Blame - tools/releasetools/test_sign_target_files_apks.py - android_build

blob: 18762eebad3064606f87e3344443e8f3a85ab924 [file] [log] [blame]

Tao Bao	a7054ee	2017-12-08 14:42:16 -0800	[diff] [blame]	1	#
				2	# Copyright (C) 2017 The Android Open Source Project
				3	#
				4	# Licensed under the Apache License, Version 2.0 (the "License");
				5	# you may not use this file except in compliance with the License.
				6	# You may obtain a copy of the License at
				7	#
				8	# http://www.apache.org/licenses/LICENSE-2.0
				9	#
				10	# Unless required by applicable law or agreed to in writing, software
				11	# distributed under the License is distributed on an "AS IS" BASIS,
				12	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	# See the License for the specific language governing permissions and
				14	# limitations under the License.
				15	#
				16
Tao Bao	6647263	2017-12-04 17:16:36 -0800	[diff] [blame]	17	import base64
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	18	import os.path
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	19	import zipfile
Tao Bao	a7054ee	2017-12-08 14:42:16 -0800	[diff] [blame]	20
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	21	import common
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	22	import test_utils
Tao Bao	6647263	2017-12-04 17:16:36 -0800	[diff] [blame]	23	from sign_target_files_apks import (
Tao Bao	11f955c	2018-06-19 12:19:35 -0700	[diff] [blame]	24	CheckAllApksSigned, EditTags, GetApkFileInfo, ReplaceCerts,
				25	ReplaceVerityKeyId, RewriteProps)
Tao Bao	a7054ee	2017-12-08 14:42:16 -0800	[diff] [blame]	26
				27
Tao Bao	65b94e9	2018-10-11 21:57:26 -0700	[diff] [blame^]	28	class SignTargetFilesApksTest(test_utils.ReleaseToolsTestCase):
Tao Bao	a7054ee	2017-12-08 14:42:16 -0800	[diff] [blame]	29
Tao Bao	6647263	2017-12-04 17:16:36 -0800	[diff] [blame]	30	MAC_PERMISSIONS_XML = """<?xml version="1.0" encoding="iso-8859-1"?>
				31	<policy>
				32	<signer signature="{}"><seinfo value="platform"/></signer>
				33	<signer signature="{}"><seinfo value="media"/></signer>
				34	</policy>"""
				35
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	36	def setUp(self):
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	37	self.testdata_dir = test_utils.get_testdata_dir()
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	38
Tao Bao	a7054ee	2017-12-08 14:42:16 -0800	[diff] [blame]	39	def test_EditTags(self):
				40	self.assertEqual(EditTags('dev-keys'), ('release-keys'))
				41	self.assertEqual(EditTags('test-keys'), ('release-keys'))
				42
				43	# Multiple tags.
				44	self.assertEqual(EditTags('abc,dev-keys,xyz'), ('abc,release-keys,xyz'))
				45
				46	# Tags are sorted.
				47	self.assertEqual(EditTags('xyz,abc,dev-keys,xyz'), ('abc,release-keys,xyz'))
				48
				49	def test_RewriteProps(self):
				50	props = (
				51	('', '\n'),
				52	('ro.build.fingerprint=foo/bar/dev-keys',
				53	'ro.build.fingerprint=foo/bar/release-keys\n'),
				54	('ro.build.thumbprint=foo/bar/dev-keys',
				55	'ro.build.thumbprint=foo/bar/release-keys\n'),
				56	('ro.vendor.build.fingerprint=foo/bar/dev-keys',
				57	'ro.vendor.build.fingerprint=foo/bar/release-keys\n'),
				58	('ro.vendor.build.thumbprint=foo/bar/dev-keys',
				59	'ro.vendor.build.thumbprint=foo/bar/release-keys\n'),
				60	('# comment line 1', '# comment line 1\n'),
				61	('ro.bootimage.build.fingerprint=foo/bar/dev-keys',
				62	'ro.bootimage.build.fingerprint=foo/bar/release-keys\n'),
				63	('ro.build.description='
				64	'sailfish-user 8.0.0 OPR6.170623.012 4283428 dev-keys',
				65	'ro.build.description='
				66	'sailfish-user 8.0.0 OPR6.170623.012 4283428 release-keys\n'),
				67	('ro.build.tags=dev-keys', 'ro.build.tags=release-keys\n'),
				68	('# comment line 2', '# comment line 2\n'),
				69	('ro.build.display.id=OPR6.170623.012 dev-keys',
				70	'ro.build.display.id=OPR6.170623.012\n'),
				71	('# comment line 3', '# comment line 3\n'),
				72	)
				73
				74	# Assert the case for each individual line.
