|
以下是基展锐 9863a需求:定制系统签名,实现客制化在线签名。
以下是修改记录,其中以Felix.Ma? TAG可以查询patch修改。
关键性的文件修改是:
builder.go? definitions.mk? app_builder.go? sign-apk-online.sh is_sign_onine.mk
1.1 ?build/make/core/app_prebuilt_internal.mk
# Set a actual_partition_tag (calculated in base_rules.mk) for the package.
PACKAGES.$(LOCAL_MODULE).PARTITION := $(actual_partition_tag)
#Add by Felix.Ma. For app online sign. start.
-include vendor/xxxxx/xxxxx/build/core/is_sign_online.mk
#Add by Felix.Ma. For app online sign. end.
# Disable dex-preopt of prebuilts to save space, if requested.
ifndef LOCAL_DEX_PREOPT
ifeq ($(DONT_DEXPREOPT_PREBUILTS),true)
LOCAL_DEX_PREOPT := false
endif
endif
ifeq (true, $(LOCAL_UNCOMPRESS_DEX))
?? ?$(uncompress-dexs)
endif ?# LOCAL_UNCOMPRESS_DEX
ifneq ($(LOCAL_CERTIFICATE),PRESIGNED)
ifeq ($(module_run_appcompat),true)
?? ?$(call appcompat-header, aapt2)
?? ?$(run-appcompat)
endif ?# module_run_appcompat
#Add by Felix.Ma. For app online sign. start.
#?? ?$(sign-package)
ifeq ($(sign_online),true)
?? ?$(sign-package-online)
else
?? ?$(sign-package)
endif
#Add by Felix.Ma. For app online sign. end.
?? ?# No need for align-package because sign-package takes care of alignment
else ?# LOCAL_CERTIFICATE == PRESIGNED
?? ?$(align-package)
endif ?# LOCAL_CERTIFICATE
# Rules to sign the split apks.
my_src_dir := $(sort $(dir $(LOCAL_PACKAGE_SPLITS)))
ifneq (1,$(words $(my_src_dir)))
$(error You must put all the split source apks in the same folder: $(LOCAL_PACKAGE_SPLITS))
endif
my_src_dir := $(LOCAL_PATH)/$(my_src_dir)
$(built_apk_splits) : $(LOCAL_CERTIFICATE).pk8 $(LOCAL_CERTIFICATE).x509.pem
$(built_apk_splits) : PRIVATE_PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
$(built_apk_splits) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem
$(built_apk_splits) : $(intermediates)/%.apk : $(my_src_dir)/%.apk
?? ?$(copy-file-to-new-target)
#Add by Felix.Ma. For app online sign. start.
#?? ?$(sign-package)
ifeq ($(sign_online),true)
?? ?$(sign-package-online)
else
?? ?$(sign-package)
endif
#Add by Felix.Ma. For app online sign. end.
1.2 ./build/make/core/config.mk
#Add by Felix.Ma. For app online sign. start.
SIGNAPK_ONLINE_JAR := tools/signcenter/SignApkV2.jar
#Add by Felix.Ma. For app online sign. end.
ifdef PRODUCT_SHIPPING_API_LEVEL
? ifneq ($(call numbers_less_than,$(PRODUCT_SHIPPING_API_LEVEL),$(BOARD_SYSTEMSDK_VERSIONS)),)
? ? $(error BOARD_SYSTEMSDK_VERSIONS ($(BOARD_SYSTEMSDK_VERSIONS)) must all be greater than or equal to PRODUCT_SHIPPING_API_LEVEL ($(PRODUCT_SHIPPING_API_LEVEL)))
? endif
? ifneq ($(call math_gt_or_eq,$(PRODUCT_SHIPPING_API_LEVEL),28),)
? ? ifneq ($(TARGET_IS_64_BIT), true)
? ? ? ifneq ($(TARGET_USES_64_BIT_BINDER), true)
? ? ? ? $(error When PRODUCT_SHIPPING_API_LEVEL >= 28, TARGET_USES_64_BIT_BINDER must be true)
? ? ? endif
? ? endif
? endif
? ifneq ($(call math_gt_or_eq,$(PRODUCT_SHIPPING_API_LEVEL),29),)
? ? ifneq ($(BOARD_OTA_FRAMEWORK_VBMETA_VERSION_OVERRIDE),)
? ? ? $(error When PRODUCT_SHIPPING_API_LEVEL >= 29, BOARD_OTA_FRAMEWORK_VBMETA_VERSION_OVERRIDE cannot be set)
? ? endif
? endif
endif
#Add by Felix.Ma. For app online sign. start.
ifdef SIGN_PACKAGE_ONLINE_ENABLE
? SIGN_PACKAGE_ONLINE_ENABLE := $(SIGN_PACKAGE_ONLINE_ENABLE)
else
? SIGN_PACKAGE_ONLINE_ENABLE := true
endif
#ONLINE_KEYID := apkkey_11v_
ONLINE_SERVER := signcenter.pki.hixxxxx.com
PUBLIC_LOCAL_KEY_DIR := build/target/product/security/
#Add by Felix.Ma. For app online sign. end.
# The default key if not set as LOCAL_CERTIFICATE
#Add by Felix.Ma. For app online sign. start.
ifeq ($(SIGN_PACKAGE_ONLINE_ENABLE),true)
? #Add by Felix.Ma .for app online sign start
? ifeq ($(TARGET_BUILD_VARIANT),user)
? ? ?DEFAULT_SYSTEM_DEV_CERTIFICATE := vendor/xxxxx/chipset_common/build/security/releasekey
? else
? ? ?DEFAULT_SYSTEM_DEV_CERTIFICATE := vendor/xxxxx/chipset_common/build/security/testkey
? endif
? #Add by Felix.Ma .for app online sign end
else
? ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
? ? ?DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
? else
? ? ?DEFAULT_SYSTEM_DEV_CERTIFICATE := build/make/target/product/security/testkey
? endif
endif
#Add by Felix.Ma. For app online sign. end.
.KATI_READONLY := DEFAULT_SYSTEM_DEV_CERTIFICATE
1.3 build/make/core/definitions.mk
# Sign a package using the specified key/cert.
#
define sign-package
$(call sign-package-arg,$@)
endef
# $(1): the package file we are signing.
define sign-package-arg
$(hide) mv $(1) $(1).unsigned
$(hide) $(JAVA) -Djava.library.path=$$(dirname $(SIGNAPK_JNI_LIBRARY_PATH)) -jar $(SIGNAPK_JAR) \
? ? $(if $(strip $(PRIVATE_CERTIFICATE_LINEAGE)), --lineage $(PRIVATE_CERTIFICATE_LINEAGE)) \
? ? $(PRIVATE_CERTIFICATE) $(PRIVATE_PRIVATE_KEY) \
? ? $(PRIVATE_ADDITIONAL_CERTIFICATES) $(1).unsigned $(1).signed
$(hide) mv $(1).signed $(1)
endef
#Add by Felix.Ma. For app online sign. start.
# Sign a package online.
#
define sign-package-online
$(hide) mv $@ $@.unsigned
@ java -jar $(SIGNAPK_ONLINE_JAR) --min-sdk-version 30 \
? ? $(ONLINE_SERVER) $(ONLINE_USERNAME) $(ONLINE_PASSWD) $(PUBLIC_LOCAL_KEY) \
? ? apkkey_unisoc_$(PRIVATE_ONLINE_KEY) $@.unsigned $@.signed
$(hide) mv $@.signed $@
endef
#Add by Felix.Ma. For app online sign. end.
# Align STORED entries of a package on 4-byte boundaries to make them easier to mmap.
#
1.4 build/make/core/soong_config.mk
$(call add_json_bool, UseGoma, ? ? ? ? ? ? ? ? ? ? ? ? ? $(filter-out false,$(USE_GOMA)))
$(call add_json_bool, UseRBE, ? ? ? ? ? ? ? ? ? ? ? ? ? ?$(filter-out false,$(USE_RBE)))
$(call add_json_bool, UseRBEJAVAC, ? ? ? ? ? ? ? ? ? ? ? $(filter-out false,$(RBE_JAVAC)))
$(call add_json_bool, UseRBER8, ? ? ? ? ? ? ? ? ? ? ? ? ?$(filter-out false,$(RBE_R8)))
$(call add_json_bool, UseRBED8, ? ? ? ? ? ? ? ? ? ? ? ? ?$(filter-out false,$(RBE_D8)))
$(call add_json_bool, Arc, ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? $(filter true,$(TARGET_ARC)))
$(call add_json_list, NamespacesToExport, ? ? ? ? ? ? ? ?$(PRODUCT_SOONG_NAMESPACES))
#Add by Felix.Ma. For app online sign. start.
$(call add_json_bool, SignPkgOnlineEnable, ? ? ? ? ? ? ? $(filter true,$(SIGN_PACKAGE_ONLINE_ENABLE)))
$(call add_json_str, ?OnlineServer, ? ? ? ? ? ? ? ? ? ? ?$(ONLINE_SERVER))
$(call add_json_str, ?OnlineKeyID, ? ? ? ? ? ? ? ? ? ? ? $(ONLINE_KEYID))
$(call add_json_str, ?SignApkOnlineJar, ? ? ? ? ? ? ? ? ?$(SIGNAPK_ONLINE_JAR))
#Add by Felix.Ma. For app online sign. end.
