2017-12-08 23:42:16 +01:00
|
|
|
#
|
|
|
|
# Copyright (C) 2017 The Android Open Source Project
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
#
|
|
|
|
|
2017-12-05 02:16:36 +01:00
|
|
|
import base64
|
2019-07-25 08:31:19 +02:00
|
|
|
import io
|
2018-02-20 19:05:46 +01:00
|
|
|
import os.path
|
2017-12-24 08:44:48 +01:00
|
|
|
import zipfile
|
2017-12-08 23:42:16 +01:00
|
|
|
|
2017-12-24 08:44:48 +01:00
|
|
|
import common
|
2018-02-20 19:05:46 +01:00
|
|
|
import test_utils
|
2017-12-05 02:16:36 +01:00
|
|
|
from sign_target_files_apks import (
|
2019-03-15 17:37:01 +01:00
|
|
|
CheckApkAndApexKeysAvailable, EditTags, GetApkFileInfo, ReadApexKeysInfo,
|
2022-08-19 08:33:25 +02:00
|
|
|
ReplaceCerts, ReplaceGkiSigningKey, RewriteAvbProps, RewriteProps,
|
|
|
|
WriteOtacerts)
|
2017-12-08 23:42:16 +01:00
|
|
|
|
|
|
|
|
2018-10-12 06:57:26 +02:00
|
|
|
class SignTargetFilesApksTest(test_utils.ReleaseToolsTestCase):
|
2017-12-08 23:42:16 +01:00
|
|
|
|
2017-12-05 02:16:36 +01:00
|
|
|
MAC_PERMISSIONS_XML = """<?xml version="1.0" encoding="iso-8859-1"?>
|
|
|
|
<policy>
|
|
|
|
<signer signature="{}"><seinfo value="platform"/></signer>
|
|
|
|
<signer signature="{}"><seinfo value="media"/></signer>
|
|
|
|
</policy>"""
|
|
|
|
|
2020-04-04 00:36:23 +02:00
|
|
|
# Note that we test one apex with the partition tag, and another without to
|
|
|
|
# make sure that new OTA tools can process an older target files package that
|
|
|
|
# does not include the partition tag.
|
|
|
|
|
2019-03-19 20:24:03 +01:00
|
|
|
# pylint: disable=line-too-long
|
2020-03-21 02:31:43 +01:00
|
|
|
APEX_KEYS_TXT = """name="apex.apexd_test.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem" container_certificate="build/make/target/product/security/testkey.x509.pem" container_private_key="build/make/target/product/security/testkey.pk8" partition="system"
|
2020-04-04 00:36:23 +02:00
|
|
|
name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" container_certificate="build/make/target/product/security/testkey.x509.pem" container_private_key="build/make/target/product/security/testkey.pk8"
|
2019-03-15 17:37:01 +01:00
|
|
|
"""
|
|
|
|
|
2017-12-24 08:44:48 +01:00
|
|
|
def setUp(self):
|
2018-02-20 19:05:46 +01:00
|
|
|
self.testdata_dir = test_utils.get_testdata_dir()
|
2017-12-24 08:44:48 +01:00
|
|
|
|
2017-12-08 23:42:16 +01:00
|
|
|
def test_EditTags(self):
|
|
|
|
self.assertEqual(EditTags('dev-keys'), ('release-keys'))
|
|
|
|
self.assertEqual(EditTags('test-keys'), ('release-keys'))
|
|
|
|
|
|
|
|
# Multiple tags.
|
|
|
|
self.assertEqual(EditTags('abc,dev-keys,xyz'), ('abc,release-keys,xyz'))
