Merge "Drop legacy vboot support." into main
diff --git a/common/math.mk b/common/math.mk
index ecee474..829ceb5 100644
--- a/common/math.mk
+++ b/common/math.mk
@@ -315,8 +315,9 @@
$(call math-expect,(call numbers_greater_or_equal_to,0,0 2 1 3),0 2 1 3)
$(call math-expect,(call numbers_greater_or_equal_to,1,0 2 1 3 2),2 1 3 2)
-_INT_LIMIT_WORDS := $(foreach a,x x,$(foreach b,x x x x x x x x x x x x x x x x,\
- $(foreach c,x x x x x x x x x x x x x x x x,x x x x x x x x x x x x x x x x)))
+# 10,001 = 10 ** 4 + 1, contains 10,001 x's, so 1 more than 10,000 (future) API level
+_INT_LIMIT_WORDS := x $(foreach a,0 1 2 3 4 5 6 7 8 9,$(foreach b,0 1 2 3 4 5 6 7 8 9,\
+ $(foreach c,0 1 2 3 4 5 6 7 8 9,x x x x x x x x x x)))
define _int_encode
$(if $(filter $(words x $(_INT_LIMIT_WORDS)),$(words $(wordlist 1,$(1),x $(_INT_LIMIT_WORDS)))),\
diff --git a/core/android_soong_config_vars.mk b/core/android_soong_config_vars.mk
index 9b536f0..13a5bc0 100644
--- a/core/android_soong_config_vars.mk
+++ b/core/android_soong_config_vars.mk
@@ -29,6 +29,7 @@
$(call add_soong_config_var,ANDROID,BOARD_USES_ODMIMAGE)
$(call add_soong_config_var,ANDROID,BOARD_USES_RECOVERY_AS_BOOT)
$(call add_soong_config_var,ANDROID,CHECK_DEV_TYPE_VIOLATIONS)
+$(call add_soong_config_var,ANDROID,PLATFORM_SEPOLICY_VERSION)
$(call add_soong_config_var,ANDROID,PLATFORM_SEPOLICY_COMPAT_VERSIONS)
$(call add_soong_config_var,ANDROID,PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT)
$(call add_soong_config_var,ANDROID,TARGET_DYNAMIC_64_32_DRMSERVER)
diff --git a/core/product_config.mk b/core/product_config.mk
index f939690..8dc175a 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -405,6 +405,10 @@
TARGET_AAPT_CHARACTERISTICS := $(PRODUCT_CHARACTERISTICS)
endif
+ifndef PRODUCT_SHIPPING_API_LEVEL
+ PRODUCT_SHIPPING_API_LEVEL := 10000
+endif
+
ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
ifneq (1,$(words $(PRODUCT_DEFAULT_DEV_CERTIFICATE)))
$(error PRODUCT_DEFAULT_DEV_CERTIFICATE='$(PRODUCT_DEFAULT_DEV_CERTIFICATE)', \
diff --git a/core/soong_config.mk b/core/soong_config.mk
index f799ba0..8948046 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -29,6 +29,7 @@
$(call add_json_str, Make_suffix, -$(TARGET_PRODUCT))
$(call add_json_str, BuildId, $(BUILD_ID))
+$(call add_json_str, BuildFingerprintFile, build_fingerprint.txt)
$(call add_json_str, BuildNumberFile, build_number.txt)
$(call add_json_str, BuildHostnameFile, build_hostname.txt)
$(call add_json_str, BuildThumbprintFile, build_thumbprint.txt)
@@ -296,6 +297,7 @@
$(call add_json_bool, BuildBrokenIncorrectPartitionImages, $(filter true,$(BUILD_BROKEN_INCORRECT_PARTITION_IMAGES)))
$(call add_json_list, BuildBrokenInputDirModules, $(BUILD_BROKEN_INPUT_DIR_MODULES))
$(call add_json_bool, BuildBrokenDontCheckSystemSdk, $(filter true,$(BUILD_BROKEN_DONT_CHECK_SYSTEMSDK)))
+$(call add_json_bool, BuildBrokenDupSysprop, $(filter true,$(BUILD_BROKEN_DUP_SYSPROP)))
$(call add_json_list, BuildWarningBadOptionalUsesLibsAllowlist, $(BUILD_WARNING_BAD_OPTIONAL_USES_LIBS_ALLOWLIST))
diff --git a/core/soong_extra_config.mk b/core/soong_extra_config.mk
index 006174c..c2b4775 100644
--- a/core/soong_extra_config.mk
+++ b/core/soong_extra_config.mk
@@ -1,6 +1,5 @@
$(call json_start)
-$(call add_json_str, BuildFingerprintFile, build_fingerprint.txt)
$(call add_json_str, DeviceCpuVariantRuntime, $(TARGET_CPU_VARIANT_RUNTIME))
$(call add_json_str, DeviceAbiList, $(TARGET_CPU_ABI_LIST))
$(call add_json_str, DeviceAbiList32, $(TARGET_CPU_ABI_LIST_32_BIT))
