Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 1 | # |
| 2 | # Copyright (C) 2017 The Android Open Source Project |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | # you may not use this file except in compliance with the License. |
| 6 | # You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | # See the License for the specific language governing permissions and |
| 14 | # limitations under the License. |
| 15 | # |
| 16 | |
Tao Bao | 6647263 | 2017-12-04 17:16:36 -0800 | [diff] [blame] | 17 | import base64 |
Tao Bao | bb73388 | 2019-07-24 23:31:19 -0700 | [diff] [blame] | 18 | import io |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 19 | import os.path |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 20 | import zipfile |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 21 | |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 22 | import common |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 23 | import test_utils |
Tao Bao | 6647263 | 2017-12-04 17:16:36 -0800 | [diff] [blame] | 24 | from sign_target_files_apks import ( |
Tao Bao | aa7e993 | 2019-03-15 09:37:01 -0700 | [diff] [blame] | 25 | CheckApkAndApexKeysAvailable, EditTags, GetApkFileInfo, ReadApexKeysInfo, |
Tao Bao | 19b02fe | 2019-10-09 00:04:28 -0700 | [diff] [blame] | 26 | ReplaceCerts, ReplaceVerityKeyId, RewriteAvbProps, RewriteProps, |
| 27 | WriteOtacerts) |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 28 | |
| 29 | |
Tao Bao | 65b94e9 | 2018-10-11 21:57:26 -0700 | [diff] [blame] | 30 | class SignTargetFilesApksTest(test_utils.ReleaseToolsTestCase): |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 31 | |
Tao Bao | 6647263 | 2017-12-04 17:16:36 -0800 | [diff] [blame] | 32 | MAC_PERMISSIONS_XML = """<?xml version="1.0" encoding="iso-8859-1"?> |
| 33 | <policy> |
| 34 | <signer signature="{}"><seinfo value="platform"/></signer> |
| 35 | <signer signature="{}"><seinfo value="media"/></signer> |
| 36 | </policy>""" |
| 37 | |
Tao Bao | e134399 | 2019-03-19 12:24:03 -0700 | [diff] [blame] | 38 | # pylint: disable=line-too-long |
Bill Peckham | 19c3feb | 2020-03-20 18:31:43 -0700 | [diff] [blame^] | 39 | APEX_KEYS_TXT = """name="apex.apexd_test.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem" container_certificate="build/make/target/product/security/testkey.x509.pem" container_private_key="build/make/target/product/security/testkey.pk8" partition="system" |
| 40 | name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" container_certificate="build/make/target/product/security/testkey.x509.pem" container_private_key="build/make/target/product/security/testkey.pk8" partition="system" |
Tao Bao | aa7e993 | 2019-03-15 09:37:01 -0700 | [diff] [blame] | 41 | """ |
| 42 | |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 43 | def setUp(self): |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 44 | self.testdata_dir = test_utils.get_testdata_dir() |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 45 | |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 46 | def test_EditTags(self): |
| 47 | self.assertEqual(EditTags('dev-keys'), ('release-keys')) |
| 48 | self.assertEqual(EditTags('test-keys'), ('release-keys')) |
| 49 | |
| 50 | # Multiple tags. |
| 51 | self.assertEqual(EditTags('abc,dev-keys,xyz'), ('abc,release-keys,xyz')) |
| 52 | |
| 53 | # Tags are sorted. |
| 54 | self.assertEqual(EditTags('xyz,abc,dev-keys,xyz'), ('abc,release-keys,xyz')) |
| 55 | |
Tao Bao | 19b02fe | 2019-10-09 00:04:28 -0700 | [diff] [blame] | 56 | def test_RewriteAvbProps(self): |
| 57 | misc_info = { |
| 58 | 'avb_boot_add_hash_footer_args': |
| 59 | ('--prop com.android.build.boot.os_version:R ' |
| 60 | '--prop com.android.build.boot.security_patch:2019-09-05'), |
| 61 | 'avb_system_add_hashtree_footer_args': |
| 62 | ('--prop com.android.build.system.os_version:R ' |
| 63 | '--prop com.android.build.system.security_patch:2019-09-05 ' |
| 64 | '--prop com.android.build.system.fingerprint:' |
| 65 | 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/test-keys'), |
| 66 | 'avb_vendor_add_hashtree_footer_args': |
| 67 | ('--prop com.android.build.vendor.os_version:R ' |
| 68 | '--prop com.android.build.vendor.security_patch:2019-09-05 ' |
| 69 | '--prop com.android.build.vendor.fingerprint:' |
