Merge changes from topic "apex_bundle_pubkey"
* changes: Bundle public keys with APEX Add installable property to apex_key
This commit is contained in:
Jiyong Park
Gerrit Code Review
commit
d26357ebbd
25
apex/apex.go
25
apex/apex.go
|
|
@ -56,12 +56,12 @@ var (
|
|||
`--file_contexts ${file_contexts} ` +
|
||||
`--canned_fs_config ${canned_fs_config} ` +
|
||||
`--payload_type image ` +
|
||||
`--key ${key} ${image_dir} ${out} `,
|
||||
`--key ${key} ${opt_flags} ${image_dir} ${out} `,
|
||||
CommandDeps: []string{"${apexer}", "${avbtool}", "${e2fsdroid}", "${merge_zips}",
|
||||
"${mke2fs}", "${resize2fs}", "${sefcontext_compile}",
|
||||
"${soong_zip}", "${zipalign}", "${aapt2}"},
|
||||
Description: "APEX ${image_dir} => ${out}",
|
||||
}, "tool_path", "image_dir", "copy_commands", "manifest", "file_contexts", "canned_fs_config", "key")
|
||||
}, "tool_path", "image_dir", "copy_commands", "manifest", "file_contexts", "canned_fs_config", "key", "opt_flags")
|
||||
|
||||
zipApexRule = pctx.StaticRule("zipApexRule", blueprint.RuleParams{
|
||||
Command: `rm -rf ${image_dir} && mkdir -p ${image_dir} && ` +
|
||||
|
|
@ -518,6 +518,7 @@ func (a *apexBundle) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
|||
filesInfo := []apexFile{}
|
||||
|
||||
var keyFile android.Path
|
||||
var pubKeyFile android.Path
|
||||
var certificate java.Certificate
|
||||
|
||||
if a.properties.Payload_type == nil || *a.properties.Payload_type == "image" {
|
||||
|
|
@ -576,6 +577,12 @@ func (a *apexBundle) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
|||
case keyTag:
|
||||
if key, ok := child.(*apexKey); ok {
|
||||
keyFile = key.private_key_file
|
||||
if !key.installable() && ctx.Config().Debuggable() {
|
||||
// If the key is not installed, bundled it with the APEX.
|
||||
// Note: this bundled key is valid only for non-production builds
|
||||
// (eng/userdebug).
|
||||
pubKeyFile = key.public_key_file
|
||||
}
|
||||
return false
|
||||
} else {
|
||||
ctx.PropertyErrorf("key", "%q is not an apex_key module", depName)
|
||||
|
|
@ -640,18 +647,19 @@ func (a *apexBundle) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
|||
a.filesInfo = filesInfo
|
||||
|
||||
if a.apexTypes.zip() {
|
||||
a.buildUnflattenedApex(ctx, keyFile, certificate, zipApex)
|
||||
a.buildUnflattenedApex(ctx, keyFile, pubKeyFile, certificate, zipApex)
|
||||
}
|
||||
if a.apexTypes.image() {
|
||||
if ctx.Config().FlattenApex() {
|
||||
a.buildFlattenedApex(ctx)
|
||||
} else {
|
||||
a.buildUnflattenedApex(ctx, keyFile, certificate, imageApex)
|
||||
a.buildUnflattenedApex(ctx, keyFile, pubKeyFile, certificate, imageApex)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (a *apexBundle) buildUnflattenedApex(ctx android.ModuleContext, keyFile android.Path, certificate java.Certificate, apexType apexPackaging) {
|
||||
func (a *apexBundle) buildUnflattenedApex(ctx android.ModuleContext, keyFile android.Path,
|
||||
pubKeyFile android.Path, certificate java.Certificate, apexType apexPackaging) {
|
||||
cert := String(a.properties.Certificate)
|
||||
if cert != "" && android.SrcIsModule(cert) == "" {
|
||||
defaultDir := ctx.Config().DefaultAppCertificateDir(ctx)
|
||||
|
|
@ -739,8 +747,14 @@ func (a *apexBundle) buildUnflattenedApex(ctx android.ModuleContext, keyFile and
|
|||
}
|
||||
fileContexts := fileContextsOptionalPath.Path()
|
||||
|
||||
optFlags := []string{}
|
||||
|
||||
// Additional implicit inputs.
|
||||
implicitInputs = append(implicitInputs, cannedFsConfig, fileContexts, keyFile)
|
||||
if pubKeyFile != nil {
|
||||
implicitInputs = append(implicitInputs, pubKeyFile)
|
||||
optFlags = append(optFlags, "--pubkey "+pubKeyFile.String())
|
||||
}
|
||||
|
||||
ctx.Build(pctx, android.BuildParams{
|
||||
Rule: apexRule,
|
||||
|
|
@ -755,6 +769,7 @@ func (a *apexBundle) buildUnflattenedApex(ctx android.ModuleContext, keyFile and
|
|||
"file_contexts": fileContexts.String(),
|
||||
"canned_fs_config": cannedFsConfig.String(),
|
||||
"key": keyFile.String(),
|
||||
"opt_flags": strings.Join(optFlags, " "),
|
||||
},
|
||||
})
|
||||
|
||||
|
|
|
|||
12
apex/key.go
12
apex/key.go
|
|
@ -45,6 +45,9 @@ type apexKeyProperties struct {
|
|||
Public_key *string
|
||||
// Path to the private key file in pem format. Used to sign APEXs.
|
||||
Private_key *string
|
||||
|
||||
// Whether this key is installable to one of the partitions. Defualt: true.
|
||||
Installable *bool
|
||||
}
|
||||
|
||||
func apexKeyFactory() android.Module {
|
||||
|
|
@ -54,6 +57,10 @@ func apexKeyFactory() android.Module {
|
|||
return module
|
||||
}
|
||||
|
||||
func (m *apexKey) installable() bool {
|
||||
return m.properties.Installable == nil || proptools.Bool(m.properties.Installable)
|
||||
}
|
||||
|
||||
func (m *apexKey) DepsMutator(ctx android.BottomUpMutatorContext) {
|
||||
}
|
||||
|
||||
|
|
@ -71,7 +78,9 @@ func (m *apexKey) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
|||
}
|
||||
m.keyName = pubKeyName
|
||||
|
||||
ctx.InstallFile(android.PathForModuleInstall(ctx, "etc/security/apex"), m.keyName, m.public_key_file)
|
||||
if m.installable() {
|
||||
ctx.InstallFile(android.PathForModuleInstall(ctx, "etc/security/apex"), m.keyName, m.public_key_file)
|
||||
}
|
||||
}
|
||||
|
||||
func (m *apexKey) AndroidMk() android.AndroidMkData {
|
||||
|
|
@ -82,6 +91,7 @@ func (m *apexKey) AndroidMk() android.AndroidMkData {
|
|||
func(w io.Writer, outputFile android.Path) {
|
||||
fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", "$(TARGET_OUT)/etc/security/apex")
|
||||
fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", m.keyName)
|
||||
fmt.Fprintln(w, "LOCAL_UNINSTALLABLE_MODULE :=", !m.installable())
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue