diff --git a/core/Makefile b/core/Makefile index af956eeb3..2439f3432 100644 --- a/core/Makefile +++ b/core/Makefile @@ -861,10 +861,17 @@ endif # ----------------------------------------------------------------- # Cert-to-package mapping. Used by the post-build signing tools. # Use a macro to add newline to each echo command +# $1 package name +# $2 certificate +# $3 private key +# $4 compressed +# $5 partition tag +# $6 output file define _apkcerts_write_line -$(hide) echo -n 'name="$(1).apk" certificate="$2" private_key="$3"' >> $5 -$(if $(4), $(hide) echo -n ' compressed="$4"' >> $5) -$(hide) echo '' >> $5 +$(hide) echo -n 'name="$(1).apk" certificate="$2" private_key="$3"' >> $6 +$(if $(4), $(hide) echo -n ' compressed="$4"' >> $6) +$(if $(5), $(hide) echo -n ' partition="$5"' >> $6) +$(hide) echo '' >> $6 endef @@ -884,8 +891,8 @@ $(APKCERTS_FILE): @rm -f $@ $(foreach p,$(sort $(PACKAGES)),\ $(if $(PACKAGES.$(p).EXTERNAL_KEY),\ - $(call _apkcerts_write_line,$(p),"EXTERNAL","",$(PACKAGES.$(p).COMPRESSED),$@),\ - $(call _apkcerts_write_line,$(p),$(PACKAGES.$(p).CERTIFICATE),$(PACKAGES.$(p).PRIVATE_KEY),$(PACKAGES.$(p).COMPRESSED),$@))) + $(call _apkcerts_write_line,$(p),"EXTERNAL","",$(PACKAGES.$(p).COMPRESSED),$(PACKAGES.$(p).PARTITION),$@),\ + $(call _apkcerts_write_line,$(p),$(PACKAGES.$(p).CERTIFICATE),$(PACKAGES.$(p).PRIVATE_KEY),$(PACKAGES.$(p).COMPRESSED),$(PACKAGES.$(p).PARTITION),$@))) # In case value of PACKAGES is empty. $(hide) touch $@ diff --git a/core/app_prebuilt_internal.mk b/core/app_prebuilt_internal.mk index ce554c9ad..05d900160 100644 --- a/core/app_prebuilt_internal.mk +++ b/core/app_prebuilt_internal.mk @@ -167,6 +167,9 @@ endif include $(BUILD_SYSTEM)/app_certificate_validate.mk +# Set a actual_partition_tag (calculated in base_rules.mk) for the package. +PACKAGES.$(LOCAL_MODULE).PARTITION := $(actual_partition_tag) + # Disable dex-preopt of prebuilts to save space, if requested. ifndef LOCAL_DEX_PREOPT ifeq ($(DONT_DEXPREOPT_PREBUILTS),true) diff --git a/core/base_rules.mk b/core/base_rules.mk index f70911edc..f78e5099a 100644 --- a/core/base_rules.mk +++ b/core/base_rules.mk @@ -208,23 +208,39 @@ my_module_path := $(patsubst %/,%,$(my_module_path)) my_module_relative_path := $(strip $(LOCAL_MODULE_RELATIVE_PATH)) ifdef LOCAL_IS_HOST_MODULE partition_tag := + actual_partition_tag := else ifeq (true,$(strip $(LOCAL_VENDOR_MODULE))) partition_tag := _VENDOR + # A vendor module could be on the vendor partition at "vendor" or the system + # partition at "system/vendor". + actual_partition_tag := $(if $(filter true,$(BOARD_USES_VENDORIMAGE)),vendor,system) else ifeq (true,$(strip $(LOCAL_OEM_MODULE))) partition_tag := _OEM + actual_partition_tag := oem else ifeq (true,$(strip $(LOCAL_ODM_MODULE))) partition_tag := _ODM + # An ODM module could be on the odm partition at "odm", the vendor partition + # at "vendor/odm", or the system partition at "system/vendor/odm". + actual_partition_tag := $(if $(filter true,$(BOARD_USES_ODMIMAGE)),odm,$(if $(filter true,$(BOARD_USES_VENDORIMAGE)),vendor,system)) else ifeq (true,$(strip $(LOCAL_PRODUCT_MODULE))) partition_tag := _PRODUCT + # A product module could be on the product partition at "product" or the + # system partition at "system/product". + actual_partition_tag := $(if $(filter true,$(BOARD_USES_PRODUCTIMAGE)),product,system) else ifeq (true,$(strip $(LOCAL_SYSTEM_EXT_MODULE))) partition_tag := _SYSTEM_EXT + # A system_ext-specific module could be on the system_ext partition at + # "system_ext" or the system partition at "system/system_ext". + actual_partition_tag := $(if $(filter true,$(BOARD_USES_SYSTEM_EXTIMAGE)),system_ext,system) else ifeq (NATIVE_TESTS,$(LOCAL_MODULE_CLASS)) partition_tag := _DATA + actual_partition_tag := data else # The definition of should-install-to-system will be different depending # on which goal (e.g., sdk or just droid) is being built. partition_tag := $(if $(call should-install-to-system,$(my_module_tags)),,_DATA) + actual_partition_tag := $(if $(partition_tag),data,system) endif endif # For test modules that lack a suite tag, set null-suite as the default. diff --git a/core/package_internal.mk b/core/package_internal.mk index e680df7b3..c6c2cf55c 100644 --- a/core/package_internal.mk +++ b/core/package_internal.mk @@ -471,6 +471,9 @@ PACKAGES.