$(call add_json_list, PgoAdditionalProfileDirs, ? ? ? ? ?$(PGO_ADDITIONAL_PROFILE_DIRS))
$(call add_json_list, BoardVendorSepolicyDirs, ? ? ? ? ? $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_SEPOLICY_DIRS))
$(call add_json_list, BoardOdmSepolicyDirs, ? ? ? ? ? ? ?$(BOARD_ODM_SEPOLICY_DIRS))
$(call add_json_list, BoardPlatPublicSepolicyDirs, ? ? ? $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
$(call add_json_list, BoardPlatPrivateSepolicyDirs, ? ? ?$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
$(call add_json_list, BoardSepolicyM4Defs, ? ? ? ? ? ? ? $(BOARD_SEPOLICY_M4DEFS)
1.5 build/make/envsetup.sh
? ? unset TARGET_BSP_OUT
? ? export TARGET_BSP_OUT=$(get_build_var TARGET_BSP_OUT)
? ? # needed for building linux on MacOS
? ? # TODO: fix the path
? ? #export HOST_EXTRACFLAGS="-I "$T/system/kernel_headers/host_include
? ? unset SECURE_BOOT
? ? export SECURE_BOOT=$(get_build_var PRODUCT_SECURE_BOOT)
? ? unset PSS_FLAG
? ? export PSS_FLAG=$(get_build_var PKCS1_PSS_FLAG)
? ? export SIGN_TARGET_BOARD=$(get_build_var TARGET_BOARD)
? ? unset CURRENT_PRODUCT_OUT
? ? export CURRENT_PRODUCT_OUT=$(get_build_var PRODUCT_OUT)
?? ?
? ? #Add by Felix.Ma. For app sign. start
? ? if [ -r $(gettop)/vendor/xxxxx/chipset_common/build/tools/check_account/check_account.sh ]; then
?? ?echo "including vendor/xxxxx/chipset_common/build/tools/check_account/check_account.sh"
? ? ? ? source $(gettop)/vendor/xxxxx/chipset_common/build/tools/check_account/check_account.sh
? ? fi
? ? #Add by Felix.Ma. For app sign. end
}
1.6 build/soong/android/config.go
func (c *config) DefaultAppCertificateDir(ctx PathContext) SourcePath {
?? ?defaultCert := String(c.productVariables.DefaultAppCertificate)
?? ?if defaultCert != "" {
?? ??? ?return PathForSource(ctx, filepath.Dir(defaultCert))
?? ?} else {
?? ?//Add by Felix.Ma. For app online sign. start.
//?? ??? ?return PathForSource(ctx, "build/make/target/product/security")
?? ??? ?return PathForSource(ctx, "vendor/xxxxx/chipset_common/build/security")
? ? ? ? //Add by Felix.Ma. For app online sign. end.
?? ?}
}
func (c *config) ProductHiddenAPIStubsSystem() []string {
?? ?return c.productVariables.ProductHiddenAPIStubsSystem
}
func (c *config) ProductHiddenAPIStubsTest() []string {
?? ?return c.productVariables.ProductHiddenAPIStubsTest
}
//Add by Felix.Ma. For app online sign. start.
func (c *config) GetSignPkgOnlineEnable() bool {
?? ?return Bool(c.productVariables.SignPkgOnlineEnable)
}
func (c *config) GetOnlineServer() string {
?? ?return String(c.productVariables.OnlineServer)
}
func (c *config) GetOnlineKeyID() string {
?? ?return String(c.productVariables.OnlineKeyID)
}
func (c *config) GetSignApkOnlineJar() string {
?? ?return String(c.productVariables.SignApkOnlineJar)
}
//Add by Felix.Ma. For app online sign. end.
func (c *deviceConfig) TargetFSConfigGen() []string {
?? ?return c.config.productVariables.TargetFSConfigGen
}
func (c *config) ProductPublicSepolicyDirs() []string {
?? ?return c.productVariables.ProductPublicSepolicyDirs
}
1.7 /build/soong/android/variable.go
?? ?Ndk_abis ? ? ? ? ? ? ? *bool `json:",omitempty"`
?? ?Exclude_draft_ndk_apis *bool `json:",omitempty"`
?? ?Flatten_apex *bool `json:",omitempty"`
?? ?Aml_abis ? ? *bool `json:",omitempty"`
//Add by Felix.Ma. For app online sign. start.
?? ?SignPkgOnlineEnable *bool ? `json:",omitempty"`
?? ?OnlineServer ? ? ? ?*string `json:",omitempty"`
?? ?OnlineKeyID ? ? ? ? *string `json:",omitempty"`
?? ?SignApkOnlineJar ? ?*string `json:",omitempty"`
//Add by Felix.Ma. For app online sign. end.
?? ?DexpreoptGlobalConfig *string `json:",omitempty"`
?? ?ManifestPackageNameOverrides []string `json:",omitempty"`
?? ?CertificateOverrides ? ? ? ? []string `json:",omitempty"`
?? ?PackageNameOverrides ? ? ? ? []string `json:",omitempty"`
?? ?
1.8 build/soong/apex/androidmk.go:
?? ??? ?case appSet:
?? ??? ??? ?as, ok := fi.module.(*java.AndroidAppSet)
?? ??? ??? ?if !ok {
?? ??? ??? ??? ?panic(fmt.Sprintf("Expected %s to be AndroidAppSet", fi.module))
?? ??? ??? ?}
?? ??? ??? ?fmt.Fprintln(w, "LOCAL_APK_SET_MASTER_FILE :=", as.MasterFile())
?? ??? ??? ?fmt.Fprintln(w, "LOCAL_APKCERTS_FILE :=", as.APKCertsFile().String())
?? ??? ??? ?fmt.Fprintln(w, "include $(BUILD_SYSTEM)/soong_android_app_set.mk")
?? ??? ?case nativeSharedLib, nativeExecutable, nativeTest:
?? ??? ??? ?fmt.Fprintln(w, "LOCAL_MODULE_STEM :=", fi.Stem())
?? ??? ??? ?if ccMod, ok := fi.module.(*cc.Module); ok {
?? ??? ??? ??? ?if ccMod.UnstrippedOutputFile() != nil {
?? ??? ??? ??? ??? ?fmt.Fprintln(w, "LOCAL_SOONG_UNSTRIPPED_BINARY :=", ccMod.UnstrippedOutputFile().String())
?? ??? ??? ??? ?}
?? ??? ??? ??? ?//Add by Felix.Ma. For app online sign. start.
?? ??? ??? ??? ?//ccMod.AndroidMkWriteAdditionalDependenciesForSourceAbiDiff(w)
?? ??? ??? ??? ?//Add by Felix.Ma. For app online sign. end.
?? ??? ??? ??? ?if ccMod.CoverageOutputFile().Valid() {
?? ??? ??? ??? ??? ?fmt.Fprintln(w, "LOCAL_PREBUILT_COVERAGE_ARCHIVE :=", ccMod.CoverageOutputFile().String())
?? ??? ??? ??? ?}
?? ??? ??? ?}
?? ??? ??? ?fmt.Fprintln(w, "include $(BUILD_SYSTEM)/soong_cc_prebuilt.mk")
?? ??? ?default:
?? ??? ?
1.9 build/soong/apex/apex_test.go:
func TestCertificate(t *testing.T) {
?? ?t.Run("if unspecified, it defaults to DefaultAppCertificate", func(t *testing.T) {
?? ??? ?ctx, _ := testApex(t, `
?? ??? ??? ?apex {
?? ??? ??? ??? ?name: "myapex",
?? ??? ??? ??? ?key: "myapex.key",
?? ??? ??? ?}
?? ??? ??? ?apex_key {
?? ??? ??? ??? ?name: "myapex.key",
?? ??? ??? ??? ?public_key: "testkey.avbpubkey",
?? ??? ??? ??? ?private_key: "testkey.pem",
?? ??? ??? ?}`)
?? ??? ?rule := ctx.ModuleForTests("myapex", "android_common_myapex_image").Rule("signapk")
//Add by Felix.Ma. For app online sign. start.
?? ??? ?expected := "build/make/target/product/security/testkey.x509.pem build/make/target/product/security/testkey.pk8"
//Add by Felix.Ma. For app online sign. end.