@@ -17,8 +16,6 @@
$(call add_json_str, ShippingApiLevel, $(PRODUCT_SHIPPING_API_LEVEL))
$(call add_json_str, ShippingVendorApiLevel, $(PRODUCT_SHIPPING_VENDOR_API_LEVEL))
-$(call add_json_bool,BuildBrokenDupSysprop, $(filter true,$(BUILD_BROKEN_DUP_SYSPROP)))
-
$(call add_json_str, ProductModel, $(PRODUCT_MODEL))
$(call add_json_str, ProductModelForAttestation, $(PRODUCT_MODEL_FOR_ATTESTATION))
$(call add_json_str, ProductBrandForAttestation, $(PRODUCT_BRAND_FOR_ATTESTATION))
@@ -39,17 +36,18 @@
$(subst ",,$(call collapse-pairs,$(call collapse-pairs,$$($(1)),?=),=))
endef
-$(call add_json_list, SystemProperties, $(call collapse-prop-pairs,PRODUCT_SYSTEM_PROPERTIES))
-$(call add_json_list, SystemDefaultProperties, $(call collapse-prop-pairs,PRODUCT_SYSTEM_DEFAULT_PROPERTIES))
-$(call add_json_list, SystemExtProperties, $(call collapse-prop-pairs,PRODUCT_SYSTEM_EXT_PROPERTIES))
-$(call add_json_list, VendorProperties, $(call collapse-prop-pairs,PRODUCT_VENDOR_PROPERTIES))
-$(call add_json_list, ProductProperties, $(call collapse-prop-pairs,PRODUCT_PRODUCT_PROPERTIES))
-$(call add_json_list, OdmProperties, $(call collapse-prop-pairs,PRODUCT_ODM_PROPERTIES))
-$(call add_json_list, OemProperties, $(call collapse-prop-pairs,PRODUCT_OEM_PROPERTIES))
-$(call add_json_list, PropertyOverrides, $(call collapse-prop-pairs,PRODUCT_PROPERTY_OVERRIDES))
+$(call add_json_list, PRODUCT_SYSTEM_PROPERTIES, $(call collapse-prop-pairs,PRODUCT_SYSTEM_PROPERTIES))
+$(call add_json_list, PRODUCT_SYSTEM_DEFAULT_PROPERTIES, $(call collapse-prop-pairs,PRODUCT_SYSTEM_DEFAULT_PROPERTIES))
+$(call add_json_list, PRODUCT_SYSTEM_EXT_PROPERTIES, $(call collapse-prop-pairs,PRODUCT_SYSTEM_EXT_PROPERTIES))
+$(call add_json_list, PRODUCT_VENDOR_PROPERTIES, $(call collapse-prop-pairs,PRODUCT_VENDOR_PROPERTIES))
+$(call add_json_list, PRODUCT_PRODUCT_PROPERTIES, $(call collapse-prop-pairs,PRODUCT_PRODUCT_PROPERTIES))
+$(call add_json_list, PRODUCT_ODM_PROPERTIES, $(call collapse-prop-pairs,PRODUCT_ODM_PROPERTIES))
+$(call add_json_list, PRODUCT_PROPERTY_OVERRIDES, $(call collapse-prop-pairs,PRODUCT_PROPERTY_OVERRIDES))
$(call add_json_str, BootloaderBoardName, $(TARGET_BOOTLOADER_BOARD_NAME))
+$(call add_json_bool, SdkBuild, $(filter sdk sdk_addon,$(MAKECMDGOALS)))
+
_config_enable_uffd_gc := \
$(firstword $(OVERRIDE_ENABLE_UFFD_GC) $(PRODUCT_ENABLE_UFFD_GC) default)
$(call add_json_str, EnableUffdGc, $(_config_enable_uffd_gc))
diff --git a/core/tasks/meta-lic.mk b/core/tasks/meta-lic.mk
index a94a016..3520a32 100644
--- a/core/tasks/meta-lic.mk
+++ b/core/tasks/meta-lic.mk
@@ -185,3 +185,6 @@
$(eval $(call declare-1p-copy-files,device/generic/goldfish,init.ranchu-core.sh))
$(eval $(call declare-1p-copy-files,device/generic/goldfish,init.ranchu-net.sh))
$(eval $(call declare-1p-copy-files,device/generic/goldfish,audio_policy_configuration.xml))
+
+# Moved here from packages/services/Car/Android.mk
+$(eval $(call declare-1p-copy-files,packages/services/Car,))
diff --git a/teams/Android.bp b/teams/Android.bp
index c56af6b..fbf1344 100644
--- a/teams/Android.bp
+++ b/teams/Android.bp
@@ -4405,3 +4405,10 @@
// go/trendy/manage/engineers/4705629185081344
trendy_team_id: "4705629185081344",
}
+
+team {
+ name: "trendy_team_android_media_solutions_editing",
+
+ // go/trendy/manage/engineers/5350750192762880
+ trendy_team_id: "5350750192762880",
+}
diff --git a/tools/sbom/sbom_data.py b/tools/sbom/sbom_data.py
index b5ac8a5..fc5c704 100644
--- a/tools/sbom/sbom_data.py
