rules/android/android_app_certificate.bzl - platform/build/bazel - Git at Google

 # Copyright (C) 2021 The Android Open Source Project
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 load("@bazel_skylib//lib:paths.bzl", "paths")
 load("@bazel_skylib//rules:common_settings.bzl", "BuildSettingInfo")

 AndroidAppCertificateInfo = provider(
     "Info needed for Android app certificates",
     fields = {
         "pem": "Certificate .pem file",
         "pk8": "Certificate .pk8 file",
         "key_name": "Key name",
     },
 )

 NoAndroidAppCertificateInfo = provider(
     "A provider that indicates this target is NOT an android app certificate. It's used as the default value for an apex's certificate override.",
 )

 def _no_android_app_certificate_rule_impl(_ctx):
     return [NoAndroidAppCertificateInfo()]

 no_android_app_certificate = rule(
     implementation = _no_android_app_certificate_rule_impl,
 )

 def _android_app_certificate_rule_impl(ctx):
     cert_name = ctx.attr.certificate
     pk8 = ctx.file.pk8
     pem = ctx.file.pem

     return [
         AndroidAppCertificateInfo(pem = pem, pk8 = pk8, key_name = cert_name),
     ]

 _android_app_certificate = rule(
     implementation = _android_app_certificate_rule_impl,
     attrs = {
         "pem": attr.label(mandatory = True, allow_single_file = [".pem"]),
         "pk8": attr.label(mandatory = True, allow_single_file = [".pk8"]),
         "certificate": attr.string(mandatory = True),
     },
 )

 def android_app_certificate(
         name,
         certificate,
         **kwargs):
     "Bazel macro to correspond with the Android app certificate Soong module."

     _android_app_certificate(
         name = name,
         pem = certificate + ".x509.pem",
         pk8 = certificate + ".pk8",
         certificate = certificate,
         **kwargs
     )

 def _search_cert_files(cert_name, cert_filegroup):
     pk8 = None
     pem = None
     files = cert_filegroup[DefaultInfo].files.to_list()

     # For overriding to a specific *file* in a provided directory with cert_name in the actual filename
     for f in files:
         if f.basename == cert_name + ".pk8":
             pk8 = f
         elif f.basename == cert_name + ".x509.pem":
             pem = f

     if not pk8:
         fail("Could not find .pk8 file for the module '%s' in the list: %s" % (cert_name, files))
     if not pem:
         fail("Could not find .x509.pem file for the module '%s' in the list: %s" % (cert_name, files))

     return pk8, pem

 default_cert_directory = "build/make/target/product/security"

 def _android_app_certificate_with_default_cert_impl(ctx):
     product_var_cert = ctx.attr._default_app_certificate[BuildSettingInfo].value

     cert_name = ctx.attr.cert_name

     if cert_name and product_var_cert:
         cert_dir = paths.dirname(product_var_cert)
     elif cert_name:
         cert_dir = default_cert_directory
     elif product_var_cert:
         cert_name = paths.basename(product_var_cert)
         cert_dir = paths.dirname(product_var_cert)
     else:
         cert_name = "testkey"
         cert_dir = default_cert_directory

     if cert_dir != default_cert_directory:
         filegroup_to_search = ctx.attr._default_app_certificate_filegroup
     else:
         filegroup_to_search = ctx.attr._hardcoded_certs

     pk8, pem = _search_cert_files(cert_name, filegroup_to_search)

     return [
         AndroidAppCertificateInfo(
             pk8 = pk8,
             pem = pem,
             key_name = "//" + cert_dir + ":" + cert_name,
         ),
     ]

 android_app_certificate_with_default_cert = rule(
     doc = """
     This rule is the equivalent of an android_app_certificate, but uses the
     certificate with the given name from a certain folder, or the default
     certificate.

     Modules can give a simple name of a certificate instead of a full label to
     an android_app_certificate. This certificate will be looked for either in
     the package determined by the DefaultAppCertificate product config variable,
     or the hardcoded default directory. (build/make/target/product/security)

     If a name is not given, it will fall back to using the certificate termined
     by DefaultAppCertificate. (DefaultAppCertificate can function as both the
     default certificate to use if none is specified, and the folder to look for
     certificates in)

     If neither the name nor DefaultAppCertificate is given,
     build/make/target/product/security/testkey.{pem,pk8} will be used.

