Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / d0035d5d8817fcbfd3ef92e3dc35c92805257890 / . / tools / releasetools / test_sign_target_files_apks.py
blob: 144a3cd4609c07d5788657e9f0c63479f03a3d36 [file] [log] [blame]
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]1#
2# Copyright (C) 2017 The Android Open Source Project
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16
Tao Bao66472632017-12-04 17:16:36 -0800[diff] [blame]17import base64
Tao Baobb733882019-07-24 23:31:19 -0700[diff] [blame]18import io
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]19import os.path
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]20import zipfile
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]21
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]22import common
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]23import test_utils
Tao Bao66472632017-12-04 17:16:36 -0800[diff] [blame]24from sign_target_files_apks import (
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]25 CheckApkAndApexKeysAvailable, EditTags, GetApkFileInfo, ReadApexKeysInfo,
Bowgo Tsai27c39b02021-03-12 21:40:32 +0800[diff] [blame]26 ReplaceCerts, ReplaceGkiSigningKey, ReplaceVerityKeyId, RewriteAvbProps,
27 RewriteProps, WriteOtacerts)
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]28
29
Tao Bao65b94e92018-10-11 21:57:26 -0700[diff] [blame]30class SignTargetFilesApksTest(test_utils.ReleaseToolsTestCase):
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]31
Tao Bao66472632017-12-04 17:16:36 -0800[diff] [blame]32 MAC_PERMISSIONS_XML = """<?xml version="1.0" encoding="iso-8859-1"?>
33<policy>
34 <signer signature="{}"><seinfo value="platform"/></signer>
35 <signer signature="{}"><seinfo value="media"/></signer>
36</policy>"""
37
Bill Peckham5c7b0342020-04-03 15:36:23 -0700[diff] [blame]38 # Note that we test one apex with the partition tag, and another without to
39 # make sure that new OTA tools can process an older target files package that
40 # does not include the partition tag.
41
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]42 # pylint: disable=line-too-long
Bill Peckham19c3feb2020-03-20 18:31:43 -0700[diff] [blame]43 APEX_KEYS_TXT = """name="apex.apexd_test.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem" container_certificate="build/make/target/product/security/testkey.x509.pem" container_private_key="build/make/target/product/security/testkey.pk8" partition="system"
Bill Peckham5c7b0342020-04-03 15:36:23 -0700[diff] [blame]44name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" container_certificate="build/make/target/product/security/testkey.x509.pem" container_private_key="build/make/target/product/security/testkey.pk8"
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]45"""
46
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]47 def setUp(self):
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]48 self.testdata_dir = test_utils.get_testdata_dir()
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]49
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]50 def test_EditTags(self):
51 self.assertEqual(EditTags('dev-keys'), ('release-keys'))
52 self.assertEqual(EditTags('test-keys'), ('release-keys'))
53
54 # Multiple tags.
55 self.assertEqual(EditTags('abc,dev-keys,xyz'), ('abc,release-keys,xyz'))
56
57 # Tags are sorted.
58 self.assertEqual(EditTags('xyz,abc,dev-keys,xyz'), ('abc,release-keys,xyz'))
59
Tao Bao19b02fe2019-10-09 00:04:28 -0700[diff] [blame]60 def test_RewriteAvbProps(self):
61 misc_info = {
62 'avb_boot_add_hash_footer_args':
63 ('--prop com.android.build.boot.os_version:R '
64 '--prop com.android.build.boot.security_patch:2019-09-05'),
Devin Mooreafdd7c72021-12-13 22:04:08 +0000[diff] [blame]65 'avb_init_boot_add_hash_footer_args':
66 ('--prop com.android.build.boot.os_version:R '
67 '--prop com.android.build.boot.security_patch:2019-09-05'),
Tao Bao19b02fe2019-10-09 00:04:28 -0700[diff] [blame]68 'avb_system_add_hashtree_footer_args':
69 ('--prop com.android.build.system.os_version:R '
70 '--prop com.android.build.system.security_patch:2019-09-05 '
71 '--prop com.android.build.system.fingerprint:'
72 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/test-keys'),
73 'avb_vendor_add_hashtree_footer_args':
74 ('--prop com.android.build.vendor.os_version:R '
75 '--prop com.android.build.vendor.security_patch:2019-09-05 '
76 '--prop com.android.build.vendor.fingerprint:'
77 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/dev-keys'),
78 }
79 expected_dict = {
80 'avb_boot_add_hash_footer_args':
81 ('--prop com.android.build.boot.os_version:R '
