Merge "Generate SBOM of .kcm files in layoutlib." into main

LAYOUTLIB_SBOM := $(call intermediates-dir-for,PACKAGING,layoutlib-sbom,HOST)

LAYOUTLIB_SBOM := $(call intermediates-dir-for,PACKAGING,layoutlib-sbom,HOST)

_layoutlib_font_config_files := $(sort $(wildcard frameworks/base/data/fonts/*.xml))

_layoutlib_font_config_files := $(sort $(wildcard frameworks/base/data/fonts/*.xml))

_layoutlib_fonts_files := $(filter $(TARGET_OUT)/fonts/%.ttf $(TARGET_OUT)/fonts/%.ttc $(TARGET_OUT)/fonts/%.otf, $(INTERNAL_SYSTEMIMAGE_FILES))

_layoutlib_fonts_files := $(filter $(TARGET_OUT)/fonts/%.ttf $(TARGET_OUT)/fonts/%.ttc $(TARGET_OUT)/fonts/%.otf, $(INTERNAL_SYSTEMIMAGE_FILES))

_layoutlib_keyboard_files := $(sort $(wildcard frameworks/base/data/keyboards/*.kcm))

$(LAYOUTLIB_SBOM)/sbom-metadata.csv:

$(LAYOUTLIB_SBOM)/sbom-metadata.csv:

	rm -rf $@

	rm -rf $@

	echo installed_file,module_path,soong_module_type,is_prebuilt_make_module,product_copy_files,kernel_module_copy_files,is_platform_generated,build_output_path,static_libraries,whole_static_libraries,is_static_lib >> $@

	echo installed_file,module_path,soong_module_type,is_prebuilt_make_module,product_copy_files,kernel_module_copy_files,is_platform_generated,build_output_path,static_libraries,whole_static_libraries,is_static_lib >> $@

	  echo data/fonts/$(notdir $f),$(_module_path),$(_soong_module_type),,,,,$f,,, >> $@; \

	  echo data/fonts/$(notdir $f),$(_module_path),$(_soong_module_type),,,,,$f,,, >> $@; \

	)

	)

	$(foreach f,$(_layoutlib_keyboard_files), \

	  echo data/keyboards/$(notdir $f),frameworks/base/data/keyboards,prebuilt_etc,,,,,$f,,, >> $@; \

	)

	$(foreach f,$(LAYOUTLIB_RES_FILES), \

	$(foreach f,$(LAYOUTLIB_RES_FILES), \

	  $(eval _path := $(subst frameworks/base/core/res,data,$f)) \

	  $(eval _path := $(subst frameworks/base/core/res,data,$f)) \

	  echo $(_path),,,,,,Y,$f,,, >> $@; \

	  echo $(_path),,,,,,Y,$f,,, >> $@; \

.PHONY: layoutlib-sbom

.PHONY: layoutlib-sbom

layoutlib-sbom: $(LAYOUTLIB_SBOM)/layoutlib.spdx.json

layoutlib-sbom: $(LAYOUTLIB_SBOM)/layoutlib.spdx.json

$(LAYOUTLIB_SBOM)/layoutlib.spdx.json: $(PRODUCT_OUT)/always_dirty_file.txt $(LAYOUTLIB_SBOM)/sbom-metadata.csv $(_layoutlib_font_config_files) $(_layoutlib_fonts_files) $(LAYOUTLIB_BUILD_PROP)/layoutlib-build.prop $(LAYOUTLIB_RES_FILES)

$(LAYOUTLIB_SBOM)/layoutlib.spdx.json: $(PRODUCT_OUT)/always_dirty_file.txt $(GEN_SBOM) $(LAYOUTLIB_SBOM)/sbom-metadata.csv $(_layoutlib_font_config_files) $(_layoutlib_fonts_files) $(LAYOUTLIB_BUILD_PROP)/layoutlib-build.prop $(_layoutlib_keyboard_files) $(LAYOUTLIB_RES_FILES)

	rm -rf $@

	rm -rf $@

	$(GEN_SBOM) --output_file $@ --metadata $(LAYOUTLIB_SBOM)/sbom-metadata.csv --build_version $(BUILD_FINGERPRINT_FROM_FILE) --product_mfr "$(PRODUCT_MANUFACTURER)" --json