$(LOCAL_PACKAGE_NAME).CERTIFICATE := $(certificate) $(LOCAL_BUILT_MODULE): $(additional_certificates) $(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_CERTIFICATES := $(additional_certificates) +# Set a actual_partition_tag (calculated in base_rules.mk) for the package. +PACKAGES.$(LOCAL_PACKAGE_NAME).PARTITION := $(actual_partition_tag) + # Verify LOCAL_USES_LIBRARIES/LOCAL_OPTIONAL_USES_LIBRARIES # If LOCAL_ENFORCE_USES_LIBRARIES is not set, default to true if either of LOCAL_USES_LIBRARIES or # LOCAL_OPTIONAL_USES_LIBRARIES are specified. diff --git a/core/soong_app_prebuilt.mk b/core/soong_app_prebuilt.mk index a001e3af6..6dc396c9e 100644 --- a/core/soong_app_prebuilt.mk +++ b/core/soong_app_prebuilt.mk @@ -157,6 +157,9 @@ endif include $(BUILD_SYSTEM)/app_certificate_validate.mk PACKAGES.$(LOCAL_MODULE).OVERRIDES := $(strip $(LOCAL_OVERRIDES_PACKAGES)) +# Set a actual_partition_tag (calculated in base_rules.mk) for the package. +PACKAGES.$(LOCAL_MODULE).PARTITION := $(actual_partition_tag) + ifdef LOCAL_SOONG_BUNDLE ALL_MODULES.$(LOCAL_MODULE).BUNDLE := $(LOCAL_SOONG_BUNDLE) endif diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py index 3276b297e..2030d5aea 100644 --- a/tools/releasetools/common.py +++ b/tools/releasetools/common.py @@ -1754,7 +1754,8 @@ def ReadApkCerts(tf_zip): continue m = re.match( r'^name="(?P.*)"\s+certificate="(?P.*)"\s+' - r'private_key="(?P.*?)"(\s+compressed="(?P.*)")?$', + r'private_key="(?P.*?)"(\s+compressed="(?P.*)")?' + r'(\s+partition="(?P.*)")?$', line) if not m: continue diff --git a/tools/releasetools/merge_target_files.py b/tools/releasetools/merge_target_files.py index eb68bc30e..8e9750987 100755 --- a/tools/releasetools/merge_target_files.py +++ b/tools/releasetools/merge_target_files.py @@ -79,6 +79,7 @@ from __future__ import print_function import fnmatch import logging import os +import re import shutil import subprocess import sys @@ -109,6 +110,27 @@ OPTIONS.output_super_empty = None OPTIONS.rebuild_recovery = False OPTIONS.keep_tmp = False +# In an item list (framework or vendor), we may see entries that select whole +# partitions. Such an entry might look like this 'SYSTEM/*' (e.g., for the +# system partition). The following regex matches this and extracts the +# partition name. + +PARTITION_ITEM_PATTERN = re.compile(r'^([A-Z_]+)/\*$') + +# In apexkeys.txt or apkcerts.txt, we may find partition tags on the various +# entries in the file. We use these partition tags to filter the entries in +# those files from the two different target files packages to produce a merged +# apexkeys.txt or apkcerts.txt file. A partition tag (e.g., for the product +# partition) looks like this: 'partition="_PRODUCT"' or 'partition="product". +# We use the group syntax grab the value of the tag. + +PARTITION_TAG_PATTERN = re.compile(r'partition="(.*)"') + +# The sorting algorithm for apexkeys.txt and apkcerts.txt does not include the +# ".apex" or ".apk" suffix, so we use the following pattern to extract a key. + +MODULE_KEY_PATTERN = re.compile(r'name="(.+)\.