82 '--prop com.android.build.boot.security_patch:2019-09-05'),
Devin Mooreafdd7c72021-12-13 22:04:08 +0000[diff] [blame]83 'avb_init_boot_add_hash_footer_args':
84 ('--prop com.android.build.boot.os_version:R '
85 '--prop com.android.build.boot.security_patch:2019-09-05'),
Tao Bao19b02fe2019-10-09 00:04:28 -0700[diff] [blame]86 'avb_system_add_hashtree_footer_args':
87 ('--prop com.android.build.system.os_version:R '
88 '--prop com.android.build.system.security_patch:2019-09-05 '
89 '--prop com.android.build.system.fingerprint:'
90 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/release-keys'),
91 'avb_vendor_add_hashtree_footer_args':
92 ('--prop com.android.build.vendor.os_version:R '
93 '--prop com.android.build.vendor.security_patch:2019-09-05 '
94 '--prop com.android.build.vendor.fingerprint:'
95 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/release-keys'),
96 }
97 RewriteAvbProps(misc_info)
98 self.assertDictEqual(expected_dict, misc_info)
99
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]100 def test_RewriteProps(self):
101 props = (
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]102 ('', ''),
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]103 ('ro.build.fingerprint=foo/bar/dev-keys',
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]104 'ro.build.fingerprint=foo/bar/release-keys'),
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]105 ('ro.build.thumbprint=foo/bar/dev-keys',
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]106 'ro.build.thumbprint=foo/bar/release-keys'),
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]107 ('ro.vendor.build.fingerprint=foo/bar/dev-keys',
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]108 'ro.vendor.build.fingerprint=foo/bar/release-keys'),
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]109 ('ro.vendor.build.thumbprint=foo/bar/dev-keys',
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]110 'ro.vendor.build.thumbprint=foo/bar/release-keys'),
111 ('ro.odm.build.fingerprint=foo/bar/test-keys',
112 'ro.odm.build.fingerprint=foo/bar/release-keys'),
113 ('ro.odm.build.thumbprint=foo/bar/test-keys',
114 'ro.odm.build.thumbprint=foo/bar/release-keys'),
115 ('ro.product.build.fingerprint=foo/bar/dev-keys',
116 'ro.product.build.fingerprint=foo/bar/release-keys'),
117 ('ro.product.build.thumbprint=foo/bar/dev-keys',
118 'ro.product.build.thumbprint=foo/bar/release-keys'),
Justin Yun6151e3f2019-06-25 15:58:13 +0900[diff] [blame]119 ('ro.system_ext.build.fingerprint=foo/bar/test-keys',
120 'ro.system_ext.build.fingerprint=foo/bar/release-keys'),
121 ('ro.system_ext.build.thumbprint=foo/bar/test-keys',
122 'ro.system_ext.build.thumbprint=foo/bar/release-keys'),
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]123 ('# comment line 1', '# comment line 1'),
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]124 ('ro.bootimage.build.fingerprint=foo/bar/dev-keys',
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]125 'ro.bootimage.build.fingerprint=foo/bar/release-keys'),
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]126 ('ro.build.description='
127 'sailfish-user 8.0.0 OPR6.170623.012 4283428 dev-keys',
128 'ro.build.description='
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]129 'sailfish-user 8.0.0 OPR6.170623.012 4283428 release-keys'),
130 ('ro.build.tags=dev-keys', 'ro.build.tags=release-keys'),
131 ('ro.build.tags=test-keys', 'ro.build.tags=release-keys'),
132 ('ro.system.build.tags=dev-keys',
133 'ro.system.build.tags=release-keys'),
134 ('ro.vendor.build.tags=dev-keys',
135 'ro.vendor.build.tags=release-keys'),
136 ('ro.odm.build.tags=dev-keys',
137 'ro.odm.build.tags=release-keys'),
138 ('ro.product.build.tags=dev-keys',
139 'ro.product.build.tags=release-keys'),
Justin Yun6151e3f2019-06-25 15:58:13 +0900[diff] [blame]140 ('ro.system_ext.build.tags=dev-keys',
141 'ro.system_ext.build.tags=release-keys'),
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]142 ('# comment line 2', '# comment line 2'),
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]143 ('ro.build.display.id=OPR6.170623.012 dev-keys',
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]144 'ro.build.display.id=OPR6.170623.012'),
145 ('# comment line 3', '# comment line 3'),
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]146 )
147
148 # Assert the case for each individual line.
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]149 for prop, expected in props:
150 self.assertEqual(expected + '\n', RewriteProps(prop))
Tao Baoa7054ee2017-12-08 14:42:16 -0800[diff] [blame]151
152 # Concatenate all the input lines.