| 70 | 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/dev-keys'), |
| 71 | } |
| 72 | expected_dict = { |
| 73 | 'avb_boot_add_hash_footer_args': |
| 74 | ('--prop com.android.build.boot.os_version:R ' |
| 75 | '--prop com.android.build.boot.security_patch:2019-09-05'), |
| 76 | 'avb_system_add_hashtree_footer_args': |
| 77 | ('--prop com.android.build.system.os_version:R ' |
| 78 | '--prop com.android.build.system.security_patch:2019-09-05 ' |
| 79 | '--prop com.android.build.system.fingerprint:' |
| 80 | 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/release-keys'), |
| 81 | 'avb_vendor_add_hashtree_footer_args': |
| 82 | ('--prop com.android.build.vendor.os_version:R ' |
| 83 | '--prop com.android.build.vendor.security_patch:2019-09-05 ' |
| 84 | '--prop com.android.build.vendor.fingerprint:' |
| 85 | 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/release-keys'), |
| 86 | } |
| 87 | RewriteAvbProps(misc_info) |
| 88 | self.assertDictEqual(expected_dict, misc_info) |
| 89 | |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 90 | def test_RewriteProps(self): |
| 91 | props = ( |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 92 | ('', ''), |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 93 | ('ro.build.fingerprint=foo/bar/dev-keys', |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 94 | 'ro.build.fingerprint=foo/bar/release-keys'), |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 95 | ('ro.build.thumbprint=foo/bar/dev-keys', |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 96 | 'ro.build.thumbprint=foo/bar/release-keys'), |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 97 | ('ro.vendor.build.fingerprint=foo/bar/dev-keys', |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 98 | 'ro.vendor.build.fingerprint=foo/bar/release-keys'), |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 99 | ('ro.vendor.build.thumbprint=foo/bar/dev-keys', |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 100 | 'ro.vendor.build.thumbprint=foo/bar/release-keys'), |
| 101 | ('ro.odm.build.fingerprint=foo/bar/test-keys', |
| 102 | 'ro.odm.build.fingerprint=foo/bar/release-keys'), |
| 103 | ('ro.odm.build.thumbprint=foo/bar/test-keys', |
| 104 | 'ro.odm.build.thumbprint=foo/bar/release-keys'), |
| 105 | ('ro.product.build.fingerprint=foo/bar/dev-keys', |
| 106 | 'ro.product.build.fingerprint=foo/bar/release-keys'), |
| 107 | ('ro.product.build.thumbprint=foo/bar/dev-keys', |
| 108 | 'ro.product.build.thumbprint=foo/bar/release-keys'), |
Justin Yun | 6151e3f | 2019-06-25 15:58:13 +0900 | [diff] [blame] | 109 | ('ro.system_ext.build.fingerprint=foo/bar/test-keys', |
| 110 | 'ro.system_ext.build.fingerprint=foo/bar/release-keys'), |
| 111 | ('ro.system_ext.build.thumbprint=foo/bar/test-keys', |
| 112 | 'ro.system_ext.build.thumbprint=foo/bar/release-keys'), |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 113 | ('# comment line 1', '# comment line 1'), |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 114 | ('ro.bootimage.build.fingerprint=foo/bar/dev-keys', |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 115 | 'ro.bootimage.build.fingerprint=foo/bar/release-keys'), |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 116 | ('ro.build.description=' |
| 117 | 'sailfish-user 8.0.0 OPR6.170623.012 4283428 dev-keys', |
| 118 | 'ro.build.description=' |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 119 | 'sailfish-user 8.0.0 OPR6.170623.012 4283428 release-keys'), |
| 120 | ('ro.build.tags=dev-keys', 'ro.build.tags=release-keys'), |
| 121 | ('ro.build.tags=test-keys', 'ro.build.tags=release-keys'), |
| 122 | ('ro.system.build.tags=dev-keys', |
| 123 | 'ro.system.build.tags=release-keys'), |
| 124 | ('ro.vendor.build.tags=dev-keys', |
| 125 | 'ro.vendor.build.tags=release-keys'), |
| 126 | ('ro.odm.build.tags=dev-keys', |
| 127 | 'ro.odm.build.tags=release-keys'), |
| 128 | ('ro.product.build.tags=dev-keys', |
| 129 | 'ro.product.build.tags=release-keys'), |
Justin Yun | 6151e3f | 2019-06-25 15:58:13 +0900 | [diff] [blame] | 130 | ('ro.system_ext.build.tags=dev-keys', |
| 131 | 'ro.system_ext.build.tags=release-keys'), |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 132 | ('# comment line 2', '# comment line 2'), |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 133 | ('ro.build.display.id=OPR6.170623.012 dev-keys', |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 134 | 'ro.build.display.id=OPR6.170623.012'), |
