Introduce a singleton module to collect apex certs
`all_apex_certs` will provide two kinds of output files:
1. x509 certificate in pem format
2. x509 certificate in der format
filenames of the certs are not part of `all_apex_certs` api. In fact,
the der certs will be named with int indexes.
This singleton module will be used by `CtsSecurityTestCases`
(specifically `PackageSignatureTest`) to enforce that the apexes are
signed with release keys.
To implement this, `ctx.ReverseDepenendcy` will be used in deps mutator
of apex. An alternative would have been to use `ctx.VisitAllDeps` in
`GenerateAndroidBuildActions` of the singleton, but this would make it
unusable in the cts test (circular dep).
Make has a similar implementation that collects the certs of apexes and
dists that file. This has been kept separate for now to prevent b/304914238
Bug: 329299639
Test: m nothing --no-skip-soong-tests
Change-Id: I742d8ae1ccc344a78ae04263382750508b2aedec
diff --git a/apex/apex.go b/apex/apex.go
index b0d2b54..aeac0b7 100644
--- a/apex/apex.go
+++ b/apex/apex.go
@@ -888,8 +888,20 @@
ctx.AddFarVariationDependencies(commonVariation, javaLibTag, a.properties.Java_libs...)
ctx.AddFarVariationDependencies(commonVariation, fsTag, a.properties.Filesystems...)
ctx.AddFarVariationDependencies(commonVariation, compatConfigTag, a.properties.Compat_configs...)
+
+ // Add a reverse dependency to all_apex_certs singleton module.
+ // all_apex_certs will use this dependency to collect the certificate of this apex.
+ ctx.AddReverseDependency(ctx.Module(), allApexCertsDepTag, "all_apex_certs")
}
+type allApexCertsDependencyTag struct {
+ blueprint.DependencyTag
+}
+
+func (_ allApexCertsDependencyTag) ExcludeFromVisibilityEnforcement() {}
+
+var allApexCertsDepTag = allApexCertsDependencyTag{}
+
// DepsMutator for the overridden properties.
func (a *apexBundle) OverridablePropertiesDepsMutator(ctx android.BottomUpMutatorContext) {
if a.overridableProperties.Allowed_files != nil {