hostsidetests/appsecurity/test-apps/tinyapp/Android.bp - platform/cts - Git at Google

 //
 // Copyright (C) 2020 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //

 package {
     // See: http://go/android-license-faq
     default_applicable_licenses: ["Android-Apache-2.0"],
 }

 // This is the default test package signed with the default key.
 android_test_helper_app {
     name: "CtsPkgInstallTinyApp",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the test package v2 signed with the default key.
 android_test_helper_app {
     name: "CtsPkgInstallTinyAppV2",
     manifest: "AndroidManifest-v2.xml",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the test package signed using the V1/V2 signature schemes with
 // two signers targeting SDK version 30 with sandbox version 1. From this
 // package the v1-ec-p256-two-signers-targetSdk-30.apk is created with the
 // following command:
 // apksigner sign --in v1v2-ec-p256-two-signers-targetSdk-30.apk --out
 // v1-ec-p256-two-signers-targetSdk-30.apk --cert ec-p256.x509.pem --key
 // ec-p256.pk8 --next-signer --cert ec-p256_2.x509.pem --key ec-p256_2.pk8
 // --v2-signing-enabled false --v3-signing-enabled false --v4-signing-enabled false
 android_test_helper_app {
     name: "v1v2-ec-p256-two-signers-targetSdk-30",
     manifest: "AndroidManifest-sandbox-v1.xml",
     certificate: ":ec-p256",
     additional_certificates: [":ec-p256_2"],
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "30",
 }

 // This is the test package signed using the V3 signature scheme
 // with the previous key in the lineage and part of a sharedUid.
 android_test_helper_app {
     name: "v3-ec-p256-1-sharedUid",
     manifest: "AndroidManifest-shareduid.xml",
     certificate: ":ec-p256",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the test package signed using the V3 signature scheme with
 // a rotated key and one signer in the lineage with default capabilities.
 android_test_helper_app {
     name: "v3-ec-p256-with-por_1_2-default-caps",
     certificate: ":ec-p256_2",
     additional_certificates: [":ec-p256"],
     lineage: ":ec-p256-por_1_2-default-caps",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the test package signed using the V3 signature scheme with
 // a rotated key and multiple signers in the lineage with default
 // capabilities.
 android_test_helper_app {
     name: "v3-ec-p256-with-por-1_2_3_4_5-default-caps",
     certificate: ":ec-p256_5",
     additional_certificates: [":ec-p256"],
     lineage: ":ec-p256-por-1_2_3_4_5-default-caps",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the test package signed using the V3 signature scheme with
 // a rotated key and part of a shareduid. The capabilities of this lineage
 // grant access to the previous key in the lineage to join the sharedUid.
 android_test_helper_app {
     name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid",
     manifest: "AndroidManifest-shareduid.xml",
     certificate: ":ec-p256_2",
     additional_certificates: [":ec-p256"],
     lineage: ":ec-p256-por_1_2-default-caps",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the test package signed using the V3 signature scheme with
 // a rotated key and part of a shareduid. The signing lineage begins
 // with a key that is not in any of the other lineages and is intended
 // to verify that two packages signed with lineages that have diverged
 // ancestors are not allowed to be installed in the same sharedUserId.
 android_test_helper_app {
     name: "v3-por_Y_1_2-default-caps-sharedUid",
     manifest: "AndroidManifest-shareduid.xml",
     certificate: ":ec-p256_2",
     additional_certificates: [
         ":rsa-2048",
         ":ec-p256",
     ],
     lineage: ":por_Y_1_2-default-caps",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the test package signed using the V3 signature scheme with
 // a rotated key and part of a shareduid. The capabilities of this lineage
 // prevent the previous key in the lineage from joining the sharedUid.
 android_test_helper_app {
     name: "v3-ec-p256-with-por_1_2-no-shUid-cap-sharedUid",
     manifest: "AndroidManifest-shareduid.xml",
     certificate: ":ec-p256_2",
     additional_certificates: [":ec-p256"],
     lineage: ":ec-p256-por_1_2-no-shUid-cap",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the test package signed using the V3 signature scheme with
 // a rotated key and part of a shareduid. The capabilities of this lineage
 // prevent the previous key in the lineage from using a signature permission.
 // This package is intended to verify shared signing keys in separate app
 // lineages retain their own declared capabilities.
 android_test_helper_app {
     name: "v3-ec-p256-with-por_1_2-no-perm-cap-sharedUid",
     manifest: "AndroidManifest-shareduid.xml",
     certificate: ":ec-p256_2",
     additional_certificates: [":ec-p256"],
     lineage: ":ec-p256-por_1_2-no-perm-cap",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the test package with a new name intended to be installed
 // alongside the original test package when verifying platform behavior when
 // two apps share the same previous signer in their lineage with different
 // capabilities granted; the lineage for this package prevents an app signed
 // with the previous signing key from joining a sharedUserId.
 android_test_helper_app {
     name: "v3-ec-p256-with-por_1_2-no-shUid-cap-declperm2",
     manifest: "AndroidManifest-declperm2.xml",
     certificate: ":ec-p256_2",
     additional_certificates: [":ec-p256"],
     lineage: ":ec-p256-por_1_2-no-shUid-cap",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the first companion package signed using the V3 signature scheme
 // with a rotated key and part of a sharedUid. The capabilities of this lineage
 // grant access to the previous key in the lineage to join the sharedUid.
 android_test_helper_app {
     name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid-companion",
     manifest: "AndroidManifest-companion-shareduid.xml",
     certificate: ":ec-p256_2",
     additional_certificates: [":ec-p256"],
     lineage: ":ec-p256-por_1_2-default-caps",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the companion package signed using the V3 signature scheme with
 // a rotated key and part of a shareduid. The signing lineage begins
 // with a key that is not in any of the other lineages and is intended
 // to verify that two packages signed with lineages that have diverged
 // ancestors are not allowed to be installed in the same sharedUserId.
 android_test_helper_app {
     name: "v3-por_Z_1_2-default-caps-sharedUid-companion",
     manifest: "AndroidManifest-shareduid.xml",
     certificate: ":ec-p256_2",
     additional_certificates: [
         ":dsa-2048",
         ":ec-p256",
     ],
     lineage: ":por_Z_1_2-default-caps",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the first companion package signed using the V3 signature scheme
 // with a rotated key and part of a sharedUid but without the signing lineage.
 // This app is intended to test lineage scenarios where an app is only signed
 // with the latest key in the lineage.
 android_test_helper_app {
     name: "v3-ec-p256-2-sharedUid-companion",
     manifest: "AndroidManifest-companion-shareduid.xml",
     certificate: ":ec-p256_2",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is the second companion package signed using the V3 signature scheme
 // with the previous key in the lineage and part of a sharedUid.
 android_test_helper_app {
     name: "v3-ec-p256-1-sharedUid-companion2",
     manifest: "AndroidManifest-companion2-shareduid.xml",
     certificate: ":ec-p256",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is a version of the test package that declares a signature permission.
 // The lineage used to sign this test package does not trust the first signing
 // key but grants default capabilities to the second signing key.
 android_test_helper_app {
     name: "v3-ec-p256-with-por_1_2_3-1-no-caps-2-default-declperm",
     manifest: "AndroidManifest-declperm.xml",
     certificate: ":ec-p256_3",
     additional_certificates: [
         ":ec-p256",
     ],
     lineage: ":ec-p256-por-1_2_3-1-no-caps-2-default",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is a version of the test package that declares a signature permission.
