releasetools: support reading release keys out of some sort of command

key passphrases may live in some sort of secure storage, support running an arbitrary command to retrieve them. Change-Id: I49862cf60f1b73a2356e0c492e1038beef28a95f (cherry picked from commit 9caf8603575aecf51761feaeac6db619be76cfd3)
2017-01-20 20:47:49 -08:00 · 2017-01-20 20:47:49 -08:00 · bc0ef30e0e
commit bc0ef30e0e
parent 44112727ed
1 changed files with 16 additions and 1 deletions
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@ -2862,6 +2862,7 @@ class PasswordManager(object):
  def __init__(self):
    self.editor = os.getenv("EDITOR")
    self.pwfile = os.getenv("ANDROID_PW_FILE")
+    self.secure_storage_cmd = os.getenv("ANDROID_SECURE_STORAGE_CMD", None)

  def GetPasswords(self, items):
    """Get passwords corresponding to each string in 'items',
@ -2881,9 +2882,23 @@ class PasswordManager(object):
      missing = []
      for i in items:
        if i not in current or not current[i]:
-          missing.append(i)
+          # Attempt to load using ANDROID_SECURE_STORAGE_CMD
+          if self.secure_storage_cmd:
+            try:
+              os.environ["TMP__KEY_FILE_NAME"] = str(i)
+              ps = subprocess.Popen(self.secure_storage_cmd, shell=True, stdout=subprocess.PIPE)
+              output = ps.communicate()[0]
+              if ps.returncode == 0:
+                current[i] = output.decode('utf-8')
+            except Exception as e:
+              print(e)
+              pass
+          if i not in current or not current[i]:
+            missing.append(i)
      # Are all the passwords already in the file?
      if not missing:
+        if "ANDROID_SECURE_STORAGE_CMD" in os.environ:
+          del os.environ["ANDROID_SECURE_STORAGE_CMD"]
        return current

      for i in missing: