Enable certificate overrides with product vars.
Currently it is only for android_app, though it can be easily ported to apex. The make-side change will be made later, along with a real application. Bug: 122957760 Test: app_test.go Change-Id: I41f0be84f8b9f93e9518a16160e10eaa649388cd
This commit is contained in:
Jaewoong Jung
parent
9d085dea9e
commit
2ad817c65d
|
|
@ -893,7 +893,16 @@ func (c *deviceConfig) PlatPrivateSepolicyDirs() []string {
|
|||
}
|
||||
|
||||
func (c *deviceConfig) OverrideManifestPackageNameFor(name string) (manifestName string, overridden bool) {
|
||||
overrides := c.config.productVariables.ManifestPackageNameOverrides
|
||||
return findOverrideValue(c.config.productVariables.ManifestPackageNameOverrides, name,
|
||||
"invalid override rule %q in PRODUCT_MANIFEST_PACKAGE_NAME_OVERRIDES should be <module_name>:<manifest_name>")
|
||||
}
|
||||
|
||||
func (c *deviceConfig) OverrideCertificateFor(name string) (certificatePath string, overridden bool) {
|
||||
return findOverrideValue(c.config.productVariables.CertificateOverrides, name,
|
||||
"invalid override rule %q in PRODUCT_CERTIFICATE_OVERRIDES should be <module_name>:<certificate_module_name>")
|
||||
}
|
||||
|
||||
func findOverrideValue(overrides []string, name string, errorMsg string) (newValue string, overridden bool) {
|
||||
if overrides == nil || len(overrides) == 0 {
|
||||
return "", false
|
||||
}
|
||||
|
|
@ -901,7 +910,7 @@ func (c *deviceConfig) OverrideManifestPackageNameFor(name string) (manifestName
|
|||
split := strings.Split(o, ":")
|
||||
if len(split) != 2 {
|
||||
// This shouldn't happen as this is first checked in make, but just in case.
|
||||
panic(fmt.Errorf("invalid override rule %q in PRODUCT_MANIFEST_PACKAGE_NAME_OVERRIDES should be <module_name>:<manifest_name>", o))
|
||||
panic(fmt.Errorf(errorMsg, o))
|
||||
}
|
||||
if matchPattern(split[0], name) {
|
||||
return substPattern(split[0], split[1], name), true
|
||||
|
|
|
|||
|
|
@ -270,6 +270,7 @@ type productVariables struct {
|
|||
DexpreoptGlobalConfig *string `json:",omitempty"`
|
||||
|
||||
ManifestPackageNameOverrides []string `json:",omitempty"`
|
||||
CertificateOverrides []string `json:",omitempty"`
|
||||
|
||||
EnforceSystemCertificate *bool `json:",omitempty"`
|
||||
EnforceSystemCertificateWhitelist []string `json:",omitempty"`
|
||||
|
|
|
|||
12
java/app.go
12
java/app.go
|
|
@ -120,7 +120,7 @@ func (a *AndroidApp) DepsMutator(ctx android.BottomUpMutatorContext) {
|
|||
ctx.AddFarVariationDependencies(variation, tag, a.appProperties.Jni_libs...)