?? ??? ?if actual := rule.Args["certificates"]; actual != expected {
?? ??? ??? ?t.Errorf("certificates should be %q, not %q", expected, actual)
?? ??? ?}
?? ?})
?? ?t.Run("override when unspecified", func(t *testing.T) {
?? ??? ?ctx, _ := testApex(t, `
?? ??? ??? ?apex {
?? ??? ??? ??? ?name: "myapex_keytest",
?? ??? ??? ??? ?key: "myapex.key",
?? ??? ??? ??? ?file_contexts: ":myapex-file_contexts",
?? ??? ??? ?}
?? ??? ??? ?apex_key {
?? ??? ??? ??? ?name: "myapex.key",
?? ??? ??? ??? ?public_key: "testkey.avbpubkey",
?? ??? ??? ??? ?private_key: "testkey.pem",
?? ??? ??? ?}
?? ??? ??? ?android_app_certificate {
?? ??? ??? ??? ?name: "myapex.certificate.override",
?? ??? ??? ??? ?certificate: "testkey.override",
?? ??? ??? ?}`)
?? ??? ?rule := ctx.ModuleForTests("myapex_keytest", "android_common_myapex_keytest_image").Rule("signapk")
?? ??? ?expected := "testkey.override.x509.pem testkey.override.pk8"
?? ??? ?if actual := rule.Args["certificates"]; actual != expected {
?? ??? ??? ?t.Errorf("certificates should be %q, not %q", expected, actual)
?? ??? ?}
?? ?})
?? ?
1.10 build/soong/apex/builder.go
func (a *apexBundle) buildUnflattenedApex(ctx android.ModuleContext) {
?? ?var abis []string
?? ?for _, target := range ctx.MultiTargets() {
?? ??? ?if len(target.Arch.Abi) > 0 {
?? ??? ??? ?abis = append(abis, target.Arch.Abi[0])
?? ??? ?}
?? ?}
?? ?//Add by Felix.Ma. For app online sign. start.
?? ?isApexSignApkOnlineEnabled := ctx.Config().GetSignPkgOnlineEnable()
?? ?//Add by Felix.Ma. For app online sign. end.
?? ?abis = android.FirstUniqueStrings(abis)
?? ?apexType := a.properties.ApexType
?? ?suffix := apexType.suffix()
?? ?var implicitInputs []android.Path
?? ?unsignedOutputFile := android.PathForModuleOut(ctx, a.Name()+suffix+".unsigned")
?? ?a.outputFile = android.PathForModuleOut(ctx, a.Name()+suffix)
?? ?//Add by Felix.Ma. For app online sign. start.
?? ?var rule blueprint.Rule
?? ?var args map[string]string
?? ?if isApexSignApkOnlineEnabled == true {
?? ??? ?rule = java.ApexsignapkOnline
?? ??? ?args = ?map[string]string{
?? ??? ??? ?"certificates": "build/target/product/security/ODM_apexkey_v1.pem",
?? ??? ??? ?"onlineServer": "signcenter.pki.hixxxxx.com",
?? ??? ??? ?"privateOnlineKey": "ODM_apexkey_v1",
?? ??? ??? ?"signapkOnlineCmd": ctx.Config().GetSignApkOnlineJar(),
?? ??? ??? ?"platformSdkVer": "30",
?? ??? ?}
?? ?} else {
?? ??? ?rule = java.Signapk
?? ??? ?args = map[string]string{
?? ??? ??? ?"certificates": a.container_certificate_file.String() + " " + a.container_private_key_file.String(),
?? ??? ??? ?"flags": ? ? ? ?"-a 4096", //alignment
?? ??? ?}
?? ?}
?? ?//Add by Felix.Ma. For app online sign. end.
?? ?implicits := android.Paths{
?? ??? ?a.container_certificate_file,
?? ??? ?a.container_private_key_file,
?? ?}
?? ?if ctx.Config().IsEnvTrue("RBE_SIGNAPK") {
?? ??? ?rule = java.SignapkRE
?? ??? ?args["implicits"] = strings.Join(implicits.Strings(), ",")
?? ??? ?args["outCommaList"] = a.outputFile.String()
?? ?}
?? ?ctx.Build(pctx, android.BuildParams{
?? ??? ?Rule: ? ? ? ?rule,
?? ??? ?Description: "signapk",
?? ??? ?Output: ? ? ?a.outputFile,
?? ??? ?Input: ? ? ? unsignedOutputFile,
?? ??? ?Implicits: ? implicits,
?? ??? ?Args: ? ? ? ?args,
?? ?})
?? ?// Install to $OUT/soong/{target,host}/.../apex
?? ?if a.installable() {
?? ??? ?ctx.InstallFile(a.installDir, a.Name()+suffix, a.outputFile)
?? ?}
?? ?a.buildFilesInfo(ctx)
?? ?// installed-files.txt is dist'ed
?? ?a.installedFilesFile = a.buildInstalledFilesFile(ctx, a.outputFile, imageDir)
}
func (a *apexBundle) setCertificateAndPrivateKey(ctx android.ModuleContext) {
?? ?if a.container_certificate_file == nil {
?? ??? ?cert := String(a.properties.Certificate)
?? ??? ?if cert == "" {
?? ??? ??? ?//Add by Felix.Ma. For app online sign. start.
//?? ??? ??? ?pem, key := ctx.Config().DefaultAppCertificate(ctx)
?? ??? ??? ?pem, key := android.PathForSource(ctx, "build/make/target/product/security/testkey.x509.pem"), android.PathForSource(ctx, "build/make/target/product/security/testkey.pk8")
?? ??? ??? ?//Add by Felix.Ma. For app online sign. end.
?? ??? ??? ?a.container_certificate_file = pem
?? ??? ??? ?a.container_private_key_file = key
?? ??? ?} else {
?? ??? ??? ?defaultDir := ctx.Config().DefaultAppCertificateDir(ctx)
?? ??? ??? ?a.container_certificate_file = defaultDir.Join(ctx, cert+".x509.pem")
?? ??? ??? ?a.container_private_key_file = defaultDir.Join(ctx, cert+".pk8")
?? ??? ?}
?? ?}
}
1.11 ./build/soong/java/app_builder.go
var (
?? ?Signapk, SignapkRE = remoteexec.StaticRules(pctx, "signapk",
?? ??? ?blueprint.RuleParams{
?? ??? ??? ?Command: `$reTemplate${config.JavaCmd} ${config.JavaVmFlags} -Djava.library.path=$$(dirname ${config.SignapkJniLibrary}) ` +
?? ??? ??? ??? ?`-jar ${config.SignapkCmd} $flags $certificates $in $out`,
?? ??? ??? ?CommandDeps: []string{"${config.SignapkCmd}", "${config.SignapkJniLibrary}"},
?? ??? ?},
?? ??? ?&remoteexec.REParams{Labels: map[string]string{"type": "tool", "name": "signapk"},
?? ??? ??? ?ExecStrategy: ? ?"${config.RESignApkExecStrategy}",
?? ??? ??? ?Inputs: ? ? ? ? ?[]string{"${config.SignapkCmd}", "$in", "$$(dirname ${config.SignapkJniLibrary})", "$implicits"},
?? ??? ??? ?OutputFiles: ? ? []string{"$outCommaList"},
?? ??? ??? ?ToolchainInputs: []string{"${config.JavaCmd}"},
?? ??? ??? ?Platform: ? ? ? ?map[string]string{remoteexec.PoolKey: "${config.REJavaPool}"},
?? ??? ?}, []string{"flags", "certificates"}, []string{"implicits", "outCommaList"})
//Add by Felix.Ma. For app online sign. start.
?? ?signapkOnline = pctx.AndroidStaticRule("signapkOnline",
?? ??? ?blueprint.RuleParams{
?? ??? ??? ?Command: `vendor/xxxxx/xxxxx/build/tools/signapk/sign-apk-online.sh javacmd=${config.JavaCmd} ` +
?? ??? ??? ??? ?`signapkOnlineCmd=$signapkOnlineCmd platformSdkVer=$platformSdkVer ` +
?? ??? ??? ??? ?`onlineServer=$onlineServer ` +
?? ??? ??? ??? ?`certificates=$certificates privateOnlineKey=$privateOnlineKey inFile=$in outFile=$out`,
?? ??? ?},
?? ??? ?"certificates", "onlineServer", "privateOnlineKey", "signapkOnlineCmd", "platformSdkVer")
?? ?ApexsignapkOnline = pctx.AndroidStaticRule("apexsignapkOnline",
?? ??? ?blueprint.RuleParams{
?? ??? ??? ?Command: `vendor/xxxxx/xxxxx/build/tools/signapk/sign-apk-online.sh javacmd=${config.JavaCmd} ` +
?? ??? ??? ??? ?`signapkOnlineCmd=$signapkOnlineCmd platformSdkVer=$platformSdkVer ` +
?? ??? ??? ??? ?`onlineServer=$onlineServer ` +
?? ??? ??? ??? ?`certificates=$certificates privateOnlineKey=$privateOnlineKey inFile=$in outFile=$out`,
?? ??? ?},
?? ??? ?"certificates", "onlineServer", "privateOnlineKey", "signapkOnlineCmd", "platformSdkVer")
//Add by Felix.Ma. For app online sign. end.