|
|
|
|
|
|
|
|
# Tags are sorted.
|
|
|
|
self.assertEqual(EditTags('xyz,abc,dev-keys,xyz'), ('abc,release-keys,xyz'))
|
|
|
|
|
2019-10-09 09:04:28 +02:00
|
|
|
def test_RewriteAvbProps(self):
|
|
|
|
misc_info = {
|
|
|
|
'avb_boot_add_hash_footer_args':
|
|
|
|
('--prop com.android.build.boot.os_version:R '
|
|
|
|
'--prop com.android.build.boot.security_patch:2019-09-05'),
|
2021-12-13 23:04:08 +01:00
|
|
|
'avb_init_boot_add_hash_footer_args':
|
|
|
|
('--prop com.android.build.boot.os_version:R '
|
|
|
|
'--prop com.android.build.boot.security_patch:2019-09-05'),
|
2019-10-09 09:04:28 +02:00
|
|
|
'avb_system_add_hashtree_footer_args':
|
|
|
|
('--prop com.android.build.system.os_version:R '
|
|
|
|
'--prop com.android.build.system.security_patch:2019-09-05 '
|
|
|
|
'--prop com.android.build.system.fingerprint:'
|
|
|
|
'Android/aosp_taimen/taimen:R/QT/foo:userdebug/test-keys'),
|
|
|
|
'avb_vendor_add_hashtree_footer_args':
|
|
|
|
('--prop com.android.build.vendor.os_version:R '
|
|
|
|
'--prop com.android.build.vendor.security_patch:2019-09-05 '
|
|
|
|
'--prop com.android.build.vendor.fingerprint:'
|
|
|
|
'Android/aosp_taimen/taimen:R/QT/foo:userdebug/dev-keys'),
|
|
|
|
}
|
|
|
|
expected_dict = {
|
|
|
|
'avb_boot_add_hash_footer_args':
|
|
|
|
('--prop com.android.build.boot.os_version:R '
|
|
|
|
'--prop com.android.build.boot.security_patch:2019-09-05'),
|
2021-12-13 23:04:08 +01:00
|
|
|
'avb_init_boot_add_hash_footer_args':
|
|
|
|
('--prop com.android.build.boot.os_version:R '
|
|
|
|
'--prop com.android.build.boot.security_patch:2019-09-05'),
|
2019-10-09 09:04:28 +02:00
|
|
|
'avb_system_add_hashtree_footer_args':
|
|
|
|
('--prop com.android.build.system.os_version:R '
|
|
|
|
'--prop com.android.build.system.security_patch:2019-09-05 '
|
|
|
|
'--prop com.android.build.system.fingerprint:'
|
|
|
|
'Android/aosp_taimen/taimen:R/QT/foo:userdebug/release-keys'),
|
|
|
|
'avb_vendor_add_hashtree_footer_args':
|
|
|
|
('--prop com.android.build.vendor.os_version:R '
|
|
|
|
'--prop com.android.build.vendor.security_patch:2019-09-05 '
|
|
|
|
'--prop com.android.build.vendor.fingerprint:'
|
|
|
|
'Android/aosp_taimen/taimen:R/QT/foo:userdebug/release-keys'),
|
|
|
|
}
|
|
|
|
RewriteAvbProps(misc_info)
|
|
|
|
self.assertDictEqual(expected_dict, misc_info)
|
|
|
|
|
2017-12-08 23:42:16 +01:00
|
|
|
def test_RewriteProps(self):
|
|
|
|
props = (
|
2019-05-01 23:09:30 +02:00
|
|
|
('', ''),
|
2017-12-08 23:42:16 +01:00
|
|
|
('ro.build.fingerprint=foo/bar/dev-keys',
|
2019-05-01 23:09:30 +02:00
|
|
|
'ro.build.fingerprint=foo/bar/release-keys'),
|
2017-12-08 23:42:16 +01:00
|
|
|
('ro.build.thumbprint=foo/bar/dev-keys',
|
2019-05-01 23:09:30 +02:00
|
|
|
'ro.build.thumbprint=foo/bar/release-keys'),
|
2017-12-08 23:42:16 +01:00
|
|
|
('ro.vendor.build.fingerprint=foo/bar/dev-keys',
|
2019-05-01 23:09:30 +02:00
|
|
|
'ro.vendor.build.fingerprint=foo/bar/release-keys'),
|
2017-12-08 23:42:16 +01:00
|
|
|
('ro.vendor.build.thumbprint=foo/bar/dev-keys',
|
2019-05-01 23:09:30 +02:00
|
|
|
'ro.vendor.build.thumbprint=foo/bar/release-keys'),
|
|
|
|
('ro.odm.build.fingerprint=foo/bar/test-keys',
|
|
|
|
'ro.odm.build.fingerprint=foo/bar/release-keys'),
|
|
|
|
('ro.odm.build.thumbprint=foo/bar/test-keys',
|
|
|
|
'ro.odm.build.thumbprint=foo/bar/release-keys'),
|
|
|
|
('ro.product.build.fingerprint=foo/bar/dev-keys',
|
|
|
|
'ro.product.build.fingerprint=foo/bar/release-keys'),
|
|
|
|
('ro.product.build.thumbprint=foo/bar/dev-keys',
|
|
|
|
'ro.product.build.thumbprint=foo/bar/release-keys'),
|
2019-06-25 08:58:13 +02:00
|
|
|
('ro.system_ext.build.fingerprint=foo/bar/test-keys',
|
|
|
|
'ro.system_ext.build.fingerprint=foo/bar/release-keys'),
|
|
|
|
('ro.system_ext.build.thumbprint=foo/bar/test-keys',
|
|
|
|
'ro.system_ext.build.thumbprint=foo/bar/release-keys'),
|
2019-05-01 23:09:30 +02:00
|
|
|
('# comment line 1', '# comment line 1'),
|
2017-12-08 23:42:16 +01:00
|
|
|
('ro.bootimage.build.fingerprint=foo/bar/dev-keys',
|
2019-05-01 23:09:30 +02:00
|
|
|
'ro.bootimage.build.fingerprint=foo/bar/release-keys'),
|
2017-12-08 23:42:16 +01:00
|
|
|
('ro.build.description='
|
|
|
|
'sailfish-user 8.0.0 OPR6.170623.012 4283428 dev-keys',
|
|
|
|
'ro.build.description='
