diff options
| author | 2025-01-03 19:43:38 +0000 | |
|---|---|---|
| committer | 2025-01-03 19:55:46 +0000 | |
| commit | ef1a1fdf35fcad396b75b02751d86ef926e288bb (patch) | |
| tree | bab3992b3ed3a983a587fad37ce63f0ae3c63a70 | |
| parent | e530ab6420f2c5a5e851a8bbd592e174c69147a3 (diff) | |
Provide avbpubkeys of all apexes
all_apex_certs will collect the set of all public keys used to sign apex
payloads. This will be used by `CtsAppSecurityHostTestCases` to ensure
that release builds are not signed with well known keys.
Followup to https://r.android.com/3422436 which collected the test
certificates of apexes.
Bug: 329299639
Test: m nothing
Change-Id: I57314f260a0ff5d7647e6d526cacbdaf29e8b055
| -rw-r--r-- | Android.bp | 5 | ||||
| -rw-r--r-- | apex/key.go | 5 |
2 files changed, 9 insertions, 1 deletions
diff --git a/Android.bp b/Android.bp index 47a195c1d..98552a779 100644 --- a/Android.bp +++ b/Android.bp @@ -256,5 +256,8 @@ build_prop { all_apex_certs { name: "all_apex_certs", - visibility: ["//cts/tests/tests/security"], + visibility: [ + "//cts/tests/tests/security", + "//cts/hostsidetests/appsecurity", + ], } diff --git a/apex/key.go b/apex/key.go index 9fa9d1e02..1622c65e6 100644 --- a/apex/key.go +++ b/apex/key.go @@ -182,6 +182,7 @@ type allApexCerts struct { } func (_ *allApexCerts) GenerateAndroidBuildActions(ctx android.ModuleContext) { + var avbpubkeys android.Paths var certificatesPem android.Paths ctx.VisitDirectDeps(func(m android.Module) { if apex, ok := m.(*apexBundle); ok { @@ -194,9 +195,12 @@ func (_ *allApexCerts) GenerateAndroidBuildActions(ctx android.ModuleContext) { } } certificatesPem = append(certificatesPem, pem) + // avbpubkey for signing the apex payload + avbpubkeys = append(avbpubkeys, apex.publicKeyFile) } }) certificatesPem = android.SortedUniquePaths(certificatesPem) // For hermiticity + avbpubkeys = android.SortedUniquePaths(avbpubkeys) // For hermiticity var certificatesDer android.Paths for index, certificatePem := range certificatesPem { certificateDer := android.PathForModuleOut(ctx, fmt.Sprintf("x509.%v.der", index)) @@ -209,6 +213,7 @@ func (_ *allApexCerts) GenerateAndroidBuildActions(ctx android.ModuleContext) { } ctx.SetOutputFiles(certificatesPem, ".pem") ctx.SetOutputFiles(certificatesDer, ".der") + ctx.SetOutputFiles(avbpubkeys, ".avbpubkey") } func (_ *allApexCerts) GenerateSingletonBuildActions(ctx android.SingletonContext) { |