1// 2// Copyright (C) 2016 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17package { 18 default_visibility: [ 19 ":__subpackages__", 20 ], 21 default_applicable_licenses: ["external_conscrypt_license"], 22} 23 24// Added automatically by a large-scale-change that took the approach of 25// 'apply every license found to every target'. While this makes sure we respect 26// every license restriction, it may not be entirely correct. 27// 28// e.g. GPL in an MIT project might only apply to the contrib/ directory. 29// 30// Please consider splitting the single license below into multiple licenses, 31// taking care not to lose any license_kind information, and overriding the 32// default license using the 'licenses: [...]' property on targets as needed. 33// 34// For unused files, consider creating a 'fileGroup' with "//visibility:private" 35// to attach the license to, and including a comment whether the files may be 36// used in the current project. 37// 38// large-scale-change included anything that looked like it might be a license 39// text as a license_text. e.g. LICENSE, NOTICE, COPYING etc. 40// 41// Please consider removing redundant or irrelevant files from 'license_text:'. 42// See: http://go/android-license-faq 43license { 44 name: "external_conscrypt_license", 45 visibility: [":__subpackages__"], 46 license_kinds: [ 47 "SPDX-license-identifier-Apache-2.0", 48 "legacy_unencumbered", 49 ], 50 license_text: [ 51 "LICENSE", 52 "NOTICE", 53 "licenses/**/*", 54 ], 55} 56 57// 58// Definitions for building the Conscrypt Java library, native code, 59// and associated tests. 60// 61 62// Conscrypt is divided into subdirectories. 63// 64// The structure is: 65// 66// constants/ 67// src/gen # Generates NativeConstants.java. 68// common/ 69// src/main/java # Common Java source for all platforms. 70// src/jni/ 71// main # Common C++ source for all platforms. 72// unbundled # C++ source used for OpenJDK and unbundled Android. 73// src/test/java # Common test files for all platforms. 74// android/ 75// src/main/java # Java source for unbundled Android. 76// openjdk/ 77// src/main/java # Java source for OpenJDK. 78// src/test 79// java/ # Java source for common tests. 80// resources/ # Support files for tests 81// platform/ 82// src/main/java # Java source for bundled Android. 83// src/test 84// java/ # Java source for bundled tests. 85// 86 87cc_defaults { 88 name: "conscrypt_global", 89 90 cflags: [ 91 "-Wall", 92 "-Wextra", 93 "-Werror", 94 "-Wunused", 95 ], 96 97 srcs: [ 98 "common/src/jni/main/cpp/conscrypt/compatibility_close_monitor.cc", 99 "common/src/jni/main/cpp/conscrypt/jniload.cc", 100 "common/src/jni/main/cpp/conscrypt/jniutil.cc", 101 "common/src/jni/main/cpp/conscrypt/native_crypto.cc", 102 "common/src/jni/main/cpp/conscrypt/netutil.cc", 103 ], 104 105 header_libs: ["jni_headers"], 106 107 local_include_dirs: [ 108 "common/src/jni/main/include", 109 ], 110 111 compile_multilib: "both", 112 stl: "c++_static", 113} 114 115cc_defaults { 116 name: "conscrypt_unbundled-jni-defaults", 117 118 local_include_dirs: [ 119 "common/src/jni/unbundled/include", 120 ], 121 122 header_libs: ["jni_headers"], 123 124 shared_libs: [ 125 "liblog", 126 ], 127 128 static_libs: [ 129 "libssl", 130 "libcrypto_static", 131 ], 132 133 sdk_version: "9", 134} 135 136cc_library { 137 name: "libconscrypt_jni", 138 defaults: [ 139 "conscrypt_global", 140 "conscrypt_unbundled-jni-defaults", 141 ], 142} 143 144cc_library_host_shared { 145 name: "libconscrypt_openjdk_jni", 146 visibility: [ 147 "//build/make/tools/signapk", 148 "//cts/hostsidetests/library", // from CtsUseNativeLibraryBuildPackage 149 "//tools/apksig", 150 "//vendor:__subpackages__", 151 ], 152 defaults: ["conscrypt_global"], 153 154 cflags: [ 155 "-DCONSCRYPT_OPENJDK", 156 ], 157 158 local_include_dirs: [ 159 "common/src/jni/unbundled/include", 160 ], 161 162 static_libs: [ 163 "libssl", 164 "libcrypto_static", 165 ], 166 167 // TODO: b/26097626. ASAN breaks use of this library in JVM. 168 // Re-enable sanitization when the issue with making clients of this library 169 // preload ASAN runtime is resolved. Without that, clients are getting runtime 170 // errors due to unresolved ASAN symbols, such as 171 // __asan_option_detect_stack_use_after_return. 172 sanitize: { 173 never: true, 174 }, 175 176 stl: "libc++_static", 177 178 // The post-build signing tools need signapk.jar and its shared libs 179 multilib: { 180 lib64: { 181 dist: { 182 targets: ["droidcore"], 183 }, 184 }, 185 }, 186} 187 188cc_binary_host { 189 name: "conscrypt_generate_constants", 190 srcs: ["constants/src/gen/cpp/generate_constants.cc"], 191 cflags: [ 192 "-Wall", 193 "-Werror", 194 ], 195 shared_libs: [ 196 "libcrypto", 197 "libssl", 198 ], 199} 200 201genrule { 202 name: "conscrypt-unbundled_generated_constants", 203 out: ["org/conscrypt/NativeConstants.java"], 204 cmd: "$(location conscrypt_generate_constants) > $(out)", 205 tools: ["conscrypt_generate_constants"], 206} 207 208genrule { 209 name: "conscrypt_generated_constants", 210 out: ["com/android/org/conscrypt/NativeConstants.java"], 211 cmd: "$(location conscrypt_generate_constants) com.android.org.conscrypt > $(out)", 212 tools: ["conscrypt_generate_constants"], 213} 214 215filegroup { 216 name: "conscrypt_java_files", 217 srcs: [ 218 "repackaged/common/src/main/java/**/*.java", 219 "repackaged/platform/src/main/java/**/*.java", 220 ":conscrypt_generated_constants", 221 ], 222} 223 224filegroup { 225 name: "conscrypt_public_api_files", 226 srcs: ["publicapi/src/main/java/**/*.java"], 227 path: "publicapi/src/main/java", 228} 229 230// Create the conscrypt library from the source produced by the srcgen/generate_android_src.sh 231// script. 232java_library { 233 name: "conscrypt", 234 visibility: [ 235 "//device:__subpackages__", 236 ":__subpackages__", 237 ], 238 apex_available: [ 239 "com.android.conscrypt", 240 "test_com.android.conscrypt", 241 ], 242 // Conscrypt should support R 243 min_sdk_version: "30", 244 245 installable: true, 246 // Hostdex is only for ART testing on host: ART build file has its 247 // own hostdex support for conscrypt. 248 hostdex: false, 249 250 srcs: [ 251 ":conscrypt_java_files", 252 ":conscrypt_public_api_files", 253 ], 254 255 libs: ["unsupportedappusage"], 256 257 // Conscrypt can be updated independently from the other core libraries so it must only depend 258 // on public SDK and intra-core APIs. 259 sdk_version: "none", 260 system_modules: "art-module-intra-core-api-stubs-system-modules", 261 patch_module: "java.base", 262 263 target: { 264 // boringssl_self_test needed in both /system/bin and /apex/com.android.conscrypt/bin 265 // prng_seeder is only needed in /system/bin 266 // The required directive is here rather than under boringssl to avoid circular 267 // dependencies. 