 // The lineage used to sign this test package does not trust either of the signing
 // keys so an app with only common signers in the lineage should not be granted the
 // permission.
 android_test_helper_app {
     name: "v3-ec-p256-with-por_1_2_3-no-caps-declperm",
     manifest: "AndroidManifest-declperm.xml",
     certificate: ":ec-p256_3",
     additional_certificates: [
         ":ec-p256",
     ],
     lineage: ":ec-p256-por-1_2_3-no-caps",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is a version of the companion package that requests the signature permission
 // declared by the test package above. This package is signed with a signing key that
 // diverges from the package above and is intended to verify that a common signing
 // key in the lineage that is still granted the permission capability is sufficient
 // to be granted a signature permission.
 android_test_helper_app {
     name: "v3-ec-p256-with-por_1_2_4-companion-usesperm",
     manifest: "AndroidManifest-companion-usesperm.xml",
     certificate: ":ec-p256_4",
     additional_certificates: [
         ":ec-p256",
     ],
     lineage: ":ec-p256-por-1_2_4-default-caps",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is a version of the companion package that requests the signature permission
 // declared by the test package. This package is signed with the original signing
 // key and is intended to verify that a common signing key shared between two
 // lineages retains its capability from the package declaring the signature permission.
 android_test_helper_app {
     name: "v3-ec-p256-1-companion-usesperm",
     manifest: "AndroidManifest-companion-usesperm.xml",
     certificate: ":ec-p256",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is a version of the test package that declares a signature permission
 // with the knownSigner protection flag. This app is signed with the rsa-2048
 // signing key with the trusted certificates being ec-p256 and ec-p256_3.
 android_test_helper_app {
     name: "v3-rsa-2048-decl-knownSigner-ec-p256-1-3",
     manifest: "AndroidManifest-decl-knownSigner.xml",
     certificate: ":rsa-2048",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is a version of the test package that declares a signature permission
 // without the knownSigner protection flag. This app is signed with the same
 // rsa-2048 signing key to allow updates from the package above. This app can
 // be used to verify behavior when an app initially uses the knownSigner flag
 // and subsequently removes the flag from the permission declaration.
 android_test_helper_app {
     name: "v3-rsa-2048-declperm",
     manifest: "AndroidManifest-declperm.xml",
     certificate: ":rsa-2048",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is a version of the test package that declares a signature permission
 // with the knownSigner protection flag using a string resource instead of a
 // string-array resource for the trusted certs.
 android_test_helper_app {
     name: "v3-rsa-2048-decl-knownSigner-str-res-ec-p256-1",
     manifest: "AndroidManifest-decl-knownSigner-str-res.xml",
     certificate: ":rsa-2048",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is a version of the test package that declares a signature permission
 // with the knownSigner protection flag using a string constant as the value
 // of the knownCerts attribute.
 android_test_helper_app {
     name: "v3-rsa-2048-decl-knownSigner-str-const-ec-p256-1",
     manifest: "AndroidManifest-decl-knownSigner-str-const.xml",
     certificate: ":rsa-2048",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is a version of the companion package that uses the permission
 // declared with the knownSigner flag. This app's current signer is in
 // the array of certificate digests as declared by the test package
 // above.
 android_test_helper_app {
     name: "v3-ec-p256_3-companion-uses-knownSigner",
     manifest: "AndroidManifest-uses-knownSigner.xml",
     certificate: ":ec-p256_3",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is a version of the companion package that uses the permission
 // declared with the knownSigner flag. This app's current signer is not
 // in the array of certificate digests as declared by the test package
 // above.
 android_test_helper_app {
     name: "v3-ec-p256_2-companion-uses-knownSigner",
     manifest: "AndroidManifest-uses-knownSigner.xml",
     certificate: ":ec-p256_2",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }

 // This is a version of the companion package that uses the permission
 // declared with the knownSigner flag. This app is signed with a rotated
 // signing key with the current signer not in the array of certificate
 // digests as declared by the test package, but the previous signer in
 // the lineage is. This app can be used to verify that knownSigner
 // permissions are also granted if the app was previously signed with
 // one of the declared digests.
 android_test_helper_app {
     name: "v3-ec-p256-with-por_1_2-companion-uses-knownSigner",
     manifest: "AndroidManifest-uses-knownSigner.xml",
     certificate: ":ec-p256_2",
     additional_certificates: [
         ":ec-p256",
     ],
     lineage: ":ec-p256-por_1_2-default-caps",
     srcs: ["src/**/*.java"],
     // resource_dirs is the default value: ["res"]
     test_suites: [
         "cts",
         "general-tests",
     ],
     sdk_version: "current",
 }
	//
	// Copyright (C) 2020 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//

	package {
	// See: http://go/android-license-faq
	default_applicable_licenses: ["Android-Apache-2.0"],
	}

	// This is the default test package signed with the default key.
