Dump and enforce certificate for apks Dump the list of APKs that aren't located at system partition and signed with system certificate. And when enforcement option is enabled, it makes build error if there is the apk that satisfies the condition above. Bug: 74699609 Test: m -j Test: m out/target/product/$(get_build_var TARGET_DEVICE)/certificate_violation_modules.txt Change-Id: I23c41f2665dd97abac3e77d1c82d81ff91b894eb

commit: b2c4bb7e3ddcaa27242c1e4e78f69d7e39524cf9 [log] [tgz]
author: Jeongik Cha <jeongik@google.com> Mon Dec 17 14:45:15 2018 +0900
committer: Jeongik Cha <jeongik@google.com> Thu Jan 10 11:37:22 2019 +0900
tree: 3806c64f1fb8168e38b893ce19bf665f88e1cd33
parent: 8d95a14476b5b1cb5a2af655ac5da4606c3b5c07 [diff] [blame]
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 31c77d4..58e1a03 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk

@@ -146,6 +146,9 @@
 
 $(call add_json_list, ManifestPackageNameOverrides,      $(PRODUCT_MANIFEST_PACKAGE_NAME_OVERRIDES))
 
+$(call add_json_bool, EnforceSystemCertificate,          $(ENFORCE_SYSTEM_CERTIFICATE))
+$(call add_json_list, EnforceSystemCertificateWhitelist, $(ENFORCE_SYSTEM_CERTIFICATE_WHITELIST))
+
 $(call add_json_map, VendorVars)
 $(foreach namespace,$(SOONG_CONFIG_NAMESPACES),\
   $(call add_json_map, $(namespace))\
commit	b2c4bb7e3ddcaa27242c1e4e78f69d7e39524cf9	[log] [tgz]
author	Jeongik Cha <jeongik@google.com>	Mon Dec 17 14:45:15 2018 +0900
committer	Jeongik Cha <jeongik@google.com>	Thu Jan 10 11:37:22 2019 +0900
tree	3806c64f1fb8168e38b893ce19bf665f88e1cd33
parent	8d95a14476b5b1cb5a2af655ac5da4606c3b5c07 [diff] [blame]