| // |
| // Copyright (C) 2020 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| |
| package { |
| // See: http://go/android-license-faq |
| default_applicable_licenses: ["Android-Apache-2.0"], |
| } |
| |
| // This is the default test package signed with the default key. |
| android_test_helper_app { |
| name: "CtsPkgInstallTinyApp", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the test package v2 signed with the default key. |
| android_test_helper_app { |
| name: "CtsPkgInstallTinyAppV2", |
| manifest: "AndroidManifest-v2.xml", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the test package signed using the V1/V2 signature schemes with |
| // two signers targeting SDK version 30 with sandbox version 1. From this |
| // package the v1-ec-p256-two-signers-targetSdk-30.apk is created with the |
| // following command: |
| // apksigner sign --in v1v2-ec-p256-two-signers-targetSdk-30.apk --out |
| // v1-ec-p256-two-signers-targetSdk-30.apk --cert ec-p256.x509.pem --key |
| // ec-p256.pk8 --next-signer --cert ec-p256_2.x509.pem --key ec-p256_2.pk8 |
| // --v2-signing-enabled false --v3-signing-enabled false --v4-signing-enabled false |
| android_test_helper_app { |
| name: "v1v2-ec-p256-two-signers-targetSdk-30", |
| manifest: "AndroidManifest-sandbox-v1.xml", |
| certificate: ":ec-p256", |
| additional_certificates: [":ec-p256_2"], |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "30", |
| } |
| |
| // This is the test package signed using the V3 signature scheme |
| // with the previous key in the lineage and part of a sharedUid. |
| android_test_helper_app { |
| name: "v3-ec-p256-1-sharedUid", |
| manifest: "AndroidManifest-shareduid.xml", |
| certificate: ":ec-p256", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the test package signed using the V3 signature scheme with |
| // a rotated key and one signer in the lineage with default capabilities. |
| android_test_helper_app { |
| name: "v3-ec-p256-with-por_1_2-default-caps", |
| certificate: ":ec-p256_2", |
| additional_certificates: [":ec-p256"], |
| lineage: ":ec-p256-por_1_2-default-caps", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the test package signed using the V3 signature scheme with |
| // a rotated key and multiple signers in the lineage with default |
| // capabilities. |
| android_test_helper_app { |
| name: "v3-ec-p256-with-por-1_2_3_4_5-default-caps", |
| certificate: ":ec-p256_5", |
| additional_certificates: [":ec-p256"], |
| lineage: ":ec-p256-por-1_2_3_4_5-default-caps", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the test package signed using the V3 signature scheme with |
| // a rotated key and part of a shareduid. The capabilities of this lineage |
| // grant access to the previous key in the lineage to join the sharedUid. |
| android_test_helper_app { |
| name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid", |
| manifest: "AndroidManifest-shareduid.xml", |
| certificate: ":ec-p256_2", |
| additional_certificates: [":ec-p256"], |
| lineage: ":ec-p256-por_1_2-default-caps", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the test package signed using the V3 signature scheme with |
| // a rotated key and part of a shareduid. The signing lineage begins |
| // with a key that is not in any of the other lineages and is intended |
| // to verify that two packages signed with lineages that have diverged |
| // ancestors are not allowed to be installed in the same sharedUserId. |
| android_test_helper_app { |
| name: "v3-por_Y_1_2-default-caps-sharedUid", |
| manifest: "AndroidManifest-shareduid.xml", |
| certificate: ":ec-p256_2", |
| additional_certificates: [ |
| ":rsa-2048", |
| ":ec-p256", |
| ], |
| lineage: ":por_Y_1_2-default-caps", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the test package signed using the V3 signature scheme with |
| // a rotated key and part of a shareduid. The capabilities of this lineage |
| // prevent the previous key in the lineage from joining the sharedUid. |
| android_test_helper_app { |
| name: "v3-ec-p256-with-por_1_2-no-shUid-cap-sharedUid", |
| manifest: "AndroidManifest-shareduid.xml", |
| certificate: ":ec-p256_2", |
| additional_certificates: [":ec-p256"], |
| lineage: ":ec-p256-por_1_2-no-shUid-cap", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the test package signed using the V3 signature scheme with |
| // a rotated key and part of a shareduid. The capabilities of this lineage |
| // prevent the previous key in the lineage from using a signature permission. |
| // This package is intended to verify shared signing keys in separate app |