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	75	for prop, output in props:
				76	self.assertEqual(RewriteProps(prop), output)
Tao Bao	a7054ee	2017-12-08 14:42:16 -0800	[diff] [blame]	77
				78	# Concatenate all the input lines.
				79	self.assertEqual(RewriteProps('\n'.join([prop[0] for prop in props])),
				80	''.join([prop[1] for prop in props]))
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	81
				82	def test_ReplaceVerityKeyId(self):
				83	BOOT_CMDLINE1 = (
				84	"console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 "
				85	"androidboot.hardware=marlin user_debug=31 ehci-hcd.park=3 "
				86	"lpm_levels.sleep_disabled=1 cma=32M@0-0xffffffff loop.max_part=7 "
				87	"buildvariant=userdebug "
				88	"veritykeyid=id:7e4333f9bba00adfe0ede979e28ed1920492b40f\n")
				89
				90	BOOT_CMDLINE2 = (
				91	"console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 "
				92	"androidboot.hardware=marlin user_debug=31 ehci-hcd.park=3 "
				93	"lpm_levels.sleep_disabled=1 cma=32M@0-0xffffffff loop.max_part=7 "
				94	"buildvariant=userdebug "
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	95	"veritykeyid=id:d24f2590e9abab5cff5f59da4c4f0366e3f43e94\n")
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	96
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	97	input_file = common.MakeTempFile(suffix='.zip')
				98	with zipfile.ZipFile(input_file, 'w') as input_zip:
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	99	input_zip.writestr('BOOT/cmdline', BOOT_CMDLINE1)
				100
				101	# Test with the first certificate.
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	102	cert_file = os.path.join(self.testdata_dir, 'verity.x509.pem')
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	103
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	104	output_file = common.MakeTempFile(suffix='.zip')
				105	with zipfile.ZipFile(input_file, 'r') as input_zip, \
				106	zipfile.ZipFile(output_file, 'w') as output_zip:
				107	ReplaceVerityKeyId(input_zip, output_zip, cert_file)
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	108
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	109	with zipfile.ZipFile(output_file) as output_zip:
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	110	self.assertEqual(BOOT_CMDLINE1, output_zip.read('BOOT/cmdline'))
				111
				112	# Test with the second certificate.