+++ b/tools/sbom/sbom_data.py
@@ -30,6 +30,7 @@
SPDXID_DOC = 'SPDXRef-DOCUMENT'
SPDXID_PRODUCT = 'SPDXRef-PRODUCT'
SPDXID_PLATFORM = 'SPDXRef-PLATFORM'
+SPDXID_LICENSE_APACHE = 'LicenseRef-Android-Apache-2.0'
PACKAGE_NAME_PRODUCT = 'PRODUCT'
PACKAGE_NAME_PLATFORM = 'PLATFORM'
@@ -50,7 +51,7 @@
cpe23Type = 'cpe23Type'
-@dataclass
+@dataclass(frozen=True)
class PackageExternalRef:
category: PackageExternalRefCategory
type: PackageExternalRefType
@@ -68,6 +69,7 @@
verification_code: str = None
file_ids: List[str] = field(default_factory=list)
external_refs: List[PackageExternalRef] = field(default_factory=list)
+ declared_license_ids: List[str] = field(default_factory=list)
@dataclass
@@ -75,6 +77,7 @@
id: str
name: str
checksum: str
+ concluded_license_ids: List[str] = field(default_factory=list)
class RelationshipType:
@@ -85,20 +88,27 @@
STATIC_LINK = 'STATIC_LINK'
-@dataclass
+@dataclass(frozen=True)
class Relationship:
id1: str
relationship: RelationshipType
id2: str
-@dataclass
+@dataclass(frozen=True)
class DocumentExternalReference:
id: str
uri: str
checksum: str
+@dataclass(frozen=True)
+class License:
+ id: str
+ text: str
+ name: str
+
+
@dataclass
class Document:
name: str
@@ -111,20 +121,30 @@
packages: List[Package] = field(default_factory=list)
files: List[File] = field(default_factory=list)
relationships: List[Relationship] = field(default_factory=list)
+ licenses: List[License] = field(default_factory=list)
def add_external_ref(self, external_ref):
if not any(external_ref.uri == ref.uri for ref in self.external_refs):
self.external_refs.append(external_ref)
def add_package(self, package):
- if not any(package.id == p.id for p in self.packages):
+ p = next((p for p in self.packages if package.id == p.id), None)
+ if not p:
self.packages.append(package)
+ else:
+ for license_id in package.declared_license_ids:
+ if license_id not in p.declared_license_ids:
+ p.declared_license_ids.append(license_id)
def add_relationship(self, rel):
if not any(rel.id1 == r.id1 and rel.id2 == r.id2 and rel.relationship == r.relationship
for r in self.relationships):
self.relationships.append(rel)
+ def add_license(self, license):
+ if not any(license.id == l.id for l in self.licenses):
+ self.licenses.append(license)
+
def generate_packages_verification_code(self):
for package in self.packages:
if not package.file_ids:
diff --git a/tools/sbom/sbom_data_test.py b/tools/sbom/sbom_data_test.py
index 69bc9d2..9d987c4 100644
--- a/tools/sbom/sbom_data_test.py
+++ b/tools/sbom/sbom_data_test.py
@@ -23,6 +23,7 @@
SUPPLIER_UPSTREAM = 'Organization: upstream'
SPDXID_PREBUILT_PACKAGE1 = 'SPDXRef-PREBUILT-package1'
+SPDXID_PREBUILT_PACKAGE2 = 'SPDXRef-PREBUILT-package2'
SPDXID_SOURCE_PACKAGE1 = 'SPDXRef-SOURCE-package1'
SPDXID_UPSTREAM_PACKAGE1 = 'SPDXRef-UPSTREAM-package1'
@@ -31,6 +32,9 @@
SPDXID_FILE3 = 'SPDXRef-file3'
SPDXID_FILE4 = 'SPDXRef-file4'
+SPDXID_LICENSE1 = "SPDXRef-License-1"
+SPDXID_LICENSE2 = "SPDXRef-License-2"
+
class SBOMDataTest(unittest.TestCase):
@@ -134,6 +138,47 @@
self.sbom_doc.generate_packages_verification_code()
self.assertEqual(expected_package_verification_code, self.sbom_doc.packages[0].verification_code)
+ def test_add_package_(self):
+ self.sbom_doc.add_package(sbom_data.Package(id=SPDXID_PREBUILT_PACKAGE2,
+ name='Prebuilt package2',
+ download_location=sbom_data.VALUE_NONE,
+ supplier=SUPPLIER_GOOGLE,
+ version=BUILD_FINGER_PRINT,
+ ))
+ p = next((p for p in self.sbom_doc.packages if p.id == SPDXID_PREBUILT_PACKAGE2), None)