Magnus Strandh234f4b42019-05-01 23:09:30 +0200[diff] [blame]153 self.assertEqual(
154 '\n'.join([prop[1] for prop in props]) + '\n',
155 RewriteProps('\n'.join([prop[0] for prop in props])))
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]156
157 def test_ReplaceVerityKeyId(self):
158 BOOT_CMDLINE1 = (
159 "console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 "
160 "androidboot.hardware=marlin user_debug=31 ehci-hcd.park=3 "
161 "lpm_levels.sleep_disabled=1 cma=32M@0-0xffffffff loop.max_part=7 "
162 "buildvariant=userdebug "
163 "veritykeyid=id:7e4333f9bba00adfe0ede979e28ed1920492b40f\n")
164
165 BOOT_CMDLINE2 = (
166 "console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 "
167 "androidboot.hardware=marlin user_debug=31 ehci-hcd.park=3 "
168 "lpm_levels.sleep_disabled=1 cma=32M@0-0xffffffff loop.max_part=7 "
169 "buildvariant=userdebug "
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]170 "veritykeyid=id:d24f2590e9abab5cff5f59da4c4f0366e3f43e94\n")
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]171
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]172 input_file = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]173 with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]174 input_zip.writestr('BOOT/cmdline', BOOT_CMDLINE1)
175
176 # Test with the first certificate.
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]177 cert_file = os.path.join(self.testdata_dir, 'verity.x509.pem')
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]178
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]179 output_file = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]180 with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip, \
181 zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]182 ReplaceVerityKeyId(input_zip, output_zip, cert_file)
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]183
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]184 with zipfile.ZipFile(output_file) as output_zip:
Tao Baoa3705452019-06-24 15:33:41 -0700[diff] [blame]185 self.assertEqual(BOOT_CMDLINE1, output_zip.read('BOOT/cmdline').decode())
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]186
187 # Test with the second certificate.
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]188 cert_file = os.path.join(self.testdata_dir, 'testkey.x509.pem')
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]189
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]190 with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip, \
191 zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]192 ReplaceVerityKeyId(input_zip, output_zip, cert_file)
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]193
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]194 with zipfile.ZipFile(output_file) as output_zip:
Tao Baoa3705452019-06-24 15:33:41 -0700[diff] [blame]195 self.assertEqual(BOOT_CMDLINE2, output_zip.read('BOOT/cmdline').decode())
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]196
197 def test_ReplaceVerityKeyId_no_veritykeyid(self):
198 BOOT_CMDLINE = (
199 "console=ttyHSL0,115200,n8 androidboot.hardware=bullhead boot_cpus=0-5 "
200 "lpm_levels.sleep_disabled=1 msm_poweroff.download_mode=0 "
201 "loop.max_part=7\n")
202
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]203 input_file = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]204 with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]205 input_zip.writestr('BOOT/cmdline', BOOT_CMDLINE)
206
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]207 output_file = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]208 with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip, \
209 zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
Tao Baoe838d142017-12-23 23:44:48 -0800[diff] [blame]210 ReplaceVerityKeyId(input_zip, output_zip, None)
211
Tao Baode1d4792018-02-20 10:05:46 -0800[diff] [blame]212 with zipfile.ZipFile(output_file) as output_zip:
Tao Baoa3705452019-06-24 15:33:41 -0700[diff] [blame]213 self.assertEqual(BOOT_CMDLINE, output_zip.read('BOOT/cmdline').decode())
Tao Bao66472632017-12-04 17:16:36 -0800[diff] [blame]214
215 def test_ReplaceCerts(self):
216 cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem')
217 with open(cert1_path) as cert1_fp:
218 cert1 = cert1_fp.read()
219 cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem')
220 with open(cert2_path) as cert2_fp:
221 cert2 = cert2_fp.read()
222 cert3_path = os.path.join(self.testdata_dir, 'testkey.x509.pem')
223 with open(cert3_path) as cert3_fp:
224 cert3 = cert3_fp.read()
225
226 # Replace cert1 with cert3.
227 input_xml = self.MAC_PERMISSIONS_XML.format(
228 base64.b16encode(common.ParseCertificate(cert1)).lower(),
229 base64.b16encode(common.ParseCertificate(cert2)).lower())
230
231 output_xml = self.MAC_PERMISSIONS_XML.format(
232 base64.b16encode(common.ParseCertificate(cert3)).lower(),
233 base64.b16encode(common.ParseCertificate(cert2)).lower())
234
235 common.OPTIONS.key_map = {
236 cert1_path[:-9] : cert3_path[:-9],
237 }
238
239 self.assertEqual(output_xml, ReplaceCerts(input_xml))
240
241 def test_ReplaceCerts_duplicateEntries(self):
242 cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem')
243 with open(cert1_path) as cert1_fp:
244 cert1 = cert1_fp.read()
245 cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem')
246 with open(cert2_path) as cert2_fp:
247 cert2 = cert2_fp.read()
248
249 # Replace cert1 with cert2, which leads to duplicate entries.