| 135 | ('# comment line 3', '# comment line 3'), |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 136 | ) |
| 137 | |
| 138 | # Assert the case for each individual line. |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 139 | for prop, expected in props: |
| 140 | self.assertEqual(expected + '\n', RewriteProps(prop)) |
Tao Bao | a7054ee | 2017-12-08 14:42:16 -0800 | [diff] [blame] | 141 | |
| 142 | # Concatenate all the input lines. |
Magnus Strandh | 234f4b4 | 2019-05-01 23:09:30 +0200 | [diff] [blame] | 143 | self.assertEqual( |
| 144 | '\n'.join([prop[1] for prop in props]) + '\n', |
| 145 | RewriteProps('\n'.join([prop[0] for prop in props]))) |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 146 | |
| 147 | def test_ReplaceVerityKeyId(self): |
| 148 | BOOT_CMDLINE1 = ( |
| 149 | "console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 " |
| 150 | "androidboot.hardware=marlin user_debug=31 ehci-hcd.park=3 " |
| 151 | "lpm_levels.sleep_disabled=1 cma=32M@0-0xffffffff loop.max_part=7 " |
| 152 | "buildvariant=userdebug " |
| 153 | "veritykeyid=id:7e4333f9bba00adfe0ede979e28ed1920492b40f\n") |
| 154 | |
| 155 | BOOT_CMDLINE2 = ( |
| 156 | "console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 " |
| 157 | "androidboot.hardware=marlin user_debug=31 ehci-hcd.park=3 " |
| 158 | "lpm_levels.sleep_disabled=1 cma=32M@0-0xffffffff loop.max_part=7 " |
| 159 | "buildvariant=userdebug " |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 160 | "veritykeyid=id:d24f2590e9abab5cff5f59da4c4f0366e3f43e94\n") |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 161 | |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 162 | input_file = common.MakeTempFile(suffix='.zip') |
| 163 | with zipfile.ZipFile(input_file, 'w') as input_zip: |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 164 | input_zip.writestr('BOOT/cmdline', BOOT_CMDLINE1) |
| 165 | |
| 166 | # Test with the first certificate. |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 167 | cert_file = os.path.join(self.testdata_dir, 'verity.x509.pem') |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 168 | |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 169 | output_file = common.MakeTempFile(suffix='.zip') |
| 170 | with zipfile.ZipFile(input_file, 'r') as input_zip, \ |
| 171 | zipfile.ZipFile(output_file, 'w') as output_zip: |
| 172 | ReplaceVerityKeyId(input_zip, output_zip, cert_file) |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 173 | |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 174 | with zipfile.ZipFile(output_file) as output_zip: |
Tao Bao | a370545 | 2019-06-24 15:33:41 -0700 | [diff] [blame] | 175 | self.assertEqual(BOOT_CMDLINE1, output_zip.read('BOOT/cmdline').decode()) |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 176 | |
| 177 | # Test with the second certificate. |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 178 | cert_file = os.path.join(self.testdata_dir, 'testkey.x509.pem') |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 179 | |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 180 | with zipfile.ZipFile(input_file, 'r') as input_zip, \ |
| 181 | zipfile.ZipFile(output_file, 'w') as output_zip: |
| 182 | ReplaceVerityKeyId(input_zip, output_zip, cert_file) |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 183 | |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 184 | with zipfile.ZipFile(output_file) as output_zip: |
Tao Bao | a370545 | 2019-06-24 15:33:41 -0700 | [diff] [blame] | 185 | self.assertEqual(BOOT_CMDLINE2, output_zip.read('BOOT/cmdline').decode()) |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 186 | |
| 187 | def test_ReplaceVerityKeyId_no_veritykeyid(self): |
| 188 | BOOT_CMDLINE = ( |
| 189 | "console=ttyHSL0,115200,n8 androidboot.hardware=bullhead boot_cpus=0-5 " |
| 190 | "lpm_levels.sleep_disabled=1 msm_poweroff.download_mode=0 " |
| 191 | "loop.max_part=7\n") |
| 192 | |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 193 | input_file = common.MakeTempFile(suffix='.zip') |
| 194 | with zipfile.ZipFile(input_file, 'w') as input_zip: |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 195 | input_zip.writestr('BOOT/cmdline', BOOT_CMDLINE) |
