Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4e2aed05 authored by Wei Li's avatar Wei Li Committed by Gerrit Code Review
Browse files

Merge "Generate SBOM of the target product in file sbom.spdx in product out directory."

parents 580af1ba 02797aa7
Loading
Loading
Loading
Loading
+27 −2
Original line number Diff line number Diff line
@@ -474,7 +474,10 @@ $(if $(strip $(BOARD_$(1)_KERNEL_MODULES$(_sep)$(_kver))$(BOARD_$(1)_KERNEL_MODU
    $(eval BOARD_$(1)_KERNEL_MODULES_LOAD$(_sep)$(_kver) := $(BOARD_$(1)_KERNEL_MODULES$(_sep)$(_kver)))) \
  $(if $(filter false,$(BOARD_$(1)_KERNEL_MODULES_LOAD$(_sep)$(_kver))),\
    $(eval BOARD_$(1)_KERNEL_MODULES_LOAD$(_sep)$(_kver) :=),) \
  $(call copy-many-files,$(call build-image-kernel-modules,$(BOARD_$(1)_KERNEL_MODULES$(_sep)$(_kver)),$(2),$(3),$(call intermediates-dir-for,PACKAGING,depmod_$(1)$(_sep)$(_kver)),$(BOARD_$(1)_KERNEL_MODULES_LOAD$(_sep)$(_kver)),$(4),$(BOARD_$(1)_KERNEL_MODULES_ARCHIVE$(_sep)$(_kver)),$(_stripped_staging_dir),$(_kver),$(7),$(8)))) \
  $(eval _files := $(call build-image-kernel-modules,$(BOARD_$(1)_KERNEL_MODULES$(_sep)$(_kver)),$(2),$(3),$(call intermediates-dir-for,PACKAGING,depmod_$(1)$(_sep)$(_kver)),$(BOARD_$(1)_KERNEL_MODULES_LOAD$(_sep)$(_kver)),$(4),$(BOARD_$(1)_KERNEL_MODULES_ARCHIVE$(_sep)$(_kver)),$(_stripped_staging_dir),$(_kver),$(7),$(8))) \
  $(call copy-many-files,$(_files)) \
  $(eval _modules := $(BOARD_$(1)_KERNEL_MODULES$(_sep)$(_kver)) ANDROID-GEN ANDROID-GEN ANDROID-GEN ANDROID-GEN) \
  $(eval KERNEL_MODULE_COPY_FILES += $(join $(addsuffix :,$(_modules)),$(_files)))) \
$(if $(_kver), \
  $(eval _dir := $(_kver)/), \
  $(eval _dir :=)) \
@@ -487,6 +490,7 @@ $(if $(BOARD_$(1)_KERNEL_MODULES_BLOCKLIST_FILE$(_sep)$(_kver)), \
  $(eval $(call build-image-kernel-modules-blocklist-file, \
    $(BOARD_$(1)_KERNEL_MODULES_BLOCKLIST_FILE$(_sep)$(_kver)), \
    $(2)/lib/modules/$(_dir)modules.blocklist)) \
  $(eval ALL_KERNEL_MODULES_BLOCKLIST += $(2)/lib/modules/$(_dir)modules.blocklist) \
  $(2)/lib/modules/$(_dir)modules.blocklist)
endef

@@ -1635,6 +1639,21 @@ target_system_dlkm_notice_file_txt := $(TARGET_OUT_INTERMEDIATES)/NOTICE_SYSTEM_
target_system_dlkm_notice_file_xml_gz := $(TARGET_OUT_INTERMEDIATES)/NOTICE_SYSTEM_DLKM.xml.gz
installed_system_dlkm_notice_xml_gz := $(TARGET_OUT_SYSTEM_DLKM)/etc/NOTICE.xml.gz

ALL_INSTALLED_NOTICE_FILES := \
  $(installed_notice_html_or_xml_gz) \
  $(installed_vendor_notice_xml_gz) \
  $(installed_product_notice_xml_gz) \
  $(installed_system_ext_notice_xml_gz) \
  $(installed_odm_notice_xml_gz) \
  $(installed_vendor_dlkm_notice_xml_gz) \
  $(installed_odm_dlkm_notice_xml_gz) \
  $(installed_system_dlkm_notice_xml_gz) \

# $1 installed file path, e.g. out/target/product/vsoc_x86_64/system_ext/etc/NOTICE.xml.gz
define is-notice-file
$(if $(findstring $1,$(ALL_INSTALLED_NOTICE_FILES)),Y)
endef

# Notice files are copied to TARGET_OUT_NOTICE_FILES as a side-effect of their module
# being built. A notice xml file must depend on all modules that could potentially
# install a license file relevant to it.
@@ -3061,15 +3080,19 @@ $(1): $(HOST_OUT_EXECUTABLES)/fsverity_manifest_generator \
	    --cert $$(PRIVATE_KEY).x509.pem \
	    --key $$(PRIVATE_KEY).pk8

ALL_DEFAULT_INSTALLED_MODULES += $(1)
$(1).idsig: $(1)