250 input_xml = self.MAC_PERMISSIONS_XML.format(
251 base64.b16encode(common.ParseCertificate(cert1)).lower(),
252 base64.b16encode(common.ParseCertificate(cert2)).lower())
253
254 common.OPTIONS.key_map = {
255 cert1_path[:-9] : cert2_path[:-9],
256 }
257 self.assertRaises(AssertionError, ReplaceCerts, input_xml)
258
259 def test_ReplaceCerts_skipNonExistentCerts(self):
260 cert1_path = os.path.join(self.testdata_dir, 'platform.x509.pem')
261 with open(cert1_path) as cert1_fp:
262 cert1 = cert1_fp.read()
263 cert2_path = os.path.join(self.testdata_dir, 'media.x509.pem')
264 with open(cert2_path) as cert2_fp:
265 cert2 = cert2_fp.read()
266 cert3_path = os.path.join(self.testdata_dir, 'testkey.x509.pem')
267 with open(cert3_path) as cert3_fp:
268 cert3 = cert3_fp.read()
269
270 input_xml = self.MAC_PERMISSIONS_XML.format(
271 base64.b16encode(common.ParseCertificate(cert1)).lower(),
272 base64.b16encode(common.ParseCertificate(cert2)).lower())
273
274 output_xml = self.MAC_PERMISSIONS_XML.format(
275 base64.b16encode(common.ParseCertificate(cert3)).lower(),
276 base64.b16encode(common.ParseCertificate(cert2)).lower())
277
278 common.OPTIONS.key_map = {
279 cert1_path[:-9] : cert3_path[:-9],
280 'non-existent' : cert3_path[:-9],
281 cert2_path[:-9] : 'non-existent',
282 }
283 self.assertEqual(output_xml, ReplaceCerts(input_xml))
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]284
Tao Baobb733882019-07-24 23:31:19 -0700[diff] [blame]285 def test_WriteOtacerts(self):
286 certs = [
287 os.path.join(self.testdata_dir, 'platform.x509.pem'),
288 os.path.join(self.testdata_dir, 'media.x509.pem'),
289 os.path.join(self.testdata_dir, 'testkey.x509.pem'),
290 ]
291 entry_name = 'SYSTEM/etc/security/otacerts.zip'
292 output_file = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]293 with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
Tao Baobb733882019-07-24 23:31:19 -0700[diff] [blame]294 WriteOtacerts(output_zip, entry_name, certs)
295 with zipfile.ZipFile(output_file) as input_zip:
296 self.assertIn(entry_name, input_zip.namelist())
297 otacerts_file = io.BytesIO(input_zip.read(entry_name))
298 with zipfile.ZipFile(otacerts_file) as otacerts_zip:
299 self.assertEqual(3, len(otacerts_zip.namelist()))
300
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]301 def test_CheckApkAndApexKeysAvailable(self):
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]302 input_file = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]303 with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]304 input_zip.writestr('SYSTEM/app/App1.apk', "App1-content")
305 input_zip.writestr('SYSTEM/app/App2.apk.gz', "App2-content")
306
307 apk_key_map = {
308 'App1.apk' : 'key1',
309 'App2.apk' : 'key2',
310 'App3.apk' : 'key3',
311 }
312 with zipfile.ZipFile(input_file) as input_zip:
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]313 CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, {})
314 CheckApkAndApexKeysAvailable(input_zip, apk_key_map, '.gz', {})
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]315
316 # 'App2.apk.gz' won't be considered as an APK.
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]317 CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, {})
318 CheckApkAndApexKeysAvailable(input_zip, apk_key_map, '.xz', {})
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]319
320 del apk_key_map['App2.apk']
321 self.assertRaises(
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]322 AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map,
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]323 '.gz', {})
324
325 def test_CheckApkAndApexKeysAvailable_invalidApexKeys(self):
326 input_file = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]327 with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]328 input_zip.writestr('SYSTEM/apex/Apex1.apex', "Apex1-content")
329 input_zip.writestr('SYSTEM/apex/Apex2.apex', "Apex2-content")
330
331 apk_key_map = {
332 'Apex1.apex' : 'key1',
333 'Apex2.apex' : 'key2',
334 'Apex3.apex' : 'key3',
335 }
336 apex_keys = {
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]337 'Apex1.apex' : ('payload-key1', 'container-key1', None),
338 'Apex2.apex' : ('payload-key2', 'container-key2', None),
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]339 }
340 with zipfile.ZipFile(input_file) as input_zip:
341 CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, apex_keys)
342
343 # Fine to have both keys as PRESIGNED.
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]344 apex_keys['Apex2.apex'] = ('PRESIGNED', 'PRESIGNED', None)
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]345 CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, apex_keys)
346
347 # Having only one of them as PRESIGNED is not allowed.