|
2019-05-01 23:09:30 +02:00
|
|
|
'sailfish-user 8.0.0 OPR6.170623.012 4283428 release-keys'),
|
|
|
|
('ro.build.tags=dev-keys', 'ro.build.tags=release-keys'),
|
|
|
|
('ro.build.tags=test-keys', 'ro.build.tags=release-keys'),
|
|
|
|
('ro.system.build.tags=dev-keys',
|
|
|
|
'ro.system.build.tags=release-keys'),
|
|
|
|
('ro.vendor.build.tags=dev-keys',
|
|
|
|
'ro.vendor.build.tags=release-keys'),
|
|
|
|
('ro.odm.build.tags=dev-keys',
|
|
|
|
'ro.odm.build.tags=release-keys'),
|
|
|
|
('ro.product.build.tags=dev-keys',
|
|
|
|
'ro.product.build.tags=release-keys'),
|
2019-06-25 08:58:13 +02:00
|
|
|
('ro.system_ext.build.tags=dev-keys',
|
|
|
|
'ro.system_ext.build.tags=release-keys'),
|
2019-05-01 23:09:30 +02:00
|
|
|
('# comment line 2', '# comment line 2'),
|
2017-12-08 23:42:16 +01:00
|
|
|
('ro.build.display.id=OPR6.170623.012 dev-keys',
|
2019-05-01 23:09:30 +02:00
|
|
|
'ro.build.display.id=OPR6.170623.012'),
|
|
|
|
('# comment line 3', '# comment line 3'),
|
2017-12-08 23:42:16 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
# Assert the case for each individual line.
|
2019-05-01 23:09:30 +02:00
|
|
|
for prop, expected in props:
|
|
|
|
self.assertEqual(expected + '\n', RewriteProps(prop))
|
2017-12-08 23:42:16 +01:00
|
|
|
|
|
|
|
# Concatenate all the input lines.
|
2019-05-01 23:09:30 +02:00
|
|
|
self.assertEqual(
|
|
|
|
'\n'.join([prop[1] for prop in props]) + '\n',
|
|
|
|
RewriteProps('\n'.join([prop[0] for prop in props])))
|
2017-12-24 08:44:48 +01:00
|
|
|
|
2017-12-05 02:16:36 +01:00
|
|
|
def test_ReplaceCerts(self):
|
|
|
|
cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem')
|
|
|
|
with open(cert1_path) as cert1_fp:
|
|
|
|
cert1 = cert1_fp.read()
|
|
|
|
cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem')
|
|
|
|
with open(cert2_path) as cert2_fp:
|
|
|
|
cert2 = cert2_fp.read()
|
|
|
|
cert3_path = os.path.join(self.testdata_dir, 'testkey.x509.pem')
|
|
|
|
with open(cert3_path) as cert3_fp:
|
|
|
|
cert3 = cert3_fp.read()
|
|
|
|
|
|
|
|
# Replace cert1 with cert3.
|
|
|
|
input_xml = self.MAC_PERMISSIONS_XML.format(
|
|
|
|
base64.b16encode(common.ParseCertificate(cert1)).lower(),
|
|
|
|
base64.b16encode(common.ParseCertificate(cert2)).lower())
|
|
|
|
|
|
|
|
output_xml = self.MAC_PERMISSIONS_XML.format(
|
|
|
|
base64.b16encode(common.ParseCertificate(cert3)).lower(),
|
|
|
|
base64.b16encode(common.ParseCertificate(cert2)).lower())
|
|
|
|
|
|
|
|
common.OPTIONS.key_map = {
|
|
|
|
cert1_path[:-9] : cert3_path[:-9],
|
|
|
|
}
|
|
|
|
|
|
|
|
self.assertEqual(output_xml, ReplaceCerts(input_xml))
|
|
|
|
|
|
|
|
def test_ReplaceCerts_duplicateEntries(self):
|
|
|
|
cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem')
|
|
|
|
with open(cert1_path) as cert1_fp:
|
|
|
|
cert1 = cert1_fp.read()
|
|
|
|
cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem')
|
|
|
|
with open(cert2_path) as cert2_fp:
|
|
|
|
cert2 = cert2_fp.read()
