Loading tools/releasetools/sign_target_files_apks.py +21 −2 Original line number Diff line number Diff line Loading @@ -136,6 +136,11 @@ Usage: sign_target_files_apks [flags] input_target_files output_target_files --android_jar_path <path> Path to the android.jar to repack the apex file. --allow_gsi_debug_sepolicy Allow the existence of the file 'userdebug_plat_sepolicy.cil' under (/system/system_ext|/system_ext)/etc/selinux. If not set, error out when the file exists. """ from __future__ import print_function Loading Loading @@ -191,6 +196,7 @@ OPTIONS.gki_signing_extra_args = None OPTIONS.android_jar_path = None OPTIONS.vendor_partitions = set() OPTIONS.vendor_otatools = None OPTIONS.allow_gsi_debug_sepolicy = False AVB_FOOTER_ARGS_BY_PARTITION = { Loading Loading @@ -680,6 +686,16 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, "BOOT/RAMDISK/first_stage_ramdisk/force_debuggable"): raise common.ExternalError("debuggable boot.img cannot be signed") # Should NOT sign userdebug sepolicy file. elif filename in ( "SYSTEM_EXT/etc/selinux/userdebug_plat_sepolicy.cil", "SYSTEM/system_ext/etc/selinux/userdebug_plat_sepolicy.cil"): if not OPTIONS.allow_gsi_debug_sepolicy: raise common.ExternalError("debug sepolicy shouldn't be included") else: # Copy it verbatim if we allow the file to exist. common.ZipWriteStr(output_tf_zip, out_info, data) # A non-APK file; copy it verbatim. else: common.ZipWriteStr(output_tf_zip, out_info, data) Loading Loading @@ -1356,6 +1372,8 @@ def main(argv): OPTIONS.vendor_otatools = a elif o == "--vendor_partitions": OPTIONS.vendor_partitions = set(a.split(",")) elif o == "--allow_gsi_debug_sepolicy": OPTIONS.allow_gsi_debug_sepolicy = True else: return False return True Loading Loading @@ -1408,6 +1426,7 @@ def main(argv): "gki_signing_extra_args=", "vendor_partitions=", "vendor_otatools=", "allow_gsi_debug_sepolicy", ], extra_option_handler=option_handler) Loading Loading
tools/releasetools/sign_target_files_apks.py +21 −2 Original line number Diff line number Diff line Loading @@ -136,6 +136,11 @@ Usage: sign_target_files_apks [flags] input_target_files output_target_files --android_jar_path <path> Path to the android.jar to repack the apex file. --allow_gsi_debug_sepolicy Allow the existence of the file 'userdebug_plat_sepolicy.cil' under (/system/system_ext|/system_ext)/etc/selinux. If not set, error out when the file exists. """ from __future__ import print_function Loading Loading @@ -191,6 +196,7 @@ OPTIONS.gki_signing_extra_args = None OPTIONS.android_jar_path = None OPTIONS.vendor_partitions = set() OPTIONS.vendor_otatools = None OPTIONS.allow_gsi_debug_sepolicy = False AVB_FOOTER_ARGS_BY_PARTITION = { Loading Loading @@ -680,6 +686,16 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, "BOOT/RAMDISK/first_stage_ramdisk/force_debuggable"): raise common.ExternalError("debuggable boot.img cannot be signed") # Should NOT sign userdebug sepolicy file. elif filename in ( "SYSTEM_EXT/etc/selinux/userdebug_plat_sepolicy.cil", "SYSTEM/system_ext/etc/selinux/userdebug_plat_sepolicy.cil"): if not OPTIONS.allow_gsi_debug_sepolicy: raise common.ExternalError("debug sepolicy shouldn't be included") else: # Copy it verbatim if we allow the file to exist. common.ZipWriteStr(output_tf_zip, out_info, data) # A non-APK file; copy it verbatim. else: common.ZipWriteStr(output_tf_zip, out_info, data) Loading Loading @@ -1356,6 +1372,8 @@ def main(argv): OPTIONS.vendor_otatools = a elif o == "--vendor_partitions": OPTIONS.vendor_partitions = set(a.split(",")) elif o == "--allow_gsi_debug_sepolicy": OPTIONS.allow_gsi_debug_sepolicy = True else: return False return True Loading Loading @@ -1408,6 +1426,7 @@ def main(argv): "gki_signing_extra_args=", "vendor_partitions=", "vendor_otatools=", "allow_gsi_debug_sepolicy", ], extra_option_handler=option_handler) Loading
