1// 2// Copyright (C) 2021 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15 16package { 17 default_applicable_licenses: ["Android-Apache-2.0"], 18} 19 20genrule_defaults { 21 name: "sepolicy_sig_gen_default", 22 tool_files: [":SEPolicyKeyPem", ":SEPolicyCertPem"], 23 // openssl dgst -sign com.android.sepolicy.pem -keyform PEM -sha256 -out foo.sign 24 // -binary $OUT/apex/com.android.sepolicy/etc/SEPolicy-33/SEPolicy-33.zip 25 cmd: "openssl dgst -sign $(location :SEPolicyKeyPem) -keyform PEM -sha256 " + 26 "-out $(out) -binary $(in)" 27} 28 29genrule_defaults { 30 name: "sepolicy_verity_sig_gen_default", 31 tools: ["fsverity"], 32 tool_files: [":SEPolicyKeyPem", ":SEPolicyCertPem"], 33 // Use fsverity tool to generate the signature file which 34 // will be stored in the apex. 35 // https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git/tree/README.md 36 cmd: "$(location fsverity) sign $(in) $(out) " + 37 "--key=$(location :SEPolicyKeyPem) " + 38 "--cert=$(location :SEPolicyCertPem) " + 39 "> /dev/null", 40} 41 42genrule_defaults { 43 name: "sepolicy_create_zip_gen_default", 44 tools: ["soong_zip"], 45 cmd: "mkdir $(genDir)/files && " + 46 "cp $(in) $(genDir)/files && " + 47 "$(location soong_zip) -o $(out) -C $(genDir)/files -D $(genDir)/files", 48} 49 50prebuilt_etc { 51 name: "sepolicy_apex_test_file", 52 src: "sepolicy_apex_test_file", 53 filename: "apex_test", 54 installable: false, 55} 56