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]348 apex_keys['Apex2.apex'] = ('payload-key2', 'PRESIGNED', None)
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]349 self.assertRaises(
350 AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map,
351 None, apex_keys)
352
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]353 apex_keys['Apex2.apex'] = ('PRESIGNED', 'container-key1', None)
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]354 self.assertRaises(
355 AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map,
356 None, apex_keys)
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]357
358 def test_GetApkFileInfo(self):
Tao Bao93c2a012018-06-19 12:19:35 -0700[diff] [blame]359 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
360 "PRODUCT/apps/Chats.apk", None, [])
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]361 self.assertTrue(is_apk)
362 self.assertFalse(is_compressed)
Tao Bao93c2a012018-06-19 12:19:35 -0700[diff] [blame]363 self.assertFalse(should_be_skipped)
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]364
Tao Bao93c2a012018-06-19 12:19:35 -0700[diff] [blame]365 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
366 "PRODUCT/apps/Chats.apk", None, [])
367 self.assertTrue(is_apk)
368 self.assertFalse(is_compressed)
369 self.assertFalse(should_be_skipped)
370
371 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
372 "PRODUCT/apps/Chats.dat", None, [])
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]373 self.assertFalse(is_apk)
374 self.assertFalse(is_compressed)
Tao Bao93c2a012018-06-19 12:19:35 -0700[diff] [blame]375 self.assertFalse(should_be_skipped)
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]376
377 def test_GetApkFileInfo_withCompressedApks(self):
Tao Bao93c2a012018-06-19 12:19:35 -0700[diff] [blame]378 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
379 "PRODUCT/apps/Chats.apk.gz", ".gz", [])
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]380 self.assertTrue(is_apk)
381 self.assertTrue(is_compressed)
Tao Bao93c2a012018-06-19 12:19:35 -0700[diff] [blame]382 self.assertFalse(should_be_skipped)
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]383
Tao Bao93c2a012018-06-19 12:19:35 -0700[diff] [blame]384 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
385 "PRODUCT/apps/Chats.apk.gz", ".xz", [])
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]386 self.assertFalse(is_apk)
387 self.assertFalse(is_compressed)
Tao Bao93c2a012018-06-19 12:19:35 -0700[diff] [blame]388 self.assertFalse(should_be_skipped)
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]389
390 self.assertRaises(
Tao Bao93c2a012018-06-19 12:19:35 -0700[diff] [blame]391 AssertionError, GetApkFileInfo, "PRODUCT/apps/Chats.apk", "", [])
Tao Bao11f955c2018-06-19 12:19:35 -0700[diff] [blame]392
393 self.assertRaises(
Tao Bao93c2a012018-06-19 12:19:35 -0700[diff] [blame]394 AssertionError, GetApkFileInfo, "PRODUCT/apps/Chats.apk", "apk", [])
395
396 def test_GetApkFileInfo_withSkippedPrefixes(self):
397 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
398 "PRODUCT/preloads/apps/Chats.apk", None, set())
399 self.assertTrue(is_apk)
400 self.assertFalse(is_compressed)
401 self.assertFalse(should_be_skipped)
402
403 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
404 "PRODUCT/preloads/apps/Chats.apk",
405 None,
406 set(["PRODUCT/preloads/"]))
407 self.assertTrue(is_apk)
408 self.assertFalse(is_compressed)
409 self.assertTrue(should_be_skipped)
410
411 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
412 "SYSTEM_OTHER/preloads/apps/Chats.apk",
413 None,
414 set(["SYSTEM/preloads/", "SYSTEM_OTHER/preloads/"]))
415 self.assertTrue(is_apk)
416 self.assertFalse(is_compressed)
417 self.assertTrue(should_be_skipped)
418
419 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
420 "SYSTEM_OTHER/preloads/apps/Chats.apk.gz",
421 ".gz",
422 set(["PRODUCT/prebuilts/", "SYSTEM_OTHER/preloads/"]))
423 self.assertTrue(is_apk)
424 self.assertTrue(is_compressed)
425 self.assertTrue(should_be_skipped)
426
427 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
428 "SYSTEM_OTHER/preloads/apps/Chats.dat",
429 None,
430 set(["SYSTEM_OTHER/preloads/"]))
431 self.assertFalse(is_apk)
432 self.assertFalse(is_compressed)
433 self.assertFalse(should_be_skipped)
434
435 def test_GetApkFileInfo_checkSkippedPrefixesInput(self):
436 # set
437 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
438 "SYSTEM_OTHER/preloads/apps/Chats.apk",
439 None,
440 set(["SYSTEM_OTHER/preloads/"]))
441 self.assertTrue(is_apk)
442 self.assertFalse(is_compressed)
443 self.assertTrue(should_be_skipped)
444
445 # tuple
446 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
447 "SYSTEM_OTHER/preloads/apps/Chats.apk",
448 None,
449 ("SYSTEM_OTHER/preloads/",))
450 self.assertTrue(is_apk)
451 self.assertFalse(is_compressed)
452 self.assertTrue(should_be_skipped)
453
454 # list
455 (is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
456 "SYSTEM_OTHER/preloads/apps/Chats.apk",
457 None,
458 ["SYSTEM_OTHER/preloads/"])
459 self.assertTrue(is_apk)
460 self.assertFalse(is_compressed)
461 self.assertTrue(should_be_skipped)
462
463 # str is invalid.