(apex|apk)"') + # DEFAULT_FRAMEWORK_ITEM_LIST is a list of items to extract from the partial # framework target files package as is, meaning these items will land in the # output target files package exactly as they appear in the input partial @@ -484,9 +506,40 @@ def process_dynamic_partitions_info_txt(framework_target_files_dir, path=output_dynamic_partitions_info_txt) +def item_list_to_partition_set(item_list): + """Converts a target files item list to a partition set. + + The item list contains items that might look like 'SYSTEM/*' or 'VENDOR/*' or + 'OTA/android-info.txt'. Items that end in '/*' are assumed to match entire + directories where 'SYSTEM' or 'VENDOR' is a directory name that identifies the + contents of a partition of the same name. Other items in the list, such as the + 'OTA' example contain metadata. This function iterates such a list, returning + a set that contains the partition entries. + + Args: + item_list: A list of items in a target files package. + Returns: + A set of partitions extracted from the list of items. + """ + + partition_set = set() + + for item in item_list: + match = PARTITION_ITEM_PATTERN.search(item.strip()) + partition_tag = match.group(1).lower() if match else None + + if partition_tag: + partition_set.add(partition_tag) + + return partition_set + + def process_apex_keys_apk_certs_common(framework_target_files_dir, vendor_target_files_dir, - output_target_files_dir, file_name): + output_target_files_dir, + framework_partition_set, + vendor_partition_set, file_name): + """Performs special processing for META/apexkeys.txt or META/apkcerts.txt. This function merges the contents of the META/apexkeys.txt or @@ -502,6 +555,10 @@ def process_apex_keys_apk_certs_common(framework_target_files_dir, items extracted from the vendor target files package. output_target_files_dir: The name of a directory that will be used to create the output target files package after all the special cases are processed. + framework_partition_set: Partitions that are considered framework + partitions. Used to filter apexkeys.txt and apkcerts.txt. + vendor_partition_set: Partitions that are considered vendor partitions. Used + to filter apexkeys.txt and apkcerts.txt. file_name: The name of the file to merge. One of apkcerts.txt or apexkeys.txt. """ @@ -512,21 +569,44 @@ def process_apex_keys_apk_certs_common(framework_target_files_dir, with open(file_path) as f: for line in f: if line.strip(): - temp[line.split()[0]] = line.strip() + name = line.split()[0] + match = MODULE_KEY_PATTERN.search(name) + temp[match.group(1)] = line.strip() return temp framework_dict = read_helper(framework_target_files_dir) vendor_dict = read_helper(vendor_target_files_dir) + merged_dict = {} - for key in framework_dict: - if key in vendor_dict and vendor_dict[key] != framework_dict[key]: - raise ValueError('Conflicting entries found in %s:\n %s and\n %s' % - (file_name, framework_dict[key], vendor_dict[key])) - vendor_dict[key] = framework_dict[key] + def filter_into_merged_dict(item_dict, partition_set): + for key, value in item_dict.items(): + match = PARTITION_TAG_PATTERN.search(value) + + if match is None: + raise ValueError('Entry missing partition tag: %s' % value) + + partition_tag = match.group(1) + + if partition_tag in partition_set: + if key in merged_dict: + raise ValueError('Duplicate key %s' % key) + + merged_dict[key] = value + + filter_into_merged_dict(framework_dict, framework_partition_set) + filter_into_merged_dict(vendor_dict, vendor_partition_set) output_file = os.path.join(output_target_files_dir, 'META', file_name) - write_sorted_data(data=vendor_dict.values(), path=output_file) + # The following code is similar to write_sorted_data, but different enough + # that we couldn't use that function. We need the output to be sorted by the + # basename of the apex/apk (without the ".apex" or ".apk" suffix). This + # allows the sort to be consistent with the framework/vendor input data and + # eases comparison of input data with merged data. + with open(output_file, 'w') as output: + for key in sorted(merged_dict.keys()): + out_str = merged_dict[key] + '\n' + output.write(out_str) def copy_file_contexts(framework_target_files_dir, vendor_target_files_dir, @@ -559,7 +639,9 @@ def copy_file_contexts(framework_target_files_dir, vendor_target_files_dir, def process_special_cases(framework_target_files_temp_dir, vendor_target_files_temp_dir, output_target_files_temp_dir, - framework_misc_info_keys): + framework_misc_info_keys, + framework_partition_set, + vendor_partition_set): """Performs special-case processing for certain target files items. Certain files in the output target files package require special-case @@ -576,6 +658,10 @@ def process_special_cases(framework_target_files_temp_dir, framework_misc_info_keys: A list of keys to obtain from the framework instance of META/misc_info.txt. The remaining keys from the vendor instance. + framework_partition_set: Partitions that are considered framework + partitions. Used to filter apexkeys.txt and apkcerts.txt. + vendor_partition_set: Partitions that are considered vendor partitions. Used + to filter apexkeys.txt and apkcerts.txt. """ if 'ab_update' in framework_misc_info_keys: @@ -604,12 +690,16 @@ def process_special_cases(framework_target_files_temp_dir, framework_target_files_dir=framework_target_files_temp_dir, vendor_target_files_dir=vendor_target_files_temp_dir, output_target_files_dir=output_target_files_temp_dir, + framework_partition_set=framework_partition_set, + vendor_partition_set=vendor_partition_set, file_name='apkcerts.txt') process_apex_keys_apk_certs_common( framework_target_files_dir=framework_target_files_temp_dir, vendor_target_files_dir=vendor_target_files_temp_dir, output_target_files_dir=output_target_files_temp_dir, + framework_partition_set=framework_partition_set, + vendor_partition_set=vendor_partition_set, file_name='apexkeys.txt') @@ -716,7 +806,9 @@ def create_merged_package(temp_dir, framework_target_files, framework_item_list, framework_target_files_temp_dir=framework_target_files_temp_dir, vendor_target_files_temp_dir=vendor_target_files_temp_dir, output_target_files_temp_dir=output_target_files_temp_dir, - framework_misc_info_keys=framework_misc_info_keys) + framework_misc_info_keys=framework_misc_info_keys, + framework_partition_set=item_list_to_partition_set(framework_item_list), + vendor_partition_set=item_list_to_partition_set(vendor_item_list)) return output_target_files_temp_dir diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index 5b7c2ac67..783d63cb9 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -1082,7 +1082,8 @@ def ReadApexKeysInfo(tf_zip): r'public_key="(?P.*)"\s+' r'private_key="(?P.*)"\s+' r'container_certificate="(?P.*)"\s+' - r'container_private_key="(?P.*)"$', + r'container_private_key="(?P.*)"\s+' + r'partition="(?P.*)"$', line) if not matches: continue diff --git a/tools/releasetools/test_merge_target_files.py b/tools/releasetools/test_merge_target_files.py index 1abe83c7c..ff8593b69 100644 --- a/tools/releasetools/test_merge_target_files.py +++ b/tools/releasetools/test_merge_target_files.py @@ -22,6 +22,7 @@ from merge_target_files import (validate_config_lists, DEFAULT_FRAMEWORK_ITEM_LIST, DEFAULT_VENDOR_ITEM_LIST, DEFAULT_FRAMEWORK_MISC_INFO_KEYS, copy_items, + item_list_to_partition_set, process_apex_keys_apk_certs_common) @@ -142,6 +143,8 @@ class MergeTargetFilesTest(test_utils.ReleaseToolsTestCase): os.path.join(vendor_dir, 'META', 'apexkeys.txt')) process_apex_keys_apk_certs_common(framework_dir, vendor_dir, output_dir, + set(['product', 'system', 'system_ext']), + set(['odm', 'vendor']), 'apexkeys.txt') merged_entries = [] @@ -175,4 +178,54 @@ class MergeTargetFilesTest(test_utils.ReleaseToolsTestCase): os.path.join(conflict_dir, 'META', 'apexkeys.txt')) self.assertRaises(ValueError, process_apex_keys_apk_certs_common, - framework_dir, conflict_dir, output_dir, 'apexkeys.txt') + framework_dir, conflict_dir, output_dir, + set(['product', 