1# 2# Copyright (C) 2020 The Android Open Source Project 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15# 16 17LOCAL_PATH := $(call my-dir) 18 19cert_dir := cts/hostsidetests/appsecurity/certs/pkgsigverify 20 21# This is the default test package signed with the default key. 22include $(LOCAL_PATH)/base.mk 23LOCAL_PACKAGE_NAME := CtsPkgInstallTinyApp 24LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 25LOCAL_LICENSE_CONDITIONS := notice 26include $(BUILD_CTS_SUPPORT_PACKAGE) 27 28# This is the test package v2 signed with the default key. 29include $(LOCAL_PATH)/base.mk 30LOCAL_MANIFEST_FILE := AndroidManifest-v2.xml 31LOCAL_PACKAGE_NAME := CtsPkgInstallTinyAppV2 32LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 33LOCAL_LICENSE_CONDITIONS := notice 34include $(BUILD_CTS_SUPPORT_PACKAGE) 35 36# This is the test package signed using the V1/V2 signature schemes with 37# two signers targeting SDK version 30 with sandbox version 1. From this 38# package the v1-ec-p256-two-signers-targetSdk-30.apk is created with the 39# following command: 40# apksigner sign --in v1v2-ec-p256-two-signers-targetSdk-30.apk --out 41# v1-ec-p256-two-signers-targetSdk-30.apk --cert ec-p256.x509.pem --key 42# ec-p256.pk8 --next-signer --cert ec-p256_2.x509.pem --key ec-p256_2.pk8 43# --v2-signing-enabled false --v3-signing-enabled false --v4-signing-enabled false 44include $(LOCAL_PATH)/base.mk 45LOCAL_SDK_VERSION := 30 46LOCAL_MANIFEST_FILE := AndroidManifest-sandbox-v1.xml 47LOCAL_PACKAGE_NAME := v1v2-ec-p256-two-signers-targetSdk-30 48LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 49LOCAL_LICENSE_CONDITIONS := notice 50LOCAL_CERTIFICATE := $(cert_dir)/ec-p256 51LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256_2 52include $(BUILD_CTS_SUPPORT_PACKAGE) 53 54# This is the test package signed using the V3 signature scheme 55# with the previous key in the lineage and part of a sharedUid. 56include $(LOCAL_PATH)/base.mk 57LOCAL_PACKAGE_NAME := v3-ec-p256-1-sharedUid 58LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 59LOCAL_LICENSE_CONDITIONS := notice 60LOCAL_MANIFEST_FILE := AndroidManifest-shareduid.xml 61LOCAL_CERTIFICATE := $(cert_dir)/ec-p256 62include $(BUILD_CTS_SUPPORT_PACKAGE) 63 64# This is the test package signed using the V3 signature scheme with 65# a rotated key and one signer in the lineage with default capabilities. 66include $(LOCAL_PATH)/base.mk 67LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-default-caps 68LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 69LOCAL_LICENSE_CONDITIONS := notice 70LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 71LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 72LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-default-caps 73include $(BUILD_CTS_SUPPORT_PACKAGE) 74 75# This is the test package signed using the V3 signature scheme with 76# a rotated key and part of a shareduid. The capabilities of this lineage 77# grant access to the previous key in the lineage to join the sharedUid. 78include $(LOCAL_PATH)/base.mk 79LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-default-caps-sharedUid 80LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 81LOCAL_LICENSE_CONDITIONS := notice 82LOCAL_MANIFEST_FILE := AndroidManifest-shareduid.xml 83LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 84LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 85LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-default-caps 86include $(BUILD_CTS_SUPPORT_PACKAGE) 87 88# This is the test package signed using the V3 signature scheme with 89# a rotated key and part of a shareduid. The signing lineage begins 90# with a key that is not in any of the other lineages and is intended 91# to verify that two packages signed with lineages that have diverged 92# ancestors are not allowed to be installed in the same sharedUserId. 93include $(LOCAL_PATH)/base.mk 94LOCAL_PACKAGE_NAME := v3-por_Y_1_2-default-caps-sharedUid 95LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 96LOCAL_LICENSE_CONDITIONS := notice 97LOCAL_MANIFEST_FILE := AndroidManifest-shareduid.xml 98LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 99LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/rsa-2048 $(cert_dir)/ec-p256 100LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/por_Y_1_2-default-caps 101include $(BUILD_CTS_SUPPORT_PACKAGE) 102 103# This is the test package signed using the V3 signature scheme with 104# a rotated key and part of a shareduid. The capabilities of this lineage 105# prevent the previous key in the lineage from joining the sharedUid. 