Merge "Include per-partition fingerprint as AVB prop." am: dc2f0b0abd
am: 48ccb46f5f
Change-Id: Ia754f2cc68814ed0155d16d111eed42cad41856a
This commit is contained in:
commit
a824e907e5
3 changed files with 95 additions and 13 deletions
|
@ -3303,26 +3303,41 @@ endif
|
|||
# Appends os version and security patch level as a AVB property descriptor
|
||||
|
||||
BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS += \
|
||||
--prop com.android.build.system.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
|
||||
--prop com.android.build.system.os_version:$(PLATFORM_VERSION) \
|
||||
--prop com.android.build.system.security_patch:$(PLATFORM_SECURITY_PATCH)
|
||||
|
||||
BOARD_AVB_PRODUCT_ADD_HASHTREE_FOOTER_ARGS += \
|
||||
--prop com.android.build.product.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
|
||||
--prop com.android.build.product.os_version:$(PLATFORM_VERSION) \
|
||||
--prop com.android.build.product.security_patch:$(PLATFORM_SECURITY_PATCH)
|
||||
|
||||
BOARD_AVB_SYSTEM_EXT_ADD_HASHTREE_FOOTER_ARGS += \
|
||||
--prop com.android.build.system_ext.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
|
||||
--prop com.android.build.system_ext.os_version:$(PLATFORM_VERSION) \
|
||||
--prop com.android.build.system_ext.security_patch:$(PLATFORM_SECURITY_PATCH)
|
||||
|
||||
BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS += \
|
||||
--prop com.android.build.boot.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
|
||||
--prop com.android.build.boot.os_version:$(PLATFORM_VERSION)
|
||||
|
||||
BOARD_AVB_VENDOR_BOOT_ADD_HASH_FOOTER_ARGS += \
|
||||
--prop com.android.build.vendor_boot.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
|
||||
|
||||
BOARD_AVB_RECOVERY_ADD_HASH_FOOTER_ARGS += \
|
||||
--prop com.android.build.recovery.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE)
|
||||
|
||||
BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS += \
|
||||
--prop com.android.build.vendor.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
|
||||
--prop com.android.build.vendor.os_version:$(PLATFORM_VERSION)
|
||||
|
||||
BOARD_AVB_ODM_ADD_HASHTREE_FOOTER_ARGS += \
|
||||
--prop com.android.build.odm.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
|
||||
--prop com.android.build.odm.os_version:$(PLATFORM_VERSION)
|
||||
|
||||
BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS += \
|
||||
--prop com.android.build.dtbo.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE)
|
||||
|
||||
# The following vendor- and odm-specific images needs explicit SPL set per board.
|
||||
ifdef BOOT_SECURITY_PATCH
|
||||
BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS += \
|
||||
|
|
|
@ -153,6 +153,20 @@ OPTIONS.avb_algorithms = {}
|
|||
OPTIONS.avb_extra_args = {}
|
||||
|
||||
|
||||
AVB_FOOTER_ARGS_BY_PARTITION = {
|
||||
'boot' : 'avb_boot_add_hash_footer_args',
|
||||
'dtbo' : 'avb_dtbo_add_hash_footer_args',
|
||||
'recovery' : 'avb_recovery_add_hash_footer_args',
|
||||
'system' : 'avb_system_add_hashtree_footer_args',
|
||||
'system_other' : 'avb_system_other_add_hashtree_footer_args',
|
||||
'vendor' : 'avb_vendor_add_hashtree_footer_args',
|
||||
'vendor_boot' : 'avb_vendor_boot_add_hash_footer_args',
|
||||
'vbmeta' : 'avb_vbmeta_args',
|
||||
'vbmeta_system' : 'avb_vbmeta_system_args',
|
||||
'vbmeta_vendor' : 'avb_vbmeta_vendor_args',
|
||||
}
|
||||
|
||||
|
||||
def GetApkCerts(certmap):
|
||||
# apply the key remapping to the contents of the file
|
||||
for apk, cert in certmap.items():
|
||||
|
@ -622,6 +636,10 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
|
|||
# Replace the AVB signing keys, if any.
|
||||
ReplaceAvbSigningKeys(misc_info)
|
||||
|
||||
# Rewrite the props in AVB signing args.
|
||||
if misc_info.get('avb_enable') == 'true':
|
||||
RewriteAvbProps(misc_info)
|
||||
|
||||
# Write back misc_info with the latest values.
|
||||
ReplaceMiscInfoTxt(input_tf_zip, output_tf_zip, misc_info)
|
||||
|
||||
|
@ -910,18 +928,6 @@ def ReplaceMiscInfoTxt(input_zip, output_zip, misc_info):
|
|||
def ReplaceAvbSigningKeys(misc_info):
|
||||
"""Replaces the AVB signing keys."""