'system', 'system_ext']), + set(['odm', 'vendor']), + 'apexkeys.txt') + + def test_process_apex_keys_apk_certs_HandlesApkCertsSyntax(self): + output_dir = common.MakeTempDir() + os.makedirs(os.path.join(output_dir, 'META')) + + framework_dir = common.MakeTempDir() + os.makedirs(os.path.join(framework_dir, 'META')) + os.symlink( + os.path.join(self.testdata_dir, 'apkcerts_framework.txt'), + os.path.join(framework_dir, 'META', 'apkcerts.txt')) + + vendor_dir = common.MakeTempDir() + os.makedirs(os.path.join(vendor_dir, 'META')) + os.symlink( + os.path.join(self.testdata_dir, 'apkcerts_vendor.txt'), + os.path.join(vendor_dir, 'META', 'apkcerts.txt')) + + process_apex_keys_apk_certs_common(framework_dir, vendor_dir, output_dir, + set(['product', 'system', 'system_ext']), + set(['odm', 'vendor']), + 'apkcerts.txt') + + merged_entries = [] + merged_path = os.path.join(self.testdata_dir, 'apkcerts_merge.txt') + + with open(merged_path) as f: + merged_entries = f.read().split('\n') + + output_entries = [] + output_path = os.path.join(output_dir, 'META', 'apkcerts.txt') + + with open(output_path) as f: + output_entries = f.read().split('\n') + + return self.assertEqual(merged_entries, output_entries) + + def test_item_list_to_partition_set(self): + item_list = [ + 'META/apexkeys.txt', + 'META/apkcerts.txt', + 'META/filesystem_config.txt', + 'PRODUCT/*', + 'SYSTEM/*', + 'SYSTEM_EXT/*', + ] + partition_set = item_list_to_partition_set(item_list) + self.assertEqual(set(['product', 'system', 'system_ext']), partition_set) diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py index 2b84413cf..2dacd5037 100644 --- a/tools/releasetools/test_sign_target_files_apks.py +++ b/tools/releasetools/test_sign_target_files_apks.py @@ -36,8 +36,8 @@ class SignTargetFilesApksTest(test_utils.ReleaseToolsTestCase): """ # pylint: disable=line-too-long - APEX_KEYS_TXT = """name="apex.apexd_test.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem" container_certificate="build/make/target/product/security/testkey.x509.pem" container_private_key="build/make/target/product/security/testkey.pk8" -name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" container_certificate="build/make/target/product/security/testkey.x509.pem" container_private_key="build/make/target/product/security/testkey.pk8" + APEX_KEYS_TXT = """name="apex.apexd_test.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem" container_certificate="build/make/target/product/security/testkey.x509.pem" container_private_key="build/make/target/product/security/testkey.pk8" partition="system" +name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" container_certificate="build/make/target/product/security/testkey.x509.pem" container_private_key="build/make/target/product/security/testkey.pk8" partition="system" """ def setUp(self): @@ -484,7 +484,8 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te 'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" ' 'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" ' 'container_certificate="build/make/target/product/security/testkey.x509.pem" ' - 'container_private_key="build/make/target/product/security/testkey2.pk8"') + 'container_private_key="build/make/target/product/security/testkey2.pk8" ' + 'partition="system"') target_files = common.MakeTempFile(suffix='.zip') with zipfile.ZipFile(target_files, 'w') as target_files_zip: target_files_zip.writestr('META/apexkeys.txt', apex_keys) diff --git a/tools/releasetools/testdata/apexkeys_framework.txt b/tools/releasetools/testdata/apexkeys_framework.txt index 234666870..b9caf9e27 100644 --- a/tools/releasetools/testdata/apexkeys_framework.txt +++ b/tools/releasetools/testdata/apexkeys_framework.txt @@ -1,2 +1,7 @@ -name="com.android.runtime.debug.