ALL_DEFAULT_INSTALLED_MODULES += $(1) $(1).idsig

endef  # fsverity-generate-and-install-manifest-apk

$(eval $(call fsverity-generate-and-install-manifest-apk, \
  $(TARGET_OUT)/etc/security/fsverity/BuildManifest.apk,system))
ALL_FSVERITY_BUILD_MANIFEST_APK += $(TARGET_OUT)/etc/security/fsverity/BuildManifest.apk $(TARGET_OUT)/etc/security/fsverity/BuildManifest.apk.idsig
ifdef BUILDING_SYSTEM_EXT_IMAGE
  $(eval $(call fsverity-generate-and-install-manifest-apk, \
    $(TARGET_OUT_SYSTEM_EXT)/etc/security/fsverity/BuildManifestSystemExt.apk,system_ext))
  ALL_FSVERITY_BUILD_MANIFEST_APK += $(TARGET_OUT_SYSTEM_EXT)/etc/security/fsverity/BuildManifestSystemExt.apk $(TARGET_OUT_SYSTEM_EXT)/etc/security/fsverity/BuildManifestSystemExt.apk.idsig
endif

endif  # PRODUCT_FSVERITY_GENERATE_METADATA
@@ -3144,6 +3167,7 @@ $(call declare-1p-target,$(SYSTEM_LINKER_CONFIG),)
$(call declare-license-deps,$(SYSTEM_LINKER_CONFIG),$(INTERNAL_SYSTEMIMAGE_FILES) $(SYSTEM_LINKER_CONFIG_SOURCE))

FULL_SYSTEMIMAGE_DEPS += $(SYSTEM_LINKER_CONFIG)
ALL_DEFAULT_INSTALLED_MODULES += $(SYSTEM_LINKER_CONFIG)

# installed file list
# Depending on anything that $(BUILT_SYSTEMIMAGE) depends on.
@@ -3530,6 +3554,7 @@ $(vendor_linker_config_file): $(INTERNAL_VENDORIMAGE_FILES) $(PRODUCT_VENDOR_LIN
		--output $@ --value "$(STUB_LIBRARIES)" --system "$(TARGET_OUT_VENDOR)"
$(call define declare-0p-target,$(vendor_linker_config_file),)
INTERNAL_VENDORIMAGE_FILES += $(vendor_linker_config_file)
ALL_DEFAULT_INSTALLED_MODULES += $(vendor_linker_config_file)

INSTALLED_FILES_FILE_VENDOR := $(PRODUCT_OUT)/installed-files-vendor.txt
INSTALLED_FILES_JSON_VENDOR := $(INSTALLED_FILES_FILE_VENDOR:.txt=.json)
+4 −0
Original line number Diff line number Diff line
@@ -302,3 +302,7 @@ $(my_all_targets): $(installed_apk_splits)

endif # LOCAL_PACKAGE_SPLITS

###########################################################
## SBOM generation
###########################################################
include $(BUILD_SBOM_GEN)
 No newline at end of file
+7 −0
Original line number Diff line number Diff line
@@ -949,6 +949,8 @@ ALL_MODULES.$(my_register_name).CHECKED := \
    $(ALL_MODULES.$(my_register_name).CHECKED) $(my_checked_module)
ALL_MODULES.$(my_register_name).BUILT := \
    $(ALL_MODULES.$(my_register_name).BUILT) $(LOCAL_BUILT_MODULE)
ALL_MODULES.$(my_register_name).SOONG_MODULE_TYPE := \
    $(ALL_MODULES.$(my_register_name).SOONG_MODULE_TYPE) $(LOCAL_SOONG_MODULE_TYPE)
ifndef LOCAL_IS_HOST_MODULE
ALL_MODULES.$(my_register_name).TARGET_BUILT := \
    $(ALL_MODULES.$(my_register_name).TARGET_BUILT) $(LOCAL_BUILT_MODULE)
@@ -1240,3 +1242,8 @@ endif
###########################################################

include $(BUILD_NOTICE_FILE)

###########################################################
## SBOM generation
###########################################################
include $(BUILD_SBOM_GEN)
 No newline at end of file
+1 −0
Original line number Diff line number Diff line
@@ -293,6 +293,7 @@ LOCAL_SOONG_JACOCO_REPORT_CLASSES_JAR :=
LOCAL_SOONG_LICENSE_METADATA :=
LOCAL_SOONG_LINK_TYPE :=
LOCAL_SOONG_LINT_REPORTS :=
LOCAL_SOONG_MODULE_TYPE :=
LOCAL_SOONG_PROGUARD_DICT :=
LOCAL_SOONG_PROGUARD_USAGE_ZIP :=
LOCAL_SOONG_RESOURCE_EXPORT_PACKAGE :=
+3 −0
Original line number Diff line number Diff line
@@ -232,6 +232,7 @@ BUILD_NATIVE_TEST :=$= $(BUILD_SYSTEM)/native_test.mk
BUILD_FUZZ_TEST :=$= $(BUILD_SYSTEM)/fuzz_test.mk

BUILD_NOTICE_FILE :=$= $(BUILD_SYSTEM)/notice_files.mk
BUILD_SBOM_GEN :=$= $(BUILD_SYSTEM)/sbom.mk

include $(BUILD_SYSTEM)/deprecation.mk

@@ -641,6 +642,8 @@ VBOOT_SIGNER := $(HOST_OUT_EXECUTABLES)/vboot_signer
DEXDUMP := $(HOST_OUT_EXECUTABLES)/dexdump$(BUILD_EXECUTABLE_SUFFIX)
PROFMAN := $(HOST_OUT_EXECUTABLES)/profman

GEN_SBOM := $(HOST_OUT_EXECUTABLES)/generate-sbom

FINDBUGS_DIR := external/owasp/sanitizer/tools/findbugs/bin
FINDBUGS := $(FINDBUGS_DIR)/findbugs

Loading