|
||||
}
|
||||
|
||||
cert := android.SrcIsModule(String(a.appProperties.Certificate))
|
||||
cert := android.SrcIsModule(a.getCertString(ctx))
|
||||
if cert != "" {
|
||||
ctx.AddDependency(ctx.Module(), certificateTag, cert)
|
||||
}
|
||||
|
|
@ -241,7 +241,7 @@ func (a *AndroidApp) generateAndroidBuildActions(ctx android.ModuleContext) {
|
|||
return
|
||||
}
|
||||
|
||||
cert := String(a.appProperties.Certificate)
|
||||
cert := a.getCertString(ctx)
|
||||
certModule := android.SrcIsModule(cert)
|
||||
if certModule != "" {
|
||||
a.certificate = certificateDeps[0]
|
||||
|
|
@ -327,6 +327,14 @@ func (a *AndroidApp) collectAppDeps(ctx android.ModuleContext) ([]jniLib, []Cert
|
|||
return jniLibs, certificates
|
||||
}
|
||||
|
||||
func (a *AndroidApp) getCertString(ctx android.BaseContext) string {
|
||||
certificate, overridden := ctx.DeviceConfig().OverrideCertificateFor(ctx.ModuleName())
|
||||
if overridden {
|
||||
return ":" + certificate
|
||||
}
|
||||
return String(a.appProperties.Certificate)
|
||||
}
|
||||
|
||||
func AndroidAppFactory() android.Module {
|
||||
module := &AndroidApp{}
|
||||
|
||||
|
|
|
|||
|
|
@ -454,3 +454,89 @@ func TestJNI(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestCertificates(t *testing.T) {
|
||||
testCases := []struct {
|
||||
name string
|
||||
bp string
|
||||
certificateOverride string
|
||||
expected string
|
||||
}{
|
||||
{
|
||||
name: "default",
|
||||
bp: `
|
||||
android_app {
|
||||
name: "foo",
|
||||
srcs: ["a.java"],
|
||||
}
|
||||
`,
|
||||
certificateOverride: "",
|
||||
expected: "build/target/product/security/testkey.x509.pem build/target/product/security/testkey.pk8",
|
||||
},
|
||||
{
|
||||
name: "module certificate property",
|
||||
bp: `
|
||||
android_app {
|
||||
name: "foo",
|
||||
srcs: ["a.java"],
|
||||
certificate: ":new_certificate"
|
||||
}
|
||||
|
||||
android_app_certificate {
|
||||
name: "new_certificate",
|
||||
certificate: "cert/new_cert",
|
||||
}
|
||||
`,
|
||||
certificateOverride: "",
|
||||
expected: "cert/new_cert.x509.pem cert/new_cert.pk8",
|
||||
},
|
||||
{
|
||||
name: "path certificate property",
|
||||
bp: `
|
||||
android_app {
|
||||
name: "foo",
|
||||
srcs: ["a.java"],
|
||||
certificate: "expiredkey"
|
||||
}
|
||||
`,
|
||||
certificateOverride: "",
|
||||
expected: "build/target/product/security/expiredkey.x509.pem build/target/product/security/expiredkey.pk8",
|
||||
},
|
||||
{
|
||||
name: "certificate overrides",
|
||||
bp: `
|
||||
android_app {
|
||||
name: "foo",
|
||||
srcs: ["a.java"],
|
||||
certificate: "expiredkey"
|
||||
}
|
||||
|
||||
android_app_certificate {
|
||||
name: "new_certificate",
|
||||
certificate: "cert/new_cert",
|
||||
}
|
||||
`,
|
||||
certificateOverride: "foo:new_certificate",
|
||||
expected: "cert/new_cert.x509.pem cert/new_cert.pk8",
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
t.Run(test.name, func(t *testing.T) {
|
||||
config := testConfig(nil)
|
||||
if test.certificateOverride != "" {
|
||||
config.TestProductVariables.CertificateOverrides = []string{test.certificateOverride}
|
||||
}
|
||||
ctx := testAppContext(config, test.bp, nil)
|
||||
|
||||
run(t, ctx, config)
|
||||
foo := ctx.ModuleForTests("foo", "android_common")
|
||||
|
||||
signapk := foo.Output("foo.apk")
|
||||
signFlags := signapk.Args["certificates"]
|
||||
if test.expected != signFlags {
|
||||
t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expected, signFlags)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -71,6 +71,7 @@ func testContext(config android.Config, bp string,
|
|||
|
||||
ctx := android.NewTestArchContext()
|
||||
ctx.RegisterModuleType("android_app", android.ModuleFactoryAdaptor(AndroidAppFactory))
|
||||
ctx.RegisterModuleType("android_app_certificate", android.ModuleFactoryAdaptor(AndroidAppCertificateFactory))
|
||||
ctx.RegisterModuleType("android_library", android.ModuleFactoryAdaptor(AndroidLibraryFactory))
|
||||
ctx.RegisterModuleType("android_test", android.ModuleFactoryAdaptor(AndroidTestFactory))
|
||||
ctx.RegisterModuleType("android_test_helper_app", android.ModuleFactoryAdaptor(AndroidTestHelperAppFactory))
|
||||
|
|
@ -226,6 +227,9 @@ func testContext(config android.Config, bp string,
|
|||
"bar-doc/IFoo.aidl": nil,
|
||||
"bar-doc/known_oj_tags.txt": nil,
|
||||
"external/doclava/templates-sdk": nil,
|
||||
|
||||
"cert/new_cert.x509.pem": nil,
|
||||
"cert/new_cert.pk8": nil,
|
||||
}
|
||||
|
||||
for k, v := range fs {
|
||||
|
|
|
|||
Loading…
Reference in New Issue