	$(GEN_SBOM) --output_file $@ --metadata $(LAYOUTLIB_SBOM)/sbom-metadata.csv --build_version $(BUILD_FINGERPRINT_FROM_FILE) --product_mfr "$(PRODUCT_MANUFACTURER)" --module_name "layoutlib" --json

$(call dist-for-goals,layoutlib,$(LAYOUTLIB_SBOM)/layoutlib.spdx.json:layoutlib_native/sbom/layoutlib.spdx.json)

$(call dist-for-goals,layoutlib,$(LAYOUTLIB_SBOM)/layoutlib.spdx.json:layoutlib_native/sbom/layoutlib.spdx.json)

import sbom_data

import sbom_data

import sbom_writers

import sbom_writers

'''

This script generates SBOM of framework_res.jar of layoutlib shipped with Android Studio.

The generated SBOM contains some placeholders which should be substituted by release_layoutlib.sh.

The placeholders include: document name, document namespace, organization, created timestamp and 

the SHA1 checksum of framework_res.jar.

'''

def get_args():

def get_args():

  parser = argparse.ArgumentParser()

  parser = argparse.ArgumentParser()

  parser.add_argument('--metadata', required=True, help='The SBOM metadata file path.')

  parser.add_argument('--metadata', required=True, help='The SBOM metadata file path.')

  parser.add_argument('--build_version', required=True, help='The build version.')

  parser.add_argument('--build_version', required=True, help='The build version.')

  parser.add_argument('--product_mfr', required=True, help='The product manufacturer.')

  parser.add_argument('--product_mfr', required=True, help='The product manufacturer.')

  parser.add_argument('--module_name', help='The module name. If specified, the generated SBOM is for the module.')

  parser.add_argument('--json', action='store_true', default=False, help='Generated SBOM file in SPDX JSON format')

  parser.add_argument('--json', action='store_true', default=False, help='Generated SBOM file in SPDX JSON format')

  parser.add_argument('--unbundled_apk', action='store_true', default=False, help='Generate SBOM for unbundled APKs')

  parser.add_argument('--unbundled_apk', action='store_true', default=False, help='Generate SBOM for unbundled APKs')

  parser.add_argument('--unbundled_apex', action='store_true', default=False, help='Generate SBOM for unbundled APEXs')

  parser.add_argument('--unbundled_apex', action='store_true', default=False, help='Generate SBOM for unbundled APEXs')

  global metadata_file_protos

  global metadata_file_protos

  metadata_file_protos = {}

  metadata_file_protos = {}

  product_package = sbom_data.Package(id=sbom_data.SPDXID_PRODUCT,

  product_package_id = sbom_data.SPDXID_PRODUCT

                                      name=sbom_data.PACKAGE_NAME_PRODUCT,

  product_package_name = sbom_data.PACKAGE_NAME_PRODUCT

  if args.module_name:

    # Build SBOM of a module so use the module name instead.

    product_package_id = f'SPDXRef-{sbom_data.encode_for_spdxid(args.module_name)}'

    product_package_name = args.module_name

  product_package = sbom_data.Package(id=product_package_id,

                                      name=product_package_name,

                                      download_location=sbom_data.VALUE_NONE,

                                      download_location=sbom_data.VALUE_NONE,

                                      version=args.build_version,

                                      version=args.build_version,

                                      supplier='Organization: ' + args.product_mfr,

                                      supplier='Organization: ' + args.product_mfr,

                                      files_analyzed=True)

                                      files_analyzed=True)

  doc_name = args.build_version

  doc = sbom_data.Document(name=args.build_version,

  if args.module_name:

                           namespace=f'https://www.google.com/sbom/spdx/android/{args.build_version}',

    doc_name = f'{args.build_version}/{args.module_name}'

                           creators=['Organization: ' + args.product_mfr])

  doc = sbom_data.Document(name=doc_name,

                           namespace=f'https://www.google.com/sbom/spdx/android/{doc_name}',

                           creators=['Organization: ' + args.product_mfr],

                           describes=product_package_id)

  if not args.unbundled_apex:

  if not args.unbundled_apex:

    doc.packages.append(product_package)

    doc.packages.append(product_package)