|
|
|
|
|
|
|
|
# Replace cert1 with cert2, which leads to duplicate entries.
|
|
|
|
input_xml = self.MAC_PERMISSIONS_XML.format(
|
|
|
|
base64.b16encode(common.ParseCertificate(cert1)).lower(),
|
|
|
|
base64.b16encode(common.ParseCertificate(cert2)).lower())
|
|
|
|
|
|
|
|
common.OPTIONS.key_map = {
|
|
|
|
cert1_path[:-9] : cert2_path[:-9],
|
|
|
|
}
|
|
|
|
self.assertRaises(AssertionError, ReplaceCerts, input_xml)
|
|
|
|
|
|
|
|
def test_ReplaceCerts_skipNonExistentCerts(self):
|
|
|
|
cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem')
|
|
|
|
with open(cert1_path) as cert1_fp:
|
|
|
|
cert1 = cert1_fp.read()
|
|
|
|
cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem')
|
|
|
|
with open(cert2_path) as cert2_fp:
|
|
|
|
cert2 = cert2_fp.read()
|
|
|
|
cert3_path = os.path.join(self.testdata_dir, 'testkey.x509.pem')
|
|
|
|
with open(cert3_path) as cert3_fp:
|
|
|
|
cert3 = cert3_fp.read()
|
|
|
|
|
|
|
|
input_xml = self.MAC_PERMISSIONS_XML.format(
|
|
|
|
base64.b16encode(common.ParseCertificate(cert1)).lower(),
|
|
|
|
base64.b16encode(common.ParseCertificate(cert2)).lower())
|
|
|
|
|
|
|
|
output_xml = self.MAC_PERMISSIONS_XML.format(
|
|
|
|
base64.b16encode(common.ParseCertificate(cert3)).lower(),
|
|
|
|
base64.b16encode(common.ParseCertificate(cert2)).lower())
|
|
|
|
|
|
|
|
common.OPTIONS.key_map = {
|
|
|
|
cert1_path[:-9] : cert3_path[:-9],
|
|
|
|
'non-existent' : cert3_path[:-9],
|
|
|
|
cert2_path[:-9] : 'non-existent',
|
|
|
|
}
|
|
|
|
self.assertEqual(output_xml, ReplaceCerts(input_xml))
|
2018-06-19 21:19:35 +02:00
|
|
|
|
2019-07-25 08:31:19 +02:00
|
|
|
def test_WriteOtacerts(self):
|
|
|
|
certs = [
|
|
|
|
os.path.join(self.testdata_dir, 'platform.x509.pem'),
|
|
|
|
os.path.join(self.testdata_dir, 'media.x509.pem'),
|
|
|
|
os.path.join(self.testdata_dir, 'testkey.x509.pem'),
|
|
|
|
]
|
|
|
|
entry_name = 'SYSTEM/etc/security/otacerts.zip'
|
|
|
|
output_file = common.MakeTempFile(suffix='.zip')
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
|
2019-07-25 08:31:19 +02:00
|
|
|
WriteOtacerts(output_zip, entry_name, certs)
|
|
|
|
with zipfile.ZipFile(output_file) as input_zip:
|
|
|
|
self.assertIn(entry_name, input_zip.namelist())
|
|
|
|
otacerts_file = io.BytesIO(input_zip.read(entry_name))
|
|
|
|
with zipfile.ZipFile(otacerts_file) as otacerts_zip:
|
|
|
|
self.assertEqual(3, len(otacerts_zip.namelist()))
|
|
|
|
|
2019-03-15 17:37:01 +01:00
|
|
|
def test_CheckApkAndApexKeysAvailable(self):
|
2018-06-19 21:19:35 +02:00
|
|
|
input_file = common.MakeTempFile(suffix='.zip')
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
|
2018-06-19 21:19:35 +02:00
|
|
|
input_zip.writestr('SYSTEM/app/App1.apk', "App1-content")
|
|
|
|
input_zip.writestr('SYSTEM/app/App2.apk.gz', "App2-content")
|
|
|
|
|
|
|
|
apk_key_map = {
|
|
|
|
'App1.apk' : 'key1',
|
|
|
|
'App2.apk' : 'key2',
|
|
|
|
'App3.apk' : 'key3',
|
|
|
|
}
|
|
|
|
with zipfile.ZipFile(input_file) as input_zip:
|
2019-03-19 20:24:03 +01:00
|
|
|
CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, {})
|
|
|
|
CheckApkAndApexKeysAvailable(input_zip, apk_key_map, '.gz', {})
|
2018-06-19 21:19:35 +02:00
|
|
|
|
|
|
|
# 'App2.apk.gz' won't be considered as an APK.
|
2019-03-19 20:24:03 +01:00
|
|
|
CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, {})
|
|
|
|
CheckApkAndApexKeysAvailable(input_zip, apk_key_map, '.xz', {})
|
2018-06-19 21:19:35 +02:00
|
|
|
|
|
|
|
del apk_key_map['App2.apk']
|
|
|
|
self.assertRaises(
|
2019-03-15 17:37:01 +01:00
|
|
|
AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map,
|
2019-03-19 20:24:03 +01:00
|
|
|
'.gz', {})
|
|
|
|
|
|
|
|
def test_CheckApkAndApexKeysAvailable_invalidApexKeys(self):
|
|
|
|
input_file = common.MakeTempFile(suffix='.zip')
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
|
2019-03-19 20:24:03 +01:00
|
|
|
input_zip.writestr('SYSTEM/apex/Apex1.apex', "Apex1-content")
|
|
|
|
input_zip.writestr('SYSTEM/apex/Apex2.apex', "Apex2-content")
|
|
|
|
|
|
|
|
apk_key_map = {
|
|
|
|
'Apex1.apex' : 'key1',
|
|
|
|
'Apex2.apex' : 'key2',
|
|
|
|
'Apex3.apex' : 'key3',
|
|
|
|
}
|
|
|
|
apex_keys = {
|
2021-10-26 20:58:09 +02:00
|
|
|
'Apex1.apex' : ('payload-key1', 'container-key1', None),
|
|
|
|
'Apex2.apex' : ('payload-key2', 'container-key2', None),
|
2019-03-19 20:24:03 +01:00
|
|
|
}
|
|
|
|
with zipfile.ZipFile(input_file) as input_zip:
|
|
|
|
CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, apex_keys)