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.debug.x509.pem" container_private_key="art/build/apex/com.android.runtime.debug.pk8" -name="com.android.conscrypt.apex" public_key="external/conscrypt/apex/com.android.conscrypt.avbpubkey" private_key="external/conscrypt/apex/com.android.conscrypt.pem" container_certificate="external/conscrypt/apex/com.android.conscrypt.x509.pem" container_private_key="external/conscrypt/apex/com.android.conscrypt.pk8" +name="com.android.conscrypt.apex" public_key="external/conscrypt/apex/com.android.conscrypt.avbpubkey" private_key="external/conscrypt/apex/com.android.conscrypt.pem" container_certificate="external/conscrypt/apex/com.android.conscrypt.x509.pem" container_private_key="external/conscrypt/apex/com.android.conscrypt.pk8" partition="system" +name="com.android.dummy_product.apex" public_key="selected" private_key="selected" container_certificate="selected" container_private_key="selected" partition="product" +name="com.android.runtime.apex" public_key="bionic/apex/com.android.runtime.avbpubkey" private_key="bionic/apex/com.android.runtime.pem" container_certificate="bionic/apex/com.android.runtime.x509.pem" container_private_key="bionic/apex/com.android.runtime.pk8" partition="system" +name="com.android.vndk.current.on_vendor.apex" public_key="not_selected" private_key="not_selected" container_certificate="not_selected" container_private_key="not_selected" partition="vendor" +name="com.android.vndk.v27.apex" public_key="packages/modules/vndk/apex/com.android.vndk.v27.pubkey" private_key="packages/modules/vndk/apex/com.android.vndk.v27.pem" container_certificate="packages/modules/vndk/apex/com.android.vndk.v27.x509.pem" container_private_key="packages/modules/vndk/apex/com.android.vndk.v27.pk8" partition="system_ext" +name="com.android.vndk.v28.apex" public_key="packages/modules/vndk/apex/com.android.vndk.v28.pubkey" private_key="packages/modules/vndk/apex/com.android.vndk.v28.pem" container_certificate="packages/modules/vndk/apex/com.android.vndk.v28.x509.pem" container_private_key="packages/modules/vndk/apex/com.android.vndk.v28.pk8" partition="system_ext" +name="com.android.vndk.v29.apex" public_key="packages/modules/vndk/apex/com.android.vndk.v29.pubkey" private_key="packages/modules/vndk/apex/com.android.vndk.v29.pem" container_certificate="packages/modules/vndk/apex/com.android.vndk.v29.x509.pem" container_private_key="packages/modules/vndk/apex/com.android.vndk.v29.pk8" partition="system_ext" diff --git a/tools/releasetools/testdata/apexkeys_framework_conflict.txt b/tools/releasetools/testdata/apexkeys_framework_conflict.txt index caa21c2fa..9a055f4bc 100644 --- a/tools/releasetools/testdata/apexkeys_framework_conflict.txt +++ b/tools/releasetools/testdata/apexkeys_framework_conflict.txt @@ -1 +1 @@ -name="com.android.runtime.debug.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.release.x509.pem" container_private_key="art/build/apex/com.android.runtime.debug.pk8" +name="com.android.conscrypt.apex" public_key="external/conscrypt/apex/com.android.conscrypt.avbpubkey" private_key="external/conscrypt/apex/com.android.conscrypt.pem" container_certificate="external/conscrypt/apex/com.android.conscrypt.x509.pem" container_private_key="external/conscrypt/apex/com.android.conscrypt.pk8" partition="vendor" diff --git a/tools/releasetools/testdata/apexkeys_merge.txt b/tools/releasetools/testdata/apexkeys_merge.txt index 48e789f43..a9355d770 100644 --- a/tools/releasetools/testdata/apexkeys_merge.txt +++ b/tools/releasetools/testdata/apexkeys_merge.txt @@ -1,4 +1,7 @@ -name="com.android.conscrypt.apex" public_key="external/conscrypt/apex/com.android.conscrypt.avbpubkey" private_key="external/conscrypt/apex/com.android.conscrypt.pem" container_certificate="external/conscrypt/apex/com.android.conscrypt.x509.pem" container_private_key="external/conscrypt/apex/com.android.conscrypt.pk8" -name="com.android.runtime.debug.