| 196 | |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 197 | output_file = common.MakeTempFile(suffix='.zip') |
| 198 | with zipfile.ZipFile(input_file, 'r') as input_zip, \ |
| 199 | zipfile.ZipFile(output_file, 'w') as output_zip: |
Tao Bao | e838d14 | 2017-12-23 23:44:48 -0800 | [diff] [blame] | 200 | ReplaceVerityKeyId(input_zip, output_zip, None) |
| 201 | |
Tao Bao | de1d479 | 2018-02-20 10:05:46 -0800 | [diff] [blame] | 202 | with zipfile.ZipFile(output_file) as output_zip: |
Tao Bao | a370545 | 2019-06-24 15:33:41 -0700 | [diff] [blame] | 203 | self.assertEqual(BOOT_CMDLINE, output_zip.read('BOOT/cmdline').decode()) |
Tao Bao | 6647263 | 2017-12-04 17:16:36 -0800 | [diff] [blame] | 204 | |
| 205 | def test_ReplaceCerts(self): |
| 206 | cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem') |
| 207 | with open(cert1_path) as cert1_fp: |
| 208 | cert1 = cert1_fp.read() |
| 209 | cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem') |
| 210 | with open(cert2_path) as cert2_fp: |
| 211 | cert2 = cert2_fp.read() |
| 212 | cert3_path = os.path.join(self.testdata_dir, 'testkey.x509.pem') |
| 213 | with open(cert3_path) as cert3_fp: |
| 214 | cert3 = cert3_fp.read() |
| 215 | |
| 216 | # Replace cert1 with cert3. |
| 217 | input_xml = self.MAC_PERMISSIONS_XML.format( |
| 218 | base64.b16encode(common.ParseCertificate(cert1)).lower(), |
| 219 | base64.b16encode(common.ParseCertificate(cert2)).lower()) |
| 220 | |
| 221 | output_xml = self.MAC_PERMISSIONS_XML.format( |
| 222 | base64.b16encode(common.ParseCertificate(cert3)).lower(), |
| 223 | base64.b16encode(common.ParseCertificate(cert2)).lower()) |
| 224 | |
| 225 | common.OPTIONS.key_map = { |
| 226 | cert1_path[:-9] : cert3_path[:-9], |
| 227 | } |
| 228 | |
| 229 | self.assertEqual(output_xml, ReplaceCerts(input_xml)) |
| 230 | |
| 231 | def test_ReplaceCerts_duplicateEntries(self): |
| 232 | cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem') |
| 233 | with open(cert1_path) as cert1_fp: |
| 234 | cert1 = cert1_fp.read() |
| 235 | cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem') |
| 236 | with open(cert2_path) as cert2_fp: |
| 237 | cert2 = cert2_fp.read() |
| 238 | |
| 239 | # Replace cert1 with cert2, which leads to duplicate entries. |
| 240 | input_xml = self.MAC_PERMISSIONS_XML.format( |
| 241 | base64.b16encode(common.ParseCertificate(cert1)).lower(), |
| 242 | base64.b16encode(common.ParseCertificate(cert2)).lower()) |
| 243 | |
| 244 | common.OPTIONS.key_map = { |
| 245 | cert1_path[:-9] : cert2_path[:-9], |
| 246 | } |
| 247 | self.assertRaises(AssertionError, ReplaceCerts, input_xml) |
| 248 | |
| 249 | def test_ReplaceCerts_skipNonExistentCerts(self): |
| 250 | cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem') |
| 251 | with open(cert1_path) as cert1_fp: |
| 252 | cert1 = cert1_fp.read() |
| 253 | cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem') |
| 254 | with open(cert2_path) as cert2_fp: |
| 255 | cert2 = cert2_fp.read() |
| 256 | cert3_path = os.path.join(self.testdata_dir, 'testkey.x509.pem') |
| 257 | with open(cert3_path) as cert3_fp: |
| 258 | cert3 = cert3_fp.read() |
| 259 | |
| 260 | input_xml = self.MAC_PERMISSIONS_XML.format( |
| 261 | base64.b16encode(common.ParseCertificate(cert1)).lower(), |
| 262 | base64.b16encode(common.ParseCertificate(cert2)).lower()) |
| 263 | |
| 264 | output_xml = self.MAC_PERMISSIONS_XML.format( |
| 265 | base64.b16encode(common.ParseCertificate(cert3)).lower(), |
| 266 | base64.b16encode(common.ParseCertificate(cert2)).lower()) |
| 267 | |
| 268 | common.OPTIONS.key_map = { |
| 269 | cert1_path[:-9] : cert3_path[:-9], |
| 270 | 'non-existent' : cert3_path[:-9], |
| 271 | cert2_path[:-9] : 'non-existent', |
| 272 | } |
| 273 | self.assertEqual(output_xml, ReplaceCerts(input_xml)) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 274 | |
Tao Bao | bb73388 | 2019-07-24 23:31:19 -0700 | [diff] [blame] | 275 | def test_WriteOtacerts(self): |
| 276 | certs = [ |
| 277 | os.path.join(self.testdata_dir, 'platform.x509.pem'), |
| 278 | os.path.join(self.testdata_dir, 'media.x509.pem'), |
| 279 | os.path.join(self.testdata_dir, 'testkey.x509.pem'), |
| 280 | ] |
| 281 | entry_name = 'SYSTEM/etc/security/otacerts.zip' |
| 282 | output_file = common.MakeTempFile(suffix='.zip') |