|
||||
|
||||
AVB_FOOTER_ARGS_BY_PARTITION = {
|
||||
'boot' : 'avb_boot_add_hash_footer_args',
|
||||
'dtbo' : 'avb_dtbo_add_hash_footer_args',
|
||||
'recovery' : 'avb_recovery_add_hash_footer_args',
|
||||
'system' : 'avb_system_add_hashtree_footer_args',
|
||||
'system_other' : 'avb_system_other_add_hashtree_footer_args',
|
||||
'vendor' : 'avb_vendor_add_hashtree_footer_args',
|
||||
'vbmeta' : 'avb_vbmeta_args',
|
||||
'vbmeta_system' : 'avb_vbmeta_system_args',
|
||||
'vbmeta_vendor' : 'avb_vbmeta_vendor_args',
|
||||
}
|
||||
|
||||
def ReplaceAvbPartitionSigningKey(partition):
|
||||
key = OPTIONS.avb_keys.get(partition)
|
||||
if not key:
|
||||
|
@ -946,6 +952,32 @@ def ReplaceAvbSigningKeys(misc_info):
|
|||
ReplaceAvbPartitionSigningKey(partition)
|
||||
|
||||
|
||||
def RewriteAvbProps(misc_info):
|
||||
"""Rewrites the props in AVB signing args."""
|
||||
for partition, args_key in AVB_FOOTER_ARGS_BY_PARTITION.items():
|
||||
args = misc_info.get(args_key)
|
||||
if not args:
|
||||
continue
|
||||
|
||||
tokens = []
|
||||
changed = False
|
||||
for token in args.split(' '):
|
||||
fingerprint_key = 'com.android.build.{}.fingerprint'.format(partition)
|
||||
if not token.startswith(fingerprint_key):
|
||||
tokens.append(token)
|
||||
continue
|
||||
prefix, tag = token.rsplit('/', 1)
|
||||
tokens.append('{}/{}'.format(prefix, EditTags(tag)))
|
||||
changed = True
|
||||
|
||||
if changed:
|
||||
result = ' '.join(tokens)
|
||||
print('Rewriting AVB prop for {}:\n'.format(partition))
|
||||
print(' replace: {}'.format(args))
|
||||
print(' with: {}'.format(result))
|
||||
misc_info[args_key] = result
|
||||
|
||||
|
||||
def BuildKeyMap(misc_info, key_mapping_options):
|
||||
for s, d in key_mapping_options:
|
||||
if s is None: # -d option
|
||||
|
|
|
@ -23,7 +23,8 @@ import common
|
|||
import test_utils
|
||||
from sign_target_files_apks import (
|
||||
CheckApkAndApexKeysAvailable, EditTags, GetApkFileInfo, ReadApexKeysInfo,
|
||||
ReplaceCerts, ReplaceVerityKeyId, RewriteProps, WriteOtacerts)
|
||||
ReplaceCerts, ReplaceVerityKeyId, RewriteAvbProps, RewriteProps,
|
||||
WriteOtacerts)
|
||||
|
||||
|
||||
class SignTargetFilesApksTest(test_utils.ReleaseToolsTestCase):
|
||||
|
@ -52,6 +53,40 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
|
|||
# Tags are sorted.
|
||||
self.assertEqual(EditTags('xyz,abc,dev-keys,xyz'), ('abc,release-keys,xyz'))
|
||||
|
||||
def test_RewriteAvbProps(self):
|
||||
misc_info = {
|
||||
'avb_boot_add_hash_footer_args':
|
||||
('--prop com.android.build.boot.os_version:R '
|
||||
'--prop com.android.build.boot.security_patch:2019-09-05'),
|
||||
'avb_system_add_hashtree_footer_args':
|
||||
('--prop com.android.build.system.os_version:R '
|
||||
'--prop com.android.build.system.security_patch:2019-09-05 '
|
||||
'--prop com.android.build.system.fingerprint:'
|
||||
'Android/aosp_taimen/taimen:R/QT/foo:userdebug/test-keys'),
|
||||
'avb_vendor_add_hashtree_footer_args':
|
||||
('--prop com.android.build.vendor.os_version:R '
|
||||
'--prop com.android.build.vendor.security_patch:2019-09-05 '
|
||||
'--prop com.android.build.vendor.fingerprint:'
|
||||
'Android/aosp_taimen/taimen:R/QT/foo:userdebug/dev-keys'),
|
||||
}
|
||||
expected_dict = {
|
||||
'avb_boot_add_hash_footer_args':
|
||||
('--prop com.android.build.boot.os_version:R '
|
||||
'--prop com.android.build.boot.security_patch:2019-09-05'),
|
||||
'avb_system_add_hashtree_footer_args':
|
||||
('--prop com.android.build.system.os_version:R '
|
||||
'--prop com.android.build.system.security_patch:2019-09-05 '
|
||||
'--prop com.android.build.system.fingerprint:'
|
||||
'Android/aosp_taimen/taimen:R/QT/foo:userdebug/release-keys'),
|
||||
'avb_vendor_add_hashtree_footer_args':
|
||||
('--prop com.android.build.vendor.os_version:R '
|
||||
'--prop com.android.build.vendor.security_patch:2019-09-05 '
|
||||
'--prop com.android.build.vendor.fingerprint:'
|
||||
'Android/aosp_taimen/taimen:R/QT/foo:userdebug/release-keys'),
|
||||
}
|
||||
RewriteAvbProps(misc_info)
|
||||
self.assertDictEqual(expected_dict, misc_info)
|
||||
|
||||
def test_RewriteProps(self):
|
||||
props = (
|
||||
('', ''),
|
||||
|
|
Loading…
Reference in a new issue