)
var combineApk = pctx.AndroidStaticRule("combineApk",
?? ?blueprint.RuleParams{
?? ??? ?Command: ? ? `${config.MergeZipsCmd} $out $in`,
?? ??? ?CommandDeps: []string{"${config.MergeZipsCmd}"},
?? ?})
func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, unsignedApk android.Path, certificates []Certificate, v4SignatureFile android.WritablePath, lineageFile android.Path) {
?? ?var certificateArgs []string
?? ?var deps android.Paths
?? ?for _, c := range certificates {
?? ??? ?certificateArgs = append(certificateArgs, c.Pem.String(), c.Key.String())
?? ??? ?deps = append(deps, c.Pem, c.Key)
?? ?}
?? ?outputFiles := android.WritablePaths{signedApk}
?? ?var flags []string
?? ?if v4SignatureFile != nil {
?? ??? ?outputFiles = append(outputFiles, v4SignatureFile)
?? ??? ?flags = append(flags, "--enable-v4")
?? ?}
?? ?if lineageFile != nil {
?? ??? ?flags = append(flags, "--lineage", lineageFile.String())
?? ??? ?deps = append(deps, lineageFile)
?? ?}
?? ?rule := Signapk
?? ?args := map[string]string{
?? ??? ?"certificates": strings.Join(certificateArgs, " "),
?? ??? ?"flags": ? ? ? ?strings.Join(flags, " "),
?? ?}
?? ?if ctx.Config().IsEnvTrue("RBE_SIGNAPK") {
?? ??? ?rule = SignapkRE
?? ??? ?args["implicits"] = strings.Join(deps.Strings(), ",")
?? ??? ?args["outCommaList"] = strings.Join(outputFiles.Strings(), ",")
?? ?}
?? ?//Add by Felix.Ma. For app online sign. start.
?? ?var onlineCertificateArgs []string
?? ?for _, c := range certificates {
?? ??? ?onlineCertificateArgs = append(onlineCertificateArgs, c.Pem.String())
?? ?}
?? ?onlineKeyIDArgs := ctx.Config().GetOnlineKeyID()
?? ?onlineServerArgs := ctx.Config().GetOnlineServer()
?? ?platformSdkVerArgs := ctx.Config().PlatformSdkVersion()
?? ?signApkOnlineJarArgs := ctx.Config().GetSignApkOnlineJar()
?? ?isSignApkOnlineEnabled := ctx.Config().GetSignPkgOnlineEnable()
?? ?var keyFilter = [...]string{
?? ??? ?"platform",
?? ??? ?"shared",
?? ??? ?"media",
?? ??? ?"testkey",
?? ??? ?"releasekey",
?? ?}
?? ?localSignOnline := isSignApkOnlineEnabled
?? ?var privateKeyOnline string
?? ?var hitCount uint32 = 0
?? ?if isSignApkOnlineEnabled == true {
?? ??? ?for _, v := range keyFilter {
?? ??? ??? ?for _, u := range onlineCertificateArgs {
?? ??? ??? ??? ?if strings.Contains(u, v) {
?? ??? ??? ??? ??? ?privateKeyOnline += v
?? ??? ??? ??? ??? ?hitCount++
?? ??? ??? ??? ??? ?break
?? ??? ??? ??? ?}
?? ??? ??? ?}
?? ??? ?}
?? ??? ?if hitCount == 0 {
?? ??? ??? ?localSignOnline = false
?? ??? ?} else if hitCount > 1 {
?? ??? ??? ?panic("certificate needs only one value\n")
?? ??? ?} else {
?? ??? ??? ?localSignOnline = true
?? ??? ?}
?? ?}
?? ?if localSignOnline == true {
?? ??? ?ctx.Build(pctx, android.BuildParams{
?? ??? ??? ?Rule: ? ? ? ?signapkOnline,?
?? ??? ??? ?Description: "signapkOnline",
?? ??? ??? ?Output: ? ? ?signedApk,
?? ??? ??? ?Input: ? ? ? unsignedApk,
?? ??? ??? ?Implicits: ? deps,
?? ??? ??? ?Args: map[string]string{
?? ??? ??? ??? ?"certificates": strings.Join(onlineCertificateArgs, " "),
?? ??? ??? ??? ?"onlineServer": onlineServerArgs,
?? ??? ??? ??? ?//?? ??? ??? ??? ?"onlineUsername": ? onlineUsernameArgs,
?? ??? ??? ??? ?//?? ??? ??? ??? ?"onlinePasswd": ? ? onlinePasswdArgs,
?? ??? ??? ??? ?"privateOnlineKey": onlineKeyIDArgs + privateKeyOnline,
?? ??? ??? ??? ?"platformSdkVer": ? platformSdkVerArgs,
?? ??? ??? ??? ?"signapkOnlineCmd": signApkOnlineJarArgs,
?? ??? ??? ?},
?? ??? ?})
?? ?} else {
?? ??? ?ctx.Build(pctx, android.BuildParams{
?? ??? ??? ?Rule: ? ? ? ?rule,
?? ??? ??? ?Description: "signapk",
?? ??? ??? ?Output: ? ? ?signedApk,
?? ??? ??? ?Input: ? ? ? unsignedApk,
?? ??? ??? ?Implicits: ? deps,
?? ??? ??? ?Args: ? ? ? ?args,
?? ??? ?})
?? ?}
?? ?//Add by Felix.Ma. For app online sign. end.
}
var buildAAR = pctx.AndroidStaticRule("buildAAR",
?? ?blueprint.RuleParams{
?? ??? ?Command: `rm -rf ${outDir} && mkdir -p ${outDir} && ` +
?? ??? ??? ?`cp ${manifest} ${outDir}/AndroidManifest.xml && ` +
?? ??? ??? ?`cp ${classesJar} ${outDir}/classes.jar && ` +
?? ??? ??? ?`cp ${rTxt} ${outDir}/R.txt && ` +
?? ??? ??? ?`${config.SoongZipCmd} -jar -o $out -C ${outDir} -D ${outDir}`,
?? ??? ?CommandDeps: []string{"${config.SoongZipCmd}"},
?? ?},
?? ?"manifest", "classesJar", "rTxt", "outDir")
1.12 ./build/soong/java/app_test.go
func TestCertificates(t *testing.T) {
?? ?testCases := []struct {
?? ??? ?name ? ? ? ? ? ? ? ?string
?? ??? ?bp ? ? ? ? ? ? ? ? ?string
?? ??? ?certificateOverride string
?? ??? ?expectedLineage ? ? string
?? ??? ?expectedCertificate string
?? ?}{
?? ??? ?{
?? ??? ??? ?name: "default",
?? ??? ??? ?bp: `
?? ??? ??? ??? ?android_app {
?? ??? ??? ??? ??? ?name: "foo",
?? ??? ??? ??? ??? ?srcs: ["a.java"],
?? ??? ??? ??? ??? ?sdk_version: "current",
?? ??? ??? ??? ?}
?? ??? ??? ?`,
?? ??? ??? ?certificateOverride: "",
?? ??? ??? ?expectedLineage: ? ? "",
?? ??? ??? ?//Add by Felix.Ma. For app online sign. start.
?? ??? ??? ?expectedCertificate: "vendor/xxxxx/chipset_common/build/security/testkey.x509.pem vendor/xxxxx/chipset_common/build/security/testkey.pk8",
?? ??? ??? ?//Add by Felix.Ma. For app online sign. end.
?? ??? ?},
?? ??? ?{
?? ??? ??? ?name: "module certificate property",
?? ??? ??? ?bp: `
?? ??? ??? ??? ?android_app {
?? ??? ??? ??? ??? ?name: "foo",
?? ??? ??? ??? ??? ?srcs: ["a.java"],
?? ??? ??? ??? ??? ?certificate: ":new_certificate",
?? ??? ??? ??? ??? ?sdk_version: "current",
?? ??? ??? ??? ?}
?? ??? ??? ??? ?android_app_certificate {
?? ??? ??? ??? ??? ?name: "new_certificate",
?? ??? ??? ??? ??? ?certificate: "cert/new_cert",
?? ??? ??? ??? ?}
?? ??? ??? ?`,
?? ??? ??? ?certificateOverride: "",
?? ??? ??? ?expectedLineage: ? ? "",
?? ??? ??? ?expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",
?? ??? ?},
?? ??? ?{
?? ??? ??? ?name: "path certificate property",
?? ??? ??? ?bp: `
?? ??? ??? ??? ?android_app {
?? ??? ??? ??? ??? ?name: "foo",
?? ??? ??? ??? ??? ?srcs: ["a.java"],
?? ??? ??? ??? ??? ?certificate: "expiredkey",
?? ??? ??? ??? ??? ?sdk_version: "current",
?? ??? ??? ??? ?}
?? ??? ??? ?`,
?? ??? ??? ?certificateOverride: "",
?? ??? ??? ?expectedLineage: ? ? "",
?? ??? ??? ?//Add by Felix.Ma. For app online sign. start.
?? ??? ??? ?expectedCertificate: "vendor/xxxxx/chipset_common/build/security/expiredkey.x509.pem vendor/xxxxx/chipset_common/build/security/expiredkey.pk8",
?? ??? ??? ?//Add by Felix.Ma. For app online sign. end.