| 283 | with zipfile.ZipFile(output_file, 'w') as output_zip: |
| 284 | WriteOtacerts(output_zip, entry_name, certs) |
| 285 | with zipfile.ZipFile(output_file) as input_zip: |
| 286 | self.assertIn(entry_name, input_zip.namelist()) |
| 287 | otacerts_file = io.BytesIO(input_zip.read(entry_name)) |
| 288 | with zipfile.ZipFile(otacerts_file) as otacerts_zip: |
| 289 | self.assertEqual(3, len(otacerts_zip.namelist())) |
| 290 | |
Tao Bao | aa7e993 | 2019-03-15 09:37:01 -0700 | [diff] [blame] | 291 | def test_CheckApkAndApexKeysAvailable(self): |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 292 | input_file = common.MakeTempFile(suffix='.zip') |
| 293 | with zipfile.ZipFile(input_file, 'w') as input_zip: |
| 294 | input_zip.writestr('SYSTEM/app/App1.apk', "App1-content") |
| 295 | input_zip.writestr('SYSTEM/app/App2.apk.gz', "App2-content") |
| 296 | |
| 297 | apk_key_map = { |
| 298 | 'App1.apk' : 'key1', |
| 299 | 'App2.apk' : 'key2', |
| 300 | 'App3.apk' : 'key3', |
| 301 | } |
| 302 | with zipfile.ZipFile(input_file) as input_zip: |
Tao Bao | e134399 | 2019-03-19 12:24:03 -0700 | [diff] [blame] | 303 | CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, {}) |
| 304 | CheckApkAndApexKeysAvailable(input_zip, apk_key_map, '.gz', {}) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 305 | |
| 306 | # 'App2.apk.gz' won't be considered as an APK. |
Tao Bao | e134399 | 2019-03-19 12:24:03 -0700 | [diff] [blame] | 307 | CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, {}) |
| 308 | CheckApkAndApexKeysAvailable(input_zip, apk_key_map, '.xz', {}) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 309 | |
| 310 | del apk_key_map['App2.apk'] |
| 311 | self.assertRaises( |
Tao Bao | aa7e993 | 2019-03-15 09:37:01 -0700 | [diff] [blame] | 312 | AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map, |
Tao Bao | e134399 | 2019-03-19 12:24:03 -0700 | [diff] [blame] | 313 | '.gz', {}) |
| 314 | |
| 315 | def test_CheckApkAndApexKeysAvailable_invalidApexKeys(self): |
| 316 | input_file = common.MakeTempFile(suffix='.zip') |
| 317 | with zipfile.ZipFile(input_file, 'w') as input_zip: |
| 318 | input_zip.writestr('SYSTEM/apex/Apex1.apex', "Apex1-content") |
| 319 | input_zip.writestr('SYSTEM/apex/Apex2.apex', "Apex2-content") |
| 320 | |
| 321 | apk_key_map = { |
| 322 | 'Apex1.apex' : 'key1', |
| 323 | 'Apex2.apex' : 'key2', |
| 324 | 'Apex3.apex' : 'key3', |
| 325 | } |
| 326 | apex_keys = { |
| 327 | 'Apex1.apex' : ('payload-key1', 'container-key1'), |
| 328 | 'Apex2.apex' : ('payload-key2', 'container-key2'), |
| 329 | } |
| 330 | with zipfile.ZipFile(input_file) as input_zip: |
| 331 | CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, apex_keys) |
| 332 | |
| 333 | # Fine to have both keys as PRESIGNED. |
| 334 | apex_keys['Apex2.apex'] = ('PRESIGNED', 'PRESIGNED') |
| 335 | CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, apex_keys) |
| 336 | |
| 337 | # Having only one of them as PRESIGNED is not allowed. |
| 338 | apex_keys['Apex2.apex'] = ('payload-key2', 'PRESIGNED') |
| 339 | self.assertRaises( |
| 340 | AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map, |
| 341 | None, apex_keys) |
| 342 | |
| 343 | apex_keys['Apex2.apex'] = ('PRESIGNED', 'container-key1') |
| 344 | self.assertRaises( |
| 345 | AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map, |
| 346 | None, apex_keys) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 347 | |
| 348 | def test_GetApkFileInfo(self): |
Tao Bao | 93c2a01 | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 349 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 350 | "PRODUCT/apps/Chats.apk", None, []) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 351 | self.assertTrue(is_apk) |
| 352 | self.assertFalse(is_compressed) |
Tao Bao | 93c2a01 | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 353 | self.assertFalse(should_be_skipped) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 354 | |
Tao Bao | 93c2a01 | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 355 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 356 | "PRODUCT/apps/Chats.apk", None, []) |
| 357 | self.assertTrue(is_apk) |
| 358 | self.assertFalse(is_compressed) |
| 359 | self.assertFalse(should_be_skipped) |
| 360 | |
