Add PRODUCT_ADB_KEYS

This easily allow products to add custom adb keys for debuggable builds. To use, provide a public key created by `adb keygen` to PRODUCT_ADB_KEYS. This way automated test farms don't need manual intervention to authenticate to the device over adb, but we don't disable security for everyone else. Add an inherit-product-if-exists hook to aosp_* targets so that our build servers can add a key for our test farms. Bug: 32891559 Test: lunch aosp_marlin-userdebug; m bootimage Test: lunch aosp_marlin-user; m bootimage Change-Id: I1720644d89ec5289fbe99f95ebcdfbb3f3b20e67
2017-11-03 15:53:52 -07:00 · 2017-11-03 15:53:52 -07:00 · 0bd793815e
parent 52f74821d3
commit 0bd793815e
5 changed files with 32 additions and 0 deletions
--- a/core/product.mk
+++ b/core/product.mk
@ -144,6 +144,7 @@ _product_var_list := \
    PRODUCT_SYSTEM_HEADROOM \
    PRODUCT_MINIMIZE_JAVA_DEBUG_INFO \
    PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS \
+    PRODUCT_ADB_KEYS \



--- a/core/product_config.mk
+++ b/core/product_config.mk
@ -455,3 +455,13 @@ PRODUCT_MINIMIZE_JAVA_DEBUG_INFO := \
 # Whether any paths are excluded from sanitization when SANITIZE_TARGET=integer_overflow
 PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS := \
    $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
+
+# ADB keys for debuggable builds
+PRODUCT_ADB_KEYS :=
+ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),)
+  PRODUCT_ADB_KEYS := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ADB_KEYS))
+endif
+ifneq ($(filter-out 0 1,$(words $(PRODUCT_ADB_KEYS))),)
+  $(error Only one file may be in PRODUCT_ADB_KEYS: $(PRODUCT_ADB_KEYS))
+endif
+.KATI_READONLY := PRODUCT_ADB_KEYS
--- a/target/product/embedded.mk
+++ b/target/product/embedded.mk
@ -98,6 +98,11 @@ PRODUCT_PACKAGES += \
    fs_config_files \
    fs_config_dirs

+# If there are product-specific adb keys defined, install them on debuggable
+# builds.
+PRODUCT_PACKAGES_DEBUG += \
+    adb_keys
+
 # Ensure that this property is always defined so that bionic_systrace.cpp
 # can rely on it being initially set by init.
 PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \
--- a/target/product/full_base.mk
+++ b/target/product/full_base.mk
@ -53,3 +53,6 @@ $(call inherit-product, $(SRC_TARGET_DIR)/product/locales_full.mk)

 # Get everything else from the parent package
 $(call inherit-product, $(SRC_TARGET_DIR)/product/generic_no_telephony.mk)
+
+# Add adb keys to debuggable AOSP builds (if they exist)
+$(call inherit-product-if-exists, vendor/google/security/adb/vendor_key.mk)
--- a/target/product/security/Android.mk
+++ b/target/product/security/Android.mk
@ -10,3 +10,16 @@ LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)

 include $(BUILD_PREBUILT)
+
+#######################################
+# adb key, if configured via PRODUCT_ADB_KEYS
+ifdef PRODUCT_ADB_KEYS
+  ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),)
+    include $(CLEAR_VARS)
+    LOCAL_MODULE := adb_keys
+    LOCAL_MODULE_CLASS := ETC
+    LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
+    LOCAL_PREBUILT_MODULE_FILE := $(PRODUCT_ADB_KEYS)
+    include $(BUILD_PREBUILT)
+  endif
+endif