	android_test_helper_app {
	name: "CtsPkgInstallTinyApp",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the test package v2 signed with the default key.
	android_test_helper_app {
	name: "CtsPkgInstallTinyAppV2",
	manifest: "AndroidManifest-v2.xml",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the test package signed using the V1/V2 signature schemes with
	// two signers targeting SDK version 30 with sandbox version 1. From this
	// package the v1-ec-p256-two-signers-targetSdk-30.apk is created with the
	// following command:
	// apksigner sign --in v1v2-ec-p256-two-signers-targetSdk-30.apk --out
	// v1-ec-p256-two-signers-targetSdk-30.apk --cert ec-p256.x509.pem --key
	// ec-p256.pk8 --next-signer --cert ec-p256_2.x509.pem --key ec-p256_2.pk8
	// --v2-signing-enabled false --v3-signing-enabled false --v4-signing-enabled false
	android_test_helper_app {
	name: "v1v2-ec-p256-two-signers-targetSdk-30",
	manifest: "AndroidManifest-sandbox-v1.xml",
	certificate: ":ec-p256",
	additional_certificates: [":ec-p256_2"],
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "30",
	}

	// This is the test package signed using the V3 signature scheme
	// with the previous key in the lineage and part of a sharedUid.
	android_test_helper_app {
	name: "v3-ec-p256-1-sharedUid",
	manifest: "AndroidManifest-shareduid.xml",
	certificate: ":ec-p256",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the test package signed using the V3 signature scheme with
	// a rotated key and one signer in the lineage with default capabilities.
	android_test_helper_app {
	name: "v3-ec-p256-with-por_1_2-default-caps",
	certificate: ":ec-p256_2",
	additional_certificates: [":ec-p256"],
	lineage: ":ec-p256-por_1_2-default-caps",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the test package signed using the V3 signature scheme with
	// a rotated key and multiple signers in the lineage with default
	// capabilities.
	android_test_helper_app {
	name: "v3-ec-p256-with-por-1_2_3_4_5-default-caps",
	certificate: ":ec-p256_5",
	additional_certificates: [":ec-p256"],
	lineage: ":ec-p256-por-1_2_3_4_5-default-caps",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the test package signed using the V3 signature scheme with
	// a rotated key and part of a shareduid. The capabilities of this lineage
	// grant access to the previous key in the lineage to join the sharedUid.
	android_test_helper_app {
	name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid",
	manifest: "AndroidManifest-shareduid.xml",
	certificate: ":ec-p256_2",
	additional_certificates: [":ec-p256"],
	lineage: ":ec-p256-por_1_2-default-caps",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the test package signed using the V3 signature scheme with
	// a rotated key and part of a shareduid. The signing lineage begins
	// with a key that is not in any of the other lineages and is intended
	// to verify that two packages signed with lineages that have diverged
	// ancestors are not allowed to be installed in the same sharedUserId.
	android_test_helper_app {
	name: "v3-por_Y_1_2-default-caps-sharedUid",
	manifest: "AndroidManifest-shareduid.xml",
	certificate: ":ec-p256_2",
	additional_certificates: [
	":rsa-2048",
	":ec-p256",
	],
	lineage: ":por_Y_1_2-default-caps",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the test package signed using the V3 signature scheme with
	// a rotated key and part of a shareduid. The capabilities of this lineage
	// prevent the previous key in the lineage from joining the sharedUid.
	android_test_helper_app {
	name: "v3-ec-p256-with-por_1_2-no-shUid-cap-sharedUid",
	manifest: "AndroidManifest-shareduid.xml",
	certificate: ":ec-p256_2",
	additional_certificates: [":ec-p256"],
	lineage: ":ec-p256-por_1_2-no-shUid-cap",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the test package signed using the V3 signature scheme with
	// a rotated key and part of a shareduid. The capabilities of this lineage
	// prevent the previous key in the lineage from using a signature permission.