464 self.assertRaises(
465 AssertionError, GetApkFileInfo, "SYSTEM_OTHER/preloads/apps/Chats.apk",
466 None, "SYSTEM_OTHER/preloads/")
467
468 # None is invalid.
469 self.assertRaises(
470 AssertionError, GetApkFileInfo, "SYSTEM_OTHER/preloads/apps/Chats.apk",
471 None, None)
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]472
473 def test_ReadApexKeysInfo(self):
474 target_files = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]475 with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]476 target_files_zip.writestr('META/apexkeys.txt', self.APEX_KEYS_TXT)
477
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]478 with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
Melisa Carranza Zunigae6d4fb52022-03-07 14:56:26 +0100[diff] [blame]479 keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]480
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]481 self.assertEqual({
482 'apex.apexd_test.apex': (
483 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]484 'build/make/target/product/security/testkey', None),
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]485 'apex.apexd_test_different_app.apex': (
486 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]487 'build/make/target/product/security/testkey', None),
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]488 }, keys_info)
Melisa Carranza Zunigae6d4fb52022-03-07 14:56:26 +0100[diff] [blame]489 self.assertEqual({}, sepolicy_keys_info)
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]490
Tao Bao6d9e3da2019-03-26 12:59:25 -0700[diff] [blame]491 def test_ReadApexKeysInfo_mismatchingContainerKeys(self):
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]492 # Mismatching payload public / private keys.
493 apex_keys = self.APEX_KEYS_TXT + (
494 'name="apex.apexd_test_different_app2.apex" '
495 'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
Tao Bao6d9e3da2019-03-26 12:59:25 -0700[diff] [blame]496 'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
Dan Willemsen0ab1be62019-04-09 21:35:37 -0700[diff] [blame]497 'container_certificate="build/make/target/product/security/testkey.x509.pem" '
Bill Peckham19c3feb2020-03-20 18:31:43 -0700[diff] [blame]498 'container_private_key="build/make/target/product/security/testkey2.pk8" '
499 'partition="system"')
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]500 target_files = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]501 with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]502 target_files_zip.writestr('META/apexkeys.txt', apex_keys)
503
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]504 with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]505 self.assertRaises(ValueError, ReadApexKeysInfo, target_files_zip)
506
Tao Bao6d9e3da2019-03-26 12:59:25 -0700[diff] [blame]507 def test_ReadApexKeysInfo_missingPayloadPrivateKey(self):
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]508 # Invalid lines will be skipped.
509 apex_keys = self.APEX_KEYS_TXT + (
510 'name="apex.apexd_test_different_app2.apex" '
511 'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
Dan Willemsen0ab1be62019-04-09 21:35:37 -0700[diff] [blame]512 'container_certificate="build/make/target/product/security/testkey.x509.pem" '
513 'container_private_key="build/make/target/product/security/testkey.pk8"')
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]514 target_files = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]515 with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]516 target_files_zip.writestr('META/apexkeys.txt', apex_keys)
517
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]518 with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
Melisa Carranza Zunigae6d4fb52022-03-07 14:56:26 +0100[diff] [blame]519 keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
Tao Baoaa7e9932019-03-15 09:37:01 -0700[diff] [blame]520
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]521 self.assertEqual({
522 'apex.apexd_test.apex': (
523 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]524 'build/make/target/product/security/testkey', None),
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]525 'apex.apexd_test_different_app.apex': (
526 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]527 'build/make/target/product/security/testkey', None),
Tao Baoe1343992019-03-19 12:24:03 -0700[diff] [blame]528 }, keys_info)
Melisa Carranza Zunigae6d4fb52022-03-07 14:56:26 +0100[diff] [blame]529 self.assertEqual({}, sepolicy_keys_info)
Tao Bao6d9e3da2019-03-26 12:59:25 -0700[diff] [blame]530
531 def test_ReadApexKeysInfo_missingPayloadPublicKey(self):
532 # Invalid lines will be skipped.