| 361 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 362 | "PRODUCT/apps/Chats.dat", None, []) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 363 | self.assertFalse(is_apk) |
| 364 | self.assertFalse(is_compressed) |
Tao Bao | 93c2a01 | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 365 | self.assertFalse(should_be_skipped) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 366 | |
| 367 | def test_GetApkFileInfo_withCompressedApks(self): |
Tao Bao | 93c2a01 | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 368 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 369 | "PRODUCT/apps/Chats.apk.gz", ".gz", []) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 370 | self.assertTrue(is_apk) |
| 371 | self.assertTrue(is_compressed) |
Tao Bao | 93c2a01 | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 372 | self.assertFalse(should_be_skipped) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 373 | |
Tao Bao | 93c2a01 | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 374 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 375 | "PRODUCT/apps/Chats.apk.gz", ".xz", []) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 376 | self.assertFalse(is_apk) |
| 377 | self.assertFalse(is_compressed) |
Tao Bao | 93c2a01 | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 378 | self.assertFalse(should_be_skipped) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 379 | |
| 380 | self.assertRaises( |
Tao Bao | 93c2a01 | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 381 | AssertionError, GetApkFileInfo, "PRODUCT/apps/Chats.apk", "", []) |
Tao Bao | 11f955c | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 382 | |
| 383 | self.assertRaises( |
Tao Bao | 93c2a01 | 2018-06-19 12:19:35 -0700 | [diff] [blame] | 384 | AssertionError, GetApkFileInfo, "PRODUCT/apps/Chats.apk", "apk", []) |
| 385 | |
| 386 | def test_GetApkFileInfo_withSkippedPrefixes(self): |
| 387 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 388 | "PRODUCT/preloads/apps/Chats.apk", None, set()) |
| 389 | self.assertTrue(is_apk) |
| 390 | self.assertFalse(is_compressed) |
| 391 | self.assertFalse(should_be_skipped) |
| 392 | |
| 393 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 394 | "PRODUCT/preloads/apps/Chats.apk", |
| 395 | None, |
| 396 | set(["PRODUCT/preloads/"])) |
| 397 | self.assertTrue(is_apk) |
| 398 | self.assertFalse(is_compressed) |
| 399 | self.assertTrue(should_be_skipped) |
| 400 | |
| 401 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 402 | "SYSTEM_OTHER/preloads/apps/Chats.apk", |
| 403 | None, |
| 404 | set(["SYSTEM/preloads/", "SYSTEM_OTHER/preloads/"])) |
| 405 | self.assertTrue(is_apk) |
| 406 | self.assertFalse(is_compressed) |
| 407 | self.assertTrue(should_be_skipped) |
| 408 | |
| 409 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 410 | "SYSTEM_OTHER/preloads/apps/Chats.apk.gz", |
| 411 | ".gz", |
| 412 | set(["PRODUCT/prebuilts/", "SYSTEM_OTHER/preloads/"])) |
| 413 | self.assertTrue(is_apk) |
| 414 | self.assertTrue(is_compressed) |
| 415 | self.assertTrue(should_be_skipped) |
| 416 | |
| 417 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 418 | "SYSTEM_OTHER/preloads/apps/Chats.dat", |
| 419 | None, |
| 420 | set(["SYSTEM_OTHER/preloads/"])) |
| 421 | self.assertFalse(is_apk) |
| 422 | self.assertFalse(is_compressed) |
| 423 | self.assertFalse(should_be_skipped) |
| 424 | |
| 425 | def test_GetApkFileInfo_checkSkippedPrefixesInput(self): |
| 426 | # set |
| 427 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 428 | "SYSTEM_OTHER/preloads/apps/Chats.apk", |
| 429 | None, |
| 430 | set(["SYSTEM_OTHER/preloads/"])) |
| 431 | self.assertTrue(is_apk) |
| 432 | self.assertFalse(is_compressed) |
| 433 | self.assertTrue(should_be_skipped) |
| 434 | |
| 435 | # tuple |
| 436 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 437 | "SYSTEM_OTHER/preloads/apps/Chats.apk", |
| 438 | None, |
| 439 | ("SYSTEM_OTHER/preloads/",)) |
| 440 | self.assertTrue(is_apk) |
| 441 | self.assertFalse(is_compressed) |
| 442 | self.assertTrue(should_be_skipped) |
| 443 | |
| 444 | # list |
| 445 | (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo( |
| 446 | "SYSTEM_OTHER/preloads/apps/Chats.apk", |
| 447 | None, |
| 448 | ["SYSTEM_OTHER/preloads/"]) |
| 449 | self.assertTrue(is_apk) |
| 450 | self.assertFalse(is_compressed) |
