From 7701d5fe1221a7c653385ea52cae2d3580b2c6b5 Mon Sep 17 00:00:00 2001 From: Spandan Das Date: Tue, 17 Dec 2024 17:52:26 +0000 Subject: Introduce a singleton module to collect apex certs `all_apex_certs` will provide two kinds of output files: 1. x509 certificate in pem format 2. x509 certificate in der format filenames of the certs are not part of `all_apex_certs` api. In fact, the der certs will be named with int indexes. This singleton module will be used by `CtsSecurityTestCases` (specifically `PackageSignatureTest`) to enforce that the apexes are signed with release keys. To implement this, `ctx.ReverseDepenendcy` will be used in deps mutator of apex. An alternative would have been to use `ctx.VisitAllDeps` in `GenerateAndroidBuildActions` of the singleton, but this would make it unusable in the cts test (circular dep). Make has a similar implementation that collects the certs of apexes and dists that file. This has been kept separate for now to prevent b/304914238 Bug: 329299639 Test: m nothing --no-skip-soong-tests Change-Id: I742d8ae1ccc344a78ae04263382750508b2aedec --- apex/apex.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'apex/apex.go') diff --git a/apex/apex.go b/apex/apex.go index b0d2b54a7..aeac0b771 100644 --- a/apex/apex.go +++ b/apex/apex.go @@ -888,8 +888,20 @@ func (a *apexBundle) DepsMutator(ctx android.BottomUpMutatorContext) { ctx.AddFarVariationDependencies(commonVariation, javaLibTag, a.properties.Java_libs...) ctx.AddFarVariationDependencies(commonVariation, fsTag, a.properties.Filesystems...) ctx.AddFarVariationDependencies(commonVariation, compatConfigTag, a.properties.Compat_configs...) + + // Add a reverse dependency to all_apex_certs singleton module. + // all_apex_certs will use this dependency to collect the certificate of this apex. + ctx.AddReverseDependency(ctx.Module(), allApexCertsDepTag, "all_apex_certs") +} + +type allApexCertsDependencyTag struct { + blueprint.DependencyTag } +func (_ allApexCertsDependencyTag) ExcludeFromVisibilityEnforcement() {} + +var allApexCertsDepTag = allApexCertsDependencyTag{} + // DepsMutator for the overridden properties. func (a *apexBundle) OverridablePropertiesDepsMutator(ctx android.BottomUpMutatorContext) { if a.overridableProperties.Allowed_files != nil { -- cgit v1.2.3-59-g8ed1b