Add signing certificate lineage support to soong

	// or an android_app_certificate module name in the form ":module".

	Certificate *string

	// Name of the signing certificate lineage file.

	Lineage *string

	// the package name of this app. The package name in the manifest file is used if one was not given.

	Package_name *string

	if v4SigningRequested {

		v4SignatureFile = android.PathForModuleOut(ctx, a.installApkName+".apk.idsig")

	}

	CreateAndSignAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates, apkDeps, v4SignatureFile)

	var lineageFile android.Path

	if lineage := String(a.overridableAppProperties.Lineage); lineage != "" {

		lineageFile = android.PathForModuleSrc(ctx, lineage)

	}

	CreateAndSignAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates, apkDeps, v4SignatureFile, lineageFile)

	a.outputFile = packageFile

	if v4SigningRequested {

		a.extraOutputFiles = append(a.extraOutputFiles, v4SignatureFile)

		if v4SigningRequested {

			v4SignatureFile = android.PathForModuleOut(ctx, a.installApkName+"_"+split.suffix+".apk.idsig")

		}

		CreateAndSignAppPackage(ctx, packageFile, split.path, nil, nil, certificates, apkDeps, v4SignatureFile)

		CreateAndSignAppPackage(ctx, packageFile, split.path, nil, nil, certificates, apkDeps, v4SignatureFile, lineageFile)

		a.extraOutputFiles = append(a.extraOutputFiles, packageFile)

		if v4SigningRequested {

			a.extraOutputFiles = append(a.extraOutputFiles, v4SignatureFile)

		}

		a.certificate = certificates[0]

		signed := android.PathForModuleOut(ctx, "signed", apkFilename)

		SignAppPackage(ctx, signed, dexOutput, certificates, nil)

		SignAppPackage(ctx, signed, dexOutput, certificates, nil, nil)

		a.outputFile = signed

	} else {

		alignedApk := android.PathForModuleOut(ctx, "zip-aligned", apkFilename)

	_, certificates := collectAppDeps(ctx, false, false)

	certificates = processMainCert(r.ModuleBase, String(r.properties.Certificate), certificates, ctx)

	signed := android.PathForModuleOut(ctx, "signed", r.Name()+".apk")

	SignAppPackage(ctx, signed, r.aapt.exportPackage, certificates, nil)

	SignAppPackage(ctx, signed, r.aapt.exportPackage, certificates, nil, nil)

	r.certificate = certificates[0]

	r.outputFile = signed

	})

func CreateAndSignAppPackage(ctx android.ModuleContext, outputFile android.WritablePath,

	packageFile, jniJarFile, dexJarFile android.Path, certificates []Certificate, deps android.Paths, v4SignatureFile android.WritablePath) {

	packageFile, jniJarFile, dexJarFile android.Path, certificates []Certificate, deps android.Paths, v4SignatureFile android.WritablePath, lineageFile android.Path) {

	unsignedApkName := strings.TrimSuffix(outputFile.Base(), ".apk") + "-unsigned.apk"

	unsignedApk := android.PathForModuleOut(ctx, unsignedApkName)

		Implicits: deps,

	})

	SignAppPackage(ctx, outputFile, unsignedApk, certificates, v4SignatureFile)

	SignAppPackage(ctx, outputFile, unsignedApk, certificates, v4SignatureFile, lineageFile)

}

func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, unsignedApk android.Path, certificates []Certificate, v4SignatureFile android.WritablePath) {

func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, unsignedApk android.Path, certificates []Certificate, v4SignatureFile android.WritablePath, lineageFile android.Path) {

	var certificateArgs []string

	var deps android.Paths

	}

	outputFiles := android.WritablePaths{signedApk}

	var flag string = ""

	var flags []string

	if v4SignatureFile != nil {

		outputFiles = append(outputFiles, v4SignatureFile)

		flag = "--enable-v4"

		flags = append(flags, "--enable-v4")

	}

	if lineageFile != nil {

		flags = append(flags, "--lineage", lineageFile.String())

	}

	ctx.Build(pctx, android.BuildParams{

		Implicits:   deps,

		Args: map[string]string{

			"certificates": strings.Join(certificateArgs, " "),

			"flags":        flag,

			"flags":        strings.Join(flags, " "),

		},

	})

