SMusatov
/
ydb
зеркало из https://github.com/ydb-platform/ydb.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193
							# == Rules for contrib/restricted section ==
#
# NOTE: rules should be ordered from specific to generic (first matching rule is used)
# See rule syntax docs: https://wiki.yandex-team.ru/devrules/overall/peerdirprohibition/

# scale_ipp filter for ffmpeg use Intel IPP hence it is nonfree
ALLOW strm/cv/ffmpeg_adcv/toshik_filters -> contrib/restricted/ffmpeg-3-scale-ipp

# CityHash-1.0.2 is a specific version hardwired into ClickHouse public interface
ALLOW clickhouse -> contrib/restricted/cityhash-1.0.2
ALLOW library/cpp/clickhouse -> contrib/restricted/cityhash-1.0.2
ALLOW saas/library/hash_to_block_mode -> contrib/restricted/cityhash-1.0.2

# dragonbox is a specific library for float formatting
ALLOW clickhouse -> contrib/restricted/dragonbox

# same rules for restricted set of sources in YQL
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/cityhash-1.0.2
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/boost
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/dragonbox
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/fast_float

# fast_float is a faster alternative to double-conversion for float parsing.
# ClickHouse uses the best libraries for performance, that's why it changes them with insane speed.
# Arcadia is not ready for this, that's why we added this library in restricted.
ALLOW clickhouse -> contrib/restricted/fast_float

# ClickHouse uses hash-table from abseil-cpp for better performance in CacheDictionaries and SSDCacheDictionaries,
# because it the best best open source hash table framework (swiss hash tables, hash functions)
ALLOW clickhouse -> contrib/restricted/abseil-cpp

# TurboBase64 is a fast vectorized library for encoding/decoding base64.
ALLOW clickhouse -> contrib/restricted/turbo_base64

# For HBase client: CONTRIB-1790
ALLOW passport/infra -> contrib/restricted/thrift

# keyutils is LGPL: CONTRIB-2236
ALLOW passport/infra -> contrib/restricted/keyutils

# For Apache Arrow: CONTRIB-1662
ALLOW mds -> contrib/restricted/uriparser

# https://st.yandex-team.ru/CONTRIB-2020
ALLOW weather -> contrib/restricted/range-v3

# ALSA library is LGPL
ALLOW yandex_io -> contrib/restricted/alsa-lib
ALLOW smart_devices -> contrib/restricted/alsa-lib

# Avahi is LGPL
ALLOW yandex_io -> contrib/restricted/avahi

# GLib is LGPL
ALLOW maps/libs/img -> contrib/restricted/glib
ALLOW maps/renderer/libs/svgrenderer -> contrib/restricted/glib
ALLOW market/cataloger -> contrib/restricted/glib
ALLOW market/idx/feeds/feedparser -> contrib/restricted/glib
ALLOW metrika/core/libs/statdaemons -> contrib/restricted/glib
ALLOW metrika/core/libs/strconvert -> contrib/restricted/glib
ALLOW yandex_io -> contrib/restricted/glib

# GStreamer is LGPL
ALLOW yandex_io -> contrib/restricted/gstreamer
ALLOW yandex_io -> contrib/restricted/gst-plugins-base
ALLOW yandex_io -> contrib/restricted/gst-plugins-good
ALLOW yandex_io -> contrib/restricted/gst-plugins-bad
ALLOW yandex_io -> contrib/restricted/patched/gst-libav

# mpg123 is LGPL
ALLOW extsearch/audio/kernel/recoglib -> contrib/restricted/mpg123

# OpenAL Soft is LGPL
ALLOW yandex_io -> contrib/restricted/openal-soft
ALLOW speechkit -> contrib/restricted/openal-soft

# rubberband is a GPL audio stretching library
ALLOW dict/mt/video -> contrib/restricted/rubberband

# Allowed subset of abseil is exported via library/
ALLOW library/cpp/containers/absl_flat_hash -> contrib/restricted/abseil-cpp/absl/container
ALLOW library/cpp/containers/absl_tstring_flat_hash -> contrib/restricted/abseil-cpp-tstring/y_absl/container

# spdlog is just yet another best logging engine
# The best logging engine, however, is to be designed in CPPCOM-20
ALLOW quasar/backend/src/base -> contrib/restricted/spdlog
ALLOW crypta/lib/native/log -> contrib/restricted/spdlog
ALLOW yandex_io -> contrib/restricted/spdlog
ALLOW smart_devices/tools/launcher2 -> contrib/restricted/spdlog
ALLOW smart_devices/tools/updater -> contrib/restricted/spdlog

# cmph is a limited-use library
ALLOW ads/yacontext -> contrib/restricted/cmph

# http-parser is a low-level parser for http bytestream.
# Consider using high-level alternatives.
ALLOW mds -> contrib/restricted/http-parser
ALLOW taxi/uservices -> contrib/restricted/http-parser
ALLOW yt/yt/core/http -> contrib/restricted/http-parser
ALLOW yweb/robot/fetcher/fetcher/user/http -> contrib/restricted/http-parser

