Introduce a singleton module to collect apex certs
`all_apex_certs` will provide two kinds of output files:
1. x509 certificate in pem format
2. x509 certificate in der format
filenames of the certs are not part of `all_apex_certs` api. In fact,
the der certs will be named with int indexes.
This singleton module will be used by `CtsSecurityTestCases`
(specifically `PackageSignatureTest`) to enforce that the apexes are
signed with release keys.
To implement this, `ctx.ReverseDepenendcy` will be used in deps mutator
of apex. An alternative would have been to use `ctx.VisitAllDeps` in
`GenerateAndroidBuildActions` of the singleton, but this would make it
unusable in the cts test (circular dep).
Make has a similar implementation that collects the certs of apexes and
dists that file. This has been kept separate for now to prevent b/304914238
Bug: 329299639
Test: m nothing --no-skip-soong-tests
Change-Id: I742d8ae1ccc344a78ae04263382750508b2aedec
diff --git a/apex/testing.go b/apex/testing.go
index 63c5b69..a22f640 100644
--- a/apex/testing.go
+++ b/apex/testing.go
@@ -22,6 +22,9 @@
android.FixtureRegisterWithContext(registerApexBuildComponents),
android.FixtureRegisterWithContext(registerApexKeyBuildComponents),
android.FixtureRegisterWithContext(registerApexDepsInfoComponents),
+ android.FixtureAddTextFile("all_apex_certs/Android.bp", `
+ all_apex_certs { name: "all_apex_certs" }
+ `),
// Additional files needed in tests that disallow non-existent source files.
// This includes files that are needed by all, or at least most, instances of an apex module type.
android.MockFS{
@@ -30,6 +33,8 @@
"build/soong/scripts/gen_ndk_backedby_apex.sh": nil,
// Needed by prebuilt_apex.
"build/soong/scripts/unpack-prebuilt-apex.sh": nil,
+ // Needed by all_apex_certs
+ "build/make/target/product/security/testkey.x509.pem": nil,
}.AddToFixture(),
android.PrepareForTestWithBuildFlag("RELEASE_DEFAULT_UPDATABLE_MODULE_VERSION", testDefaultUpdatableModuleVersion),
)