+ self.assertNotEqual(p, None)
+ self.assertEqual(p.declared_license_ids, [])
+
+ # Add same package with license 1
+ self.sbom_doc.add_package(sbom_data.Package(id=SPDXID_PREBUILT_PACKAGE2,
+ name='Prebuilt package2',
+ download_location=sbom_data.VALUE_NONE,
+ supplier=SUPPLIER_GOOGLE,
+ version=BUILD_FINGER_PRINT,
+ declared_license_ids=[SPDXID_LICENSE1]
+ ))
+ self.assertEqual(p.declared_license_ids, [SPDXID_LICENSE1])
+
+ # Add same package with license 2
+ self.sbom_doc.add_package(sbom_data.Package(id=SPDXID_PREBUILT_PACKAGE2,
+ name='Prebuilt package2',
+ download_location=sbom_data.VALUE_NONE,
+ supplier=SUPPLIER_GOOGLE,
+ version=BUILD_FINGER_PRINT,
+ declared_license_ids=[SPDXID_LICENSE2]
+ ))
+ self.assertEqual(p.declared_license_ids, [SPDXID_LICENSE1, SPDXID_LICENSE2])
+
+ # Add same package with license 2 again
+ self.sbom_doc.add_package(sbom_data.Package(id=SPDXID_PREBUILT_PACKAGE2,
+ name='Prebuilt package2',
+ download_location=sbom_data.VALUE_NONE,
+ supplier=SUPPLIER_GOOGLE,
+ version=BUILD_FINGER_PRINT,
+ declared_license_ids=[SPDXID_LICENSE2]
+ ))
+ self.assertEqual(p.declared_license_ids, [SPDXID_LICENSE1, SPDXID_LICENSE2])
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/tools/sbom/sbom_writers.py b/tools/sbom/sbom_writers.py
index 1cb864d..26b3c57 100644
--- a/tools/sbom/sbom_writers.py
+++ b/tools/sbom/sbom_writers.py
@@ -64,6 +64,11 @@
# Relationship
RELATIONSHIP = 'Relationship'
+ # License
+ LICENSE_ID = 'LicenseID'
+ LICENSE_NAME = 'LicenseName'
+ LICENSE_EXTRACTED_TEXT = 'ExtractedText'
+
class TagValueWriter:
@staticmethod
@@ -99,6 +104,12 @@
tagvalues.append(f'{Tags.PACKAGE_VERSION}: {package.version}')
if package.supplier:
tagvalues.append(f'{Tags.PACKAGE_SUPPLIER}: {package.supplier}')
+
+ license = sbom_data.VALUE_NOASSERTION
+ if package.declared_license_ids:
+ license = ' OR '.join(package.declared_license_ids)
+ tagvalues.append(f'{Tags.PACKAGE_LICENSE_DECLARED}: {license}')
+
if package.verification_code:
tagvalues.append(f'{Tags.PACKAGE_VERIFICATION_CODE}: {package.verification_code}')
if package.external_refs:
@@ -155,8 +166,12 @@
f'{Tags.FILE_NAME}: {file.name}',
f'{Tags.SPDXID}: {file.id}',
f'{Tags.FILE_CHECKSUM}: {file.checksum}',
- '',
]
+ license = sbom_data.VALUE_NOASSERTION
+ if file.concluded_license_ids:
+ license = ' OR '.join(file.concluded_license_ids)
+ tagvalues.append(f'{Tags.FILE_LICENSE_CONCLUDED}: {license}')
+ tagvalues.append('')
return tagvalues
@@ -194,6 +209,22 @@
return tagvalues
@staticmethod
+ def marshal_license(license):
+ tagvalues = []
+ tagvalues.append(f'{Tags.LICENSE_ID}: {license.id}')
+ tagvalues.append(f'{Tags.LICENSE_NAME}: {license.name}')
+ tagvalues.append(f'{Tags.LICENSE_EXTRACTED_TEXT}: <text>{license.text}</text>')
+ return tagvalues
+
+ @staticmethod
+ def marshal_licenses(sbom_doc):
+ tagvalues = []
+ for license in sbom_doc.licenses:
+ tagvalues += TagValueWriter.marshal_license(license)
+ tagvalues.append('')
+ return tagvalues
+
+ @staticmethod
def write(sbom_doc, file, fragment=False):
content = []
if not fragment:
@@ -202,6 +233,7 @@
tagvalues, marshaled_relationships = TagValueWriter.marshal_packages(sbom_doc, fragment)
content += tagvalues
content += TagValueWriter.marshal_relationships(sbom_doc, marshaled_relationships)
+ content += TagValueWriter.marshal_licenses(sbom_doc)
file.write('\n'.join(content))
@@ -236,11 +268,13 @@
PACKAGE_EXTERNAL_REF_TYPE = 'referenceType'
PACKAGE_EXTERNAL_REF_LOCATOR = 'referenceLocator'
PACKAGE_HAS_FILES = 'hasFiles'
