APEX certificates can be overriden by PRODUCT_CERTIFICATE_OVERRIDES
Test: m (apex_test amended) Change-Id: I9b66a250c9ca20ad754e12455de2b444cf19b1fa
This commit is contained in:
Jiyong Park
parent
1151247c29
commit
b2742fdec9
2 changed files with 45 additions and 18 deletions
10
apex/apex.go
10
apex/apex.go
|
|
@ -517,12 +517,20 @@ func (a *apexBundle) DepsMutator(ctx android.BottomUpMutatorContext) {
|
||||||
}
|
}
|
||||||
ctx.AddDependency(ctx.Module(), keyTag, String(a.properties.Key))
|
ctx.AddDependency(ctx.Module(), keyTag, String(a.properties.Key))
|
||||||
|
|
||||||
cert := android.SrcIsModule(String(a.properties.Certificate))
|
cert := android.SrcIsModule(a.getCertString(ctx))
|
||||||
if cert != "" {
|
if cert != "" {
|
||||||
ctx.AddDependency(ctx.Module(), certificateTag, cert)
|
ctx.AddDependency(ctx.Module(), certificateTag, cert)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (a *apexBundle) getCertString(ctx android.BaseContext) string {
|
||||||
|
certificate, overridden := ctx.DeviceConfig().OverrideCertificateFor(ctx.ModuleName())
|
||||||
|
if overridden {
|
||||||
|
return ":" + certificate
|
||||||
|
}
|
||||||
|
return String(a.properties.Certificate)
|
||||||
|
}
|
||||||
|
|
||||||
func (a *apexBundle) Srcs() android.Paths {
|
func (a *apexBundle) Srcs() android.Paths {
|
||||||
if file, ok := a.outputFiles[imageApex]; ok {
|
if file, ok := a.outputFiles[imageApex]; ok {
|
||||||
return android.Paths{file}
|
return android.Paths{file}
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@ import (
|
||||||
|
|
||||||
"android/soong/android"
|
"android/soong/android"
|
||||||
"android/soong/cc"
|
"android/soong/cc"
|
||||||
|
"android/soong/java"
|
||||||
)
|
)
|
||||||
|
|
||||||
func testApex(t *testing.T, bp string) *android.TestContext {
|
func testApex(t *testing.T, bp string) *android.TestContext {
|
||||||
|
|
@ -51,6 +52,7 @@ func testApex(t *testing.T, bp string) *android.TestContext {
|
||||||
ctx.RegisterModuleType("toolchain_library", android.ModuleFactoryAdaptor(cc.ToolchainLibraryFactory))
|
ctx.RegisterModuleType("toolchain_library", android.ModuleFactoryAdaptor(cc.ToolchainLibraryFactory))
|
||||||
ctx.RegisterModuleType("prebuilt_etc", android.ModuleFactoryAdaptor(android.PrebuiltEtcFactory))
|
ctx.RegisterModuleType("prebuilt_etc", android.ModuleFactoryAdaptor(android.PrebuiltEtcFactory))
|
||||||
ctx.RegisterModuleType("sh_binary", android.ModuleFactoryAdaptor(android.ShBinaryFactory))
|
ctx.RegisterModuleType("sh_binary", android.ModuleFactoryAdaptor(android.ShBinaryFactory))
|
||||||
|
ctx.RegisterModuleType("android_app_certificate", android.ModuleFactoryAdaptor(java.AndroidAppCertificateFactory))
|
||||||
ctx.PreDepsMutators(func(ctx android.RegisterMutatorsContext) {
|
ctx.PreDepsMutators(func(ctx android.RegisterMutatorsContext) {
|
||||||
ctx.BottomUp("image", cc.ImageMutator).Parallel()
|
ctx.BottomUp("image", cc.ImageMutator).Parallel()
|
||||||
ctx.BottomUp("link", cc.LinkageMutator).Parallel()
|
ctx.BottomUp("link", cc.LinkageMutator).Parallel()
|
||||||
|
|
@ -138,18 +140,23 @@ func testApex(t *testing.T, bp string) *android.TestContext {
|
||||||
`
|
`
|
||||||
|
|
||||||
ctx.MockFileSystem(map[string][]byte{
|
ctx.MockFileSystem(map[string][]byte{
|
||||||
"Android.bp": []byte(bp),
|
"Android.bp": []byte(bp),
|
||||||
"build/target/product/security": nil,
|
"build/target/product/security": nil,
|
||||||
"apex_manifest.json": nil,
|
"apex_manifest.json": nil,
|
||||||
"system/sepolicy/apex/myapex-file_contexts": nil,
|
"system/sepolicy/apex/myapex-file_contexts": nil,
|
||||||
"system/sepolicy/apex/otherapex-file_contexts": nil,
|
"system/sepolicy/apex/myapex_keytest-file_contexts": nil,