?? ??? ?},
?? ??? ?{
?? ??? ??? ?name: "certificate overrides",
?? ??? ??? ?bp: `
?? ??? ??? ??? ?android_app {
?? ??? ??? ??? ??? ?name: "foo",
?? ??? ??? ??? ??? ?srcs: ["a.java"],
?? ??? ??? ??? ??? ?certificate: "expiredkey",
?? ??? ??? ??? ??? ?sdk_version: "current",
?? ??? ??? ??? ?}
?? ??? ??? ??? ?android_app_certificate {
?? ??? ??? ??? ??? ?name: "new_certificate",
?? ??? ??? ??? ??? ?certificate: "cert/new_cert",
?? ??? ??? ??? ?}
?? ??? ??? ?`,
?? ??? ??? ?certificateOverride: "foo:new_certificate",
?? ??? ??? ?expectedLineage: ? ? "",
?? ??? ??? ?expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",
?? ??? ?},
?? ??? ?{
?? ??? ??? ?name: "certificate lineage",
?? ??? ??? ?bp: `
?? ??? ??? ??? ?android_app {
?? ??? ??? ??? ??? ?name: "foo",
?? ??? ??? ??? ??? ?srcs: ["a.java"],
?? ??? ??? ??? ??? ?certificate: ":new_certificate",
?? ??? ??? ??? ??? ?lineage: "lineage.bin",
?? ??? ??? ??? ??? ?sdk_version: "current",
?? ??? ??? ??? ?}
?? ??? ??? ??? ?android_app_certificate {
?? ??? ??? ??? ??? ?name: "new_certificate",
?? ??? ??? ??? ??? ?certificate: "cert/new_cert",
?? ??? ??? ??? ?}
?? ??? ??? ?`,
?? ??? ??? ?certificateOverride: "",
?? ??? ??? ?expectedLineage: ? ? "--lineage lineage.bin",
?? ??? ??? ?expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",
?? ??? ?},
?? ?}
?? ?
func TestOverrideAndroidApp(t *testing.T) {
?? ?ctx, _ := testJava(t, `
?? ??? ?android_app {
?? ??? ??? ?name: "foo",
?? ??? ??? ?srcs: ["a.java"],
?? ??? ??? ?certificate: "expiredkey",
?? ??? ??? ?overrides: ["qux"],
?? ??? ??? ?sdk_version: "current",
?? ??? ?}
?? ??? ?override_android_app {
?? ??? ??? ?name: "bar",
?? ??? ??? ?base: "foo",
?? ??? ??? ?certificate: ":new_certificate",
?? ??? ??? ?lineage: "lineage.bin",
?? ??? ??? ?logging_parent: "bah",
?? ??? ?}
?? ??? ?android_app_certificate {
?? ??? ??? ?name: "new_certificate",
?? ??? ??? ?certificate: "cert/new_cert",
?? ??? ?}
?? ??? ?override_android_app {
?? ??? ??? ?name: "baz",
?? ??? ??? ?base: "foo",
?? ??? ??? ?package_name: "org.dandroid.bp",
?? ??? ?}
?? ??? ?`)
?? ?expectedVariants := []struct {
?? ??? ?moduleName ? ? string
?? ??? ?variantName ? ?string
?? ??? ?apkName ? ? ? ?string
?? ??? ?apkPath ? ? ? ?string
?? ??? ?certFlag ? ? ? string
?? ??? ?lineageFlag ? ?string
?? ??? ?overrides ? ? ?[]string
?? ??? ?aaptFlag ? ? ? string
?? ??? ?logging_parent string
?? ?}{
?? ??? ?{
?? ??? ??? ?moduleName: ? ? "foo",
?? ??? ??? ?variantName: ? ?"android_common",
?? ??? ??? ?apkPath: ? ? ? ?"/target/product/test_device/system/app/foo/foo.apk",
?? ??? ??? ?//Add by Felix.Ma. For app online sign. start.
?? ??? ??? ?certFlag: ? ? ? "vendor/xxxxx/chipset_common/build/security/expiredkey.x509.pem vendor/xxxxx/chipset_common/build/security/expiredkey.pk8",
?? ??? ??? ?//Add by Felix.Ma. For app online sign. end.
?? ??? ??? ?lineageFlag: ? ?"",
?? ??? ??? ?overrides: ? ? ?[]string{"qux"},
?? ??? ??? ?aaptFlag: ? ? ? "",
?? ??? ??? ?logging_parent: "",
?? ??? ?},
?? ??? ?{
?? ??? ??? ?moduleName: ? ? "bar",
?? ??? ??? ?variantName: ? ?"android_common_bar",
?? ??? ??? ?apkPath: ? ? ? ?"/target/product/test_device/system/app/bar/bar.apk",
?? ??? ??? ?certFlag: ? ? ? "cert/new_cert.x509.pem cert/new_cert.pk8",
?? ??? ??? ?lineageFlag: ? ?"--lineage lineage.bin",
?? ??? ??? ?overrides: ? ? ?[]string{"qux", "foo"},
?? ??? ??? ?aaptFlag: ? ? ? "",
?? ??? ??? ?logging_parent: "bah",
?? ??? ?},
?? ??? ?{
?? ??? ??? ?moduleName: ? ? "baz",
?? ??? ??? ?variantName: ? ?"android_common_baz",
?? ??? ??? ?apkPath: ? ? ? ?"/target/product/test_device/system/app/baz/baz.apk",
?? ??? ??? ?//Add by Felix.Ma. For app online sign. start.
?? ??? ??? ?certFlag: ? ? ? "vendor/xxxxx/chipset_common/build/security/expiredkey.x509.pem vendor/xxxxx/chipset_common/build/security/expiredkey.pk8",
?? ??? ??? ?//Add by Felix.Ma. For app online sign. end.
?? ??? ??? ?lineageFlag: ? ?"",
?? ??? ??? ?overrides: ? ? ?[]string{"qux", "foo"},
?? ??? ??? ?aaptFlag: ? ? ? "--rename-manifest-package org.dandroid.bp",
?? ??? ??? ?logging_parent: "",
?? ??? ?},
?? ?}
func TestAndroidAppImport(t *testing.T) {
?? ?ctx, _ := testJava(t, `
?? ??? ?android_app_import {
?? ??? ??? ?name: "foo",
?? ??? ??? ?apk: "prebuilts/apk/app.apk",
?? ??? ??? ?certificate: "platform",
?? ??? ??? ?dex_preopt: {
?? ??? ??? ??? ?enabled: true,
?? ??? ??? ?},
?? ??? ?}
?? ??? ?`)
?? ?variant := ctx.ModuleForTests("foo", "android_common")
?? ?// Check dexpreopt outputs.
?? ?if variant.MaybeOutput("dexpreopt/oat/arm64/package.vdex").Rule == nil ||
?? ??? ?variant.MaybeOutput("dexpreopt/oat/arm64/package.odex").Rule == nil {
?? ??? ?t.Errorf("can't find dexpreopt outputs")
?? ?}
?? ?// Check cert signing flag.
?? ?signedApk := variant.Output("signed/foo.apk")
?? ?signingFlag := signedApk.Args["certificates"]
?? ?//Add by Felix.Ma. For app online sign. start.
?? ?//expected := "build/make/target/product/security/platform.x509.pem build/make/target/product/security/platform.pk8"
?? ?expected := "vendor/xxxxx/chipset_common/build/security/platform.x509.pem vendor/xxxxx/chipset_common/build/security/platform.pk8"
?? ?//Add by Felix.Ma. For app online sign. end.
?? ?if expected != signingFlag {
?? ??? ?t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected, signingFlag)
?? ?}
}
func TestAndroidAppImport_DefaultDevCert(t *testing.T) {
?? ?ctx, _ := testJava(t, `
?? ??? ?android_app_import {
?? ??? ??? ?name: "foo",
?? ??? ??? ?apk: "prebuilts/apk/app.apk",
?? ??? ??? ?default_dev_cert: true,
?? ??? ??? ?dex_preopt: {
?? ??? ??? ??? ?enabled: true,
?? ??? ??? ?},
?? ??? ?}
?? ??? ?`)
?? ?variant := ctx.ModuleForTests("foo", "android_common")
?? ?// Check dexpreopt outputs.
?? ?if variant.MaybeOutput("dexpreopt/oat/arm64/package.vdex").Rule == nil ||
?? ??? ?variant.MaybeOutput("dexpreopt/oat/arm64/package.odex").Rule == nil {
?? ??? ?t.Errorf("can't find dexpreopt outputs")
?? ?}
?? ?// Check cert signing flag.
?? ?signedApk := variant.Output("signed/foo.apk")
?? ?signingFlag := signedApk.Args["certificates"]
?? ?//Add by Felix.Ma. For app online sign. start.
?? ?//expected := "build/make/target/product/security/testkey.x509.pem build/make/target/product/security/testkey.pk8"
?? ?expected := "vendor/xxxxx/chipset_common/build/security/testkey.x509.pem vendor/xxxxx/chipset_common/build/security/testkey.pk8"
?? ?//Add by Felix.Ma. For app online sign. end.