+ PACKAGE_LICENSE_DECLARED = 'licenseDeclared'
# File
FILES = 'files'
FILE_NAME = 'fileName'
FILE_CHECKSUMS = 'checksums'
+ FILE_LICENSE_CONCLUDED = 'licenseConcluded'
# Relationship
RELATIONSHIPS = 'relationships'
@@ -248,6 +282,12 @@
REL_RELATED_ELEMENT_ID = 'relatedSpdxElement'
REL_TYPE = 'relationshipType'
+ # License
+ LICENSES = 'hasExtractedLicensingInfos'
+ LICENSE_ID = 'licenseId'
+ LICENSE_NAME = 'name'
+ LICENSE_EXTRACTED_TEXT = 'extractedText'
+
class JSONWriter:
@staticmethod
@@ -294,6 +334,9 @@
package[PropNames.PACKAGE_VERSION] = p.version
if p.supplier:
package[PropNames.PACKAGE_SUPPLIER] = p.supplier
+ package[PropNames.PACKAGE_LICENSE_DECLARED] = sbom_data.VALUE_NOASSERTION
+ if p.declared_license_ids:
+ package[PropNames.PACKAGE_LICENSE_DECLARED] = ' OR '.join(p.declared_license_ids)
if p.verification_code:
package[PropNames.PACKAGE_VERIFICATION_CODE] = {
PropNames.PACKAGE_VERIFICATION_CODE_VALUE: p.verification_code
@@ -329,6 +372,9 @@
PropNames.ALGORITHM: checksum[0],
PropNames.CHECKSUM_VALUE: checksum[1],
}]
+ file[PropNames.FILE_LICENSE_CONCLUDED] = sbom_data.VALUE_NOASSERTION
+ if f.concluded_license_ids:
+ file[PropNames.FILE_LICENSE_CONCLUDED] = ' OR '.join(f.concluded_license_ids)
files.append(file)
return {PropNames.FILES: files}
@@ -347,10 +393,22 @@
return {PropNames.RELATIONSHIPS: relationships}
@staticmethod
+ def marshal_licenses(sbom_doc):
+ licenses = []
+ for l in sbom_doc.licenses:
+ licenses.append({
+ PropNames.LICENSE_ID: l.id,
+ PropNames.LICENSE_NAME: l.name,
+ PropNames.LICENSE_EXTRACTED_TEXT: f'<text>{l.text}</text>'
+ })
+ return {PropNames.LICENSES: licenses}
+
+ @staticmethod
def write(sbom_doc, file):
doc = {}
doc.update(JSONWriter.marshal_doc_headers(sbom_doc))
doc.update(JSONWriter.marshal_packages(sbom_doc))
doc.update(JSONWriter.marshal_files(sbom_doc))
doc.update(JSONWriter.marshal_relationships(sbom_doc))
+ doc.update(JSONWriter.marshal_licenses(sbom_doc))
file.write(json.dumps(doc, indent=4))
diff --git a/tools/sbom/sbom_writers_test.py b/tools/sbom/sbom_writers_test.py
index cf85e01..f9f5230 100644
--- a/tools/sbom/sbom_writers_test.py
+++ b/tools/sbom/sbom_writers_test.py
@@ -33,6 +33,14 @@
SPDXID_FILE3 = 'SPDXRef-file3'
SPDXID_FILE4 = 'SPDXRef-file4'
+SPDXID_LICENSE_1 = 'LicenseRef-Android-License-1'
+SPDXID_LICENSE_2 = 'LicenseRef-Android-License-2'
+SPDXID_LICENSE_3 = 'LicenseRef-Android-License-3'
+
+LICENSE_APACHE_TEXT = "LICENSE_APACHE"
+LICENSE1_TEXT = 'LICENSE 1'
+LICENSE2_TEXT = 'LICENSE 2'
+LICENSE3_TEXT = 'LICENSE 3'
class SBOMWritersTest(unittest.TestCase):
@@ -63,6 +71,7 @@
download_location=sbom_data.VALUE_NONE,
supplier=SUPPLIER_GOOGLE,
version=BUILD_FINGER_PRINT,
+ declared_license_ids=[sbom_data.SPDXID_LICENSE_APACHE]
))
self.sbom_doc.add_package(
@@ -71,6 +80,7 @@
download_location=sbom_data.VALUE_NONE,
supplier=SUPPLIER_GOOGLE,
version=BUILD_FINGER_PRINT,
+ declared_license_ids=[SPDXID_LICENSE_1],
))
self.sbom_doc.add_package(
@@ -79,6 +89,7 @@
download_location=sbom_data.VALUE_NONE,
supplier=SUPPLIER_GOOGLE,
version=BUILD_FINGER_PRINT,
+ declared_license_ids=[SPDXID_LICENSE_2, SPDXID_LICENSE_3],
external_refs=[sbom_data.PackageExternalRef(
category=sbom_data.PackageExternalRefCategory.SECURITY,
type=sbom_data.PackageExternalRefType.cpe22Type,
@@ -90,6 +101,7 @@
name='Upstream package1',
supplier=SUPPLIER_UPSTREAM,
version='1.1',
+ declared_license_ids=[SPDXID_LICENSE_2, SPDXID_LICENSE_3],
))
self.sbom_doc.add_relationship(sbom_data.Relationship(id1=SPDXID_SOURCE_PACKAGE1,