268 android: { 269 required: [ 270 "boringssl_self_test", 271 "prng_seeder", 272 ], 273 }, 274 }, 275 276 permitted_packages: [ 277 "android.net.ssl", 278 "com.android.org.conscrypt", 279 ], 280} 281 282// Java library for use on host, e.g. by robolectric. 283java_library { 284 name: "conscrypt-for-host", 285 visibility: [ 286 "//art/build", 287 "//external/robolectric-shadows", 288 "//external/robolectric", 289 "//frameworks/layoutlib", 290 ], 291 static_libs: [ 292 "conscrypt", 293 ], 294 sdk_version: "none", 295 system_modules: "none", 296} 297 298// Referenced implicitly from conscrypt.module.platform.api. 299filegroup { 300 name: "conscrypt.module.platform.api.api.combined.public.latest", 301 srcs: [ 302 "api/platform/last-api.txt", 303 ], 304} 305 306// Referenced implicitly from conscrypt.module.platform.api. 307filegroup { 308 name: "conscrypt.module.platform.api-removed.api.combined.public.latest", 309 srcs: [ 310 "api/platform/last-removed.txt", 311 ], 312} 313 314// Referenced implicitly from conscrypt.module.platform.api. 315filegroup { 316 name: "conscrypt.module.platform.api-incompatibilities.api.public.latest", 317 srcs: [ 318 "api/platform/last-incompatibilities.txt", 319 ], 320} 321 322// A library containing the core platform API stubs of the Conscrypt module. 323// 324// Core platform APIs are only intended for use of other parts of the platform, not the 325// core library modules. 326// 327// The API specification .txt files managed by this only contain the additional 328// classes/members that are in the platform API but which are not in the public 329// API. 330// 331// Note that this entire API surface is considered stable in the sense described in 332// libcore/mmodules/core_platform_api/Android.bp. 333java_sdk_library { 334 name: "conscrypt.module.platform.api", 335 visibility: [ 336 "//build/soong/java/core-libraries", 337 "//external/wycheproof", 338 // Visibility for prebuilt conscrypt-module-sdk from the prebuilt of 339 // this module. 340 // TODO(b/155921753): Restrict this when prebuilts are in their proper 341 // locations. 342 "//prebuilts:__subpackages__", 343 344 // DO NOT REMOVE: Legacy visibility, needed for snapshots that are 345 // generated for the S build. 346 "//libcore/mmodules/core_platform_api", 347 ], 348 srcs: [ 349 ":conscrypt_java_files", 350 ":conscrypt_public_api_files", 351 ], 352 api_dir: "api/platform", 353 api_only: true, 354 api_lint: { 355 enabled: true, 356 }, 357 droiddoc_options: [ 358 "--hide-annotation libcore.api.Hide", 359 // Include the "public" API in the "platform" API. 360 "--show-unannotated", 361 "--show-single-annotation libcore.api.CorePlatformApi\\(status=libcore.api.CorePlatformApi.Status.STABLE\\)", 362 ], 363 hostdex: true, 364 365 sdk_version: "none", 366 system_modules: "art-module-lib-api-stubs-system-modules", 367 368 dist_group: "android", 369 dist_stem: "conscrypt-coreplatform", 370 // TODO: remove this when Conscrypt's @CorePlatformApi has been migrated to @SystemApi 371 unsafe_ignore_missing_latest_api: true, 372} 373 374// A library containing the public API stubs of the Conscrypt module. 