106include $(LOCAL_PATH)/base.mk 107LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-no-shUid-cap-sharedUid 108LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 109LOCAL_LICENSE_CONDITIONS := notice 110LOCAL_MANIFEST_FILE := AndroidManifest-shareduid.xml 111LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 112LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 113LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-no-shUid-cap 114include $(BUILD_CTS_SUPPORT_PACKAGE) 115 116# This is the test package signed using the V3 signature scheme with 117# a rotated key and part of a shareduid. The capabilities of this lineage 118# prevent the previous key in the lineage from using a signature permission. 119# This package is intended to verify shared signing keys in separate app 120# lineages retain their own declared capabilities. 121include $(LOCAL_PATH)/base.mk 122LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-no-perm-cap-sharedUid 123LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 124LOCAL_LICENSE_CONDITIONS := notice 125LOCAL_MANIFEST_FILE := AndroidManifest-shareduid.xml 126LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 127LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 128LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-no-perm-cap 129include $(BUILD_CTS_SUPPORT_PACKAGE) 130 131# This is the test package with a new name intended to be installed 132# alongside the original test package when verifying platform behavior when 133# two apps share the same previous signer in their lineage with different 134# capabilities granted; the lineage for this package prevents an app signed 135# with the previous signing key from joining a sharedUserId. 136include $(LOCAL_PATH)/base.mk 137LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-no-shUid-cap-declperm2 138LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 139LOCAL_LICENSE_CONDITIONS := notice 140LOCAL_MANIFEST_FILE := AndroidManifest-declperm2.xml 141LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 142LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 143LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-no-shUid-cap 144include $(BUILD_CTS_SUPPORT_PACKAGE) 145 146# This is the first companion package signed using the V3 signature scheme 147# with a rotated key and part of a sharedUid. The capabilities of this lineage 148# grant access to the previous key in the lineage to join the sharedUid. 149include $(LOCAL_PATH)/base.mk 150LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-default-caps-sharedUid-companion 151LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 152LOCAL_LICENSE_CONDITIONS := notice 153LOCAL_MANIFEST_FILE := AndroidManifest-companion-shareduid.xml 154LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 155LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 156LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-default-caps 157include $(BUILD_CTS_SUPPORT_PACKAGE) 158 159# This is the companion package signed using the V3 signature scheme with 160# a rotated key and part of a shareduid. The signing lineage begins 161# with a key that is not in any of the other lineages and is intended 162# to verify that two packages signed with lineages that have diverged 163# ancestors are not allowed to be installed in the same sharedUserId. 164include $(LOCAL_PATH)/base.mk 165LOCAL_PACKAGE_NAME := v3-por_Z_1_2-default-caps-sharedUid-companion 166LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 167LOCAL_LICENSE_CONDITIONS := notice 168LOCAL_MANIFEST_FILE := AndroidManifest-shareduid.xml 169LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 170LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/dsa-2048 $(cert_dir)/ec-p256 171LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/por_Z_1_2-default-caps 172include $(BUILD_CTS_SUPPORT_PACKAGE) 173 174# This is the first companion package signed using the V3 signature scheme 175# with a rotated key and part of a sharedUid but without the signing lineage. 176# This app is intended to test lineage scenarios where an app is only signed 177# with the latest key in the lineage. 178include $(LOCAL_PATH)/base.mk 179LOCAL_PACKAGE_NAME := v3-ec-p256-2-sharedUid-companion 180LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 181LOCAL_LICENSE_CONDITIONS := notice 182LOCAL_MANIFEST_FILE := AndroidManifest-companion-shareduid.xml 183LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 184include $(BUILD_CTS_SUPPORT_PACKAGE) 185 186# This is the second companion package signed using the V3 signature scheme 187# with the previous key in the lineage and part of a sharedUid. 188include $(LOCAL_PATH)/base.mk 189LOCAL_PACKAGE_NAME := v3-ec-p256-1-sharedUid-companion2 190LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 191LOCAL_LICENSE_CONDITIONS := notice 192LOCAL_MANIFEST_FILE := AndroidManifest-companion2-shareduid.xml 193LOCAL_CERTIFICATE := $(cert_dir)/ec-p256 194include $(BUILD_CTS_SUPPORT_PACKAGE) 195 196# This is a version of the test package that declares a signature permission. 