel/recoglib -> contrib/restricted/mpg123

# OpenAL Soft is LGPL
ALLOW yandex_io -> contrib/restricted/openal-soft
ALLOW speechkit -> contrib/restricted/openal-soft

# rubberband is a GPL audio stretching library
ALLOW dict/mt/video -> contrib/restricted/rubberband

# Allowed subset of abseil is exported via library/
ALLOW library/cpp/containers/absl_flat_hash -> contrib/restricted/abseil-cpp/absl/container
ALLOW library/cpp/containers/absl_tstring_flat_hash -> contrib/restricted/abseil-cpp-tstring/y_absl/container

# spdlog is just yet another best logging engine
# The best logging engine, however, is to be designed in CPPCOM-20
ALLOW quasar/backend/src/base -> contrib/restricted/spdlog
ALLOW crypta/lib/native/log -> contrib/restricted/spdlog
ALLOW yandex_io -> contrib/restricted/spdlog
ALLOW smart_devices/tools/launcher2 -> contrib/restricted/spdlog
ALLOW smart_devices/tools/updater -> contrib/restricted/spdlog
ALLOW market/robotics -> contrib/restricted/spdlog
ALLOW taxi/uservices/userver/core -> contrib/restricted/spdlog

# cmph is a limited-use library
ALLOW ads/yacontext -> contrib/restricted/cmph

# http-parser is a low-level parser for http bytestream.
# Consider using high-level alternatives.
ALLOW mds -> contrib/restricted/http-parser
ALLOW taxi/uservices -> contrib/restricted/http-parser
ALLOW yt/yt/core/http -> contrib/restricted/http-parser
ALLOW yweb/robot/fetcher/fetcher/user/http -> contrib/restricted/http-parser

# Prefer using skynet for data distribution
ALLOW maps/infra/ecstatic -> contrib/restricted/libtorrent

# Consider using util / library/cpp/digest versions instead of a raw murmurhash functions.
#
# strm/common/go/pkg/murmur3 is a CGO binding to murmurhash, thus dependency is allowed
ALLOW strm/common/go/pkg/murmur3 -> contrib/restricted/murmurhash

# exiv2 is GPL-licensed. Only small subset of our libraries can use it.
ALLOW extsearch/images/chunks/exiftags -> contrib/restricted/exiv2
ALLOW maps/wikimap/mapspro/services/mrc/libs/common -> contrib/restricted/exiv2
ALLOW yweb/disk/ocraas -> contrib/restricted/exiv2

# Only allow boost in yandex projects listed below
ALLOW adfox -> contrib/restricted/boost
ALLOW ads -> contrib/restricted/boost
ALLOW advq -> contrib/restricted/boost
ALLOW alice/nlu -> contrib/restricted/boost
ALLOW alice/vins_contrib/crfsuitex -> contrib/restricted/boost
ALLOW devtools -> contrib/restricted/boost
ALLOW extsearch/geo/poi_service/tools/storage_reader -> contrib/restricted/boost
ALLOW infra/contrib/pdns -> contrib/restricted/boost
ALLOW juggler/pongerd -> contrib/restricted/boost
ALLOW lbs/locator -> contrib/restricted/boost
ALLOW library/cpp/testing/boost_test$ -> contrib/restricted/boost/test
ALLOW library/cpp/testing/boost_test_main$ -> contrib/restricted/boost/test
ALLOW library/cpp/testing/gtest_boost_extensions -> contrib/restricted/boost
ALLOW logbroker/pipe-parser -> contrib/restricted/boost
ALLOW mail -> contrib/restricted/boost
ALLOW maps -> contrib/restricted/boost
ALLOW market/idx/feeds/feedparser -> contrib/restricted/boost
ALLOW market/idx/stats/src -> contrib/restricted/boost
ALLOW mds -> contrib/restricted/boost
ALLOW metrika -> contrib/restricted/boost
ALLOW netsys/tiles-vcdiff/gen-tiles -> contrib/restricted/boost
ALLOW orgvisits/dwellplaces -> contrib/restricted/boost
ALLOW orgvisits/heuristics -> contrib/restricted/boost
ALLOW orgvisits/library/soc -> contrib/restricted/boost
ALLOW quasar/backend -> contrib/restricted/boost
ALLOW regulargeo/research -> contrib/restricted/boost
ALLOW rem/python/geobase30 -> contrib/restricted/boost
ALLOW drive/contrib/cpp/telemetry -> contrib/restricted/boost
ALLOW smart_devices -> contrib/restricted/boost
ALLOW statbox/libstatbox -> contrib/restricted/boost
ALLOW taxi -> contrib/restricted/boost
ALLOW tools/idl -> contrib/restricted/boost
ALLOW voicetech/tools -> contrib/restricted/boost
ALLOW weather/archive/grid_api/lib -> contrib/restricted/boost
ALLOW yabs/telephony -> contrib/restricted/boost
ALLOW yandex_io -> contrib/restricted/boost
ALLOW yweb/robot/js -> contrib/restricted/boost
ALLOW market/access/server/env -> contrib/restricted/boost
ALLOW sdg/sdc -> contrib/restricted/boost
ALLOW search/meta/scatter/ant -> contrib/restricted/boost
ALLOW search/meta/scatter/ut -> contrib/restricted/boost
ALLOW extsearch/video/robot/rt_transcoder/util -> contrib/restricted/boost
ALLOW market/robotics -> contrib/restricted/boost

# use GTEST target in ya.make instead of PEERDIRing contrib/restricted/googletest
# and include <library/cpp/testing/gtest.h> instead of <gtest/gtest.h> (<gmock/gmock.h>)
ALLOW contrib -> contrib/restricted/googletest
ALLOW library/cpp/testing/gmock_in_unittest -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_boost_extensions -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_extensions -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_main -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_protobuf -> contrib/restricted/googletest
ALLOW library/python/testing/gtest/test/gtest -> contrib/restricted/googletest
# TODO remove this lines after they will switch to library/cpp/testing/gtest
ALLOW mail -> contrib/restricted/googletest
ALLOW maps/mobile/libs -> contrib/restricted/googletest
ALLOW maps/mobile/bundle -> contrib/restricted/googletest
ALLOW mds -> contrib/restricted/googletest
ALLOW market/robotics -> contrib/restricted/googletest
# A mere proxy to allow using gmock in libraries without being bound to specific test framework
# See IGNIETFERRO-1827 for details.
ALLOW library/cpp/testing/gmock -> contrib/restricted/googletest/googlemock

# allow usage of MIT part
ALLOW .* -> contrib/restricted/librseq/headeronly

# we use nfs-ganesha for Network File Store gateway
ALLOW cloud/filestore/gateway/nfs -> contrib/restricted/nfs_ganesha

ALLOW yandex_io -> contrib/restricted/patched/hostap_client

ALLOW smart_devices -> contrib/restricted/tgcalls

ALLOW kikimr/serverless_proxy/ut -> contrib/restricted/nlohmann_json
ALLOW ydb/core/http_proxy -> contrib/restricted/nlohmann_json

# https://st.yandex-team.ru/SCS-415367#636a2e696d7dae3ce5fc2699
ALLOW yandex_io -> contrib/restricted/pjsip

# Default policies:
#
# Do not restrict contrib
# All peerdirs to contrib/restricted from outside are prohibited
#
ALLOW contrib -> contrib/restricted
DENY .* -> contrib/restricted