@@ -97,11 +109,11 @@
id2=SPDXID_UPSTREAM_PACKAGE1))
self.sbom_doc.files.append(
- sbom_data.File(id=SPDXID_FILE1, name='/bin/file1', checksum='SHA1: 11111'))
+ sbom_data.File(id=SPDXID_FILE1, name='/bin/file1', checksum='SHA1: 11111', concluded_license_ids=[sbom_data.SPDXID_LICENSE_APACHE]))
self.sbom_doc.files.append(
- sbom_data.File(id=SPDXID_FILE2, name='/bin/file2', checksum='SHA1: 22222'))
+ sbom_data.File(id=SPDXID_FILE2, name='/bin/file2', checksum='SHA1: 22222', concluded_license_ids=[SPDXID_LICENSE_1]))
self.sbom_doc.files.append(
- sbom_data.File(id=SPDXID_FILE3, name='/bin/file3', checksum='SHA1: 33333'))
+ sbom_data.File(id=SPDXID_FILE3, name='/bin/file3', checksum='SHA1: 33333', concluded_license_ids=[SPDXID_LICENSE_2, SPDXID_LICENSE_3]))
self.sbom_doc.files.append(
sbom_data.File(id=SPDXID_FILE4, name='file4.a', checksum='SHA1: 44444'))
@@ -120,6 +132,11 @@
id2=SPDXID_FILE4
))
+ self.sbom_doc.add_license(sbom_data.License(sbom_data.SPDXID_LICENSE_APACHE, LICENSE_APACHE_TEXT, "License-Apache"))
+ self.sbom_doc.add_license(sbom_data.License(SPDXID_LICENSE_1, LICENSE1_TEXT, "License-1"))
+ self.sbom_doc.add_license(sbom_data.License(SPDXID_LICENSE_2, LICENSE2_TEXT, "License-2"))
+ self.sbom_doc.add_license(sbom_data.License(SPDXID_LICENSE_3, LICENSE3_TEXT, "License-3"))
+
# SBOM fragment of a APK
self.unbundled_sbom_doc = sbom_data.Document(name='test doc',
namespace='http://www.google.com/sbom/spdx/android',
diff --git a/tools/sbom/testdata/expected_json_sbom.spdx.json b/tools/sbom/testdata/expected_json_sbom.spdx.json
index 53936c5..a877810 100644
--- a/tools/sbom/testdata/expected_json_sbom.spdx.json
+++ b/tools/sbom/testdata/expected_json_sbom.spdx.json
@@ -31,6 +31,7 @@
"filesAnalyzed": true,
"versionInfo": "build_finger_print",
"supplier": "Organization: Google",
+ "licenseDeclared": "NOASSERTION",
"packageVerificationCode": {
"packageVerificationCodeValue": "123456"
},
@@ -46,7 +47,8 @@
"downloadLocation": "NONE",
"filesAnalyzed": false,
"versionInfo": "build_finger_print",
- "supplier": "Organization: Google"
+ "supplier": "Organization: Google",
+ "licenseDeclared": "LicenseRef-Android-Apache-2.0"
},
{
"name": "Prebuilt package1",
@@ -54,7 +56,8 @@
"downloadLocation": "NONE",
"filesAnalyzed": false,
"versionInfo": "build_finger_print",
- "supplier": "Organization: Google"
+ "supplier": "Organization: Google",
+ "licenseDeclared": "LicenseRef-Android-License-1"
},
{
"name": "Source package1",
@@ -63,6 +66,7 @@
"filesAnalyzed": false,
"versionInfo": "build_finger_print",
"supplier": "Organization: Google",
+ "licenseDeclared": "LicenseRef-Android-License-2 OR LicenseRef-Android-License-3",
"externalRefs": [
{
"referenceCategory": "SECURITY",
@@ -77,7 +81,8 @@
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"versionInfo": "1.1",
- "supplier": "Organization: upstream"
+ "supplier": "Organization: upstream",
+ "licenseDeclared": "LicenseRef-Android-License-2 OR LicenseRef-Android-License-3"
}
],
"files": [
@@ -89,7 +94,8 @@
"algorithm": "SHA1",
"checksumValue": "11111"
}
- ]
+ ],
+ "licenseConcluded": "LicenseRef-Android-Apache-2.0"
},
{
"fileName": "/bin/file2",
@@ -99,7 +105,8 @@
"algorithm": "SHA1",
"checksumValue": "22222"
}
- ]
+ ],
+ "licenseConcluded": "LicenseRef-Android-License-1"
},
{
"fileName": "/bin/file3",
@@ -109,7 +116,8 @@
"algorithm": "SHA1",
"checksumValue": "33333"
}
- ]
+ ],
+ "licenseConcluded": "LicenseRef-Android-License-2 OR LicenseRef-Android-License-3"
},
{
"fileName": "file4.a",
@@ -119,7 +127,8 @@