| 451 | self.assertTrue(should_be_skipped) |
| 452 | |
| 453 | # str is invalid. |
| 454 | self.assertRaises( |
| 455 | AssertionError, GetApkFileInfo, "SYSTEM_OTHER/preloads/apps/Chats.apk", |
| 456 | None, "SYSTEM_OTHER/preloads/") |
| 457 | |
| 458 | # None is invalid. |
| 459 | self.assertRaises( |
| 460 | AssertionError, GetApkFileInfo, "SYSTEM_OTHER/preloads/apps/Chats.apk", |
| 461 | None, None) |
Tao Bao | aa7e993 | 2019-03-15 09:37:01 -0700 | [diff] [blame] | 462 | |
| 463 | def test_ReadApexKeysInfo(self): |
| 464 | target_files = common.MakeTempFile(suffix='.zip') |
| 465 | with zipfile.ZipFile(target_files, 'w') as target_files_zip: |
| 466 | target_files_zip.writestr('META/apexkeys.txt', self.APEX_KEYS_TXT) |
| 467 | |
| 468 | with zipfile.ZipFile(target_files) as target_files_zip: |
| 469 | keys_info = ReadApexKeysInfo(target_files_zip) |
| 470 | |
Tao Bao | e134399 | 2019-03-19 12:24:03 -0700 | [diff] [blame] | 471 | self.assertEqual({ |
| 472 | 'apex.apexd_test.apex': ( |
| 473 | 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem', |
Dan Willemsen | 0ab1be6 | 2019-04-09 21:35:37 -0700 | [diff] [blame] | 474 | 'build/make/target/product/security/testkey'), |
Tao Bao | e134399 | 2019-03-19 12:24:03 -0700 | [diff] [blame] | 475 | 'apex.apexd_test_different_app.apex': ( |
| 476 | 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem', |
Dan Willemsen | 0ab1be6 | 2019-04-09 21:35:37 -0700 | [diff] [blame] | 477 | 'build/make/target/product/security/testkey'), |
Tao Bao | e134399 | 2019-03-19 12:24:03 -0700 | [diff] [blame] | 478 | }, keys_info) |
Tao Bao | aa7e993 | 2019-03-15 09:37:01 -0700 | [diff] [blame] | 479 | |
Tao Bao | 6d9e3da | 2019-03-26 12:59:25 -0700 | [diff] [blame] | 480 | def test_ReadApexKeysInfo_mismatchingContainerKeys(self): |
Tao Bao | aa7e993 | 2019-03-15 09:37:01 -0700 | [diff] [blame] | 481 | # Mismatching payload public / private keys. |
| 482 | apex_keys = self.APEX_KEYS_TXT + ( |
| 483 | 'name="apex.apexd_test_different_app2.apex" ' |
| 484 | 'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" ' |
Tao Bao | 6d9e3da | 2019-03-26 12:59:25 -0700 | [diff] [blame] | 485 | 'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" ' |
Dan Willemsen | 0ab1be6 | 2019-04-09 21:35:37 -0700 | [diff] [blame] | 486 | 'container_certificate="build/make/target/product/security/testkey.x509.pem" ' |
Bill Peckham | 19c3feb | 2020-03-20 18:31:43 -0700 | [diff] [blame^] | 487 | 'container_private_key="build/make/target/product/security/testkey2.pk8" ' |
| 488 | 'partition="system"') |
Tao Bao | aa7e993 | 2019-03-15 09:37:01 -0700 | [diff] [blame] | 489 | target_files = common.MakeTempFile(suffix='.zip') |
| 490 | with zipfile.ZipFile(target_files, 'w') as target_files_zip: |
| 491 | target_files_zip.writestr('META/apexkeys.txt', apex_keys) |
| 492 | |
| 493 | with zipfile.ZipFile(target_files) as target_files_zip: |
| 494 | self.assertRaises(ValueError, ReadApexKeysInfo, target_files_zip) |
| 495 | |
Tao Bao | 6d9e3da | 2019-03-26 12:59:25 -0700 | [diff] [blame] | 496 | def test_ReadApexKeysInfo_missingPayloadPrivateKey(self): |
Tao Bao | aa7e993 | 2019-03-15 09:37:01 -0700 | [diff] [blame] | 497 | # Invalid lines will be skipped. |
| 498 | apex_keys = self.APEX_KEYS_TXT + ( |
| 499 | 'name="apex.apexd_test_different_app2.apex" ' |
| 500 | 'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" ' |
Dan Willemsen | 0ab1be6 | 2019-04-09 21:35:37 -0700 | [diff] [blame] | 501 | 'container_certificate="build/make/target/product/security/testkey.x509.pem" ' |
| 502 | 'container_private_key="build/make/target/product/security/testkey.pk8"') |
Tao Bao | aa7e993 | 2019-03-15 09:37:01 -0700 | [diff] [blame] | 503 | target_files = common.MakeTempFile(suffix='.zip') |
| 504 | with zipfile.ZipFile(target_files, 'w') as target_files_zip: |
| 505 | target_files_zip.writestr('META/apexkeys.txt', apex_keys) |
| 506 | |
| 507 | with zipfile.ZipFile(target_files) as target_files_zip: |
| 508 | keys_info = ReadApexKeysInfo(target_files_zip) |
| 509 | |
Tao Bao | e134399 | 2019-03-19 12:24:03 -0700 | [diff] [blame] | 510 | self.assertEqual({ |
| 511 | 'apex.apexd_test.apex': ( |
| 512 | 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem', |
Dan Willemsen | 0ab1be6 | 2019-04-09 21:35:37 -0700 | [diff] [blame] | 513 | 'build/make/target/product/security/testkey'), |