|
|
|
|
|
|
|
|
# Fine to have both keys as PRESIGNED.
|
2021-10-26 20:58:09 +02:00
|
|
|
apex_keys['Apex2.apex'] = ('PRESIGNED', 'PRESIGNED', None)
|
2019-03-19 20:24:03 +01:00
|
|
|
CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, apex_keys)
|
|
|
|
|
|
|
|
# Having only one of them as PRESIGNED is not allowed.
|
2021-10-26 20:58:09 +02:00
|
|
|
apex_keys['Apex2.apex'] = ('payload-key2', 'PRESIGNED', None)
|
2019-03-19 20:24:03 +01:00
|
|
|
self.assertRaises(
|
|
|
|
AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map,
|
|
|
|
None, apex_keys)
|
|
|
|
|
2021-10-26 20:58:09 +02:00
|
|
|
apex_keys['Apex2.apex'] = ('PRESIGNED', 'container-key1', None)
|
2019-03-19 20:24:03 +01:00
|
|
|
self.assertRaises(
|
|
|
|
AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map,
|
|
|
|
None, apex_keys)
|
2018-06-19 21:19:35 +02:00
|
|
|
|
|
|
|
def test_GetApkFileInfo(self):
|
2018-06-19 21:19:35 +02:00
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"PRODUCT/apps/Chats.apk", None, [])
|
2018-06-19 21:19:35 +02:00
|
|
|
self.assertTrue(is_apk)
|
|
|
|
self.assertFalse(is_compressed)
|
2018-06-19 21:19:35 +02:00
|
|
|
self.assertFalse(should_be_skipped)
|
2018-06-19 21:19:35 +02:00
|
|
|
|
2018-06-19 21:19:35 +02:00
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"PRODUCT/apps/Chats.apk", None, [])
|
|
|
|
self.assertTrue(is_apk)
|
|
|
|
self.assertFalse(is_compressed)
|
|
|
|
self.assertFalse(should_be_skipped)
|
|
|
|
|
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"PRODUCT/apps/Chats.dat", None, [])
|
2018-06-19 21:19:35 +02:00
|
|
|
self.assertFalse(is_apk)
|
|
|
|
self.assertFalse(is_compressed)
|
2018-06-19 21:19:35 +02:00
|
|
|
self.assertFalse(should_be_skipped)
|
2018-06-19 21:19:35 +02:00
|
|
|
|
|
|
|
def test_GetApkFileInfo_withCompressedApks(self):
|
2018-06-19 21:19:35 +02:00
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"PRODUCT/apps/Chats.apk.gz", ".gz", [])
|
|
|
|
self.assertTrue(is_apk)
|
|
|
|
self.assertTrue(is_compressed)
|
|
|
|
self.assertFalse(should_be_skipped)
|
|
|
|
|
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"PRODUCT/apps/Chats.apk.gz", ".xz", [])
|
|
|
|
self.assertFalse(is_apk)
|
|
|
|
self.assertFalse(is_compressed)
|
|
|
|
self.assertFalse(should_be_skipped)
|
|
|
|
|
|
|
|
self.assertRaises(
|
|
|
|
AssertionError, GetApkFileInfo, "PRODUCT/apps/Chats.apk", "", [])
|
|
|
|
|
|
|
|
self.assertRaises(
|
|
|
|
AssertionError, GetApkFileInfo, "PRODUCT/apps/Chats.apk", "apk", [])
|
|
|
|
|
|
|
|
def test_GetApkFileInfo_withSkippedPrefixes(self):
|
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"PRODUCT/preloads/apps/Chats.apk", None, set())
|
|
|
|
self.assertTrue(is_apk)
|
|
|
|
self.assertFalse(is_compressed)
|
|
|
|
self.assertFalse(should_be_skipped)
|
|
|
|
|
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"PRODUCT/preloads/apps/Chats.apk",
|
|
|
|
None,
|
|
|
|
set(["PRODUCT/preloads/"]))
|
|
|
|
self.assertTrue(is_apk)
|
|
|
|
self.assertFalse(is_compressed)
|
|
|
|
self.assertTrue(should_be_skipped)
|
|
|
|
|
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"SYSTEM_OTHER/preloads/apps/Chats.apk",
|
|
|
|
None,
|
|
|
|
set(["SYSTEM/preloads/", "SYSTEM_OTHER/preloads/"]))
|
|
|
|
self.assertTrue(is_apk)
|
|
|
|
self.assertFalse(is_compressed)
|
|
|
|
self.assertTrue(should_be_skipped)
|
|
