From 70dd74dde78f03f420c0e99cdeb5b60b02d95b56 Mon Sep 17 00:00:00 2001 From: Liz Kammer Date: Thu, 7 May 2020 13:24:05 -0700 Subject: [PATCH] Add signing certificate lineage support to soong Test: app_test Bug: 153366049 Change-Id: I65a92d6c40057dcc01950991fb7be485de1c9080 --- java/app.go | 15 +++++++--- java/app_builder.go | 16 ++++++---- java/app_test.go | 71 +++++++++++++++++++++++++++++++++++---------- java/testing.go | 1 + 4 files changed, 78 insertions(+), 25 deletions(-) diff --git a/java/app.go b/java/app.go index 4c4b83c82..531b46a66 100755 --- a/java/app.go +++ b/java/app.go @@ -129,6 +129,9 @@ type overridableAppProperties struct { // or an android_app_certificate module name in the form ":module". Certificate *string + // Name of the signing certificate lineage file. + Lineage *string + // the package name of this app. The package name in the manifest file is used if one was not given. Package_name *string @@ -586,7 +589,11 @@ func (a *AndroidApp) generateAndroidBuildActions(ctx android.ModuleContext) { if v4SigningRequested { v4SignatureFile = android.PathForModuleOut(ctx, a.installApkName+".apk.idsig") } - CreateAndSignAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates, apkDeps, v4SignatureFile) + var lineageFile android.Path + if lineage := String(a.overridableAppProperties.Lineage); lineage != "" { + lineageFile = android.PathForModuleSrc(ctx, lineage) + } + CreateAndSignAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates, apkDeps, v4SignatureFile, lineageFile) a.outputFile = packageFile if v4SigningRequested { a.extraOutputFiles = append(a.extraOutputFiles, v4SignatureFile) @@ -598,7 +605,7 @@ func (a *AndroidApp) generateAndroidBuildActions(ctx android.ModuleContext) { if v4SigningRequested { v4SignatureFile = android.PathForModuleOut(ctx, a.installApkName+"_"+split.suffix+".apk.idsig") } - CreateAndSignAppPackage(ctx, packageFile, split.path, nil, nil, certificates, apkDeps, v4SignatureFile) + CreateAndSignAppPackage(ctx, packageFile, split.path, nil, nil, certificates, apkDeps, v4SignatureFile, lineageFile) a.extraOutputFiles = append(a.extraOutputFiles, packageFile) if v4SigningRequested { a.extraOutputFiles = append(a.extraOutputFiles, v4SignatureFile) @@ -1249,7 +1256,7 @@ func (a *AndroidAppImport) generateAndroidBuildActions(ctx android.ModuleContext } a.certificate = certificates[0] signed := android.PathForModuleOut(ctx, "signed", apkFilename) - SignAppPackage(ctx, signed, dexOutput, certificates, nil) + SignAppPackage(ctx, signed, dexOutput, certificates, nil, nil) a.outputFile = signed } else { alignedApk := android.PathForModuleOut(ctx, "zip-aligned", apkFilename) @@ -1486,7 +1493,7 @@ func (r *RuntimeResourceOverlay) GenerateAndroidBuildActions(ctx android.ModuleC _, certificates := collectAppDeps(ctx, false, false) certificates = processMainCert(r.ModuleBase, String(r.properties.Certificate), certificates, ctx) signed := android.PathForModuleOut(ctx, "signed", r.Name()+".apk") - SignAppPackage(ctx, signed, r.aapt.exportPackage, certificates, nil) + SignAppPackage(ctx, signed, r.aapt.exportPackage, certificates, nil, nil) r.certificate = certificates[0] r.outputFile = signed diff --git a/java/app_builder.go b/java/app_builder.go index b2780bc90..e8c16c23f 100644 --- a/java/app_builder.go +++ b/java/app_builder.go @@ -45,7 +45,7 @@ var combineApk = pctx.AndroidStaticRule("combineApk", }) func CreateAndSignAppPackage(ctx android.ModuleContext, outputFile android.WritablePath, - packageFile, jniJarFile, dexJarFile android.Path, certificates []Certificate, deps android.Paths, v4SignatureFile android.WritablePath) { + packageFile, jniJarFile, dexJarFile android.Path, certificates []Certificate, deps android.Paths, v4SignatureFile android.WritablePath, lineageFile android.Path) { unsignedApkName := strings.TrimSuffix(outputFile.Base(), ".apk") + "-unsigned.apk" unsignedApk := android.PathForModuleOut(ctx, unsignedApkName) @@ -66,10 +66,10 @@ func CreateAndSignAppPackage(ctx android.ModuleContext, outputFile android.Writa Implicits: deps, }) - SignAppPackage(ctx, outputFile, unsignedApk, certificates, v4SignatureFile) + SignAppPackage(ctx, outputFile, unsignedApk, certificates, v4SignatureFile, lineageFile) } -func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, unsignedApk android.Path, certificates []Certificate, v4SignatureFile android.WritablePath) { +func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, unsignedApk android.Path, certificates []Certificate, v4SignatureFile android.WritablePath, lineageFile android.Path) { var certificateArgs []string var deps android.Paths @@ -79,10 +79,14 @@ func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, u } outputFiles := android.WritablePaths{signedApk} - var flag string = "" + var flags []string if v4SignatureFile != nil { outputFiles = append(outputFiles, v4SignatureFile) - flag = "--enable-v4" + flags = append(flags, "--enable-v4") + } + + if lineageFile != nil { + flags = append(flags, "--lineage", lineageFile.String()) } ctx.Build(pctx, android.BuildParams{ @@ -93,7 +97,7 @@ func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, u Implicits: deps, Args: map[string]string{ "certificates": strings.Join(certificateArgs, " "), - "flags": flag, + "flags": strings.Join(flags, " "), }, }) } diff --git a/java/app_test.go