| // lineages retain their own declared capabilities. |
| android_test_helper_app { |
| name: "v3-ec-p256-with-por_1_2-no-perm-cap-sharedUid", |
| manifest: "AndroidManifest-shareduid.xml", |
| certificate: ":ec-p256_2", |
| additional_certificates: [":ec-p256"], |
| lineage: ":ec-p256-por_1_2-no-perm-cap", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the test package with a new name intended to be installed |
| // alongside the original test package when verifying platform behavior when |
| // two apps share the same previous signer in their lineage with different |
| // capabilities granted; the lineage for this package prevents an app signed |
| // with the previous signing key from joining a sharedUserId. |
| android_test_helper_app { |
| name: "v3-ec-p256-with-por_1_2-no-shUid-cap-declperm2", |
| manifest: "AndroidManifest-declperm2.xml", |
| certificate: ":ec-p256_2", |
| additional_certificates: [":ec-p256"], |
| lineage: ":ec-p256-por_1_2-no-shUid-cap", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the first companion package signed using the V3 signature scheme |
| // with a rotated key and part of a sharedUid. The capabilities of this lineage |
| // grant access to the previous key in the lineage to join the sharedUid. |
| android_test_helper_app { |
| name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid-companion", |
| manifest: "AndroidManifest-companion-shareduid.xml", |
| certificate: ":ec-p256_2", |
| additional_certificates: [":ec-p256"], |
| lineage: ":ec-p256-por_1_2-default-caps", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the companion package signed using the V3 signature scheme with |
| // a rotated key and part of a shareduid. The signing lineage begins |
| // with a key that is not in any of the other lineages and is intended |
| // to verify that two packages signed with lineages that have diverged |
| // ancestors are not allowed to be installed in the same sharedUserId. |
| android_test_helper_app { |
| name: "v3-por_Z_1_2-default-caps-sharedUid-companion", |
| manifest: "AndroidManifest-shareduid.xml", |
| certificate: ":ec-p256_2", |
| additional_certificates: [ |
| ":dsa-2048", |
| ":ec-p256", |
| ], |
| lineage: ":por_Z_1_2-default-caps", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the first companion package signed using the V3 signature scheme |
| // with a rotated key and part of a sharedUid but without the signing lineage. |
| // This app is intended to test lineage scenarios where an app is only signed |
| // with the latest key in the lineage. |
| android_test_helper_app { |
| name: "v3-ec-p256-2-sharedUid-companion", |
| manifest: "AndroidManifest-companion-shareduid.xml", |
| certificate: ":ec-p256_2", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is the second companion package signed using the V3 signature scheme |
| // with the previous key in the lineage and part of a sharedUid. |
| android_test_helper_app { |
| name: "v3-ec-p256-1-sharedUid-companion2", |
| manifest: "AndroidManifest-companion2-shareduid.xml", |
| certificate: ":ec-p256", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is a version of the test package that declares a signature permission. |
| // The lineage used to sign this test package does not trust the first signing |
| // key but grants default capabilities to the second signing key. |
| android_test_helper_app { |
| name: "v3-ec-p256-with-por_1_2_3-1-no-caps-2-default-declperm", |
| manifest: "AndroidManifest-declperm.xml", |
| certificate: ":ec-p256_3", |
| additional_certificates: [ |
| ":ec-p256", |
| ], |
| lineage: ":ec-p256-por-1_2_3-1-no-caps-2-default", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is a version of the test package that declares a signature permission. |
| // The lineage used to sign this test package does not trust either of the signing |
| // keys so an app with only common signers in the lineage should not be granted the |
| // permission. |
| android_test_helper_app { |
| name: "v3-ec-p256-with-por_1_2_3-no-caps-declperm", |
| manifest: "AndroidManifest-declperm.xml", |
| certificate: ":ec-p256_3", |
| additional_certificates: [ |
| ":ec-p256", |
| ], |
| lineage: ":ec-p256-por-1_2_3-no-caps", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is a version of the companion package that requests the signature permission |
| // declared by the test package above. This package is signed with a signing key that |
| // diverges from the package above and is intended to verify that a common signing |
| // key in the lineage that is still granted the permission capability is sufficient |
| // to be granted a signature permission. |