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	113	cert_file = os.path.join(self.testdata_dir, 'testkey.x509.pem')
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	114
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	115	with zipfile.ZipFile(input_file, 'r') as input_zip, \
				116	zipfile.ZipFile(output_file, 'w') as output_zip:
				117	ReplaceVerityKeyId(input_zip, output_zip, cert_file)
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	118
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	119	with zipfile.ZipFile(output_file) as output_zip:
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	120	self.assertEqual(BOOT_CMDLINE2, output_zip.read('BOOT/cmdline'))
				121
				122	def test_ReplaceVerityKeyId_no_veritykeyid(self):
				123	BOOT_CMDLINE = (
				124	"console=ttyHSL0,115200,n8 androidboot.hardware=bullhead boot_cpus=0-5 "
				125	"lpm_levels.sleep_disabled=1 msm_poweroff.download_mode=0 "
				126	"loop.max_part=7\n")
				127
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	128	input_file = common.MakeTempFile(suffix='.zip')
				129	with zipfile.ZipFile(input_file, 'w') as input_zip:
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	130	input_zip.writestr('BOOT/cmdline', BOOT_CMDLINE)
				131
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	132	output_file = common.MakeTempFile(suffix='.zip')
				133	with zipfile.ZipFile(input_file, 'r') as input_zip, \
				134	zipfile.ZipFile(output_file, 'w') as output_zip:
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	135	ReplaceVerityKeyId(input_zip, output_zip, None)
				136
Tao Bao	de1d479	2018-02-20 10:05:46 -0800	[diff] [blame]	137	with zipfile.ZipFile(output_file) as output_zip:
Tao Bao	e838d14	2017-12-23 23:44:48 -0800	[diff] [blame]	138	self.assertEqual(BOOT_CMDLINE, output_zip.read('BOOT/cmdline'))
Tao Bao	6647263	2017-12-04 17:16:36 -0800	[diff] [blame]	139
				140	def test_ReplaceCerts(self):
				141	cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem')
				142	with open(cert1_path) as cert1_fp:
				143	cert1 = cert1_fp.read()
				144	cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem')
				145	with open(cert2_path) as cert2_fp:
				146	cert2 = cert2_fp.read()
				147	cert3_path = os.path.join(self.testdata_dir, 'testkey.x509.pem')
				148	with open(cert3_path) as cert3_fp:
				149	cert3 = cert3_fp.read()
				150
				151	# Replace cert1 with cert3.
				152	input_xml = self.MAC_PERMISSIONS_XML.format(
				153	base64.b16encode(common.ParseCertificate(cert1)).lower(),
				154	base64.b16encode(common.ParseCertificate(cert2)).lower())
				155
				156	output_xml = self.MAC_PERMISSIONS_XML.format(
				157	base64.b16encode(common.ParseCertificate(cert3)).lower(),
				158	base64.b16encode(common.ParseCertificate(cert2)).lower())
				159
				160	common.OPTIONS.key_map = {
				161	cert1_path[:-9] : cert3_path[:-9],
				162	}
				163
				164	self.assertEqual(output_xml, ReplaceCerts(input_xml))
				165
				166	def test_ReplaceCerts_duplicateEntries(self):
				167	cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem')
				168	with open(cert1_path) as cert1_fp:
				169	cert1 = cert1_fp.read()
				170	cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem')
				171	with open(cert2_path) as cert2_fp:
				172	cert2 = cert2_fp.read()
				173
				174	# Replace cert1 with cert2, which leads to duplicate entries.
				175	input_xml = self.MAC_PERMISSIONS_XML.format(
				176	base64.b16encode(common.ParseCertificate(cert1)).lower(),
				177	base64.b16encode(common.ParseCertificate(cert2)).lower())
				178
				179	common.OPTIONS.key_map = {
				180	cert1_path[:-9] : cert2_path[:-9],
				181	}
				182	self.assertRaises(AssertionError, ReplaceCerts, input_xml)
				183
				184	def test_ReplaceCerts_skipNonExistentCerts(self):
				185	cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem')
				186	with open(cert1_path) as cert1_fp:
				187	cert1 = cert1_fp.read()
				188	cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem')
				189	with open(cert2_path) as cert2_fp:
				190	cert2 = cert2_fp.read()
				191	cert3_path = os.path.join(self.testdata_dir, 'testkey.x509.pem')
				192	with open(cert3_path) as cert3_fp:
				193	cert3 = cert3_fp.read()
				194
				195	input_xml = self.MAC_PERMISSIONS_XML.format(
				196	base64.b16encode(common.ParseCertificate(cert1)).lower(),
				197	base64.b16encode(common.ParseCertificate(cert2)).lower())
				198
				199	output_xml = self.MAC_PERMISSIONS_XML.format(
				200	base64.b16encode(common.ParseCertificate(cert3)).lower(),
				201	base64.b16encode(common.ParseCertificate(cert2)).lower())
				202
				203	common.OPTIONS.key_map = {
				204	cert1_path[:-9] : cert3_path[:-9],
				205	'non-existent' : cert3_path[:-9],
				206	cert2_path[:-9] : 'non-existent',
				207	}
				208	self.assertEqual(output_xml, ReplaceCerts(input_xml))
Tao Bao	11f955c	2018-06-19 12:19:35 -0700	[diff] [blame]	209
				210	def test_CheckAllApksSigned(self):
				211	input_file = common.MakeTempFile(suffix='.zip')
				212	with zipfile.ZipFile(input_file, 'w') as input_zip:
				213	input_zip.writestr('SYSTEM/app/App1.apk', "App1-content")
				214	input_zip.writestr('SYSTEM/app/App2.apk.gz', "App2-content")
				215
				216	apk_key_map = {
				217	'App1.apk' : 'key1',
				218	'App2.apk' : 'key2',
				219	'App3.apk' : 'key3',
				220	}
				221	with zipfile.ZipFile(input_file) as input_zip:
				222	CheckAllApksSigned(input_zip, apk_key_map, None)
				223	CheckAllApksSigned(input_zip, apk_key_map, '.gz')
				224
				225	# 'App2.apk.gz' won't be considered as an APK.