?? ?if expected != signingFlag {
?? ??? ?t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected, signingFlag)
?? ?}
}
func TestRuntimeResourceOverlay(t *testing.T) {
?? ?fs := map[string][]byte{
?? ??? ?"baz/res/res/values/strings.xml": nil,
?? ??? ?"bar/res/res/values/strings.xml": nil,
?? ?}
?? ?bp := `
?? ??? ?runtime_resource_overlay {
?? ??? ??? ?name: "foo",
?? ??? ??? ?certificate: "platform",
?? ??? ??? ?lineage: "lineage.bin",
?? ??? ??? ?product_specific: true,
?? ??? ??? ?static_libs: ["bar"],
?? ??? ??? ?resource_libs: ["baz"],
?? ??? ??? ?aaptflags: ["--keep-raw-values"],
?? ??? ?}
?? ??? ?runtime_resource_overlay {
?? ??? ??? ?name: "foo_themed",
?? ??? ??? ?certificate: "platform",
?? ??? ??? ?product_specific: true,
?? ??? ??? ?theme: "faza",
?? ??? ??? ?overrides: ["foo"],
?? ??? ?}
?? ??? ?android_library {
?? ??? ??? ?name: "bar",
?? ??? ??? ?resource_dirs: ["bar/res"],
?? ??? ?}
?? ??? ?android_app {
?? ??? ??? ?name: "baz",
?? ??? ??? ?sdk_version: "current",
?? ??? ??? ?resource_dirs: ["baz/res"],
?? ??? ?}
?? ??? ?`
?? ?config := testAppConfig(nil, bp, fs)
?? ?ctx := testContext()
?? ?run(t, ctx, config)
?? ?m := ctx.ModuleForTests("foo", "android_common")
?? ?// Check AAPT2 link flags.
?? ?aapt2Flags := m.Output("package-res.apk").Args["flags"]
?? ?expectedFlags := []string{"--keep-raw-values", "--no-resource-deduping", "--no-resource-removal"}
?? ?absentFlags := android.RemoveListFromList(expectedFlags, strings.Split(aapt2Flags, " "))
?? ?if len(absentFlags) > 0 {
?? ??? ?t.Errorf("expected values, %q are missing in aapt2 link flags, %q", absentFlags, aapt2Flags)
?? ?}
?? ?// Check overlay.list output for static_libs dependency.
?? ?overlayList := m.Output("aapt2/overlay.list").Inputs.Strings()
?? ?staticLibPackage := buildDir + "/.intermediates/bar/android_common/package-res.apk"
?? ?if !inList(staticLibPackage, overlayList) {
?? ??? ?t.Errorf("Stactic lib res package %q missing in overlay list: %q", staticLibPackage, overlayList)
?? ?}
?? ?// Check AAPT2 link flags for resource_libs dependency.
?? ?resourceLibFlag := "-I " + buildDir + "/.intermediates/baz/android_common/package-res.apk"
?? ?if !strings.Contains(aapt2Flags, resourceLibFlag) {
?? ??? ?t.Errorf("Resource lib flag %q missing in aapt2 link flags: %q", resourceLibFlag, aapt2Flags)
?? ?}
?? ?// Check cert signing flag.
?? ?signedApk := m.Output("signed/foo.apk")
?? ?lineageFlag := signedApk.Args["flags"]
?? ?expectedLineageFlag := "--lineage lineage.bin"
?? ?if expectedLineageFlag != lineageFlag {
?? ??? ?t.Errorf("Incorrect signing lineage flags, expected: %q, got: %q", expectedLineageFlag, lineageFlag)
?? ?}
?? ?signingFlag := signedApk.Args["certificates"]
?? ?//Add by Felix.Ma. For app online sign. start.
?? ?//expected := "build/make/target/product/security/platform.x509.pem build/make/target/product/security/platform.pk8"
?? ?expected := "vendor/xxxxx/chipset_common/build/security/platform.x509.pem vendor/xxxxx/chipset_common/build/security/platform.pk8"
?? ?//Add by Felix.Ma. For app online sign. end.
?? ?if expected != signingFlag {
?? ??? ?t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected, signingFlag)
?? ?}
?? ?androidMkEntries := android.AndroidMkEntriesForTest(t, config, "", m.Module())[0]
?? ?path := androidMkEntries.EntryMap["LOCAL_CERTIFICATE"]
?? ?//Add by Felix.Ma. For app online sign. start.
?? ?expectedPath := []string{"vendor/xxxxx/chipset_common/build/security/platform.x509.pem"}
?? ?//Add by Felix.Ma. For app online sign. end.
?? ?if !reflect.DeepEqual(path, expectedPath) {
?? ??? ?t.Errorf("Unexpected LOCAL_CERTIFICATE value: %v, expected: %v", path, expectedPath)
?? ?}
?? ?// Check device location.
?? ?path = androidMkEntries.EntryMap["LOCAL_MODULE_PATH"]
?? ?expectedPath = []string{"/tmp/target/product/test_device/product/overlay"}
?? ?if !reflect.DeepEqual(path, expectedPath) {
?? ??? ?t.Errorf("Unexpected LOCAL_MODULE_PATH value: %v, expected: %v", path, expectedPath)
?? ?}
?? ?// A themed module has a different device location
?? ?m = ctx.ModuleForTests("foo_themed", "android_common")
?? ?androidMkEntries = android.AndroidMkEntriesForTest(t, config, "", m.Module())[0]
?? ?path = androidMkEntries.EntryMap["LOCAL_MODULE_PATH"]
?? ?expectedPath = []string{"/tmp/target/product/test_device/product/overlay/faza"}
?? ?if !reflect.DeepEqual(path, expectedPath) {
?? ??? ?t.Errorf("Unexpected LOCAL_MODULE_PATH value: %v, expected: %v", path, expectedPath)
?? ?}
?? ?overrides := androidMkEntries.EntryMap["LOCAL_OVERRIDES_PACKAGES"]
?? ?expectedOverrides := []string{"foo"}
?? ?if !reflect.DeepEqual(overrides, expectedOverrides) {
?? ??? ?t.Errorf("Unexpected LOCAL_OVERRIDES_PACKAGES value: %v, expected: %v", overrides, expectedOverrides)
?? ?}
}
1.13 /build/soong/ui/build/exec.go
func (c *Cmd) prepare() {
?? ?if c.Env == nil {
?? ??? ?c.Env = c.Environment.Environ()
?? ?}
?? ?//Add by Felix.Ma. For app online sign. start.
?? ?//if c.sandboxSupported() {
?? ??? ?//c.wrapSandbox()
?? ?//}
?? ?//Add by Felix.Ma. For app online sign. end.
?? ?c.ctx.Verboseln(c.Path, c.Args)
}
func (c *Cmd) Start() error {
?? ?c.prepare()
?? ?return c.Cmd.Start()
}
func (c *Cmd) Run() error {
?? ?c.prepare()
?? ?err := c.Cmd.Run()
?? ?return err
}
func (c *Cmd) Output() ([]byte, error) {
?? ?c.prepare()
?? ?bytes, err := c.Cmd.Output()
?? ?return bytes, err
}
1.14 build/soong/ui/build/ninja.go
func runNinja(ctx Context, config Config) {
?? ?
?? ?if cmd.Environment.IsEnvTrue("ALLOW_NINJA_ENV") {
?? ??? ?ctx.Println("Allowing all environment variables during ninja; incremental builds may be unsafe.")
?? ?} else {
?? ??? ?cmd.Environment.Allow(append([]string{
?? ??? ??? ?"ASAN_SYMBOLIZER_PATH",
?? ??? ??? ?"HOME",
?? ??? ??? ?"JAVA_HOME",
?? ??? ??? ?"LANG",
?? ??? ??? ?"LC_MESSAGES",
?? ??? ??? ?"OUT_DIR",
?? ??? ??? ?"PATH",
?? ??? ??? ?"PWD",
?? ??? ??? ?"PYTHONDONTWRITEBYTECODE",
?? ??? ??? ?"TMPDIR",
?? ??? ??? ?"USER",
?? ??? ??? ?// TODO: remove these carefully
?? ??? ??? ?"ASAN_OPTIONS",
?? ??? ??? ?"TARGET_BUILD_APPS",
?? ??? ??? ?"TARGET_BUILD_VARIANT",
?? ??? ??? ?"TARGET_PRODUCT",
?? ??? ??? ?// b/147197813 - used by art-check-debug-apex-gen
?? ??? ??? ?"EMMA_INSTRUMENT_FRAMEWORK",
?? ??? ??? ?// Goma -- gomacc may not need all of these
?? ??? ??? ?"GOMA_DIR",
?? ??? ??? ?"GOMA_DISABLED",
?? ??? ??? ?"GOMA_FAIL_FAST",
?? ??? ??? ?"GOMA_FALLBACK",
?? ??? ??? ?"GOMA_GCE_SERVICE_ACCOUNT",
?? ??? ??? ?"GOMA_TMP_DIR",
?? ??? ??? ?"GOMA_USE_LOCAL",
?? ??? ??? ?// RBE client
?? ??? ??? ?"FLAG_compare",
?? ??? ??? ?"FLAG_exec_root",
?? ??? ??? ?"FLAG_exec_strategy",
?? ??? ??? ?"FLAG_invocation_id",
?? ??? ??? ?"FLAG_log_dir",
?? ??? ??? ?"FLAG_platform",
?? ??? ??? ?"FLAG_remote_accept_cache",
?? ??? ??? ?"FLAG_remote_update_cache",
?? ??? ??? ?"FLAG_server_address",
?? ??? ??? ?// ccache settings
?? ??? ??? ?"CCACHE_COMPILERCHECK",
?? ??? ??? ?"CCACHE_SLOPPINESS",
?? ??? ??? ?"CCACHE_BASEDIR",
?? ??? ??? ?"CCACHE_CPP2",
?? ??? ??? ?"CCACHE_DIR",
?? ??? ??? ?//Add by Felix.Ma. For app online sign. start.
