546 lines
19 KiB
Plaintext
546 lines
19 KiB
Plaintext
//
|
|
// Copyright (C) 2020 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
|
|
package {
|
|
// See: http://go/android-license-faq
|
|
default_applicable_licenses: ["Android-Apache-2.0"],
|
|
}
|
|
|
|
// This is the default test package signed with the default key.
|
|
android_test_helper_app {
|
|
name: "CtsPkgInstallTinyApp",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the test package v2 signed with the default key.
|
|
android_test_helper_app {
|
|
name: "CtsPkgInstallTinyAppV2",
|
|
manifest: "AndroidManifest-v2.xml",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the test package signed using the V1/V2 signature schemes with
|
|
// two signers targeting SDK version 30 with sandbox version 1. From this
|
|
// package the v1-ec-p256-two-signers-targetSdk-30.apk is created with the
|
|
// following command:
|
|
// apksigner sign --in v1v2-ec-p256-two-signers-targetSdk-30.apk --out
|
|
// v1-ec-p256-two-signers-targetSdk-30.apk --cert ec-p256.x509.pem --key
|
|
// ec-p256.pk8 --next-signer --cert ec-p256_2.x509.pem --key ec-p256_2.pk8
|
|
// --v2-signing-enabled false --v3-signing-enabled false --v4-signing-enabled false
|
|
android_test_helper_app {
|
|
name: "v1v2-ec-p256-two-signers-targetSdk-30",
|
|
manifest: "AndroidManifest-sandbox-v1.xml",
|
|
certificate: ":ec-p256",
|
|
additional_certificates: [":ec-p256_2"],
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "30",
|
|
}
|
|
|
|
// This is the test package signed using the V3 signature scheme
|
|
// with the previous key in the lineage and part of a sharedUid.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-1-sharedUid",
|
|
manifest: "AndroidManifest-shareduid.xml",
|
|
certificate: ":ec-p256",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the test package signed using the V3 signature scheme with
|
|
// a rotated key and one signer in the lineage with default capabilities.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2-default-caps",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [":ec-p256"],
|
|
lineage: ":ec-p256-por_1_2-default-caps",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the test package signed using the V3 signature scheme with
|
|
// a rotated key and multiple signers in the lineage with default
|
|
// capabilities.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por-1_2_3_4_5-default-caps",
|
|
certificate: ":ec-p256_5",
|
|
additional_certificates: [":ec-p256"],
|
|
lineage: ":ec-p256-por-1_2_3_4_5-default-caps",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the test package signed using the V3 signature scheme with
|
|
// a rotated key and part of a shareduid. The capabilities of this lineage
|
|
// grant access to the previous key in the lineage to join the sharedUid.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid",
|
|
manifest: "AndroidManifest-shareduid.xml",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [":ec-p256"],
|
|
lineage: ":ec-p256-por_1_2-default-caps",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the test package signed using the V3 signature scheme with
|
|
// a rotated key and part of a shareduid. The signing lineage begins
|
|
// with a key that is not in any of the other lineages and is intended
|
|
// to verify that two packages signed with lineages that have diverged
|
|
// ancestors are not allowed to be installed in the same sharedUserId.
|
|
android_test_helper_app {
|
|
name: "v3-por_Y_1_2-default-caps-sharedUid",
|
|
manifest: "AndroidManifest-shareduid.xml",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [
|
|
":rsa-2048",
|
|
":ec-p256",
|
|
],
|
|
lineage: ":por_Y_1_2-default-caps",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the test package signed using the V3 signature scheme with
|
|
// a rotated key and part of a shareduid. The capabilities of this lineage
|
|
// prevent the previous key in the lineage from joining the sharedUid.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2-no-shUid-cap-sharedUid",
|
|
manifest: "AndroidManifest-shareduid.xml",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [":ec-p256"],
|
|
lineage: ":ec-p256-por_1_2-no-shUid-cap",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the test package signed using the V3 signature scheme with
|
|
// a rotated key and part of a shareduid. The capabilities of this lineage
|
|
// prevent the previous key in the lineage from using a signature permission.
