Merge "Dump and enforce certificate for apks"

ifeq (true,$(filter true, \

   $(LOCAL_PRODUCT_MODULE) $(LOCAL_PRODUCT_SERVICES_MODULE) \

   $(LOCAL_VENDOR_MODULE) $(LOCAL_PROPRIETARY_MODULE)))

  ifneq (,$(filter $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))%,$(LOCAL_CERTIFICATE)))

    CERTIFICATE_VIOLATION_MODULES += $(LOCAL_MODULE)

    ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT))

      $(if $(filter $(LOCAL_MODULE),$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST)),,\

        $(call pretty-error,The module in product partition cannot be signed with certificate in system.))

    endif

  endif

endif

 No newline at end of file

# GPL module license files

ALL_GPL_MODULE_LICENSE_FILES:=

# Packages with certificate violation

CERTIFICATE_VIOLATION_MODULES :=

# Target and host installed module's dependencies on shared libraries.

# They are list of "<module_name>:<installed_file>:lib1,lib2...".

TARGET_DEPENDENCIES_ON_SHARED_LIBRARIES :=

      $(TARGET_OUT_SYSTEM_OTHER)/%.vdex \

      $(TARGET_OUT_SYSTEM_OTHER)/%.art

  endif

CERTIFICATE_VIOLATION_MODULES_FILENAME := $(PRODUCT_OUT)/certificate_violation_modules.txt

$(CERTIFICATE_VIOLATION_MODULES_FILENAME):

	rm -f $@

	$(foreach m,$(sort $(CERTIFICATE_VIOLATION_MODULES)), echo $(m) >> $@;)

$(call dist-for-goals,droidcore,$(CERTIFICATE_VIOLATION_MODULES_FILENAME))

  all_offending_files :=

  $(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\

    $(eval requirements := $(PRODUCTS.$(makefile).ARTIFACT_PATH_REQUIREMENTS)) \

ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)

    LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)

endif

include $(BUILD_SYSTEM)/app_certificate_validate.mk

private_key := $(LOCAL_CERTIFICATE).pk8

certificate := $(LOCAL_CERTIFICATE).x509.pem

additional_certificates := $(foreach c,$(LOCAL_ADDITIONAL_CERTIFICATES), $(c).x509.pem $(c).pk8)

  $(built_module) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem

endif

include $(BUILD_SYSTEM)/app_certificate_validate.mk

# Disable dex-preopt of prebuilts to save space, if requested.

ifndef LOCAL_DEX_PREOPT

ifeq ($(DONT_DEXPREOPT_PREBUILTS),true)