|
|
|
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"SYSTEM_OTHER/preloads/apps/Chats.apk.gz",
|
|
|
|
".gz",
|
|
|
|
set(["PRODUCT/prebuilts/", "SYSTEM_OTHER/preloads/"]))
|
2018-06-19 21:19:35 +02:00
|
|
|
self.assertTrue(is_apk)
|
|
|
|
self.assertTrue(is_compressed)
|
2018-06-19 21:19:35 +02:00
|
|
|
self.assertTrue(should_be_skipped)
|
2018-06-19 21:19:35 +02:00
|
|
|
|
2018-06-19 21:19:35 +02:00
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"SYSTEM_OTHER/preloads/apps/Chats.dat",
|
|
|
|
None,
|
|
|
|
set(["SYSTEM_OTHER/preloads/"]))
|
2018-06-19 21:19:35 +02:00
|
|
|
self.assertFalse(is_apk)
|
|
|
|
self.assertFalse(is_compressed)
|
2018-06-19 21:19:35 +02:00
|
|
|
self.assertFalse(should_be_skipped)
|
|
|
|
|
|
|
|
def test_GetApkFileInfo_checkSkippedPrefixesInput(self):
|
|
|
|
# set
|
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"SYSTEM_OTHER/preloads/apps/Chats.apk",
|
|
|
|
None,
|
|
|
|
set(["SYSTEM_OTHER/preloads/"]))
|
|
|
|
self.assertTrue(is_apk)
|
|
|
|
self.assertFalse(is_compressed)
|
|
|
|
self.assertTrue(should_be_skipped)
|
|
|
|
|
|
|
|
# tuple
|
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"SYSTEM_OTHER/preloads/apps/Chats.apk",
|
|
|
|
None,
|
|
|
|
("SYSTEM_OTHER/preloads/",))
|
|
|
|
self.assertTrue(is_apk)
|
|
|
|
self.assertFalse(is_compressed)
|
|
|
|
self.assertTrue(should_be_skipped)
|
|
|
|
|
|
|
|
# list
|
|
|
|
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
|
|
|
|
"SYSTEM_OTHER/preloads/apps/Chats.apk",
|
|
|
|
None,
|
|
|
|
["SYSTEM_OTHER/preloads/"])
|
|
|
|
self.assertTrue(is_apk)
|
|
|
|
self.assertFalse(is_compressed)
|
|
|
|
self.assertTrue(should_be_skipped)
|
2018-06-19 21:19:35 +02:00
|
|
|
|
2018-06-19 21:19:35 +02:00
|
|
|
# str is invalid.
|
2018-06-19 21:19:35 +02:00
|
|
|
self.assertRaises(
|
2018-06-19 21:19:35 +02:00
|
|
|
AssertionError, GetApkFileInfo, "SYSTEM_OTHER/preloads/apps/Chats.apk",
|
|
|
|
None, "SYSTEM_OTHER/preloads/")
|
2018-06-19 21:19:35 +02:00
|
|
|
|
2018-06-19 21:19:35 +02:00
|
|
|
# None is invalid.
|
2018-06-19 21:19:35 +02:00
|
|
|
self.assertRaises(
|
2018-06-19 21:19:35 +02:00
|
|
|
AssertionError, GetApkFileInfo, "SYSTEM_OTHER/preloads/apps/Chats.apk",
|
|
|
|
None, None)
|
2019-03-15 17:37:01 +01:00
|
|
|
|
|
|
|
def test_ReadApexKeysInfo(self):
|
|
|
|
target_files = common.MakeTempFile(suffix='.zip')
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
|
2019-03-15 17:37:01 +01:00
|
|
|
target_files_zip.writestr('META/apexkeys.txt', self.APEX_KEYS_TXT)
|
|
|
|
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
|
2022-04-13 01:22:11 +02:00
|
|
|
keys_info = ReadApexKeysInfo(target_files_zip)
|
2019-03-15 17:37:01 +01:00
|
|
|
|
2019-03-19 20:24:03 +01:00
|
|
|
self.assertEqual({
|
|
|
|
'apex.apexd_test.apex': (
|
|
|
|
'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
|
2021-10-26 20:58:09 +02:00
|
|
|
'build/make/target/product/security/testkey', None),
|
2019-03-19 20:24:03 +01:00
|
|
|
'apex.apexd_test_different_app.apex': (
|
|
|
|
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
|
2021-10-26 20:58:09 +02:00
|
|
|
'build/make/target/product/security/testkey', None),
|
2019-03-19 20:24:03 +01:00
|
|
|
}, keys_info)
|
2019-03-15 17:37:01 +01:00
|
|
|
|
2019-03-26 20:59:25 +01:00
|
|
|
def test_ReadApexKeysInfo_mismatchingContainerKeys(self):
