Add PRODUCT_ADB_KEYS
This easily allow products to add custom adb keys for debuggable builds.
To use, provide a public key created by `adb keygen` to
PRODUCT_ADB_KEYS.
This way automated test farms don't need manual intervention to
authenticate to the device over adb, but we don't disable security for
everyone else.
Add an inherit-product-if-exists hook to aosp_* targets so that our
build servers can add a key for our test farms.
Bug: 32891559
Test: lunch aosp_marlin-userdebug; m bootimage
Test: lunch aosp_marlin-user; m bootimage
Change-Id: I1720644d89ec5289fbe99f95ebcdfbb3f3b20e67
diff --git a/core/product.mk b/core/product.mk
index 1819293..95c8722 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -144,6 +144,7 @@
PRODUCT_SYSTEM_HEADROOM \
PRODUCT_MINIMIZE_JAVA_DEBUG_INFO \
PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS \
+ PRODUCT_ADB_KEYS \
diff --git a/core/product_config.mk b/core/product_config.mk
index 777c29d..bf1b2d1 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -455,3 +455,13 @@
# Whether any paths are excluded from sanitization when SANITIZE_TARGET=integer_overflow
PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
+
+# ADB keys for debuggable builds
+PRODUCT_ADB_KEYS :=
+ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),)
+ PRODUCT_ADB_KEYS := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ADB_KEYS))
+endif
+ifneq ($(filter-out 0 1,$(words $(PRODUCT_ADB_KEYS))),)
+ $(error Only one file may be in PRODUCT_ADB_KEYS: $(PRODUCT_ADB_KEYS))
+endif
+.KATI_READONLY := PRODUCT_ADB_KEYS
diff --git a/target/product/embedded.mk b/target/product/embedded.mk
index 3466d1a..4e1adc8 100644
--- a/target/product/embedded.mk
+++ b/target/product/embedded.mk
@@ -98,6 +98,11 @@
fs_config_files \
fs_config_dirs
+# If there are product-specific adb keys defined, install them on debuggable
+# builds.
+PRODUCT_PACKAGES_DEBUG += \
+ adb_keys
+
# Ensure that this property is always defined so that bionic_systrace.cpp
# can rely on it being initially set by init.
PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \
diff --git a/target/product/full_base.mk b/target/product/full_base.mk
index f2652eb..7aac435 100644
--- a/target/product/full_base.mk
+++ b/target/product/full_base.mk
@@ -53,3 +53,6 @@
# Get everything else from the parent package
$(call inherit-product, $(SRC_TARGET_DIR)/product/generic_no_telephony.mk)
+
+# Add adb keys to debuggable AOSP builds (if they exist)
+$(call inherit-product-if-exists, vendor/google/security/adb/vendor_key.mk)
diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
index 5a40397..4142ea9 100644
--- a/target/product/security/Android.mk
+++ b/target/product/security/Android.mk
@@ -10,3 +10,16 @@
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
include $(BUILD_PREBUILT)
+
+#######################################
+# adb key, if configured via PRODUCT_ADB_KEYS
+ifdef PRODUCT_ADB_KEYS
+ ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),)
+ include $(CLEAR_VARS)
+ LOCAL_MODULE := adb_keys
+ LOCAL_MODULE_CLASS := ETC
+ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
+ LOCAL_PREBUILT_MODULE_FILE := $(PRODUCT_ADB_KEYS)
+ include $(BUILD_PREBUILT)
+ endif
+endif