Merge "Generate SBOM of .kcm files in layoutlib." into main am: 52c2ea6a18 (e63513df) · Commits · e / os / android_build

core/layoutlib_data.mk

+7 −2

Original line number	Diff line number	Diff line
		@@ -86,6 +86,7 @@ $(call dist-for-goals,layoutlib,$(LAYOUTLIB_RES)/layoutlib-res.zip:layoutlib_nat
		LAYOUTLIB_SBOM := $(call intermediates-dir-for,PACKAGING,layoutlib-sbom,HOST)
		_layoutlib_font_config_files := $(sort $(wildcard frameworks/base/data/fonts/*.xml))
		_layoutlib_fonts_files := $(filter $(TARGET_OUT)/fonts/%.ttf $(TARGET_OUT)/fonts/%.ttc $(TARGET_OUT)/fonts/%.otf, $(INTERNAL_SYSTEMIMAGE_FILES))
		_layoutlib_keyboard_files := $(sort $(wildcard frameworks/base/data/keyboards/*.kcm))
		$(LAYOUTLIB_SBOM)/sbom-metadata.csv:
		rm -rf $@
		echo installed_file,module_path,soong_module_type,is_prebuilt_make_module,product_copy_files,kernel_module_copy_files,is_platform_generated,build_output_path,static_libraries,whole_static_libraries,is_static_lib >> $@
		@@ -102,6 +103,10 @@ $(LAYOUTLIB_SBOM)/sbom-metadata.csv:
		echo data/fonts/$(notdir $f),$(_module_path),$(_soong_module_type),,,,,$f,,, >> $@; \
		)

		$(foreach f,$(_layoutlib_keyboard_files), \
		echo data/keyboards/$(notdir $f),frameworks/base/data/keyboards,prebuilt_etc,,,,,$f,,, >> $@; \
		)

		$(foreach f,$(LAYOUTLIB_RES_FILES), \
		$(eval _path := $(subst frameworks/base/core/res,data,$f)) \
		echo $(_path),,,,,,Y,$f,,, >> $@; \
		@@ -109,9 +114,9 @@ $(LAYOUTLIB_SBOM)/sbom-metadata.csv:

		.PHONY: layoutlib-sbom
		layoutlib-sbom: $(LAYOUTLIB_SBOM)/layoutlib.spdx.json
		$(LAYOUTLIB_SBOM)/layoutlib.spdx.json: $(PRODUCT_OUT)/always_dirty_file.txt $(LAYOUTLIB_SBOM)/sbom-metadata.csv $(_layoutlib_font_config_files) $(_layoutlib_fonts_files) $(LAYOUTLIB_BUILD_PROP)/layoutlib-build.prop $(LAYOUTLIB_RES_FILES)
		$(LAYOUTLIB_SBOM)/layoutlib.spdx.json: $(PRODUCT_OUT)/always_dirty_file.txt $(GEN_SBOM) $(LAYOUTLIB_SBOM)/sbom-metadata.csv $(_layoutlib_font_config_files) $(_layoutlib_fonts_files) $(LAYOUTLIB_BUILD_PROP)/layoutlib-build.prop $(_layoutlib_keyboard_files) $(LAYOUTLIB_RES_FILES)
		rm -rf $@
		$(GEN_SBOM) --output_file $@ --metadata $(LAYOUTLIB_SBOM)/sbom-metadata.csv --build_version $(BUILD_FINGERPRINT_FROM_FILE) --product_mfr "$(PRODUCT_MANUFACTURER)" --json
		$(GEN_SBOM) --output_file $@ --metadata $(LAYOUTLIB_SBOM)/sbom-metadata.csv --build_version $(BUILD_FINGERPRINT_FROM_FILE) --product_mfr "$(PRODUCT_MANUFACTURER)" --module_name "layoutlib" --json

		$(call dist-for-goals,layoutlib,$(LAYOUTLIB_SBOM)/layoutlib.spdx.json:layoutlib_native/sbom/layoutlib.spdx.json)

tools/sbom/generate-sbom-framework_res.py

+7 −0

Original line number	Diff line number	Diff line
		@@ -20,6 +20,13 @@ import json
		import sbom_data
		import sbom_writers

		'''
		This script generates SBOM of framework_res.jar of layoutlib shipped with Android Studio.

		The generated SBOM contains some placeholders which should be substituted by release_layoutlib.sh.
		The placeholders include: document name, document namespace, organization, created timestamp and
		the SHA1 checksum of framework_res.jar.
		'''

		def get_args():
		parser = argparse.ArgumentParser()

tools/sbom/generate-sbom.py

+16 −6

Original line number	Diff line number	Diff line
		@@ -130,6 +130,7 @@ def get_args():
		parser.add_argument('--metadata', required=True, help='The SBOM metadata file path.')
		parser.add_argument('--build_version', required=True, help='The build version.')
		parser.add_argument('--product_mfr', required=True, help='The product manufacturer.')
		parser.add_argument('--module_name', help='The module name. If specified, the generated SBOM is for the module.')
		parser.add_argument('--json', action='store_true', default=False, help='Generated SBOM file in SPDX JSON format')
		parser.add_argument('--unbundled_apk', action='store_true', default=False, help='Generate SBOM for unbundled APKs')
		parser.add_argument('--unbundled_apex', action='store_true', default=False, help='Generate SBOM for unbundled APEXs')
		@@ -483,16 +484,25 @@ def main():
		global metadata_file_protos
		metadata_file_protos = {}

		product_package = sbom_data.Package(id=sbom_data.SPDXID_PRODUCT,
		name=sbom_data.PACKAGE_NAME_PRODUCT,
		product_package_id = sbom_data.SPDXID_PRODUCT
		product_package_name = sbom_data.PACKAGE_NAME_PRODUCT
		if args.module_name:
		# Build SBOM of a module so use the module name instead.
		product_package_id = f'SPDXRef-{sbom_data.encode_for_spdxid(args.module_name)}'
		product_package_name = args.module_name
		product_package = sbom_data.Package(id=product_package_id,
		name=product_package_name,
		download_location=sbom_data.VALUE_NONE,
		version=args.build_version,
		supplier='Organization: ' + args.product_mfr,
		files_analyzed=True)

		doc = sbom_data.Document(name=args.build_version,
		namespace=f'https://www.google.com/sbom/spdx/android/{args.build_version}',
		creators=['Organization: ' + args.product_mfr])
		doc_name = args.build_version
		if args.module_name:
		doc_name = f'{args.build_version}/{args.module_name}'
		doc = sbom_data.Document(name=doc_name,
		namespace=f'https://www.google.com/sbom/spdx/android/{doc_name}',
		creators=['Organization: ' + args.product_mfr],
		describes=product_package_id)
		if not args.unbundled_apex:
		doc.packages.append(product_package)

tools/sbom/Android.bp

+10 −10

File changed.

Contains only whitespace changes.