diff options
| author | 2024-12-17 17:52:26 +0000 | |
|---|---|---|
| committer | 2024-12-18 22:37:40 +0000 | |
| commit | 7701d5fe1221a7c653385ea52cae2d3580b2c6b5 (patch) | |
| tree | c603b055a787cf44fa3f18b1d27e7d02724dc1e1 /apex/apex.go | |
| parent | 6d0985ea189c715e25499c4115c1519cf8fc8a15 (diff) | |
Introduce a singleton module to collect apex certs
`all_apex_certs` will provide two kinds of output files:
1. x509 certificate in pem format
2. x509 certificate in der format
filenames of the certs are not part of `all_apex_certs` api. In fact,
the der certs will be named with int indexes.
This singleton module will be used by `CtsSecurityTestCases`
(specifically `PackageSignatureTest`) to enforce that the apexes are
signed with release keys.
To implement this, `ctx.ReverseDepenendcy` will be used in deps mutator
of apex. An alternative would have been to use `ctx.VisitAllDeps` in
`GenerateAndroidBuildActions` of the singleton, but this would make it
unusable in the cts test (circular dep).
Make has a similar implementation that collects the certs of apexes and
dists that file. This has been kept separate for now to prevent b/304914238
Bug: 329299639
Test: m nothing --no-skip-soong-tests
Change-Id: I742d8ae1ccc344a78ae04263382750508b2aedec
Diffstat (limited to 'apex/apex.go')
| -rw-r--r-- | apex/apex.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/apex/apex.go b/apex/apex.go index b0d2b54a7..aeac0b771 100644 --- a/apex/apex.go +++ b/apex/apex.go @@ -888,8 +888,20 @@ func (a *apexBundle) DepsMutator(ctx android.BottomUpMutatorContext) { ctx.AddFarVariationDependencies(commonVariation, javaLibTag, a.properties.Java_libs...) ctx.AddFarVariationDependencies(commonVariation, fsTag, a.properties.Filesystems...) ctx.AddFarVariationDependencies(commonVariation, compatConfigTag, a.properties.Compat_configs...) + + // Add a reverse dependency to all_apex_certs singleton module. + // all_apex_certs will use this dependency to collect the certificate of this apex. + ctx.AddReverseDependency(ctx.Module(), allApexCertsDepTag, "all_apex_certs") +} + +type allApexCertsDependencyTag struct { + blueprint.DependencyTag } +func (_ allApexCertsDependencyTag) ExcludeFromVisibilityEnforcement() {} + +var allApexCertsDepTag = allApexCertsDependencyTag{} + // DepsMutator for the overridden properties. func (a *apexBundle) OverridablePropertiesDepsMutator(ctx android.BottomUpMutatorContext) { if a.overridableProperties.Allowed_files != nil { |