Gitiles
Code Review Sign In
review.blissroms.org / platform_build_make / b2c4bb7e3ddcaa27242c1e4e78f69d7e39524cf9^! / . / core / main.mk
commitb2c4bb7e3ddcaa27242c1e4e78f69d7e39524cf9[log] [tgz]
authorJeongik Cha <jeongik@google.com>Mon Dec 17 14:45:15 2018 +0900
committerJeongik Cha <jeongik@google.com>Thu Jan 10 11:37:22 2019 +0900
tree3806c64f1fb8168e38b893ce19bf665f88e1cd33
parent8d95a14476b5b1cb5a2af655ac5da4606c3b5c07 [diff] [blame]
Dump and enforce certificate for apks

Dump the list of APKs that aren't located at system partition and signed
with system certificate.
And when enforcement option is enabled, it makes build error if there is
the apk that satisfies the condition above.

Bug: 74699609

Test: m -j
Test: m out/target/product/$(get_build_var TARGET_DEVICE)/certificate_violation_modules.txt

Change-Id: I23c41f2665dd97abac3e77d1c82d81ff91b894eb

diff --git a/core/main.mk b/core/main.mk
index 9fd1c35..660290a 100644
--- a/core/main.mk
+++ b/core/main.mk

@@ -1096,6 +1096,13 @@
       $(TARGET_OUT_SYSTEM_OTHER)/%.vdex \
       $(TARGET_OUT_SYSTEM_OTHER)/%.art
   endif
+
+CERTIFICATE_VIOLATION_MODULES_FILENAME := $(PRODUCT_OUT)/certificate_violation_modules.txt
+$(CERTIFICATE_VIOLATION_MODULES_FILENAME):
+	rm -f $@
+	$(foreach m,$(sort $(CERTIFICATE_VIOLATION_MODULES)), echo $(m) >> $@;)
+$(call dist-for-goals,droidcore,$(CERTIFICATE_VIOLATION_MODULES_FILENAME))
+
   all_offending_files :=
   $(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\
     $(eval requirements := $(PRODUCTS.$(makefile).ARTIFACT_PATH_REQUIREMENTS)) \