				226	CheckAllApksSigned(input_zip, apk_key_map, None)
				227	CheckAllApksSigned(input_zip, apk_key_map, '.xz')
				228
				229	del apk_key_map['App2.apk']
				230	self.assertRaises(
				231	AssertionError, CheckAllApksSigned, input_zip, apk_key_map, '.gz')
				232
				233	def test_GetApkFileInfo(self):
Tao Bao	93c2a01	2018-06-19 12:19:35 -0700	[diff] [blame]	234	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				235	"PRODUCT/apps/Chats.apk", None, [])
Tao Bao	11f955c	2018-06-19 12:19:35 -0700	[diff] [blame]	236	self.assertTrue(is_apk)
				237	self.assertFalse(is_compressed)
Tao Bao	93c2a01	2018-06-19 12:19:35 -0700	[diff] [blame]	238	self.assertFalse(should_be_skipped)
Tao Bao	11f955c	2018-06-19 12:19:35 -0700	[diff] [blame]	239
Tao Bao	93c2a01	2018-06-19 12:19:35 -0700	[diff] [blame]	240	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				241	"PRODUCT/apps/Chats.apk", None, [])
				242	self.assertTrue(is_apk)
				243	self.assertFalse(is_compressed)
				244	self.assertFalse(should_be_skipped)
				245
				246	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				247	"PRODUCT/apps/Chats.dat", None, [])
Tao Bao	11f955c	2018-06-19 12:19:35 -0700	[diff] [blame]	248	self.assertFalse(is_apk)
				249	self.assertFalse(is_compressed)
Tao Bao	93c2a01	2018-06-19 12:19:35 -0700	[diff] [blame]	250	self.assertFalse(should_be_skipped)
Tao Bao	11f955c	2018-06-19 12:19:35 -0700	[diff] [blame]	251
				252	def test_GetApkFileInfo_withCompressedApks(self):
Tao Bao	93c2a01	2018-06-19 12:19:35 -0700	[diff] [blame]	253	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				254	"PRODUCT/apps/Chats.apk.gz", ".gz", [])
Tao Bao	11f955c	2018-06-19 12:19:35 -0700	[diff] [blame]	255	self.assertTrue(is_apk)
				256	self.assertTrue(is_compressed)
Tao Bao	93c2a01	2018-06-19 12:19:35 -0700	[diff] [blame]	257	self.assertFalse(should_be_skipped)
Tao Bao	11f955c	2018-06-19 12:19:35 -0700	[diff] [blame]	258
Tao Bao	93c2a01	2018-06-19 12:19:35 -0700	[diff] [blame]	259	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				260	"PRODUCT/apps/Chats.apk.gz", ".xz", [])
Tao Bao	11f955c	2018-06-19 12:19:35 -0700	[diff] [blame]	261	self.assertFalse(is_apk)
				262	self.assertFalse(is_compressed)
Tao Bao	93c2a01	2018-06-19 12:19:35 -0700	[diff] [blame]	263	self.assertFalse(should_be_skipped)
Tao Bao	11f955c	2018-06-19 12:19:35 -0700	[diff] [blame]	264
				265	self.assertRaises(
Tao Bao	93c2a01	2018-06-19 12:19:35 -0700	[diff] [blame]	266	AssertionError, GetApkFileInfo, "PRODUCT/apps/Chats.apk", "", [])
Tao Bao	11f955c	2018-06-19 12:19:35 -0700	[diff] [blame]	267
				268	self.assertRaises(
Tao Bao	93c2a01	2018-06-19 12:19:35 -0700	[diff] [blame]	269	AssertionError, GetApkFileInfo, "PRODUCT/apps/Chats.apk", "apk", [])
				270
