Loading core/app_certificate_validate.mk 0 → 100644 +12 −0 Original line number Diff line number Diff line ifeq (true,$(filter true, \ $(LOCAL_PRODUCT_MODULE) $(LOCAL_PRODUCT_SERVICES_MODULE) \ $(LOCAL_VENDOR_MODULE) $(LOCAL_PROPRIETARY_MODULE))) ifneq (,$(filter $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))%,$(LOCAL_CERTIFICATE))) CERTIFICATE_VIOLATION_MODULES += $(LOCAL_MODULE) ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT)) $(if $(filter $(LOCAL_MODULE),$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST)),,\ $(call pretty-error,The module in product partition cannot be signed with certificate in system.)) endif endif endif No newline at end of file core/definitions.mk +3 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,9 @@ ALL_FINDBUGS_FILES:= # GPL module license files ALL_GPL_MODULE_LICENSE_FILES:= # Packages with certificate violation CERTIFICATE_VIOLATION_MODULES := # Target and host installed module's dependencies on shared libraries. # They are list of "<module_name>:<installed_file>:lib1,lib2...". TARGET_DEPENDENCIES_ON_SHARED_LIBRARIES := Loading core/main.mk +7 −0 Original line number Diff line number Diff line Loading @@ -1096,6 +1096,13 @@ ifdef FULL_BUILD $(TARGET_OUT_SYSTEM_OTHER)/%.vdex \ $(TARGET_OUT_SYSTEM_OTHER)/%.art endif CERTIFICATE_VIOLATION_MODULES_FILENAME := $(PRODUCT_OUT)/certificate_violation_modules.txt $(CERTIFICATE_VIOLATION_MODULES_FILENAME): rm -f $@ $(foreach m,$(sort $(CERTIFICATE_VIOLATION_MODULES)), echo $(m) >> $@;) $(call dist-for-goals,droidcore,$(CERTIFICATE_VIOLATION_MODULES_FILENAME)) all_offending_files := $(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\ $(eval requirements := $(PRODUCTS.$(makefile).ARTIFACT_PATH_REQUIREMENTS)) \ Loading core/package_internal.mk +1 −0 Original line number Diff line number Diff line Loading @@ -535,6 +535,7 @@ endif ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./) LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE) endif include $(BUILD_SYSTEM)/app_certificate_validate.mk private_key := $(LOCAL_CERTIFICATE).pk8 certificate := $(LOCAL_CERTIFICATE).x509.pem additional_certificates := $(foreach c,$(LOCAL_ADDITIONAL_CERTIFICATES), $(c).x509.pem $(c).pk8) Loading core/prebuilt_internal.mk +2 −0 Original line number Diff line number Diff line Loading @@ -306,6 +306,8 @@ else $(built_module) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem endif include $(BUILD_SYSTEM)/app_certificate_validate.mk # Disable dex-preopt of prebuilts to save space, if requested. ifndef LOCAL_DEX_PREOPT ifeq ($(DONT_DEXPREOPT_PREBUILTS),true) Loading Loading
core/app_certificate_validate.mk 0 → 100644 +12 −0 Original line number Diff line number Diff line ifeq (true,$(filter true, \ $(LOCAL_PRODUCT_MODULE) $(LOCAL_PRODUCT_SERVICES_MODULE) \ $(LOCAL_VENDOR_MODULE) $(LOCAL_PROPRIETARY_MODULE))) ifneq (,$(filter $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))%,$(LOCAL_CERTIFICATE))) CERTIFICATE_VIOLATION_MODULES += $(LOCAL_MODULE) ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT)) $(if $(filter $(LOCAL_MODULE),$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST)),,\ $(call pretty-error,The module in product partition cannot be signed with certificate in system.)) endif endif endif No newline at end of file
core/definitions.mk +3 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,9 @@ ALL_FINDBUGS_FILES:= # GPL module license files ALL_GPL_MODULE_LICENSE_FILES:= # Packages with certificate violation CERTIFICATE_VIOLATION_MODULES := # Target and host installed module's dependencies on shared libraries. # They are list of "<module_name>:<installed_file>:lib1,lib2...". TARGET_DEPENDENCIES_ON_SHARED_LIBRARIES := Loading
core/main.mk +7 −0 Original line number Diff line number Diff line Loading @@ -1096,6 +1096,13 @@ ifdef FULL_BUILD $(TARGET_OUT_SYSTEM_OTHER)/%.vdex \ $(TARGET_OUT_SYSTEM_OTHER)/%.art endif CERTIFICATE_VIOLATION_MODULES_FILENAME := $(PRODUCT_OUT)/certificate_violation_modules.txt $(CERTIFICATE_VIOLATION_MODULES_FILENAME): rm -f $@ $(foreach m,$(sort $(CERTIFICATE_VIOLATION_MODULES)), echo $(m) >> $@;) $(call dist-for-goals,droidcore,$(CERTIFICATE_VIOLATION_MODULES_FILENAME)) all_offending_files := $(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\ $(eval requirements := $(PRODUCTS.$(makefile).ARTIFACT_PATH_REQUIREMENTS)) \ Loading
core/package_internal.mk +1 −0 Original line number Diff line number Diff line Loading @@ -535,6 +535,7 @@ endif ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./) LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE) endif include $(BUILD_SYSTEM)/app_certificate_validate.mk private_key := $(LOCAL_CERTIFICATE).pk8 certificate := $(LOCAL_CERTIFICATE).x509.pem additional_certificates := $(foreach c,$(LOCAL_ADDITIONAL_CERTIFICATES), $(c).x509.pem $(c).pk8) Loading
core/prebuilt_internal.mk +2 −0 Original line number Diff line number Diff line Loading @@ -306,6 +306,8 @@ else $(built_module) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem endif include $(BUILD_SYSTEM)/app_certificate_validate.mk # Disable dex-preopt of prebuilts to save space, if requested. ifndef LOCAL_DEX_PREOPT ifeq ($(DONT_DEXPREOPT_PREBUILTS),true) Loading