     Since this rule is intended to be used from other macros, it's common to have
     multiple android_app_certificate targets pointing to the same pem/pk8 files.
     """,
     implementation = _android_app_certificate_with_default_cert_impl,
     attrs = {
         "cert_name": attr.string(),
         "_default_app_certificate": attr.label(
             default = "//build/bazel/product_config:default_app_certificate",
         ),
         "_default_app_certificate_filegroup": attr.label(
             default = "//build/bazel/product_config:default_app_certificate_filegroup",
         ),
         "_hardcoded_certs": attr.label(
             default = "//build/make/target/product/security:android_certificate_directory",
         ),
         "_apex_name": attr.label(
             default = "//build/bazel/rules/apex:apex_name",
             doc = "Name of apex this certificate signs.",
         ),
     },
 )
	# Copyright (C) 2021 The Android Open Source Project
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	load("@bazel_skylib//lib:paths.bzl", "paths")
	load("@bazel_skylib//rules:common_settings.bzl", "BuildSettingInfo")

	AndroidAppCertificateInfo = provider(
	"Info needed for Android app certificates",
	fields = {
	"pem": "Certificate .pem file",
	"pk8": "Certificate .pk8 file",
	"key_name": "Key name",
	},
	)

	NoAndroidAppCertificateInfo = provider(
	"A provider that indicates this target is NOT an android app certificate. It's used as the default value for an apex's certificate override.",
	)

	def _no_android_app_certificate_rule_impl(_ctx):
	return [NoAndroidAppCertificateInfo()]

	no_android_app_certificate = rule(
	implementation = _no_android_app_certificate_rule_impl,
	)

	def _android_app_certificate_rule_impl(ctx):
	cert_name = ctx.attr.certificate
	pk8 = ctx.file.pk8
	pem = ctx.file.pem

	return [
	AndroidAppCertificateInfo(pem = pem, pk8 = pk8, key_name = cert_name),
	]

	_android_app_certificate = rule(
	implementation = _android_app_certificate_rule_impl,
	attrs = {
	"pem": attr.label(mandatory = True, allow_single_file = [".pem"]),
	"pk8": attr.label(mandatory = True, allow_single_file = [".pk8"]),
	"certificate": attr.string(mandatory = True),
	},
	)

	def android_app_certificate(
	name,
	certificate,
	**kwargs):
	"Bazel macro to correspond with the Android app certificate Soong module."

	_android_app_certificate(
	name = name,
	pem = certificate + ".x509.pem",
	pk8 = certificate + ".pk8",
	certificate = certificate,
	**kwargs
	)

	def _search_cert_files(cert_name, cert_filegroup):
	pk8 = None
	pem = None
	files = cert_filegroup[DefaultInfo].files.to_list()

	# For overriding to a specific file in a provided directory with cert_name in the actual filename
	for f in files:
	if f.basename == cert_name + ".pk8":
	pk8 = f
	elif f.basename == cert_name + ".x509.pem":
	pem = f

	if not pk8:
	fail("Could not find .pk8 file for the module '%s' in the list: %s" % (cert_name, files))
	if not pem:
	fail("Could not find .x509.pem file for the module '%s' in the list: %s" % (cert_name, files))

	return pk8, pem

	default_cert_directory = "build/make/target/product/security"

	def _android_app_certificate_with_default_cert_impl(ctx):
	product_var_cert = ctx.attr._default_app_certificate[BuildSettingInfo].value

	cert_name = ctx.attr.cert_name

	if cert_name and product_var_cert:
	cert_dir = paths.dirname(product_var_cert)
	elif cert_name:
	cert_dir = default_cert_directory
	elif product_var_cert:
	cert_name = paths.basename(product_var_cert)
	cert_dir = paths.dirname(product_var_cert)
	else:
	cert_name = "testkey"
	cert_dir = default_cert_directory

	if cert_dir != default_cert_directory:
	filegroup_to_search = ctx.attr._default_app_certificate_filegroup
	else:
	filegroup_to_search = ctx.attr._hardcoded_certs

	pk8, pem = _search_cert_files(cert_name, filegroup_to_search)

	return [
	AndroidAppCertificateInfo(
	pk8 = pk8,
	pem = pem,
	key_name = "//" + cert_dir + ":" + cert_name,
	),
	]

	android_app_certificate_with_default_cert = rule(
	doc = """
	This rule is the equivalent of an android_app_certificate, but uses the
	certificate with the given name from a certain folder, or the default
	certificate.

	Modules can give a simple name of a certificate instead of a full label to
	an android_app_certificate. This certificate will be looked for either in
	the package determined by the DefaultAppCertificate product config variable,
	or the hardcoded default directory. (build/make/target/product/security)

	If a name is not given, it will fall back to using the certificate termined
	by DefaultAppCertificate. (DefaultAppCertificate can function as both the
	default certificate to use if none is specified, and the folder to look for
	certificates in)

	If neither the name nor DefaultAppCertificate is given,
	build/make/target/product/security/testkey.{pem,pk8} will be used.

	Since this rule is intended to be used from other macros, it's common to have
	multiple android_app_certificate targets pointing to the same pem/pk8 files.
	""",
	implementation = _android_app_certificate_with_default_cert_impl,
	attrs = {
	"cert_name": attr.string(),
	"_default_app_certificate": attr.label(
	default = "//build/bazel/product_config:default_app_certificate",
	),
	"_default_app_certificate_filegroup": attr.label(
	default = "//build/bazel/product_config:default_app_certificate_filegroup",
	),
	"_hardcoded_certs": attr.label(
	default = "//build/make/target/product/security:android_certificate_directory",
	),
	"_apex_name": attr.label(
	default = "//build/bazel/rules/apex:apex_name",
	doc = "Name of apex this certificate signs.",
	),
	},
	)