				271	def test_GetApkFileInfo_withSkippedPrefixes(self):
				272	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				273	"PRODUCT/preloads/apps/Chats.apk", None, set())
				274	self.assertTrue(is_apk)
				275	self.assertFalse(is_compressed)
				276	self.assertFalse(should_be_skipped)
				277
				278	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				279	"PRODUCT/preloads/apps/Chats.apk",
				280	None,
				281	set(["PRODUCT/preloads/"]))
				282	self.assertTrue(is_apk)
				283	self.assertFalse(is_compressed)
				284	self.assertTrue(should_be_skipped)
				285
				286	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				287	"SYSTEM_OTHER/preloads/apps/Chats.apk",
				288	None,
				289	set(["SYSTEM/preloads/", "SYSTEM_OTHER/preloads/"]))
				290	self.assertTrue(is_apk)
				291	self.assertFalse(is_compressed)
				292	self.assertTrue(should_be_skipped)
				293
				294	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				295	"SYSTEM_OTHER/preloads/apps/Chats.apk.gz",
				296	".gz",
				297	set(["PRODUCT/prebuilts/", "SYSTEM_OTHER/preloads/"]))
				298	self.assertTrue(is_apk)
				299	self.assertTrue(is_compressed)
				300	self.assertTrue(should_be_skipped)
				301
				302	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				303	"SYSTEM_OTHER/preloads/apps/Chats.dat",
				304	None,
				305	set(["SYSTEM_OTHER/preloads/"]))
				306	self.assertFalse(is_apk)
				307	self.assertFalse(is_compressed)
				308	self.assertFalse(should_be_skipped)
				309
				310	def test_GetApkFileInfo_checkSkippedPrefixesInput(self):
				311	# set
				312	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				313	"SYSTEM_OTHER/preloads/apps/Chats.apk",
				314	None,
				315	set(["SYSTEM_OTHER/preloads/"]))
				316	self.assertTrue(is_apk)
				317	self.assertFalse(is_compressed)
				318	self.assertTrue(should_be_skipped)
				319
				320	# tuple
				321	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				322	"SYSTEM_OTHER/preloads/apps/Chats.apk",
				323	None,
				324	("SYSTEM_OTHER/preloads/",))
				325	self.assertTrue(is_apk)
				326	self.assertFalse(is_compressed)
				327	self.assertTrue(should_be_skipped)
				328
				329	# list
				330	(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
				331	"SYSTEM_OTHER/preloads/apps/Chats.apk",
				332	None,
				333	["SYSTEM_OTHER/preloads/"])
				334	self.assertTrue(is_apk)
				335	self.assertFalse(is_compressed)
				336	self.assertTrue(should_be_skipped)
				337
				338	# str is invalid.
				339	self.assertRaises(
				340	AssertionError, GetApkFileInfo, "SYSTEM_OTHER/preloads/apps/Chats.apk",
				341	None, "SYSTEM_OTHER/preloads/")
				342
				343	# None is invalid.
				344	self.assertRaises(
				345	AssertionError, GetApkFileInfo, "SYSTEM_OTHER/preloads/apps/Chats.apk",
				346	None, None)