| android_test_helper_app { |
| name: "v3-ec-p256-with-por_1_2_4-companion-usesperm", |
| manifest: "AndroidManifest-companion-usesperm.xml", |
| certificate: ":ec-p256_4", |
| additional_certificates: [ |
| ":ec-p256", |
| ], |
| lineage: ":ec-p256-por-1_2_4-default-caps", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is a version of the companion package that requests the signature permission |
| // declared by the test package. This package is signed with the original signing |
| // key and is intended to verify that a common signing key shared between two |
| // lineages retains its capability from the package declaring the signature permission. |
| android_test_helper_app { |
| name: "v3-ec-p256-1-companion-usesperm", |
| manifest: "AndroidManifest-companion-usesperm.xml", |
| certificate: ":ec-p256", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is a version of the test package that declares a signature permission |
| // with the knownSigner protection flag. This app is signed with the rsa-2048 |
| // signing key with the trusted certificates being ec-p256 and ec-p256_3. |
| android_test_helper_app { |
| name: "v3-rsa-2048-decl-knownSigner-ec-p256-1-3", |
| manifest: "AndroidManifest-decl-knownSigner.xml", |
| certificate: ":rsa-2048", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is a version of the test package that declares a signature permission |
| // without the knownSigner protection flag. This app is signed with the same |
| // rsa-2048 signing key to allow updates from the package above. This app can |
| // be used to verify behavior when an app initially uses the knownSigner flag |
| // and subsequently removes the flag from the permission declaration. |
| android_test_helper_app { |
| name: "v3-rsa-2048-declperm", |
| manifest: "AndroidManifest-declperm.xml", |
| certificate: ":rsa-2048", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is a version of the test package that declares a signature permission |
| // with the knownSigner protection flag using a string resource instead of a |
| // string-array resource for the trusted certs. |
| android_test_helper_app { |
| name: "v3-rsa-2048-decl-knownSigner-str-res-ec-p256-1", |
| manifest: "AndroidManifest-decl-knownSigner-str-res.xml", |
| certificate: ":rsa-2048", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is a version of the test package that declares a signature permission |
| // with the knownSigner protection flag using a string constant as the value |
| // of the knownCerts attribute. |
| android_test_helper_app { |
| name: "v3-rsa-2048-decl-knownSigner-str-const-ec-p256-1", |
| manifest: "AndroidManifest-decl-knownSigner-str-const.xml", |
| certificate: ":rsa-2048", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is a version of the companion package that uses the permission |
| // declared with the knownSigner flag. This app's current signer is in |
| // the array of certificate digests as declared by the test package |
| // above. |
| android_test_helper_app { |
| name: "v3-ec-p256_3-companion-uses-knownSigner", |
| manifest: "AndroidManifest-uses-knownSigner.xml", |
| certificate: ":ec-p256_3", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is a version of the companion package that uses the permission |
| // declared with the knownSigner flag. This app's current signer is not |
| // in the array of certificate digests as declared by the test package |
| // above. |
| android_test_helper_app { |
| name: "v3-ec-p256_2-companion-uses-knownSigner", |
| manifest: "AndroidManifest-uses-knownSigner.xml", |
| certificate: ":ec-p256_2", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |
| |
| // This is a version of the companion package that uses the permission |
| // declared with the knownSigner flag. This app is signed with a rotated |
| // signing key with the current signer not in the array of certificate |
| // digests as declared by the test package, but the previous signer in |
| // the lineage is. This app can be used to verify that knownSigner |
| // permissions are also granted if the app was previously signed with |
| // one of the declared digests. |
| android_test_helper_app { |
| name: "v3-ec-p256-with-por_1_2-companion-uses-knownSigner", |
| manifest: "AndroidManifest-uses-knownSigner.xml", |
| certificate: ":ec-p256_2", |
| additional_certificates: [ |
| ":ec-p256", |
| ], |
| lineage: ":ec-p256-por_1_2-default-caps", |
| srcs: ["src/**/*.java"], |
| // resource_dirs is the default value: ["res"] |
| test_suites: [ |
| "cts", |
| "general-tests", |
| ], |
| sdk_version: "current", |
| } |