}

		name                string

		bp                  string

		certificateOverride string

		expected            string

		expectedLineage     string

		expectedCertificate string

	}{

		{

			name: "default",

				}

			`,

			certificateOverride: "",

			expected:            "build/make/target/product/security/testkey.x509.pem build/make/target/product/security/testkey.pk8",

			expectedLineage:     "",

			expectedCertificate: "build/make/target/product/security/testkey.x509.pem build/make/target/product/security/testkey.pk8",

		},

		{

			name: "module certificate property",

				}

			`,

			certificateOverride: "",

			expected:            "cert/new_cert.x509.pem cert/new_cert.pk8",

			expectedLineage:     "",

			expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",

		},

		{

			name: "path certificate property",

				}

			`,

			certificateOverride: "",

			expected:            "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",

			expectedLineage:     "",

			expectedCertificate: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",

		},

		{

			name: "certificate overrides",

				}

			`,

			certificateOverride: "foo:new_certificate",

			expected:            "cert/new_cert.x509.pem cert/new_cert.pk8",

			expectedLineage:     "",

			expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",

		},

		{

			name: "certificate lineage",

			bp: `

				android_app {

					name: "foo",

					srcs: ["a.java"],

					certificate: ":new_certificate",

					lineage: "lineage.bin",

					sdk_version: "current",

				}

				android_app_certificate {

					name: "new_certificate",

					certificate: "cert/new_cert",

				}

			`,

			certificateOverride: "",

			expectedLineage:     "--lineage lineage.bin",

			expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",

		},

	}

			foo := ctx.ModuleForTests("foo", "android_common")

			signapk := foo.Output("foo.apk")

			signFlags := signapk.Args["certificates"]

			if test.expected != signFlags {

				t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expected, signFlags)

			signCertificateFlags := signapk.Args["certificates"]

			if test.expectedCertificate != signCertificateFlags {

				t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expectedCertificate, signCertificateFlags)

			}

			signFlags := signapk.Args["flags"]

			if test.expectedLineage != signFlags {

				t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expectedLineage, signFlags)

			}

		})

	}

			name: "bar",

			base: "foo",

			certificate: ":new_certificate",

			lineage: "lineage.bin",

			logging_parent: "bah",

		}

		variantName    string

		apkName        string

		apkPath        string

		signFlag       string

		certFlag       string

		lineageFlag    string

		overrides      []string

		aaptFlag       string

		logging_parent string

			moduleName:     "foo",

			variantName:    "android_common",

			apkPath:        "/target/product/test_device/system/app/foo/foo.apk",

			signFlag:       "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",

			certFlag:       "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",

			lineageFlag:    "",

			overrides:      []string{"qux"},

			aaptFlag:       "",

			logging_parent: "",

			moduleName:     "bar",

			variantName:    "android_common_bar",

			apkPath:        "/target/product/test_device/system/app/bar/bar.apk",

			signFlag:       "cert/new_cert.x509.pem cert/new_cert.pk8",

			certFlag:       "cert/new_cert.x509.pem cert/new_cert.pk8",

			lineageFlag:    "--lineage lineage.bin",

			overrides:      []string{"qux", "foo"},

			aaptFlag:       "",

			logging_parent: "bah",

			moduleName:     "baz",

			variantName:    "android_common_baz",

			apkPath:        "/target/product/test_device/system/app/baz/baz.apk",

			signFlag:       "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",

			certFlag:       "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",

			lineageFlag:    "",

			overrides:      []string{"qux", "foo"},

			aaptFlag:       "--rename-manifest-package org.dandroid.bp",

			logging_parent: "",

		// Check the certificate paths

		signapk := variant.Output(expected.moduleName + ".apk")

		signFlag := signapk.Args["certificates"]

		if expected.signFlag != signFlag {

			t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.signFlag, signFlag)

		certFlag := signapk.Args["certificates"]

		if expected.certFlag != certFlag {

			t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.certFlag, certFlag)

		}

		// Check the lineage flags

		lineageFlag := signapk.Args["flags"]

		if expected.lineageFlag != lineageFlag {

			t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.lineageFlag, lineageFlag)

		}

		// Check if the overrides field values are correctly aggregated.

		"cert/new_cert.x509.pem": nil,

		"cert/new_cert.pk8":      nil,

		"lineage.bin":            nil,

		"testdata/data": nil,