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.debug.x509.pem" container_private_key="art/build/apex/com.android.runtime.debug.pk8" -name="com.android.runtime.release.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.release.x509.pem" container_private_key="art/build/apex/com.android.runtime.release.pk8" -name="com.android.support.apexer.apex" public_key="system/apex/apexer/etc/com.android.support.apexer.avbpubkey" private_key="system/apex/apexer/etc/com.android.support.apexer.pem" container_certificate="build/target/product/security/testkey.x509.pem" container_private_key="build/target/product/security/testkey.pk8" +name="com.android.conscrypt.apex" public_key="external/conscrypt/apex/com.android.conscrypt.avbpubkey" private_key="external/conscrypt/apex/com.android.conscrypt.pem" container_certificate="external/conscrypt/apex/com.android.conscrypt.x509.pem" container_private_key="external/conscrypt/apex/com.android.conscrypt.pk8" partition="system" +name="com.android.dummy_product.apex" public_key="selected" private_key="selected" container_certificate="selected" container_private_key="selected" partition="product" +name="com.android.runtime.apex" public_key="bionic/apex/com.android.runtime.avbpubkey" private_key="bionic/apex/com.android.runtime.pem" container_certificate="bionic/apex/com.android.runtime.x509.pem" container_private_key="bionic/apex/com.android.runtime.pk8" partition="system" +name="com.android.vndk.current.on_vendor.apex" public_key="packages/modules/vndk/apex/com.android.vndk.current.pubkey" private_key="packages/modules/vndk/apex/com.android.vndk.current.pem" container_certificate="packages/modules/vndk/apex/com.android.vndk.current.x509.pem" container_private_key="packages/modules/vndk/apex/com.android.vndk.current.pk8" partition="vendor" +name="com.android.vndk.v27.apex" public_key="packages/modules/vndk/apex/com.android.vndk.v27.pubkey" private_key="packages/modules/vndk/apex/com.android.vndk.v27.pem" container_certificate="packages/modules/vndk/apex/com.android.vndk.v27.x509.pem" container_private_key="packages/modules/vndk/apex/com.android.vndk.v27.pk8" partition="system_ext" +name="com.android.vndk.v28.apex" public_key="packages/modules/vndk/apex/com.android.vndk.v28.pubkey" private_key="packages/modules/vndk/apex/com.android.vndk.v28.pem" container_certificate="packages/modules/vndk/apex/com.android.vndk.v28.x509.pem" container_private_key="packages/modules/vndk/apex/com.android.vndk.v28.pk8" partition="system_ext" +name="com.android.vndk.v29.apex" public_key="packages/modules/vndk/apex/com.android.vndk.v29.pubkey" private_key="packages/modules/vndk/apex/com.android.vndk.v29.pem" container_certificate="packages/modules/vndk/apex/com.android.vndk.v29.x509.pem" container_private_key="packages/modules/vndk/apex/com.android.vndk.v29.pk8" partition="system_ext" diff --git a/tools/releasetools/testdata/apexkeys_vendor.txt b/tools/releasetools/testdata/apexkeys_vendor.txt index b751227ac..7dd3964bc 100644 --- a/tools/releasetools/testdata/apexkeys_vendor.txt +++ b/tools/releasetools/testdata/apexkeys_vendor.txt @@ -1,3 +1,7 @@ -name="com.android.runtime.release.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.release.x509.pem" container_private_key="art/build/apex/com.android.runtime.release.pk8" -name="com.android.support.apexer.apex" public_key="system/apex/apexer/etc/com.android.support.apexer.avbpubkey" private_key="system/apex/apexer/etc/com.android.support.apexer.pem" container_certificate="build/target/product/security/testkey.x509.pem" container_private_key="build/target/product/security/testkey.pk8" -name="com.android.runtime.debug.