	// This package is intended to verify shared signing keys in separate app
	// lineages retain their own declared capabilities.
	android_test_helper_app {
	name: "v3-ec-p256-with-por_1_2-no-perm-cap-sharedUid",
	manifest: "AndroidManifest-shareduid.xml",
	certificate: ":ec-p256_2",
	additional_certificates: [":ec-p256"],
	lineage: ":ec-p256-por_1_2-no-perm-cap",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the test package with a new name intended to be installed
	// alongside the original test package when verifying platform behavior when
	// two apps share the same previous signer in their lineage with different
	// capabilities granted; the lineage for this package prevents an app signed
	// with the previous signing key from joining a sharedUserId.
	android_test_helper_app {
	name: "v3-ec-p256-with-por_1_2-no-shUid-cap-declperm2",
	manifest: "AndroidManifest-declperm2.xml",
	certificate: ":ec-p256_2",
	additional_certificates: [":ec-p256"],
	lineage: ":ec-p256-por_1_2-no-shUid-cap",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the first companion package signed using the V3 signature scheme
	// with a rotated key and part of a sharedUid. The capabilities of this lineage
	// grant access to the previous key in the lineage to join the sharedUid.
	android_test_helper_app {
	name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid-companion",
	manifest: "AndroidManifest-companion-shareduid.xml",
	certificate: ":ec-p256_2",
	additional_certificates: [":ec-p256"],
	lineage: ":ec-p256-por_1_2-default-caps",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the companion package signed using the V3 signature scheme with
	// a rotated key and part of a shareduid. The signing lineage begins
	// with a key that is not in any of the other lineages and is intended
	// to verify that two packages signed with lineages that have diverged
	// ancestors are not allowed to be installed in the same sharedUserId.
	android_test_helper_app {
	name: "v3-por_Z_1_2-default-caps-sharedUid-companion",
	manifest: "AndroidManifest-shareduid.xml",
	certificate: ":ec-p256_2",
	additional_certificates: [
	":dsa-2048",
	":ec-p256",
	],
	lineage: ":por_Z_1_2-default-caps",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the first companion package signed using the V3 signature scheme
	// with a rotated key and part of a sharedUid but without the signing lineage.
	// This app is intended to test lineage scenarios where an app is only signed
	// with the latest key in the lineage.
	android_test_helper_app {
	name: "v3-ec-p256-2-sharedUid-companion",
	manifest: "AndroidManifest-companion-shareduid.xml",
	certificate: ":ec-p256_2",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is the second companion package signed using the V3 signature scheme
	// with the previous key in the lineage and part of a sharedUid.
	android_test_helper_app {
	name: "v3-ec-p256-1-sharedUid-companion2",
	manifest: "AndroidManifest-companion2-shareduid.xml",
	certificate: ":ec-p256",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is a version of the test package that declares a signature permission.
	// The lineage used to sign this test package does not trust the first signing
	// key but grants default capabilities to the second signing key.
	android_test_helper_app {
	name: "v3-ec-p256-with-por_1_2_3-1-no-caps-2-default-declperm",
	manifest: "AndroidManifest-declperm.xml",
	certificate: ":ec-p256_3",
	additional_certificates: [
	":ec-p256",
	],
	lineage: ":ec-p256-por-1_2_3-1-no-caps-2-default",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is a version of the test package that declares a signature permission.