b/java/app_test.go index f2cbbfb71..75d1c90e5 100644 --- a/java/app_test.go +++ b/java/app_test.go @@ -1115,7 +1115,8 @@ func TestCertificates(t *testing.T) { name string bp string certificateOverride string - expected string + expectedLineage string + expectedCertificate string }{ { name: "default", @@ -1127,7 +1128,8 @@ func TestCertificates(t *testing.T) { } `, certificateOverride: "", - expected: "build/make/target/product/security/testkey.x509.pem build/make/target/product/security/testkey.pk8", + expectedLineage: "", + expectedCertificate: "build/make/target/product/security/testkey.x509.pem build/make/target/product/security/testkey.pk8", }, { name: "module certificate property", @@ -1145,7 +1147,8 @@ func TestCertificates(t *testing.T) { } `, certificateOverride: "", - expected: "cert/new_cert.x509.pem cert/new_cert.pk8", + expectedLineage: "", + expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8", }, { name: "path certificate property", @@ -1158,7 +1161,8 @@ func TestCertificates(t *testing.T) { } `, certificateOverride: "", - expected: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8", + expectedLineage: "", + expectedCertificate: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8", }, { name: "certificate overrides", @@ -1176,7 +1180,28 @@ func TestCertificates(t *testing.T) { } `, certificateOverride: "foo:new_certificate", - expected: "cert/new_cert.x509.pem cert/new_cert.pk8", + expectedLineage: "", + expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8", + }, + { + name: "certificate lineage", + bp: ` + android_app { + name: "foo", + srcs: ["a.java"], + certificate: ":new_certificate", + lineage: "lineage.bin", + sdk_version: "current", + } + + android_app_certificate { + name: "new_certificate", + certificate: "cert/new_cert", + } + `, + certificateOverride: "", + expectedLineage: "--lineage lineage.bin", + expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8", }, } @@ -1192,9 +1217,14 @@ func TestCertificates(t *testing.T) { foo := ctx.ModuleForTests("foo", "android_common") signapk := foo.Output("foo.apk") - signFlags := signapk.Args["certificates"] - if test.expected != signFlags { - t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expected, signFlags) + signCertificateFlags := signapk.Args["certificates"] + if test.expectedCertificate != signCertificateFlags { + t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expectedCertificate, signCertificateFlags) + } + + signFlags := signapk.Args["flags"] + if test.expectedLineage != signFlags { + t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expectedLineage, signFlags) } }) } @@ -1368,6 +1398,7 @@ func TestOverrideAndroidApp(t *testing.T) { name: "bar", base: "foo", certificate: ":new_certificate", + lineage: "lineage.bin", logging_parent: "bah", } @@ -1388,7 +1419,8 @@ func TestOverrideAndroidApp(t *testing.T) { variantName string apkName string apkPath string - signFlag string + certFlag string + lineageFlag string overrides []string aaptFlag string logging_parent string @@ -1397,7 +1429,8 @@ func TestOverrideAndroidApp(t *testing.T) { moduleName: "foo", variantName: "android_common", apkPath: "/target/product/test_device/system/app/foo/foo.apk", - signFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8", + certFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8", + lineageFlag: "", overrides: []string{"qux"}, aaptFlag: "", logging_parent: "", @@ -1406,7 +1439,8 @@ func TestOverrideAndroidApp(t *testing.T) { moduleName: "bar", variantName: "android_common_bar", apkPath: "/target/product/test_device/system/app/bar/bar.apk", - signFlag: "cert/new_cert.x509.pem cert/new_cert.pk8", + certFlag: "cert/new_cert.x509.pem cert/new_cert.pk8", + lineageFlag: "--lineage lineage.bin", overrides: []string{"qux", "foo"}, aaptFlag: "", logging_parent: "bah", @@ -1415,7 +1449,8 @@ func TestOverrideAndroidApp(t *testing.T) { moduleName: "baz", variantName: "android_common_baz", apkPath: "/target/product/test_device/system/app/baz/baz.apk", - signFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8", + certFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8", + lineageFlag: "", overrides: []string{"qux", "foo"}, aaptFlag: "--rename-manifest-package org.dandroid.bp", logging_parent: "", @@ -1440,9 +1475,15 @@ func TestOverrideAndroidApp(t *testing.T) { // Check the certificate paths signapk := variant.Output(expected.moduleName + ".apk") - signFlag := signapk.Args["certificates"] - if expected.signFlag != signFlag { - t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.signFlag, signFlag) + certFlag := signapk.Args["certificates"] + if expected.certFlag != certFlag { + t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.certFlag, certFlag) + } + + // Check the lineage flags + lineageFlag := signapk.Args["flags"] + if expected.lineageFlag != lineageFlag { + t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.lineageFlag, lineageFlag) } // Check if the overrides field values are correctly aggregated. diff --git a/java/testing.go b/java/testing.go index 28c1a2691..dd3565313 100644 --- a/java/testing.go +++ b/java/testing.go @@ -114,6 +114,7 @@ func TestConfig(buildDir string, env map[string]string, bp string, fs map[string "cert/new_cert.x509.pem": nil, "cert/new_cert.pk8": nil, + "lineage.bin": nil, "testdata/data": nil,