375java_sdk_library { 376 name: "conscrypt.module.public.api", 377 visibility: [ 378 "//build/soong/java/core-libraries", 379 "//frameworks/base", 380 "//frameworks/base/api", 381 "//packages/modules/common/sdk", 382 // TODO(b/165823103): Remove visiblity for IPsec once CorePlatformApi is available 383 "//packages/modules/IPsec", 384 // Visibility for prebuilt art-module-host-exports from the prebuilt of 385 // this module. 386 // TODO(b/155921753): Restrict this when prebuilts are in their proper 387 // locations. 388 "//prebuilts:__subpackages__", 389 390 // DO NOT REMOVE: Legacy visibility, needed for snapshots that are 391 // generated for the S build. 392 "//libcore", 393 ], 394 srcs: [ 395 ":conscrypt_public_api_files", 396 ], 397 398 // The base name for the artifacts that are automatically published to the 399 // dist and which end up in one of the sub-directories of prebuilts/sdk. 400 // As long as this matches the name of the artifacts in prebuilts/sdk then 401 // the API will be checked for compatibility against the latest released 402 // version of the API. 403 dist_stem: "conscrypt", 404 405 public: { 406 enabled: true, 407 }, 408 system: { 409 enabled: true, 410 }, 411 module_lib: { 412 enabled: true, 413 }, 414 415 api_dir: "api/public", 416 api_only: true, 417 418 // Emit nullability annotations from the source to the stub files. 419 annotations_enabled: true, 420 421 java_version: "1.9", 422 423 sdk_version: "none", 424 system_modules: "art-module-public-api-stubs-system-modules", 425 dist_group: "android", 426} 427 428// Referenced implicitly from conscrypt.module.intra.core.api. 429filegroup { 430 name: "conscrypt.module.intra.core.api.api.combined.public.latest", 431 srcs: [ 432 "api/intra/last-api.txt", 433 ], 434} 435 436// Referenced implicitly from conscrypt.module.intra.core.api. 437filegroup { 438 name: "conscrypt.module.intra.core.api-removed.api.combined.public.latest", 439 srcs: [ 440 "api/intra/last-removed.txt", 441 ], 442} 443 444// Referenced implicitly from conscrypt.module.intra.core.api. 445filegroup { 446 name: "conscrypt.module.intra.core.api-incompatibilities.api.public.latest", 447 srcs: [ 448 "api/intra/last-incompatibilities.txt", 449 ], 450} 451 452// A library containing the intra-core API stubs of the Conscrypt module. 453// 454// Intra-core APIs are only intended for the use of other core library modules. 455// 456// The API specification .txt files managed by this only contain the additional 457// classes/members that are in the intra-core API but which are not the public API. 458java_sdk_library { 459 name: "conscrypt.module.intra.core.api", 460 visibility: [ 461 "//external/okhttp", 462 "//libcore:__subpackages__", 463 // Visibility for prebuilt conscrypt-module-sdk from the prebuilt of 464 // this module. 465 // TODO(b/155921753): Restrict this when prebuilts are in their proper 466 // locations. 467 "//prebuilts:__subpackages__", 468 ], 469 srcs: [ 470 ":conscrypt_java_files", 471 ":conscrypt_public_api_files", 472 ], 473 api_dir: "api/intra", 474 api_only: true, 475 droiddoc_options: [ 476 "--hide-annotation libcore.api.Hide", 477 "--show-single-annotation libcore.api.IntraCoreApi", 478 ], 479 480 sdk_version: "none", 481 system_modules: "art-module-intra-core-api-stubs-system-modules", 482 483 // Don't copy any output files to the dist. 484 no_dist: true, 485} 486 487// Platform conscrypt crypto JNI library 488cc_defaults { 489 name: "libjavacrypto-defaults", 490 491 cflags: [ 492 "-Wall", 493 "-Wextra", 494 "-Werror", 495 "-Wunused", 496 "-fvisibility=hidden", 497 ], 498 499 srcs: ["common/src/jni/main/cpp/**/*.cc"], 500 header_libs: ["jni_headers"], 501 local_include_dirs: ["common/src/jni/main/include"], 502} 503 504// Platform conscrypt crypto JNI library 505cc_library_shared { 506 name: "libjavacrypto", 507 host_supported: true, 508 defaults: ["libjavacrypto-defaults"], 509 510 cflags: ["-DJNI_JARJAR_PREFIX=com/android/"], 511 header_libs: ["libnativehelper_header_only"], 512 shared_libs: ["liblog"], 513 514 target: { 515 darwin: { 516 enabled: false, 517 }, 518 android: { 519 runtime_libs: ["libandroidio"], 520 shared_libs: [ 521 "libcrypto", 522 "libssl", 523 ], 524 }, 525 not_windows: { 526 runtime_libs: ["libandroidio"], 527 // Link libcrypto and libssl statically on host, to ensure they stay current in 528 // the prebuilt that's included in conscrypt-module-test-exports. 529 static_libs: [ 530 "libcrypto", 531 "libssl", 532 ], 533 }, 534 }, 535 apex_available: [ 536 "com.android.conscrypt", 537 "test_com.android.conscrypt", 538 ], 539 min_sdk_version: "30", 540} 541 542// Unbundled Conscrypt jar for use by signapk and apksigner tool 543// 544// Builds against standard host libraries. 545// 546// This does not use java_library_host as that does not support the 547// min_sdk_version property which needs to be set to make sure that this 548// library is added to the sdk snapshot correctly. 549java_library { 550 name: "conscrypt-unbundled", 551 visibility: [ 552 "//build/make/tools/signapk", 553 "//tools/apksig", 554 "//external/robolectric:__subpackages__", 555 ], 556 device_supported: false, 557 host_supported: true, 558 srcs: [ 559 "common/src/main/java/**/*.java", 560 "openjdk/src/main/java/**/*.java", 561 ":conscrypt-unbundled_generated_constants", 562 ], 563 javacflags: ["-XDignore.symbol.file"], 564 java_version: "1.8", 565 target: { 566 windows: { 567 enabled: true, 568 }, 569 }, 570 // Make sure that this will be added to the sdk snapshot for S. 571 min_sdk_version: "S", 572} 573 574// Interim library for accessing pseudo-JCA Conscrypt APIs such as HPKE until 575// public APIs are available. No stability guarentees, so limited visibility 576// in order to track users. 577java_library { 578 name: "conscrypt-lite", 579 visibility: [ 580 "//external/conscrypt:__subpackages__", 581 ], 582 device_supported: true, 583 host_supported: true, 584 srcs: [ 585 "common/src/main/java/**/ArrayUtils.java", 586 "common/src/main/java/**/DuckTypedHpkeSpi.java", 587 "common/src/main/java/**/Hkdf.java", 588 "common/src/main/java/**/HpkeContext.java", 589 "common/src/main/java/**/HpkeContextRecipient.java", 590 "common/src/main/java/**/HpkeContextSender.java", 591 "common/src/main/java/**/HpkeSpi.java", 592 "common/src/main/java/**/HpkeSuite.java", 593 "common/src/main/java/**/Internal.java", 594 "common/src/main/java/**/XdhKeySpec.java", 595 ], 596 jarjar_rules: "conscrypt-lite-jarjar-rules.txt", 597} 598 599// Static unbundled Conscrypt crypto JNI library 600cc_library_static { 601 name: "libconscrypt_static", 602 defaults: ["libjavacrypto-defaults"], 603 604 cflags: [ 605 "-DJNI_JARJAR_PREFIX=com/google/android/gms/", 606 "-DCONSCRYPT_UNBUNDLED", 607 "-DSTATIC_LIB", 608 ], 609 610 local_include_dirs: ["common/src/jni/unbundled/include"], 611 612 static_libs: [ 613 "libssl", 614 "libcrypto_static", 615 ], 616 sdk_version: "9", 617 stl: "c++_shared", 618} 619 620// Make the conscrypt-tests library. 