"algorithm": "SHA1",
"checksumValue": "44444"
}
- ]
+ ],
+ "licenseConcluded": "NOASSERTION"
}
],
"relationships": [
@@ -148,5 +157,27 @@
"relatedSpdxElement": "SPDXRef-UPSTREAM-package1",
"relationshipType": "VARIANT_OF"
}
+ ],
+ "hasExtractedLicensingInfos": [
+ {
+ "licenseId": "LicenseRef-Android-Apache-2.0",
+ "name": "License-Apache",
+ "extractedText": "<text>LICENSE_APACHE</text>"
+ },
+ {
+ "licenseId": "LicenseRef-Android-License-1",
+ "name": "License-1",
+ "extractedText": "<text>LICENSE 1</text>"
+ },
+ {
+ "licenseId": "LicenseRef-Android-License-2",
+ "name": "License-2",
+ "extractedText": "<text>LICENSE 2</text>"
+ },
+ {
+ "licenseId": "LicenseRef-Android-License-3",
+ "name": "License-3",
+ "extractedText": "<text>LICENSE 3</text>"
+ }
]
}
\ No newline at end of file
diff --git a/tools/sbom/testdata/expected_tagvalue_sbom.spdx b/tools/sbom/testdata/expected_tagvalue_sbom.spdx
index e6fd17e..1c54410 100644
--- a/tools/sbom/testdata/expected_tagvalue_sbom.spdx
+++ b/tools/sbom/testdata/expected_tagvalue_sbom.spdx
@@ -10,6 +10,7 @@
FileName: file4.a
SPDXID: SPDXRef-file4
FileChecksum: SHA1: 44444
+LicenseConcluded: NOASSERTION
PackageName: PRODUCT
SPDXID: SPDXRef-PRODUCT
@@ -17,6 +18,7 @@
FilesAnalyzed: true
PackageVersion: build_finger_print
PackageSupplier: Organization: Google
+PackageLicenseDeclared: NOASSERTION
PackageVerificationCode: 123456
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-PRODUCT
@@ -24,14 +26,17 @@
FileName: /bin/file1
SPDXID: SPDXRef-file1
FileChecksum: SHA1: 11111
+LicenseConcluded: LicenseRef-Android-Apache-2.0
FileName: /bin/file2
SPDXID: SPDXRef-file2
FileChecksum: SHA1: 22222
+LicenseConcluded: LicenseRef-Android-License-1
FileName: /bin/file3
SPDXID: SPDXRef-file3
FileChecksum: SHA1: 33333
+LicenseConcluded: LicenseRef-Android-License-2 OR LicenseRef-Android-License-3
PackageName: PLATFORM
SPDXID: SPDXRef-PLATFORM
@@ -39,6 +44,7 @@
FilesAnalyzed: false
PackageVersion: build_finger_print
PackageSupplier: Organization: Google
+PackageLicenseDeclared: LicenseRef-Android-Apache-2.0
PackageName: Prebuilt package1
SPDXID: SPDXRef-PREBUILT-package1
@@ -46,6 +52,7 @@
FilesAnalyzed: false
PackageVersion: build_finger_print
PackageSupplier: Organization: Google
+PackageLicenseDeclared: LicenseRef-Android-License-1
PackageName: Source package1
SPDXID: SPDXRef-SOURCE-package1
@@ -53,6 +60,7 @@
FilesAnalyzed: false
PackageVersion: build_finger_print
PackageSupplier: Organization: Google
+PackageLicenseDeclared: LicenseRef-Android-License-2 OR LicenseRef-Android-License-3
ExternalRef: SECURITY cpe22Type cpe:/a:jsoncpp_project:jsoncpp:1.9.4
PackageName: Upstream package1
@@ -61,6 +69,7 @@
FilesAnalyzed: false
PackageVersion: 1.1
PackageSupplier: Organization: upstream
+PackageLicenseDeclared: LicenseRef-Android-License-2 OR LicenseRef-Android-License-3
Relationship: SPDXRef-SOURCE-package1 VARIANT_OF SPDXRef-UPSTREAM-package1
@@ -68,3 +77,19 @@
Relationship: SPDXRef-file2 GENERATED_FROM SPDXRef-PREBUILT-package1
Relationship: SPDXRef-file3 GENERATED_FROM SPDXRef-SOURCE-package1
Relationship: SPDXRef-file1 STATIC_LINK SPDXRef-file4
+
+LicenseID: LicenseRef-Android-Apache-2.0
+LicenseName: License-Apache
+ExtractedText: <text>LICENSE_APACHE</text>
+
+LicenseID: LicenseRef-Android-License-1
+LicenseName: License-1
+ExtractedText: <text>LICENSE 1</text>
+
+LicenseID: LicenseRef-Android-License-2
+LicenseName: License-2
+ExtractedText: <text>LICENSE 2</text>
+
+LicenseID: LicenseRef-Android-License-3
+LicenseName: License-3