?? ??? ??? ?"ONLINE_USERNAME",
?? ??? ??? ?"ONLINE_PASSWD",
?? ??? ??? ?//Add by Felix.Ma. For app online sign. end.
?? ??? ?}, config.BuildBrokenNinjaUsesEnvVars()...)...)
?? ?}
1.15 ./build/make/core/package_internal.mk
ifeq ($(LOCAL_CERTIFICATE),EXTERNAL)
? # The special value "EXTERNAL" means that we will sign it with the
? # default devkey, apply predexopt, but then expect the final .apk
? # (after dexopting) to be signed by an outside tool.
? LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
? PACKAGES.$(LOCAL_PACKAGE_NAME).EXTERNAL_KEY := 1
endif
//Add by Felix.Ma. For app online sign. start.
-include vendor/xxxxx/xxxxx/build/core/is_sign_online.mk
//Add by Felix.Ma. For app online sign. end.
# If this is not an absolute certificate, assign it to a generic one.
ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)
? ? LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)
endif
include $(BUILD_SYSTEM)/app_certificate_validate.mk
private_key := $(LOCAL_CERTIFICATE).pk8
certificate := $(LOCAL_CERTIFICATE).x509.pem
1.16 vendor/xxxxx/xxxxx/build/core/is_sign_online.mk
###########################################################
##
## define whether apk signs online or not.
##
###########################################################
sign_online := $(SIGN_PACKAGE_ONLINE_ENABLE)
xxxxx_PUBLIC_LOCAL_KEY_DIR := vendor/xxxxx/chipset_common/build/security/
ifeq ($(SIGN_PACKAGE_ONLINE_ENABLE),true)
? ? private_key_online := $(filter platform shared media releasekey testkey, \
? ? ? ? $(notdir $(LOCAL_CERTIFICATE)))
? ? ifeq ($(words $(private_key_online)),0)
? ? ? ? sign_online := false
? ? else
? ? ? ? ifneq ($(words $(private_key_online)),1)
? ? ? ? ? ? $(error LOCAL_CERTIFICATE just need only; saw $(LOCAL_CERTIFICATE))
? ? ? ? endif
? ? ? ? sign_online_key := $(private_key_online)
? ? ? ? $(LOCAL_BUILT_MODULE): $(SIGNAPK_ONLINE_JAR)
? ? ? ? $(LOCAL_BUILT_MODULE): PRIVATE_ONLINE_KEY := $(sign_online_key)
? ? ? ? $(LOCAL_BUILT_MODULE): PUBLIC_LOCAL_KEY := $(xxxxx_PUBLIC_LOCAL_KEY_DIR)$(private_key_online).x509.pem
? ? endif
endif
1.17 vendor\xxxxx\xxxxx\build\tools\signapk\sign-apk-online.sh
#!/bin/bash
# Sign apk online.
# Copyright (c) xxxxx Technologies Co., Ltd. 2010-2019. All rights reserved.
parse_cmdline()
{
? ? while [ -n "$1" ]
? ? do
? ? ? ? OPTIONS=$(echo "$1" | sed 's/\(.*\)=\(.*\)/\1/')
? ? ? ? PARAM=$(echo "$1" | sed 's/.*=//')
? ? ? ? case "$OPTIONS" in
? ? ? ? javacmd) ? ? ? ? ? ?JAVACMD="${PARAM}" ;;
? ? ? ? signapkOnlineCmd) ? SIGN_APK_ONLINE_CMD="${PARAM}" ;;
? ? ? ? platformSdkVer) ? ? PLATFORM_SDK_VER="${PARAM}" ;;
? ? ? ? onlineServer) ? ? ? ONLINE_SERVER="${PARAM}" ;;
# ? ? ? ?onlineUsername) ? ? ONLINE_USERNAME="${PARAM}" ;;
# ? ? ? ?onlinePasswd) ? ? ? ONLINE_PASSWD="${PARAM}" ;;
? ? ? ? certificates) ? ? ? CERTIFICATES="${PARAM}" ;;
? ? ? ? privateOnlineKey) ? PRIVATE_ONLINE_KEY="${PARAM}" ;;
? ? ? ? inFile) ? ? ? ? ? ? IN_FILE="${PARAM}" ;;
? ? ? ? outFile) ? ? ? ? ? ?OUT_FILE="${PARAM}" ;;
? ? ? ? #please add extra parameter here!
? ? ? ? *) ?if [ $(echo "$1" | sed -n '/.*=/p') ];then
? ? ? ? ? ? ? ?echo "Error, the pattem \"$OPTIONS=$PARAM\" can not be recognized!!!"
? ? ? ? ? ? ? ?helpme
? ? ? ? ? ? fi
? ? ? ? ? ? break;;
? ? ? ? esac
? ? ? ? shift
? ? done
}
parse_cmdline $@
#if [ -d vendor/xxxxx/chipset_common/build/security ];then
? ? #CERTIFICATES=${CERTIFICATES/build\/target\/product\/security/vendor\/xxxxx\/chipset_common\/build\/security}
#fi
if [[ "${CERTIFICATES}" == *testkey* ]];then
echo "testkey"
PRIVATE_ONLINE_KEY=apkkey_unisoc_testkey
CERTIFICATES=vendor/xxxxx/chipset_common/build/security/testkey.x509.pem
fi
if [[ "${CERTIFICATES}" == *media* ]];then
echo "media"
PRIVATE_ONLINE_KEY=apkkey_unisoc_media
CERTIFICATES=vendor/xxxxx/chipset_common/build/security/media.x509.pem
fi
if [[ "${CERTIFICATES}" == *platform* ]];then
echo "platform"
PRIVATE_ONLINE_KEY=apkkey_unisoc_platform
CERTIFICATES=vendor/xxxxx/chipset_common/build/security/platform.x509.pem
fi
if [[ "${CERTIFICATES}" == *shared* ]];then
echo "shared"
PRIVATE_ONLINE_KEY=apkkey_unisoc_shared
CERTIFICATES=vendor/xxxxx/chipset_common/build/security/shared.x509.pem
fi
if [[ "${CERTIFICATES}" == *releasekey* ]];then
echo "releasekey"
PRIVATE_ONLINE_KEY=apkkey_unisoc_releasekey
CERTIFICATES=vendor/xxxxx/chipset_common/build/security/releasekey.x509.pem
fi
echo "*********************************************"
echo "$JAVACMD -jar $SIGN_APK_ONLINE_CMD --min-sdk-version $((out/host/linux-x86/bin/aapt dump badging $in 2>&1 | grep '^sdkVersion' || echo \"sdkVersion:'0'\") | cut -d \' -f2 | sed -e s/^.*[^0-9].*\$/$PLATFORM_SDK_VER/) $ONLINE_SERVER ${ONLINE_USERNAME} "${CERTIFICATES}" "${PRIVATE_ONLINE_KEY}" $IN_FILE $PARAM"
$JAVACMD -jar "${SIGN_APK_ONLINE_CMD}" --min-sdk-version $((out/host/linux-x86/bin/aapt dump badging "${in}" 2>&1 | grep '^sdkVersion' || echo \"sdkVersion:'0'\") | cut -d \' -f2 | sed -e s/^.*[^0-9].*\$/"${PLATFORM_SDK_VER}"/) "${ONLINE_SERVER}" "${ONLINE_USERNAME}" "${ONLINE_PASSWD}" "${CERTIFICATES}" "${PRIVATE_ONLINE_KEY}" "${IN_FILE}" "${PARAM}"
if [ -f out/target/product/s9863a1h10_go_32b/vendor/lib/modules/incrementalfs.ko ];then
? ? echo "*********************************************"
? ? if [ -f out/target/product/s9863a1h10_go_32b/vendor/lib/modules/incrementalfs.ko_unsigned ];then
?? ?echo "************incrementalfs.ko is exist. skipping.************"
? ? else
? ? ? ? cp out/target/product/s9863a1h10_go_32b/vendor/lib/modules/incrementalfs.ko out/target/product/s9863a1h10_go_32b/vendor/lib/modules/incrementalfs.ko_unsigned
?? ?rm out/target/product/s9863a1h10_go_32b/vendor/lib/modules/incrementalfs.ko
? ? ? ? java -jar tools/signcenter/KernelSignV2.jar signcenter.pki.hixxxxx.com "${ONLINE_USERNAME}" "${ONLINE_PASSWD}" vendor/xxxxx/chipset_common/build/signkernel/longqi_kernel_os_ko_v1.x509 longqi_kernel_os_ko_v1 out/target/product/s9863a1h10_go_32b/vendor/lib/modules/incrementalfs.ko_unsigned out/target/product/s9863a1h10_go_32b/vendor/lib/modules/incrementalfs.ko
? ? fi
fi
1.18 vendor\xxxxx\xxxxx\build\tools\signapk\sign-online.sh
#!/bin/bash
# Sign online.
# Copyright (c) xxxxx Technologies Co., Ltd. 2010-2019. All rights reserved.
BUILD_xxxxx_PATH=$(gettop)/vendor/xxxxx/xxxxx/build
percent_encode()
{
? ? # urlencode <string>
? ? local length="${#1}"
? ? for (( i = 0; i < length; i++ )); do
? ? ? ? local c="${1:i:1}"
? ? ? ? case "$c" in
? ? ? ? ? ? [a-zA-Z0-9.~_-]) printf "$c" ;;
? ? ? ? ? ? *) printf '%%%02X' "'$c"
? ? ? ? esac
? ? done
}
account_check()
{
? ? local onlinename
? ? local onlinepasswd
? ? echo "input you domain account for package certificate."