|
||||||
"mylib.cpp": nil,
|
"system/sepolicy/apex/otherapex-file_contexts": nil,
|
||||||
"myprebuilt": nil,
|
"mylib.cpp": nil,
|
||||||
"my_include": nil,
|
"myprebuilt": nil,
|
||||||
"vendor/foo/devkeys/test.x509.pem": nil,
|
"my_include": nil,
|
||||||
"vendor/foo/devkeys/test.pk8": nil,
|
"vendor/foo/devkeys/test.x509.pem": nil,
|
||||||
"vendor/foo/devkeys/testkey.avbpubkey": nil,
|
"vendor/foo/devkeys/test.pk8": nil,
|
||||||
"vendor/foo/devkeys/testkey.pem": nil,
|
"testkey.x509.pem": nil,
|
||||||
|
"testkey.pk8": nil,
|
||||||
|
"testkey.override.x509.pem": nil,
|
||||||
|
"testkey.override.pk8": nil,
|
||||||
|
"vendor/foo/devkeys/testkey.avbpubkey": nil,
|
||||||
|
"vendor/foo/devkeys/testkey.pem": nil,
|
||||||
})
|
})
|
||||||
_, errs := ctx.ParseFileList(".", []string{"Android.bp"})
|
_, errs := ctx.ParseFileList(".", []string{"Android.bp"})
|
||||||
android.FailIfErrored(t, errs)
|
android.FailIfErrored(t, errs)
|
||||||
|
|
@ -168,6 +175,7 @@ func setup(t *testing.T) (config android.Config, buildDir string) {
|
||||||
config = android.TestArchConfig(buildDir, nil)
|
config = android.TestArchConfig(buildDir, nil)
|
||||||
config.TestProductVariables.DeviceVndkVersion = proptools.StringPtr("current")
|
config.TestProductVariables.DeviceVndkVersion = proptools.StringPtr("current")
|
||||||
config.TestProductVariables.DefaultAppCertificate = proptools.StringPtr("vendor/foo/devkeys/test")
|
config.TestProductVariables.DefaultAppCertificate = proptools.StringPtr("vendor/foo/devkeys/test")
|
||||||
|
config.TestProductVariables.CertificateOverrides = []string{"myapex_keytest:myapex.certificate.override"}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -773,8 +781,9 @@ func TestStaticLinking(t *testing.T) {
|
||||||
func TestKeys(t *testing.T) {
|
func TestKeys(t *testing.T) {
|
||||||
ctx := testApex(t, `
|
ctx := testApex(t, `
|
||||||
apex {
|
apex {
|
||||||
name: "myapex",
|
name: "myapex_keytest",
|
||||||
key: "myapex.key",
|
key: "myapex.key",
|
||||||
|
certificate: ":myapex.certificate",
|
||||||
native_shared_libs: ["mylib"],
|
native_shared_libs: ["mylib"],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -791,6 +800,16 @@ func TestKeys(t *testing.T) {
|
||||||
private_key: "testkey.pem",
|
private_key: "testkey.pem",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
android_app_certificate {
|
||||||
|
name: "myapex.certificate",
|
||||||
|
certificate: "testkey",
|
||||||
|
}
|
||||||
|
|
||||||
|
android_app_certificate {
|
||||||
|
name: "myapex.certificate.override",
|
||||||
|
certificate: "testkey.override",
|
||||||
|
}
|
||||||
|
|
||||||
`)
|
`)
|
||||||
|
|
||||||
// check the APEX keys
|
// check the APEX keys
|
||||||
|
|
@ -805,11 +824,11 @@ func TestKeys(t *testing.T) {
|
||||||
"vendor/foo/devkeys/testkey.pem")
|
"vendor/foo/devkeys/testkey.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
// check the APK certs
|
// check the APK certs. It should be overridden to myapex.certificate.override
|
||||||
certs := ctx.ModuleForTests("myapex", "android_common_myapex").Rule("signapk").Args["certificates"]
|
certs := ctx.ModuleForTests("myapex_keytest", "android_common_myapex_keytest").Rule("signapk").Args["certificates"]
|
||||||
if certs != "vendor/foo/devkeys/test.x509.pem vendor/foo/devkeys/test.pk8" {
|
if certs != "testkey.override.x509.pem testkey.override.pk8" {
|
||||||
t.Errorf("cert and private key %q are not %q", certs,
|
t.Errorf("cert and private key %q are not %q", certs,
|
||||||
"vendor/foo/devkeys/test.x509.pem vendor/foo/devkeys/test.pk8")
|
"testkey.override.509.pem testkey.override.pk8")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue