# Copyright (c) 2023-2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import("//build/ohos.gni")
import("//build/ohos/sa_profile/sa_profile.gni")
import("../../code_signature.gni")

ohos_shared_library("liblocal_code_sign") {
  sanitize = {
    cfi = true
    cfi_cross_dso = true
    debug = false
  }
  branch_protector_ret = "pac_ret"
  sources = [
    "${code_signature_root_dir}/utils/src/cert_utils.cpp",
    "src/local_code_sign_service.cpp",
    "src/local_code_sign_stub.cpp",
    "src/local_sign_key.cpp",
    "src/permission_utils.cpp",
  ]
  include_dirs = [
    "include",
    "${code_signature_root_dir}/interfaces/innerkits/local_code_sign/include",
    "${code_signature_root_dir}/utils/include",
  ]
  shlib_type = "sa"
  public_configs = [ "${code_signature_root_dir}:common_public_config" ]
  configs = [ "${code_signature_root_dir}:common_utils_config" ]
  deps = [ "${code_signature_root_dir}/utils:fsverity_sign_src_set" ]
  external_deps = [
    "access_token:libaccesstoken_sdk",
    "access_token:libtokenid_sdk",
    "c_utils:utils",
    "eventhandler:libeventhandler",
    "fsverity-utils:libfsverity_utils",
    "hilog:libhilog",
    "hisysevent:libhisysevent",
    "hitrace:hitrace_meter",
    "huks:libhukssdk",
    "init:libbegetutil",
    "ipc:ipc_core",
    "openssl:libcrypto_shared",
    "safwk:system_ability_fwk",
    "samgr:samgr_proxy",
  ]

  part_name = "code_signature"
  subsystem_name = "security"

  install_images = [ "system" ]
  install_enable = true
}

group("local_code_sign_configs") {
  deps = [
    ":local_code_sign.cfg",
    ":local_code_sign_sa_profile",
    ":trusted_attest_root_ca",
  ]
}

ohos_prebuilt_etc("local_code_sign.cfg") {
  source = "local_code_sign.cfg"
  relative_install_dir = "init"
  subsystem_name = "security"
  part_name = "code_signature"
}

ohos_sa_profile("local_code_sign_sa_profile") {
  sources = [ "sa_profile/3507.json" ]
  part_name = "code_signature"
}

ohos_prebuilt_etc("trusted_attest_root_ca") {
  if (!code_signature_support_oh_code_sign) {
    source = "config/OpenHarmony/trusted_attest_root_ca.cer"
  } else {
    source = "config/trusted_attest_root_ca.cer"
  }
  part_name = "code_signature"
  subsystem_name = "security"
  relative_install_dir = "security"
}