|
2019-03-15 17:37:01 +01:00
|
|
|
# Mismatching payload public / private keys.
|
|
|
|
apex_keys = self.APEX_KEYS_TXT + (
|
|
|
|
'name="apex.apexd_test_different_app2.apex" '
|
|
|
|
'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
|
2019-03-26 20:59:25 +01:00
|
|
|
'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
|
2019-04-10 06:35:37 +02:00
|
|
|
'container_certificate="build/make/target/product/security/testkey.x509.pem" '
|
2020-03-21 02:31:43 +01:00
|
|
|
'container_private_key="build/make/target/product/security/testkey2.pk8" '
|
|
|
|
'partition="system"')
|
2019-03-15 17:37:01 +01:00
|
|
|
target_files = common.MakeTempFile(suffix='.zip')
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
|
2019-03-15 17:37:01 +01:00
|
|
|
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
|
|
|
|
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
|
2019-03-15 17:37:01 +01:00
|
|
|
self.assertRaises(ValueError, ReadApexKeysInfo, target_files_zip)
|
|
|
|
|
2019-03-26 20:59:25 +01:00
|
|
|
def test_ReadApexKeysInfo_missingPayloadPrivateKey(self):
|
2019-03-15 17:37:01 +01:00
|
|
|
# Invalid lines will be skipped.
|
|
|
|
apex_keys = self.APEX_KEYS_TXT + (
|
|
|
|
'name="apex.apexd_test_different_app2.apex" '
|
|
|
|
'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
|
2019-04-10 06:35:37 +02:00
|
|
|
'container_certificate="build/make/target/product/security/testkey.x509.pem" '
|
|
|
|
'container_private_key="build/make/target/product/security/testkey.pk8"')
|
2019-03-15 17:37:01 +01:00
|
|
|
target_files = common.MakeTempFile(suffix='.zip')
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
|
2019-03-15 17:37:01 +01:00
|
|
|
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
|
|
|
|
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
|
2022-04-13 01:22:11 +02:00
|
|
|
keys_info = ReadApexKeysInfo(target_files_zip)
|
2019-03-15 17:37:01 +01:00
|
|
|
|
2019-03-19 20:24:03 +01:00
|
|
|
self.assertEqual({
|
|
|
|
'apex.apexd_test.apex': (
|
|
|
|
'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
|
2021-10-26 20:58:09 +02:00
|
|
|
'build/make/target/product/security/testkey', None),
|
2019-03-19 20:24:03 +01:00
|
|
|
'apex.apexd_test_different_app.apex': (
|
|
|
|
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
|
2021-10-26 20:58:09 +02:00
|
|
|
'build/make/target/product/security/testkey', None),
|
2019-03-19 20:24:03 +01:00
|
|
|
}, keys_info)
|
2019-03-26 20:59:25 +01:00
|
|
|
|
|
|
|
def test_ReadApexKeysInfo_missingPayloadPublicKey(self):
|
|
|
|
# Invalid lines will be skipped.
|
|
|
|
apex_keys = self.APEX_KEYS_TXT + (
|
|
|
|
'name="apex.apexd_test_different_app2.apex" '
|
|
|
|
'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
|
2019-04-10 06:35:37 +02:00
|
|
|
'container_certificate="build/make/target/product/security/testkey.x509.pem" '
|
|
|
|
'container_private_key="build/make/target/product/security/testkey.pk8"')
|
2019-03-26 20:59:25 +01:00
|
|
|
target_files = common.MakeTempFile(suffix='.zip')
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
|
2019-03-26 20:59:25 +01:00
|
|
|
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
|
|
|
|
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
|
2022-04-13 01:22:11 +02:00
|
|
|
keys_info = ReadApexKeysInfo(target_files_zip)
|
2019-03-26 20:59:25 +01:00
|
|
|
|
|
|
|
self.assertEqual({
|
|
|
|
'apex.apexd_test.apex': (
|
|
|
|
'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
|
2021-10-26 20:58:09 +02:00
|
|
|
'build/make/target/product/security/testkey', None),
|
2019-03-26 20:59:25 +01:00
|
|
|
'apex.apexd_test_different_app.apex': (
|
|
|
|
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
|
2021-10-26 20:58:09 +02:00
|
|
|
'build/make/target/product/security/testkey', None),
|
2019-03-26 20:59:25 +01:00
|
|
|
}, keys_info)
|
2019-04-27 01:53:47 +02:00
|
|
|
|
|
|
|
def test_ReadApexKeysInfo_presignedKeys(self):
|
|
|
|
apex_keys = self.APEX_KEYS_TXT + (
|
|
|
|
'name="apex.apexd_test_different_app2.apex" '
|
|
|
|
'private_key="PRESIGNED" '
|
|
|
|
'public_key="PRESIGNED" '
|
|
|
|
'container_certificate="PRESIGNED" '
|
|
|
|
'container_private_key="PRESIGNED"')
|
|
|
|
target_files = common.MakeTempFile(suffix='.zip')
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
|
2019-04-27 01:53:47 +02:00