? ? echo "accout:"
? ? read onlinename
? ? stty -echo
? ? echo "passwd:"
? ? read onlinepasswd
? ? stty echo
? ? onlinepasswd=$(percent_encode "$onlinepasswd")
# ? ?java -jar tools/signcenter/SignApkV2.jar \
# ? ? ? ? ? ?signcenter.pki.hixxxxx.com "${onlinename}" "${onlinepasswd}" \
# ? ? ? ? ? ?$(gettop)/vendor/xxxxx/chipset_common/build/security/testkey.x509.pem \
# ? ? ? ? ? ?apkkey_11v_testkey \
# ? ? ? ? ? ?${BUILD_xxxxx_PATH}/tools/signapk/test.apk ~/test_signed.apk
# ? ?java -jar sign_test/SignApkV2.jar signcenter.pki.hixxxxx.com $(onlinename) $(onlinepasswd) sign_test/apkkey_unisoc_releasekey.pem apkkey_unisoc_releasekey sign_test/test.apk sign_test/signed.apk
? ? if [ $? -ne 0 ];then
? ? ? ? echo "Authentication failed, please check the accout and passwd inputted!"
? ? else
? ? ? ? export ONLINE_USERNAME="${onlinename}"
? ? ? ? export ONLINE_PASSWD="${onlinepasswd}"
? ? fi
# ? ?if [ -f ~/test_signed.apk ];then
# ? ? ? ? rm ~/test_signed.apk
# ? ?fi
}
if [ -z "${ONLINE_USERNAME}" ];then
? ? account_check
fi
1.19 zprojects pre_signApk.sh
#!/bin/bash
#Add by FelixMa For app-sign-online ?start
if [ -r $(gettop)/vendor/xxxxx/xxxxx/build/tools/signapk/sign-apk-online.sh ]; then
? ? echo "goto sign-apk-online including vendor/xxxxx/xxxxx/build/tools/signapk/sign-apk-online.sh"
? ? ###########################################################sprdPreBuildapk############################
? ? sprdPrebuildApks=$(find $(gettop)/vendor/sprd/release/IDH/$TARGET_PRODUCT-$TARGET_BUILD_VARIANT*/out/target/product/s9863a1h10_go_32b/system_ext -name *.apk)
? ? echo "the value of sprdPrebuildApks is $sprdPrebuildApks"
? ? for IN_FILE in ${sprdPrebuildApks}
?? ?do
? ? ? ?apkname=$(basename $IN_FILE .apk)
? ? ? ?PRIVATE_ONLINE_KEY=apkkey_unisoc_platform
? ? ? ?CERTIFICATES=vendor/xxxxx/chipset_common/build/security/platform.x509.pem
?? ? ? if ? ?[ $apkname = "SprdVoWifiConfiguration" ]; then
?? ??? ??? ?echo "the value of apkname is SprdVoWifiConfiguration"
?? ??? ??? ?OUT_FILE=$(gettop)/out/target/product/s9863a1h10_go_32b/system_ext/priv-app/SprdVoWifiConfiguration/SprdVoWifiConfiguration.apk
?? ? ? elif ?[ $apkname = "SprdVoWifiService" ]; then
?? ??? ??? ?echo "the value of apkname is SprdVoWifiService"
?? ??? ??? ?OUT_FILE=$(gettop)/out/target/product/s9863a1h10_go_32b/system_ext/priv-app/SprdVoWifiService/SprdVoWifiService.apk
?? ? ? elif ?[ $apkname = "ImsCM" ]; then
?? ??? ??? ?echo "the value of apkname is ImsCM"
?? ??? ??? ?OUT_FILE=$(gettop)/out/target/product/s9863a1h10_go_32b/system_ext/priv-app/ImsCM/ImsCM.apk
?? ? ? elif ?[ $apkname = "LinkTurbo" ]; then
?? ??? ??? ?echo "the value of apkname is LinkTurbo"
?? ??? ??? ?OUT_FILE=$(gettop)/out/target/product/s9863a1h10_go_32b/system_ext/app/LinkTurbo/LinkTurbo.apk
?? ? ? elif ?[ $apkname = "USCPhotosProvider" ]; then
?? ??? ??? ?echo "the value of apkname is USCPhotosProvider"
?? ??? ??? ?PRIVATE_ONLINE_KEY=apkkey_unisoc_media
?? ??? ??? ?CERTIFICATES=vendor/xxxxx/chipset_common/build/security/media.x509.pem
?? ??? ??? ?OUT_FILE=$(gettop)/out/target/product/s9863a1h10_go_32b/system_ext/app/USCPhotosProvider/USCPhotosProvider.apk
?? ? ? elif ?[ $apkname = "VceDaemon" ]; then
?? ??? ??? ?echo "the value of apkname is VceDaemon"
?? ??? ??? ?OUT_FILE=$(gettop)/out/target/product/s9863a1h10_go_32b/system_ext/app/VceDaemon/VceDaemon.apk
?? ? ? fi
?? ? ? DIR_NAME=$(dirname $OUT_FILE)
?? ? ? echo "DIR_NAME=${DIR_NAME}"
?? ? ? mkdir -p "${DIR_NAME}"
?? ? ? echo "gettop=$(gettop) ONLINE_USERNAME=${ONLINE_USERNAME} ONLINE_PASSWD=${ONLINE_PASSWD} CERTIFICATES=${CERTIFICATES} PRIVATE_ONLINE_KEY=${PRIVATE_ONLINE_KEY} IN_FILE=${IN_FILE} ?OUT_FILE=${OUT_FILE}"
?? ? ? $(gettop)/prebuilts/jdk/jdk11/linux-x86/bin/java -jar $(gettop)/tools/signcenter/SignApkV2.jar --min-sdk-version 30 signcenter.pki.hixxxxx.com "${ONLINE_USERNAME}" "${ONLINE_PASSWD}" "${CERTIFICATES}" "${PRIVATE_ONLINE_KEY}" "${IN_FILE}" "${OUT_FILE}"
? ? ? ?echo "start copy"
?? ? ? cp "${OUT_FILE}" "${IN_FILE}"
?? ? ? echo "end copy"
?? ?done
? ? ###########################################################sprdPreBuildapk##########################?
fi
#Add by FelixMa For app-sign-online ?end
1.20?build\make\core\Makefile
# A list of arbitrary tags describing the build configuration.
# Force ":=" so we can use +=
BUILD_VERSION_TAGS := $(BUILD_VERSION_TAGS)
ifeq ($(TARGET_BUILD_TYPE),debug)
? BUILD_VERSION_TAGS += debug
endif
# The "test-keys" tag marks builds signed with the old test keys,
# which are available in the SDK. ?"dev-keys" marks builds signed with
# non-default dev keys (usually private keys from a vendor directory).
# Both of these tags will be removed and replaced with "release-keys"
# when the target-files is signed in a post-build step.
#Add by Felix.Ma. For app online sign. start.
ifeq ($(DEFAULT_SYSTEM_DEV_CERTIFICATE),vendor/xxxxx/chipset_common/build/security/releasekey)
BUILD_KEYS := release-keys
else ifeq ($(DEFAULT_SYSTEM_DEV_CERTIFICATE),vendor/xxxxx/chipset_common/build/security/testkey)
BUILD_KEYS := test-keys
else ifeq ($(DEFAULT_SYSTEM_DEV_CERTIFICATE),build/make/target/product/security/testkey)
BUILD_KEYS := test-keys
else ifeq ($(DEFAULT_SYSTEM_DEV_CERTIFICATE),build/target/product/security/release/releasekey)
BUILD_KEYS := release-keys
else
BUILD_KEYS := dev-keys
endif
#Add by Felix.Ma. For app online sign. end
BUILD_VERSION_TAGS += $(BUILD_KEYS)
BUILD_VERSION_TAGS := $(subst $(space),$(comma),$(sort $(BUILD_VERSION_TAGS)))
?
|