Tao Bao | e134399 | 2019-03-19 12:24:03 -0700 | [diff] [blame] | 514 | 'apex.apexd_test_different_app.apex': ( |
| 515 | 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem', |
Dan Willemsen | 0ab1be6 | 2019-04-09 21:35:37 -0700 | [diff] [blame] | 516 | 'build/make/target/product/security/testkey'), |
Tao Bao | e134399 | 2019-03-19 12:24:03 -0700 | [diff] [blame] | 517 | }, keys_info) |
Tao Bao | 6d9e3da | 2019-03-26 12:59:25 -0700 | [diff] [blame] | 518 | |
| 519 | def test_ReadApexKeysInfo_missingPayloadPublicKey(self): |
| 520 | # Invalid lines will be skipped. |
| 521 | apex_keys = self.APEX_KEYS_TXT + ( |
| 522 | 'name="apex.apexd_test_different_app2.apex" ' |
| 523 | 'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" ' |
Dan Willemsen | 0ab1be6 | 2019-04-09 21:35:37 -0700 | [diff] [blame] | 524 | 'container_certificate="build/make/target/product/security/testkey.x509.pem" ' |
| 525 | 'container_private_key="build/make/target/product/security/testkey.pk8"') |
Tao Bao | 6d9e3da | 2019-03-26 12:59:25 -0700 | [diff] [blame] | 526 | target_files = common.MakeTempFile(suffix='.zip') |
| 527 | with zipfile.ZipFile(target_files, 'w') as target_files_zip: |
| 528 | target_files_zip.writestr('META/apexkeys.txt', apex_keys) |
| 529 | |
| 530 | with zipfile.ZipFile(target_files) as target_files_zip: |
| 531 | keys_info = ReadApexKeysInfo(target_files_zip) |
| 532 | |
| 533 | self.assertEqual({ |
| 534 | 'apex.apexd_test.apex': ( |
| 535 | 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem', |
Dan Willemsen | 0ab1be6 | 2019-04-09 21:35:37 -0700 | [diff] [blame] | 536 | 'build/make/target/product/security/testkey'), |
Tao Bao | 6d9e3da | 2019-03-26 12:59:25 -0700 | [diff] [blame] | 537 | 'apex.apexd_test_different_app.apex': ( |
| 538 | 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem', |
Dan Willemsen | 0ab1be6 | 2019-04-09 21:35:37 -0700 | [diff] [blame] | 539 | 'build/make/target/product/security/testkey'), |
Tao Bao | 6d9e3da | 2019-03-26 12:59:25 -0700 | [diff] [blame] | 540 | }, keys_info) |
Tao Bao | f454c3a | 2019-04-24 23:53:42 -0700 | [diff] [blame] | 541 | |
| 542 | def test_ReadApexKeysInfo_presignedKeys(self): |
| 543 | apex_keys = self.APEX_KEYS_TXT + ( |
| 544 | 'name="apex.apexd_test_different_app2.apex" ' |
| 545 | 'private_key="PRESIGNED" ' |
| 546 | 'public_key="PRESIGNED" ' |
| 547 | 'container_certificate="PRESIGNED" ' |
| 548 | 'container_private_key="PRESIGNED"') |
| 549 | target_files = common.MakeTempFile(suffix='.zip') |
| 550 | with zipfile.ZipFile(target_files, 'w') as target_files_zip: |
| 551 | target_files_zip.writestr('META/apexkeys.txt', apex_keys) |
| 552 | |
| 553 | with zipfile.ZipFile(target_files) as target_files_zip: |
| 554 | keys_info = ReadApexKeysInfo(target_files_zip) |
| 555 | |
| 556 | self.assertEqual({ |
| 557 | 'apex.apexd_test.apex': ( |
| 558 | 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem', |
| 559 | 'build/make/target/product/security/testkey'), |
| 560 | 'apex.apexd_test_different_app.apex': ( |
| 561 | 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem', |
| 562 | 'build/make/target/product/security/testkey'), |
| 563 | }, keys_info) |
Tao Bao | 548db7d | 2019-04-24 23:53:42 -0700 | [diff] [blame] | 564 | |
| 565 | def test_ReadApexKeysInfo_presignedKeys(self): |
| 566 | apex_keys = self.APEX_KEYS_TXT + ( |
| 567 | 'name="apex.apexd_test_different_app2.apex" ' |
| 568 | 'private_key="PRESIGNED" ' |
| 569 | 'public_key="PRESIGNED" ' |
| 570 | 'container_certificate="PRESIGNED" ' |
| 571 | 'container_private_key="PRESIGNED"') |
| 572 | target_files = common.MakeTempFile(suffix='.zip') |
| 573 | with zipfile.ZipFile(target_files, 'w') as target_files_zip: |
| 574 | target_files_zip.writestr('META/apexkeys.txt', apex_keys) |
| 575 | |
| 576 | with zipfile.ZipFile(target_files) as target_files_zip: |
| 577 | keys_info = ReadApexKeysInfo(target_files_zip) |
| 578 | |
| 579 | self.assertEqual({ |
| 580 | 'apex.apexd_test.apex': ( |
| 581 | 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem', |
| 582 | 'build/make/target/product/security/testkey'), |
| 583 | 'apex.apexd_test_different_app.apex': ( |
| 584 | 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem', |
| 585 | 'build/make/target/product/security/testkey'), |
| 586 | }, keys_info) |