533 apex_keys = self.APEX_KEYS_TXT + (
534 'name="apex.apexd_test_different_app2.apex" '
535 'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
Dan Willemsen0ab1be62019-04-09 21:35:37 -0700[diff] [blame]536 'container_certificate="build/make/target/product/security/testkey.x509.pem" '
537 'container_private_key="build/make/target/product/security/testkey.pk8"')
Tao Bao6d9e3da2019-03-26 12:59:25 -0700[diff] [blame]538 target_files = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]539 with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
Tao Bao6d9e3da2019-03-26 12:59:25 -0700[diff] [blame]540 target_files_zip.writestr('META/apexkeys.txt', apex_keys)
541
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]542 with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
Melisa Carranza Zunigae6d4fb52022-03-07 14:56:26 +0100[diff] [blame]543 keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
Tao Bao6d9e3da2019-03-26 12:59:25 -0700[diff] [blame]544
545 self.assertEqual({
546 'apex.apexd_test.apex': (
547 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]548 'build/make/target/product/security/testkey', None),
Tao Bao6d9e3da2019-03-26 12:59:25 -0700[diff] [blame]549 'apex.apexd_test_different_app.apex': (
550 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]551 'build/make/target/product/security/testkey', None),
Tao Bao6d9e3da2019-03-26 12:59:25 -0700[diff] [blame]552 }, keys_info)
Melisa Carranza Zunigae6d4fb52022-03-07 14:56:26 +0100[diff] [blame]553 self.assertEqual({}, sepolicy_keys_info)
Tao Baof454c3a2019-04-24 23:53:42 -0700[diff] [blame]554
555 def test_ReadApexKeysInfo_presignedKeys(self):
556 apex_keys = self.APEX_KEYS_TXT + (
557 'name="apex.apexd_test_different_app2.apex" '
558 'private_key="PRESIGNED" '
559 'public_key="PRESIGNED" '
560 'container_certificate="PRESIGNED" '
561 'container_private_key="PRESIGNED"')
562 target_files = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]563 with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
Tao Baof454c3a2019-04-24 23:53:42 -0700[diff] [blame]564 target_files_zip.writestr('META/apexkeys.txt', apex_keys)
565
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]566 with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
Melisa Carranza Zunigae6d4fb52022-03-07 14:56:26 +0100[diff] [blame]567 keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
Tao Baof454c3a2019-04-24 23:53:42 -0700[diff] [blame]568
569 self.assertEqual({
570 'apex.apexd_test.apex': (
571 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]572 'build/make/target/product/security/testkey', None),
Tao Baof454c3a2019-04-24 23:53:42 -0700[diff] [blame]573 'apex.apexd_test_different_app.apex': (
574 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]575 'build/make/target/product/security/testkey', None),
Tao Baof454c3a2019-04-24 23:53:42 -0700[diff] [blame]576 }, keys_info)
Melisa Carranza Zunigae6d4fb52022-03-07 14:56:26 +0100[diff] [blame]577 self.assertEqual({}, sepolicy_keys_info)
Tao Bao548db7d2019-04-24 23:53:42 -0700[diff] [blame]578
579 def test_ReadApexKeysInfo_presignedKeys(self):
580 apex_keys = self.APEX_KEYS_TXT + (
581 'name="apex.apexd_test_different_app2.apex" '
582 'private_key="PRESIGNED" '
583 'public_key="PRESIGNED" '
584 'container_certificate="PRESIGNED" '
585 'container_private_key="PRESIGNED"')
586 target_files = common.MakeTempFile(suffix='.zip')
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]587 with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
Tao Bao548db7d2019-04-24 23:53:42 -0700[diff] [blame]588 target_files_zip.writestr('META/apexkeys.txt', apex_keys)
589
Kelvin Zhang928c2342020-09-22 16:15:57 -0400[diff] [blame]590 with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
Melisa Carranza Zunigae6d4fb52022-03-07 14:56:26 +0100[diff] [blame]591 keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
Tao Bao548db7d2019-04-24 23:53:42 -0700[diff] [blame]592
593 self.assertEqual({
594 'apex.apexd_test.apex': (
595 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]596 'build/make/target/product/security/testkey', None),
Tao Bao548db7d2019-04-24 23:53:42 -0700[diff] [blame]597 'apex.apexd_test_different_app.apex': (
598 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
Jooyung Han8caba5e2021-10-27 03:58:09 +0900[diff] [blame]599 'build/make/target/product/security/testkey', None),
Tao Bao548db7d2019-04-24 23:53:42 -0700[diff] [blame]600 }, keys_info)
Melisa Carranza Zunigae6d4fb52022-03-07 14:56:26 +0100[diff] [blame]601 self.assertEqual({}, sepolicy_keys_info)
602
603 def test_ReadApexKeysInfo_withSepolicyKeys(self):
604 apex_keys = self.APEX_KEYS_TXT + (
605 'name="sepolicy.apex" '
606 'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
607 'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