+ExtractedText: <text>LICENSE 3</text>
diff --git a/tools/sbom/testdata/expected_tagvalue_sbom_doc_describes_file.spdx b/tools/sbom/testdata/expected_tagvalue_sbom_doc_describes_file.spdx
index 428d7e3..36afc8b 100644
--- a/tools/sbom/testdata/expected_tagvalue_sbom_doc_describes_file.spdx
+++ b/tools/sbom/testdata/expected_tagvalue_sbom_doc_describes_file.spdx
@@ -10,6 +10,7 @@
FileName: file4.a
SPDXID: SPDXRef-file4
FileChecksum: SHA1: 44444
+LicenseConcluded: NOASSERTION
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-file4
@@ -19,19 +20,23 @@
FilesAnalyzed: true
PackageVersion: build_finger_print
PackageSupplier: Organization: Google
+PackageLicenseDeclared: NOASSERTION
PackageVerificationCode: 123456
FileName: /bin/file1
SPDXID: SPDXRef-file1
FileChecksum: SHA1: 11111
+LicenseConcluded: LicenseRef-Android-Apache-2.0
FileName: /bin/file2
SPDXID: SPDXRef-file2
FileChecksum: SHA1: 22222
+LicenseConcluded: LicenseRef-Android-License-1
FileName: /bin/file3
SPDXID: SPDXRef-file3
FileChecksum: SHA1: 33333
+LicenseConcluded: LicenseRef-Android-License-2 OR LicenseRef-Android-License-3
PackageName: PLATFORM
SPDXID: SPDXRef-PLATFORM
@@ -39,6 +44,7 @@
FilesAnalyzed: false
PackageVersion: build_finger_print
PackageSupplier: Organization: Google
+PackageLicenseDeclared: LicenseRef-Android-Apache-2.0
PackageName: Prebuilt package1
SPDXID: SPDXRef-PREBUILT-package1
@@ -46,6 +52,7 @@
FilesAnalyzed: false
PackageVersion: build_finger_print
PackageSupplier: Organization: Google
+PackageLicenseDeclared: LicenseRef-Android-License-1
PackageName: Source package1
SPDXID: SPDXRef-SOURCE-package1
@@ -53,6 +60,7 @@
FilesAnalyzed: false
PackageVersion: build_finger_print
PackageSupplier: Organization: Google
+PackageLicenseDeclared: LicenseRef-Android-License-2 OR LicenseRef-Android-License-3
ExternalRef: SECURITY cpe22Type cpe:/a:jsoncpp_project:jsoncpp:1.9.4
PackageName: Upstream package1
@@ -61,6 +69,7 @@
FilesAnalyzed: false
PackageVersion: 1.1
PackageSupplier: Organization: upstream
+PackageLicenseDeclared: LicenseRef-Android-License-2 OR LicenseRef-Android-License-3
Relationship: SPDXRef-SOURCE-package1 VARIANT_OF SPDXRef-UPSTREAM-package1
@@ -68,3 +77,19 @@
Relationship: SPDXRef-file2 GENERATED_FROM SPDXRef-PREBUILT-package1
Relationship: SPDXRef-file3 GENERATED_FROM SPDXRef-SOURCE-package1
Relationship: SPDXRef-file1 STATIC_LINK SPDXRef-file4
+
+LicenseID: LicenseRef-Android-Apache-2.0
+LicenseName: License-Apache
+ExtractedText: <text>LICENSE_APACHE</text>
+
+LicenseID: LicenseRef-Android-License-1
+LicenseName: License-1
+ExtractedText: <text>LICENSE 1</text>
+
+LicenseID: LicenseRef-Android-License-2
+LicenseName: License-2
+ExtractedText: <text>LICENSE 2</text>
+
+LicenseID: LicenseRef-Android-License-3
+LicenseName: License-3
+ExtractedText: <text>LICENSE 3</text>
diff --git a/tools/sbom/testdata/expected_tagvalue_sbom_unbundled.spdx b/tools/sbom/testdata/expected_tagvalue_sbom_unbundled.spdx
index a00c291..4b14a4b 100644
--- a/tools/sbom/testdata/expected_tagvalue_sbom_unbundled.spdx
+++ b/tools/sbom/testdata/expected_tagvalue_sbom_unbundled.spdx
@@ -1,6 +1,7 @@
FileName: /bin/file1.apk
SPDXID: SPDXRef-file1
FileChecksum: SHA1: 11111
+LicenseConcluded: NOASSERTION
PackageName: Unbundled apk package
SPDXID: SPDXRef-SOURCE-package1
@@ -8,5 +9,6 @@
FilesAnalyzed: false
PackageVersion: build_finger_print
PackageSupplier: Organization: Google
+PackageLicenseDeclared: NOASSERTION
Relationship: SPDXRef-file1 GENERATED_FROM SPDXRef-SOURCE-package1