|
|
|
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
|
|
|
|
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
|
2022-04-13 01:22:11 +02:00
|
|
|
keys_info = ReadApexKeysInfo(target_files_zip)
|
2019-04-27 01:53:47 +02:00
|
|
|
|
|
|
|
self.assertEqual({
|
|
|
|
'apex.apexd_test.apex': (
|
|
|
|
'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
|
2021-10-26 20:58:09 +02:00
|
|
|
'build/make/target/product/security/testkey', None),
|
2019-04-27 01:53:47 +02:00
|
|
|
'apex.apexd_test_different_app.apex': (
|
|
|
|
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
|
2021-10-26 20:58:09 +02:00
|
|
|
'build/make/target/product/security/testkey', None),
|
2019-03-26 20:59:25 +01:00
|
|
|
}, keys_info)
|
2019-04-25 08:53:42 +02:00
|
|
|
|
|
|
|
def test_ReadApexKeysInfo_presignedKeys(self):
|
|
|
|
apex_keys = self.APEX_KEYS_TXT + (
|
|
|
|
'name="apex.apexd_test_different_app2.apex" '
|
|
|
|
'private_key="PRESIGNED" '
|
|
|
|
'public_key="PRESIGNED" '
|
|
|
|
'container_certificate="PRESIGNED" '
|
|
|
|
'container_private_key="PRESIGNED"')
|
|
|
|
target_files = common.MakeTempFile(suffix='.zip')
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
|
2019-04-25 08:53:42 +02:00
|
|
|
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
|
|
|
|
|
2020-09-22 22:15:57 +02:00
|
|
|
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
|
2022-04-13 01:22:11 +02:00
|
|
|
keys_info = ReadApexKeysInfo(target_files_zip)
|
2019-04-25 08:53:42 +02:00
|
|
|
|
|
|
|
self.assertEqual({
|
|
|
|
'apex.apexd_test.apex': (
|
|
|
|
'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
|
2021-10-26 20:58:09 +02:00
|
|
|
'build/make/target/product/security/testkey', None),
|
2019-04-25 08:53:42 +02:00
|
|
|
'apex.apexd_test_different_app.apex': (
|
|
|
|
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
|
2021-10-26 20:58:09 +02:00
|
|
|
'build/make/target/product/security/testkey', None),
|
2019-04-25 08:53:42 +02:00
|
|
|
}, keys_info)
|
2021-03-12 14:40:32 +01:00
|
|
|
|
|
|
|
def test_ReplaceGkiSigningKey(self):
|
|
|
|
common.OPTIONS.gki_signing_key = 'release_gki_key'
|
|
|
|
common.OPTIONS.gki_signing_algorithm = 'release_gki_algorithm'
|
|
|
|
common.OPTIONS.gki_signing_extra_args = 'release_gki_signature_extra_args'
|
|
|
|
|
|
|
|
misc_info = {
|
|
|
|
'gki_signing_key_path': 'default_gki_key',
|
|
|
|
'gki_signing_algorithm': 'default_gki_algorithm',
|
|
|
|
'gki_signing_signature_args': 'default_gki_signature_args',
|
|
|
|
}
|
|
|
|
expected_dict = {
|
|
|
|
'gki_signing_key_path': 'release_gki_key',
|
|
|
|
'gki_signing_algorithm': 'release_gki_algorithm',
|
2021-05-10 11:35:37 +02:00
|
|
|
'gki_signing_signature_args': 'release_gki_signature_extra_args',
|
2021-03-12 14:40:32 +01:00
|
|
|
}
|
|
|
|
ReplaceGkiSigningKey(misc_info)
|
|
|
|
self.assertDictEqual(expected_dict, misc_info)
|
|
|
|
|
|
|
|
def test_ReplaceGkiSigningKey_MissingSigningAlgorithm(self):
|
|
|
|
common.OPTIONS.gki_signing_key = 'release_gki_key'
|
|
|
|
common.OPTIONS.gki_signing_algorithm = None
|
|
|
|
common.OPTIONS.gki_signing_extra_args = 'release_gki_signature_extra_args'
|
|
|
|
|
|
|
|
misc_info = {
|
|
|
|
'gki_signing_key_path': 'default_gki_key',
|
|
|
|
'gki_signing_algorithm': 'default_gki_algorithm',
|
|
|
|
'gki_signing_signature_args': 'default_gki_signature_args',
|
|
|
|
}
|
|
|
|
self.assertRaises(ValueError, ReplaceGkiSigningKey, misc_info)
|
|
|
|
|
|
|
|
def test_ReplaceGkiSigningKey_MissingSigningKeyNop(self):
|
|
|
|
common.OPTIONS.gki_signing_key = None
|
|
|
|
common.OPTIONS.gki_signing_algorithm = 'release_gki_algorithm'
|
|
|
|
common.OPTIONS.gki_signing_extra_args = 'release_gki_signature_extra_args'
|
|
|
|
|
|
|
|
# No change to misc_info if common.OPTIONS.gki_signing_key is missing.
|
|
|
|
misc_info = {
|
|
|
|
'gki_signing_key_path': 'default_gki_key',
|
|
|
|
'gki_signing_algorithm': 'default_gki_algorithm',
|
|
|
|
'gki_signing_signature_args': 'default_gki_signature_args',
|
|
|
|
}
|
|
|
|
expected_dict = {
|
|
|
|
'gki_signing_key_path': 'default_gki_key',
|
|
|
|
'gki_signing_algorithm': 'default_gki_algorithm',
|
|
|
|
'gki_signing_signature_args': 'default_gki_signature_args',
|
|
|
|
}
|
|
|
|
ReplaceGkiSigningKey(misc_info)
|
|
|
|
self.assertDictEqual(expected_dict, misc_info)
|