608 'container_certificate="build/make/target/product/security/testkey.x509.pem" '
609 'container_private_key="build/make/target/product/security/testkey.pk8" '
610 'sepolicy_key="build/make/target/product/security/testkey.key" '
611 'sepolicy_certificate="build/make/target/product/security/testkey.x509.pem" '
612 'fsverity_tool="fsverity"')
613 target_files = common.MakeTempFile(suffix='.zip')
614 with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
615 target_files_zip.writestr('META/apexkeys.txt', apex_keys)
616
617 with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
618 keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
619
620 self.assertEqual({
621 'apex.apexd_test.apex': (
622 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
623 'build/make/target/product/security/testkey', None),
624 'apex.apexd_test_different_app.apex': (
625 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
626 'build/make/target/product/security/testkey', None),
627 'sepolicy.apex': (
628 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
629 'build/make/target/product/security/testkey', None),
630 }, keys_info)
631 self.assertEqual({'sepolicy.apex': (
632 'build/make/target/product/security/testkey.key',
633 'build/make/target/product/security/testkey.x509.pem',
634 'fsverity'),
635 }, sepolicy_keys_info)
636
637 def test_ReadApexKeysInfo_withSepolicyApex(self):
638 apex_keys = self.APEX_KEYS_TXT + (
639 'name="sepolicy.apex" '
640 'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
641 'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
642 'container_certificate="build/make/target/product/security/testkey.x509.pem" '
643 'container_private_key="build/make/target/product/security/testkey.pk8" ')
644 target_files = common.MakeTempFile(suffix='.zip')
645 with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
646 target_files_zip.writestr('META/apexkeys.txt', apex_keys)
647
648 with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
649 keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
650
651 self.assertEqual({
652 'apex.apexd_test.apex': (
653 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
654 'build/make/target/product/security/testkey', None),
655 'apex.apexd_test_different_app.apex': (
656 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
657 'build/make/target/product/security/testkey', None),
658 'sepolicy.apex': (
659 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
660 'build/make/target/product/security/testkey', None),
661 }, keys_info)
662 self.assertEqual({'sepolicy.apex': (
663 None,
664 None,
665 None),
666 }, sepolicy_keys_info)
Bowgo Tsai27c39b02021-03-12 21:40:32 +0800[diff] [blame]667
668 def test_ReplaceGkiSigningKey(self):
669 common.OPTIONS.gki_signing_key = 'release_gki_key'
670 common.OPTIONS.gki_signing_algorithm = 'release_gki_algorithm'
671 common.OPTIONS.gki_signing_extra_args = 'release_gki_signature_extra_args'
672
673 misc_info = {
674 'gki_signing_key_path': 'default_gki_key',
675 'gki_signing_algorithm': 'default_gki_algorithm',
676 'gki_signing_signature_args': 'default_gki_signature_args',
677 }
678 expected_dict = {
679 'gki_signing_key_path': 'release_gki_key',
680 'gki_signing_algorithm': 'release_gki_algorithm',
Bowgo Tsaibcae74d2021-05-10 17:35:37 +0800[diff] [blame]681 'gki_signing_signature_args': 'release_gki_signature_extra_args',
Bowgo Tsai27c39b02021-03-12 21:40:32 +0800[diff] [blame]682 }
683 ReplaceGkiSigningKey(misc_info)
684 self.assertDictEqual(expected_dict, misc_info)
685
686 def test_ReplaceGkiSigningKey_MissingSigningAlgorithm(self):
687 common.OPTIONS.gki_signing_key = 'release_gki_key'
688 common.OPTIONS.gki_signing_algorithm = None
689 common.OPTIONS.gki_signing_extra_args = 'release_gki_signature_extra_args'
690
691 misc_info = {
692 'gki_signing_key_path': 'default_gki_key',
693 'gki_signing_algorithm': 'default_gki_algorithm',
694 'gki_signing_signature_args': 'default_gki_signature_args',
695 }
696 self.assertRaises(ValueError, ReplaceGkiSigningKey, misc_info)
697
698 def test_ReplaceGkiSigningKey_MissingSigningKeyNop(self):
699 common.OPTIONS.gki_signing_key = None
700 common.OPTIONS.gki_signing_algorithm = 'release_gki_algorithm'
701 common.OPTIONS.gki_signing_extra_args = 'release_gki_signature_extra_args'
702
703 # No change to misc_info if common.OPTIONS.gki_signing_key is missing.
704 misc_info = {
705 'gki_signing_key_path': 'default_gki_key',
706 'gki_signing_algorithm': 'default_gki_algorithm',
707 'gki_signing_signature_args': 'default_gki_signature_args',
708 }
709 expected_dict = {
710 'gki_signing_key_path': 'default_gki_key',
711 'gki_signing_algorithm': 'default_gki_algorithm',
712 'gki_signing_signature_args': 'default_gki_signature_args',
713 }
714 ReplaceGkiSigningKey(misc_info)
715 self.assertDictEqual(expected_dict, misc_info)