# Prefer using skynet for data distribution
ALLOW maps/infra/ecstatic -> contrib/restricted/libtorrent

# Consider using util / library/cpp/digest versions instead of a raw murmurhash functions.
#
# strm/common/go/pkg/murmur3 is a CGO binding to murmurhash, thus dependency is allowed
ALLOW strm/common/go/pkg/murmur3 -> contrib/restricted/murmurhash
ALLOW clickhouse -> contrib/restricted/murmurhash

# exiv2 is GPL-licensed. Only small subset of our libraries can use it.
ALLOW extsearch/images/chunks/exiftags -> contrib/restricted/exiv2
ALLOW maps/wikimap/mapspro/services/mrc/libs/common -> contrib/restricted/exiv2
ALLOW yweb/disk/ocraas -> contrib/restricted/exiv2

# Only allow boost in yandex projects listed below
ALLOW adfox -> contrib/restricted/boost
ALLOW ads -> contrib/restricted/boost
ALLOW advq -> contrib/restricted/boost
ALLOW alice/nlu -> contrib/restricted/boost
ALLOW alice/vins_contrib/crfsuitex -> contrib/restricted/boost
ALLOW clickhouse -> contrib/restricted/boost
ALLOW devtools -> contrib/restricted/boost
ALLOW extsearch/geo/poi_service/tools/storage_reader -> contrib/restricted/boost
ALLOW infra/contrib/pdns -> contrib/restricted/boost
ALLOW juggler/pongerd -> contrib/restricted/boost
ALLOW lbs/locator -> contrib/restricted/boost
ALLOW library/cpp/testing/boost_test$ -> contrib/restricted/boost/libs/test
ALLOW library/cpp/testing/boost_test_main$ -> contrib/restricted/boost/libs/test
ALLOW library/cpp/testing/gtest_boost_extensions -> contrib/restricted/boost
ALLOW logbroker/pipe-parser -> contrib/restricted/boost
ALLOW mail -> contrib/restricted/boost
ALLOW maps -> contrib/restricted/boost
ALLOW market/idx/feeds/feedparser -> contrib/restricted/boost
ALLOW market/idx/stats/src -> contrib/restricted/boost
ALLOW mds -> contrib/restricted/boost
ALLOW metrika -> contrib/restricted/boost
ALLOW netsys/tiles-vcdiff/gen-tiles -> contrib/restricted/boost
ALLOW orgvisits/dwellplaces -> contrib/restricted/boost
ALLOW orgvisits/heuristics -> contrib/restricted/boost
ALLOW orgvisits/library/soc -> contrib/restricted/boost
ALLOW quasar/backend -> contrib/restricted/boost
ALLOW regulargeo/research -> contrib/restricted/boost
ALLOW rem/python/geobase30 -> contrib/restricted/boost
ALLOW drive/contrib/cpp/telemetry -> contrib/restricted/boost
ALLOW smart_devices -> contrib/restricted/boost
ALLOW statbox/libstatbox -> contrib/restricted/boost
ALLOW taxi/uservices -> contrib/restricted/boost
ALLOW tools/idl -> contrib/restricted/boost
ALLOW voicetech/tools -> contrib/restricted/boost
ALLOW weather/archive/grid_api/lib -> contrib/restricted/boost
ALLOW yabs/telephony -> contrib/restricted/boost
ALLOW yandex_io -> contrib/restricted/boost
ALLOW yweb/robot/js -> contrib/restricted/boost
ALLOW market/access/server/env -> contrib/restricted/boost
ALLOW sdg/library/cpp/ros_msg_parser -> contrib/restricted/boost
ALLOW search/meta/scatter/ant -> contrib/restricted/boost
ALLOW search/meta/scatter/ut -> contrib/restricted/boost

# use GTEST target in ya.make instead of PEERDIRing contrib/restricted/googletest
# and include <library/cpp/testing/gtest.h> instead of <gtest/gtest.h> (<gmock/gmock.h>)
ALLOW contrib -> contrib/restricted/googletest
ALLOW library/cpp/testing/gmock_in_unittest -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_boost_extensions -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_extensions -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_main -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_protobuf -> contrib/restricted/googletest
ALLOW library/python/testing/gtest/test/gtest -> contrib/restricted/googletest
# TODO remove this lines after they will switch to library/cpp/testing/gtest
ALLOW mail -> contrib/restricted/googletest
ALLOW maps/mobile/libs -> contrib/restricted/googletest
ALLOW maps/mobile/bundle -> contrib/restricted/googletest
ALLOW mds -> contrib/restricted/googletest
# A mere proxy to allow using gmock in libraries without being bound to specific test framework
# See IGNIETFERRO-1827 for details.
ALLOW library/cpp/testing/gmock -> contrib/restricted/googletest/googlemock

# allow usage of MIT part
ALLOW .* -> contrib/restricted/librseq/headeronly

# we use nfs-ganesha for Network File Store gateway
ALLOW cloud/filestore/gateway/nfs -> contrib/restricted/nfs_ganesha

ALLOW yandex_io -> contrib/restricted/patched/hostap_client

# Default policies:
#
# Do not restrict contrib
# All peerdirs to contrib/restricted from outside are prohibited
#
ALLOW contrib -> contrib/restricted
DENY .* -> contrib/restricted