	// The lineage used to sign this test package does not trust either of the signing
	// keys so an app with only common signers in the lineage should not be granted the
	// permission.
	android_test_helper_app {
	name: "v3-ec-p256-with-por_1_2_3-no-caps-declperm",
	manifest: "AndroidManifest-declperm.xml",
	certificate: ":ec-p256_3",
	additional_certificates: [
	":ec-p256",
	],
	lineage: ":ec-p256-por-1_2_3-no-caps",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is a version of the companion package that requests the signature permission
	// declared by the test package above. This package is signed with a signing key that
	// diverges from the package above and is intended to verify that a common signing
	// key in the lineage that is still granted the permission capability is sufficient
	// to be granted a signature permission.
	android_test_helper_app {
	name: "v3-ec-p256-with-por_1_2_4-companion-usesperm",
	manifest: "AndroidManifest-companion-usesperm.xml",
	certificate: ":ec-p256_4",
	additional_certificates: [
	":ec-p256",
	],
	lineage: ":ec-p256-por-1_2_4-default-caps",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is a version of the companion package that requests the signature permission
	// declared by the test package. This package is signed with the original signing
	// key and is intended to verify that a common signing key shared between two
	// lineages retains its capability from the package declaring the signature permission.
	android_test_helper_app {
	name: "v3-ec-p256-1-companion-usesperm",
	manifest: "AndroidManifest-companion-usesperm.xml",
	certificate: ":ec-p256",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is a version of the test package that declares a signature permission
	// with the knownSigner protection flag. This app is signed with the rsa-2048
	// signing key with the trusted certificates being ec-p256 and ec-p256_3.
	android_test_helper_app {
	name: "v3-rsa-2048-decl-knownSigner-ec-p256-1-3",
	manifest: "AndroidManifest-decl-knownSigner.xml",
	certificate: ":rsa-2048",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is a version of the test package that declares a signature permission
	// without the knownSigner protection flag. This app is signed with the same
	// rsa-2048 signing key to allow updates from the package above. This app can
	// be used to verify behavior when an app initially uses the knownSigner flag
	// and subsequently removes the flag from the permission declaration.
	android_test_helper_app {
	name: "v3-rsa-2048-declperm",
	manifest: "AndroidManifest-declperm.xml",
	certificate: ":rsa-2048",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is a version of the test package that declares a signature permission
	// with the knownSigner protection flag using a string resource instead of a
	// string-array resource for the trusted certs.
	android_test_helper_app {
	name: "v3-rsa-2048-decl-knownSigner-str-res-ec-p256-1",
	manifest: "AndroidManifest-decl-knownSigner-str-res.xml",
	certificate: ":rsa-2048",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is a version of the test package that declares a signature permission
	// with the knownSigner protection flag using a string constant as the value
	// of the knownCerts attribute.
	android_test_helper_app {
	name: "v3-rsa-2048-decl-knownSigner-str-const-ec-p256-1",
	manifest: "AndroidManifest-decl-knownSigner-str-const.xml",
	certificate: ":rsa-2048",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is a version of the companion package that uses the permission
	// declared with the knownSigner flag. This app's current signer is in
	// the array of certificate digests as declared by the test package
	// above.
	android_test_helper_app {
	name: "v3-ec-p256_3-companion-uses-knownSigner",
	manifest: "AndroidManifest-uses-knownSigner.xml",
	certificate: ":ec-p256_3",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is a version of the companion package that uses the permission
	// declared with the knownSigner flag. This app's current signer is not
	// in the array of certificate digests as declared by the test package
	// above.
	android_test_helper_app {
	name: "v3-ec-p256_2-companion-uses-knownSigner",
	manifest: "AndroidManifest-uses-knownSigner.xml",
	certificate: ":ec-p256_2",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}

	// This is a version of the companion package that uses the permission
	// declared with the knownSigner flag. This app is signed with a rotated
	// signing key with the current signer not in the array of certificate
	// digests as declared by the test package, but the previous signer in
	// the lineage is. This app can be used to verify that knownSigner
	// permissions are also granted if the app was previously signed with
	// one of the declared digests.
	android_test_helper_app {
	name: "v3-ec-p256-with-por_1_2-companion-uses-knownSigner",
	manifest: "AndroidManifest-uses-knownSigner.xml",
	certificate: ":ec-p256_2",
	additional_certificates: [
	":ec-p256",
	],
	lineage: ":ec-p256-por_1_2-default-caps",
	srcs: ["src/*/.java"],
	// resource_dirs is the default value: ["res"]
	test_suites: [
	"cts",
	"general-tests",
	],
	sdk_version: "current",
	}