621java_test { 622 name: "conscrypt-tests", 623 visibility: [ 624 "//cts/tests/libcore/luni", 625 "//external/conscrypt/apex/tests", 626 "//libcore", 627 ], 628 hostdex: true, 629 srcs: [ 630 "repackaged/platform/src/test/java/**/*.java", 631 "repackaged/common/src/test/java/**/*.java", 632 "repackaged/testing/src/main/java/**/*.java", 633 "publicapi/src/test/java/**/*.java", 634 ], 635 java_resource_dirs: [ 636 // Resource directories do not need repackaging. 637 "openjdk/src/test/resources", 638 "common/src/test/resources", 639 ], 640 641 sdk_version: "none", 642 system_modules: "art-module-intra-core-api-stubs-system-modules", 643 libs: [ 644 "conscrypt", 645 "core-test-rules", 646 "junit", 647 "mockito-target-minus-junit4", 648 "framework-statsd.stubs.module_lib", 649 ], 650 651 static_libs: [ 652 "bouncycastle-unbundled", 653 "bouncycastle-bcpkix-unbundled", 654 "bouncycastle-ocsp-unbundled", 655 ], 656 javacflags: [ 657 "-Xmaxwarns 9999999", 658 //"-Xlint:all", 659 //"-Xlint:-serial,-deprecation,-unchecked", 660 ], 661 662 target: { 663 host: { 664 required: ["libjavacrypto"], 665 }, 666 darwin: { 667 // required module "libjavacrypto" is disabled on darwin 668 enabled: false, 669 }, 670 }, 671 java_version: "1.8", 672} 673 674// Make the conscrypt-benchmarks library. 675java_test { 676 name: "conscrypt-benchmarks", 677 srcs: [ 678 "repackaged/testing/src/main/java/**/*.java", 679 "repackaged/benchmark-base/src/main/java/**/*.java", 680 "repackaged/benchmark-android/src/main/java/**/*.java", 681 ], 682 sdk_version: "none", 683 system_modules: "art-module-intra-core-api-stubs-system-modules", 684 libs: [ 685 "conscrypt", 686 "junit", 687 "bouncycastle-unbundled", 688 "bouncycastle-bcpkix-unbundled", 689 "bouncycastle-ocsp-unbundled", 690 "caliper-api-target", 691 ], 692 693 javacflags: [ 694 "-Xmaxwarns 9999999", 695 //"-Xlint:all", 696 //"-Xlint:-serial,-deprecation,-unchecked", 697 ], 698 699 target: { 700 host: { 701 required: ["libjavacrypto"], 702 }, 703 darwin: { 704 // required module "libjavacrypto" is disabled on darwin 705 enabled: false, 706 }, 707 }, 708 java_version: "1.8", 709} 710 711// Device SDK exposed by the Conscrypt module. 712sdk { 713 name: "conscrypt-module-sdk", 714 apexes: [ 715 // Adds exportable dependencies of the APEX to the sdk, 716 // e.g. *classpath_fragments. 717 "com.android.conscrypt", 718 ], 719 java_sdk_libs: [ 720 "conscrypt.module.intra.core.api", 721 ], 722 native_shared_libs: [ 723 "libconscrypt_jni", 724 ], 725} 726 727// Host tools exported by the Conscrypt module. 728module_exports { 729 name: "conscrypt-module-host-exports", 730 host_supported: true, 731 device_supported: false, 732 java_libs: [ 733 "conscrypt-unbundled", 734 ], 735 native_shared_libs: [ 736 "libconscrypt_openjdk_jni", 737 ], 738} 739 740// Test libraries exposed by the Conscrypt module. 741module_exports { 742 name: "conscrypt-module-test-exports", 743 host_supported: true, 744 target: { 745 android: { 746 java_libs: [ 747 // For use by robolectric and ART tests. 748 "conscrypt-for-host", 749 ], 750 java_tests: [ 751 // For use by CTS 752 "conscrypt-tests", 753 ], 754 native_shared_libs: [ 755 "libjavacrypto", 756 ], 757 }, 758 darwin: { 759 enabled: false, 760 }, 761 // For use by ART tests on host. 762 not_windows: { 763 native_shared_libs: [ 764 "libjavacrypto", 765 ], 766 }, 767 }, 768} 769