Merge "Sort content of merged target files package."
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 46e026a..19326dd 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -149,6 +149,7 @@
$(call add_json_list, BoardOdmSepolicyDirs, $(BOARD_ODM_SEPOLICY_DIRS))
$(call add_json_list, BoardPlatPublicSepolicyDirs, $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
$(call add_json_list, BoardPlatPrivateSepolicyDirs, $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
+$(call add_json_list, BoardSepolicyM4Defs, $(BOARD_SEPOLICY_M4DEFS))
$(call add_json_bool, FlattenApex, $(filter true,$(TARGET_FLATTEN_APEX)))
@@ -165,6 +166,10 @@
$(call add_json_list, ProductHiddenAPIStubsSystem, $(PRODUCT_HIDDENAPI_STUBS_SYSTEM))
$(call add_json_list, ProductHiddenAPIStubsTest, $(PRODUCT_HIDDENAPI_STUBS_TEST))
+$(call add_json_list, ProductPublicSepolicyDirs, $(PRODUCT_PUBLIC_SEPOLICY_DIRS))
+$(call add_json_list, ProductPrivateSepolicyDirs, $(PRODUCT_PRIVATE_SEPOLICY_DIRS))
+$(call add_json_bool, ProductCompatibleProperty, $(PRODUCT_COMPATIBLE_PROPERTY))
+
$(call add_json_list, TargetFSConfigGen, $(TARGET_FS_CONFIG_GEN))
$(call add_json_map, VendorVars)
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 9aa9499..7b5f000 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -176,6 +176,9 @@
Returns:
A dict that contains the updated APEX key mapping, which should be used for
the current signing.
+
+ Raises:
+ AssertionError: On invalid container / payload key overrides.
"""
# Apply all the --extra_apex_payload_key options to override the payload
# signing keys in the given keys_info.
@@ -197,6 +200,24 @@
key = 'PRESIGNED'
keys_info[apex] = (keys_info[apex][0], key_map.get(key, key))
+ # A PRESIGNED container entails a PRESIGNED payload. Apply this to all the
+ # APEX key pairs. However, a PRESIGNED container with non-PRESIGNED payload
+ # (overridden via commandline) indicates a config error, which should not be
+ # allowed.
+ for apex, (payload_key, container_key) in keys_info.items():
+ if container_key != 'PRESIGNED':
+ continue
+ if apex in OPTIONS.extra_apex_payload_keys:
+ payload_override = OPTIONS.extra_apex_payload_keys[apex]
+ assert payload_override == '', \
+ ("Invalid APEX key overrides: {} has PRESIGNED container but "
+ "non-PRESIGNED payload key {}").format(apex, payload_override)
+ if payload_key != 'PRESIGNED':
+ print(
+ "Setting {} payload as PRESIGNED due to PRESIGNED container".format(
+ apex))
+ keys_info[apex] = ('PRESIGNED', 'PRESIGNED')
+
return keys_info
@@ -289,7 +310,9 @@
"not sign this apk).".format("\n ".join(unknown_files)))
# For all the APEXes, double check that we won't have an APEX that has only
- # one of the payload / container keys set.
+ # one of the payload / container keys set. Note that non-PRESIGNED container
+ # with PRESIGNED payload could be allowed but currently unsupported. It would
+ # require changing SignApex implementation.
if not apex_keys:
return
@@ -1074,13 +1097,16 @@
# full names only.
container_cert = matches.group("CONTAINER_CERT")
container_private_key = matches.group("CONTAINER_PRIVATE_KEY")
- if not CompareKeys(
+ if container_cert == 'PRESIGNED' and container_private_key == 'PRESIGNED':
+ container_key = 'PRESIGNED'
+ elif CompareKeys(
container_cert, OPTIONS.public_key_suffix,
container_private_key, OPTIONS.private_key_suffix):
+ container_key = container_cert[:-len(OPTIONS.public_key_suffix)]
+ else:
raise ValueError("Failed to parse container keys: \n{}".format(line))
- keys[name] = (payload_private_key,
- container_cert[:-len(OPTIONS.public_key_suffix)])
+ keys[name] = (payload_private_key, container_key)
return keys
diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py
index d745200..a7bf977 100644
--- a/tools/releasetools/test_sign_target_files_apks.py
+++ b/tools/releasetools/test_sign_target_files_apks.py
@@ -461,3 +461,26 @@
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
'build/make/target/product/security/testkey'),
}, keys_info)
+
+ def test_ReadApexKeysInfo_presignedKeys(self):
+ apex_keys = self.APEX_KEYS_TXT + (
+ 'name="apex.apexd_test_different_app2.apex" '
+ 'private_key="PRESIGNED" '
+ 'public_key="PRESIGNED" '
+ 'container_certificate="PRESIGNED" '
+ 'container_private_key="PRESIGNED"')
+ target_files = common.MakeTempFile(suffix='.zip')
+ with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+ target_files_zip.writestr('META/apexkeys.txt', apex_keys)
+
+ with zipfile.ZipFile(target_files) as target_files_zip:
+ keys_info = ReadApexKeysInfo(target_files_zip)
+
+ self.assertEqual({
+ 'apex.apexd_test.apex': (
+ 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
+ 'build/make/target/product/security/testkey'),
+ 'apex.apexd_test_different_app.apex': (
+ 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
+ 'build/make/target/product/security/testkey'),
+ }, keys_info)