Generate SBOM of .kcm files in layoutlib.
Bug: 303905932
Test: CIs; m layoutlib dist
Change-Id: Iab35c44bdfff7ea82734a8efd37dfa005bae2664
diff --git a/tools/sbom/Android.bp b/tools/sbom/Android.bp
index 27a160e..2b2b573 100644
--- a/tools/sbom/Android.bp
+++ b/tools/sbom/Android.bp
@@ -80,15 +80,15 @@
python_binary_host {
name: "generate-sbom-framework_res",
- srcs: [
- "generate-sbom-framework_res.py",
- ],
- version: {
- py3: {
- embedded_launcher: true,
- },
+ srcs: [
+ "generate-sbom-framework_res.py",
+ ],
+ version: {
+ py3: {
+ embedded_launcher: true,
},
- libs: [
- "sbom_lib",
- ],
+ },
+ libs: [
+ "sbom_lib",
+ ],
}
\ No newline at end of file
diff --git a/tools/sbom/generate-sbom-framework_res.py b/tools/sbom/generate-sbom-framework_res.py
index d6be734..e637d53 100644
--- a/tools/sbom/generate-sbom-framework_res.py
+++ b/tools/sbom/generate-sbom-framework_res.py
@@ -20,6 +20,13 @@
import sbom_data
import sbom_writers
+'''
+This script generates SBOM of framework_res.jar of layoutlib shipped with Android Studio.
+
+The generated SBOM contains some placeholders which should be substituted by release_layoutlib.sh.
+The placeholders include: document name, document namespace, organization, created timestamp and
+the SHA1 checksum of framework_res.jar.
+'''
def get_args():
parser = argparse.ArgumentParser()
diff --git a/tools/sbom/generate-sbom.py b/tools/sbom/generate-sbom.py
index a2b33b5..5eae262 100755
--- a/tools/sbom/generate-sbom.py
+++ b/tools/sbom/generate-sbom.py
@@ -130,6 +130,7 @@
parser.add_argument('--metadata', required=True, help='The SBOM metadata file path.')
parser.add_argument('--build_version', required=True, help='The build version.')
parser.add_argument('--product_mfr', required=True, help='The product manufacturer.')
+ parser.add_argument('--module_name', help='The module name. If specified, the generated SBOM is for the module.')
parser.add_argument('--json', action='store_true', default=False, help='Generated SBOM file in SPDX JSON format')
parser.add_argument('--unbundled_apk', action='store_true', default=False, help='Generate SBOM for unbundled APKs')
parser.add_argument('--unbundled_apex', action='store_true', default=False, help='Generate SBOM for unbundled APEXs')
@@ -483,16 +484,25 @@
global metadata_file_protos
metadata_file_protos = {}
- product_package = sbom_data.Package(id=sbom_data.SPDXID_PRODUCT,
- name=sbom_data.PACKAGE_NAME_PRODUCT,
+ product_package_id = sbom_data.SPDXID_PRODUCT
+ product_package_name = sbom_data.PACKAGE_NAME_PRODUCT
+ if args.module_name:
+ # Build SBOM of a module so use the module name instead.
+ product_package_id = f'SPDXRef-{sbom_data.encode_for_spdxid(args.module_name)}'
+ product_package_name = args.module_name
+ product_package = sbom_data.Package(id=product_package_id,
+ name=product_package_name,
download_location=sbom_data.VALUE_NONE,
version=args.build_version,
supplier='Organization: ' + args.product_mfr,
files_analyzed=True)
-
- doc = sbom_data.Document(name=args.build_version,
- namespace=f'https://www.google.com/sbom/spdx/android/{args.build_version}',
- creators=['Organization: ' + args.product_mfr])
+ doc_name = args.build_version
+ if args.module_name:
+ doc_name = f'{args.build_version}/{args.module_name}'
+ doc = sbom_data.Document(name=doc_name,
+ namespace=f'https://www.google.com/sbom/spdx/android/{doc_name}',
+ creators=['Organization: ' + args.product_mfr],
+ describes=product_package_id)
if not args.unbundled_apex:
doc.packages.append(product_package)