1# Copyright (c) 2023-2024 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14import("//build/ohos.gni")
15import("//build/ohos/sa_profile/sa_profile.gni")
16import("../../code_signature.gni")
17
18ohos_shared_library("liblocal_code_sign") {
19  sanitize = {
20    cfi = true
21    cfi_cross_dso = true
22    debug = false
23  }
24  branch_protector_ret = "pac_ret"
25  sources = [
26    "${code_signature_root_dir}/utils/src/cert_utils.cpp",
27    "src/local_code_sign_service.cpp",
28    "src/local_code_sign_stub.cpp",
29    "src/local_sign_key.cpp",
30    "src/permission_utils.cpp",
31  ]
32  cflags_cc = [
33    "-Os",
34    "-fno-asynchronous-unwind-tables",
35    "-fno-unwind-tables",
36  ]
37  include_dirs = [
38    "include",
39    "${code_signature_root_dir}/interfaces/innerkits/local_code_sign/include",
40    "${code_signature_root_dir}/utils/include",
41  ]
42  shlib_type = "sa"
43  public_configs = [ "${code_signature_root_dir}:common_public_config" ]
44  configs = [ "${code_signature_root_dir}:common_utils_config" ]
45  deps = [ "${code_signature_root_dir}/utils:fsverity_sign_src_set" ]
46  external_deps = [
47    "access_token:libaccesstoken_sdk",
48    "access_token:libtokenid_sdk",
49    "c_utils:utils",
50    "eventhandler:libeventhandler",
51    "fsverity-utils:libfsverity_utils",
52    "hilog:libhilog",
53    "hisysevent:libhisysevent",
54    "hitrace:hitrace_meter",
55    "huks:libhukssdk",
56    "init:libbegetutil",
57    "ipc:ipc_core",
58    "openssl:libcrypto_shared",
59    "safwk:system_ability_fwk",
60    "samgr:samgr_proxy",
61  ]
62
63  part_name = "code_signature"
64  subsystem_name = "security"
65
66  install_images = [ "system" ]
67  install_enable = true
68}
69
70group("local_code_sign_configs") {
71  deps = [
72    ":local_code_sign.cfg",
73    ":local_code_sign_sa_profile",
74    ":trusted_attest_root_ca",
75  ]
76}
77
78ohos_prebuilt_etc("local_code_sign.cfg") {
79  source = "local_code_sign.cfg"
80  relative_install_dir = "init"
81  subsystem_name = "security"
82  part_name = "code_signature"
83}
84
85ohos_sa_profile("local_code_sign_sa_profile") {
86  sources = [ "sa_profile/3507.json" ]
87  part_name = "code_signature"
88}
89
90ohos_prebuilt_etc("trusted_attest_root_ca") {
91  if (!code_signature_support_oh_code_sign) {
92    source = "config/OpenHarmony/trusted_attest_root_ca.cer"
93  } else {
94    source = "config/trusted_attest_root_ca.cer"
95  }
96  part_name = "code_signature"
97  subsystem_name = "security"
98  relative_install_dir = "security"
99}
100