|
|
// This package is intended to verify shared signing keys in separate app
|
|
// lineages retain their own declared capabilities.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2-no-perm-cap-sharedUid",
|
|
manifest: "AndroidManifest-shareduid.xml",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [":ec-p256"],
|
|
lineage: ":ec-p256-por_1_2-no-perm-cap",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the test package with a new name intended to be installed
|
|
// alongside the original test package when verifying platform behavior when
|
|
// two apps share the same previous signer in their lineage with different
|
|
// capabilities granted; the lineage for this package prevents an app signed
|
|
// with the previous signing key from joining a sharedUserId.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2-no-shUid-cap-declperm2",
|
|
manifest: "AndroidManifest-declperm2.xml",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [":ec-p256"],
|
|
lineage: ":ec-p256-por_1_2-no-shUid-cap",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the first companion package signed using the V3 signature scheme
|
|
// with a rotated key and part of a sharedUid. The capabilities of this lineage
|
|
// grant access to the previous key in the lineage to join the sharedUid.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid-companion",
|
|
manifest: "AndroidManifest-companion-shareduid.xml",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [":ec-p256"],
|
|
lineage: ":ec-p256-por_1_2-default-caps",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the first companion package signed using the V3 signature scheme
|
|
// with a rotated key and part of a sharedUid. The capabilities of this lineage
|
|
// prevent the previous signing key from joining the sharedUserId.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2-no-shUid-cap-sharedUid-companion",
|
|
manifest: "AndroidManifest-companion-shareduid.xml",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [":ec-p256"],
|
|
lineage: ":ec-p256-por_1_2-no-shUid-cap",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the companion package signed using the V3 signature scheme with
|
|
// a rotated key and part of a shareduid. The signing lineage begins
|
|
// with a key that is not in any of the other lineages and is intended
|
|
// to verify that two packages signed with lineages that have diverged
|
|
// ancestors are not allowed to be installed in the same sharedUserId.
|
|
android_test_helper_app {
|
|
name: "v3-por_Z_1_2-default-caps-sharedUid-companion",
|
|
manifest: "AndroidManifest-shareduid.xml",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [
|
|
":dsa-2048",
|
|
":ec-p256",
|
|
],
|
|
lineage: ":por_Z_1_2-default-caps",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the first companion package signed using the V3 signature scheme
|
|
// with a rotated key and part of a sharedUid but without the signing lineage.
|
|
// This app is intended to test lineage scenarios where an app is only signed
|
|
// with the latest key in the lineage.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-2-sharedUid-companion",
|
|
manifest: "AndroidManifest-companion-shareduid.xml",
|
|
certificate: ":ec-p256_2",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the second companion package signed using the V3 signature scheme
|
|
// with the previous key in the lineage and part of a sharedUid.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-1-sharedUid-companion2",
|
|
manifest: "AndroidManifest-companion2-shareduid.xml",
|
|
certificate: ":ec-p256",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the second companion package signed using the V3 signature scheme
|
|
// with a rotated key and part of a sharedUid. The capabilities of this lineage
|
|
// prevent the previous signing key from joining the sharedUserId.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2-no-shUid-cap-sharedUid-companion2",
|
|
manifest: "AndroidManifest-companion2-shareduid.xml",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [":ec-p256"],
|
|
lineage: ":ec-p256-por_1_2-no-shUid-cap",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is the third companion package signed using the V3 signature scheme
|
|
// with a rotated key and part of a sharedUid. The capabilities of this lineage
|
|
// grant access to the previous key in the lineage to join the sharedUid.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid-companion3",
|
|
manifest: "AndroidManifest-companion3-shareduid.xml",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [":ec-p256"],
|
|
lineage: ":ec-p256-por_1_2-default-caps",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is a version of the test package that declares a signature permission.
|
|
// The lineage used to sign this test package does not trust the first signing
|
|
// key but grants default capabilities to the second signing key.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2_3-1-no-caps-2-default-declperm",
|
|
manifest: "AndroidManifest-declperm.xml",
|
|
certificate: ":ec-p256_3",
|
|
additional_certificates: [
|
|
":ec-p256",
|
|
],
|
|
lineage: ":ec-p256-por-1_2_3-1-no-caps-2-default",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is a version of the test package that declares a signature permission.