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.debug.x509.pem" container_private_key="art/build/apex/com.android.runtime.debug.pk8" +name="com.android.conscrypt.apex" public_key="not_selected" private_key="not_selected" container_certificate="not_selected" container_private_key="not_selected" partition="system" +name="com.android.dummy_product.apex" public_key="not_selected" private_key="not_selected" container_certificate="not_selected" container_private_key="not_selected" partition="product" +name="com.android.runtime.apex" public_key="not_selected" private_key="not_selected" container_certificate="not_selected" container_private_key="not_selected" partition="system" +name="com.android.vndk.current.on_vendor.apex" public_key="packages/modules/vndk/apex/com.android.vndk.current.pubkey" private_key="packages/modules/vndk/apex/com.android.vndk.current.pem" container_certificate="packages/modules/vndk/apex/com.android.vndk.current.x509.pem" container_private_key="packages/modules/vndk/apex/com.android.vndk.current.pk8" partition="vendor" +name="com.android.vndk.v27.apex" public_key="not_selected" private_key="not_selected" container_certificate="not_selected" container_private_key="not_selected" partition="system_ext" +name="com.android.vndk.v28.apex" public_key="not_selected" private_key="not_selected" container_certificate="not_selected" container_private_key="not_selected" partition="system_ext" +name="com.android.vndk.v29.apex" public_key="not_selected" private_key="not_selected" container_certificate="not_selected" container_private_key="not_selected" partition="system_ext" diff --git a/tools/releasetools/testdata/apkcerts_framework.txt b/tools/releasetools/testdata/apkcerts_framework.txt new file mode 100644 index 000000000..a75f55c49 --- /dev/null +++ b/tools/releasetools/testdata/apkcerts_framework.txt @@ -0,0 +1,6 @@ +name="TestSystem1.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="system" +name="TestSystem2.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="system" +name="TestVendor.apk" certificate="not_selected" private_key="not_selected" partition="vendor" +name="TestOdm.apk" certificate="not_selected" private_key="not_selected" partition="odm" +name="TestProduct.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="product" +name="TestSystemExt.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="system_ext" diff --git a/tools/releasetools/testdata/apkcerts_merge.txt b/tools/releasetools/testdata/apkcerts_merge.txt new file mode 100644 index 000000000..0425e96b4 --- /dev/null +++ b/tools/releasetools/testdata/apkcerts_merge.txt @@ -0,0 +1,6 @@ +name="TestOdm.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="odm" +name="TestProduct.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="product" +name="TestSystem1.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="system" +name="TestSystem2.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="system" +name="TestSystemExt.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="system_ext" +name="TestVendor.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="vendor" diff --git a/tools/releasetools/testdata/apkcerts_vendor.txt b/tools/releasetools/testdata/apkcerts_vendor.txt new file mode 100644 index 000000000..13d5255e5 --- /dev/null +++ b/tools/releasetools/testdata/apkcerts_vendor.txt @@ -0,0 +1,6 @@ +name="TestSystem1.apk" certificate="not_selected" private_key="not_selected" partition="system" +name="TestSystem2.apk" certificate="not_selected" private_key="not_selected" partition="system" +name="TestVendor.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="vendor" +name="TestOdm.apk" certificate="build/make/target/product/security/testkey.x509.pem" private_key="build/make/target/product/security/testkey.pk8" partition="odm" +name="TestProduct.apk" certificate="not_selected" private_key="not_selected" partition="product" +name="TestSystemExt.apk" certificate="not_selected" private_key="not_selected" partition="system_ext"