|
|
// The lineage used to sign this test package does not trust either of the signing
|
|
// keys so an app with only common signers in the lineage should not be granted the
|
|
// permission.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2_3-no-caps-declperm",
|
|
manifest: "AndroidManifest-declperm.xml",
|
|
certificate: ":ec-p256_3",
|
|
additional_certificates: [
|
|
":ec-p256",
|
|
],
|
|
lineage: ":ec-p256-por-1_2_3-no-caps",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is a version of the companion package that requests the signature permission
|
|
// declared by the test package above. This package is signed with a signing key that
|
|
// diverges from the package above and is intended to verify that a common signing
|
|
// key in the lineage that is still granted the permission capability is sufficient
|
|
// to be granted a signature permission.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2_4-companion-usesperm",
|
|
manifest: "AndroidManifest-companion-usesperm.xml",
|
|
certificate: ":ec-p256_4",
|
|
additional_certificates: [
|
|
":ec-p256",
|
|
],
|
|
lineage: ":ec-p256-por-1_2_4-default-caps",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is a version of the companion package that requests the signature permission
|
|
// declared by the test package. This package is signed with the original signing
|
|
// key and is intended to verify that a common signing key shared between two
|
|
// lineages retains its capability from the package declaring the signature permission.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-1-companion-usesperm",
|
|
manifest: "AndroidManifest-companion-usesperm.xml",
|
|
certificate: ":ec-p256",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is a version of the test package that declares a signature permission
|
|
// with the knownSigner protection flag. This app is signed with the rsa-2048
|
|
// signing key with the trusted certificates being ec-p256 and ec-p256_3.
|
|
android_test_helper_app {
|
|
name: "v3-rsa-2048-decl-knownSigner-ec-p256-1-3",
|
|
manifest: "AndroidManifest-decl-knownSigner.xml",
|
|
certificate: ":rsa-2048",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is a version of the test package that declares a signature permission
|
|
// without the knownSigner protection flag. This app is signed with the same
|
|
// rsa-2048 signing key to allow updates from the package above. This app can
|
|
// be used to verify behavior when an app initially uses the knownSigner flag
|
|
// and subsequently removes the flag from the permission declaration.
|
|
android_test_helper_app {
|
|
name: "v3-rsa-2048-declperm",
|
|
manifest: "AndroidManifest-declperm.xml",
|
|
certificate: ":rsa-2048",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is a version of the test package that declares a signature permission
|
|
// with the knownSigner protection flag using a string resource instead of a
|
|
// string-array resource for the trusted certs.
|
|
android_test_helper_app {
|
|
name: "v3-rsa-2048-decl-knownSigner-str-res-ec-p256-1",
|
|
manifest: "AndroidManifest-decl-knownSigner-str-res.xml",
|
|
certificate: ":rsa-2048",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is a version of the test package that declares a signature permission
|
|
// with the knownSigner protection flag using a string constant as the value
|
|
// of the knownCerts attribute.
|
|
android_test_helper_app {
|
|
name: "v3-rsa-2048-decl-knownSigner-str-const-ec-p256-1",
|
|
manifest: "AndroidManifest-decl-knownSigner-str-const.xml",
|
|
certificate: ":rsa-2048",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is a version of the companion package that uses the permission
|
|
// declared with the knownSigner flag. This app's current signer is in
|
|
// the array of certificate digests as declared by the test package
|
|
// above.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256_3-companion-uses-knownSigner",
|
|
manifest: "AndroidManifest-uses-knownSigner.xml",
|
|
certificate: ":ec-p256_3",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is a version of the companion package that uses the permission
|
|
// declared with the knownSigner flag. This app's current signer is not
|
|
// in the array of certificate digests as declared by the test package
|
|
// above.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256_2-companion-uses-knownSigner",
|
|
manifest: "AndroidManifest-uses-knownSigner.xml",
|
|
certificate: ":ec-p256_2",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|
|
|
|
// This is a version of the companion package that uses the permission
|
|
// declared with the knownSigner flag. This app is signed with a rotated
|
|
// signing key with the current signer not in the array of certificate
|
|
// digests as declared by the test package, but the previous signer in
|
|
// the lineage is. This app can be used to verify that knownSigner
|
|
// permissions are also granted if the app was previously signed with
|
|
// one of the declared digests.
|
|
android_test_helper_app {
|
|
name: "v3-ec-p256-with-por_1_2-companion-uses-knownSigner",
|
|
manifest: "AndroidManifest-uses-knownSigner.xml",
|
|
certificate: ":ec-p256_2",
|
|
additional_certificates: [
|
|
":ec-p256",
|
|
],
|
|
lineage: ":ec-p256-por_1_2-default-caps",
|
|
srcs: ["src/**/*.java"],
|
|
// resource_dirs is the default value: ["res"]
|
|
test_suites: [
|
|
"cts",
|
|
"general-tests",
|
|
],
|
|
sdk_version: "current",
|
|
}
|