197# The lineage used to sign this test package does not trust the first signing 198# key but grants default capabilities to the second signing key. 199include $(LOCAL_PATH)/base.mk 200LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2_3-1-no-caps-2-default-declperm 201LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 202LOCAL_LICENSE_CONDITIONS := notice 203LOCAL_MANIFEST_FILE := AndroidManifest-declperm.xml 204LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_3 205LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 206LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por-1_2_3-1-no-caps-2-default 207include $(BUILD_CTS_SUPPORT_PACKAGE) 208 209# This is a version of the test package that declares a signature permission. 210# The lineage used to sign this test package does not trust either of the signing 211# keys so an app with only common signers in the lineage should not be granted the 212# permission. 213include $(LOCAL_PATH)/base.mk 214LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2_3-no-caps-declperm 215LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 216LOCAL_LICENSE_CONDITIONS := notice 217LOCAL_MANIFEST_FILE := AndroidManifest-declperm.xml 218LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_3 219LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 220LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por-1_2_3-no-caps 221include $(BUILD_CTS_SUPPORT_PACKAGE) 222 223# This is a version of the companion package that requests the signature permission 224# declared by the test package above. This package is signed with a signing key that 225# diverges from the package above and is intended to verify that a common signing 226# key in the lineage that is still granted the permission capability is sufficient 227# to be granted a signature permission. 228include $(LOCAL_PATH)/base.mk 229LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2_4-companion-usesperm 230LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 231LOCAL_LICENSE_CONDITIONS := notice 232LOCAL_MANIFEST_FILE := AndroidManifest-companion-usesperm.xml 233LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_4 234LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 235LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por-1_2_4-default-caps 236include $(BUILD_CTS_SUPPORT_PACKAGE) 237 238# This is a version of the companion package that requests the signature permission 239# declared by the test package. This package is signed with the original signing 240# key and is intended to verify that a common signing key shared between two 241# lineages retains its capability from the package declaring the signature permission. 242include $(LOCAL_PATH)/base.mk 243LOCAL_PACKAGE_NAME := v3-ec-p256-1-companion-usesperm 244LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 245LOCAL_LICENSE_CONDITIONS := notice 246LOCAL_MANIFEST_FILE := AndroidManifest-companion-usesperm.xml 247LOCAL_CERTIFICATE := $(cert_dir)/ec-p256 248include $(BUILD_CTS_SUPPORT_PACKAGE) 249 250 251# This is a version of the test package that declares a signature permission 252# with the knownSigner protection flag. This app is signed with the rsa-2048 253# signing key with the trusted certificates being ec-p256 and ec-p256_3. 254include $(LOCAL_PATH)/base.mk 255LOCAL_PACKAGE_NAME := v3-rsa-2048-decl-knownSigner-ec-p256-1-3 256LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 257LOCAL_LICENSE_CONDITIONS := notice 258LOCAL_MANIFEST_FILE := AndroidManifest-decl-knownSigner.xml 259LOCAL_CERTIFICATE := $(cert_dir)/rsa-2048 260include $(BUILD_CTS_SUPPORT_PACKAGE) 261 262# This is a version of the test package that declares a signature permission 263# without the knownSigner protection flag. This app is signed with the same 264# rsa-2048 signing key to allow updates from the package above. This app can 265# be used to verify behavior when an app initially uses the knownSigner flag 266# and subsequently removes the flag from the permission declaration. 267include $(LOCAL_PATH)/base.mk 268LOCAL_PACKAGE_NAME := v3-rsa-2048-declperm 269LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 270LOCAL_LICENSE_CONDITIONS := notice 271LOCAL_MANIFEST_FILE := AndroidManifest-declperm.xml 272LOCAL_CERTIFICATE := $(cert_dir)/rsa-2048 273include $(BUILD_CTS_SUPPORT_PACKAGE) 274 275# This is a version of the test package that declares a signature permission 276# with the knownSigner protection flag using a string resource instead of a 277# string-array resource for the trusted certs. 278include $(LOCAL_PATH)/base.mk 279LOCAL_PACKAGE_NAME := v3-rsa-2048-decl-knownSigner-str-res-ec-p256-1 280LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 281LOCAL_LICENSE_CONDITIONS := notice 282LOCAL_MANIFEST_FILE := AndroidManifest-decl-knownSigner-str-res.xml 283LOCAL_CERTIFICATE := $(cert_dir)/rsa-2048 284include $(BUILD_CTS_SUPPORT_PACKAGE) 285 286# This is a version of the test package that declares a signature permission 287# with the knownSigner protection flag using a string constant as the value 288# of the knownCerts attribute. 289include $(LOCAL_PATH)/base.mk 290LOCAL_PACKAGE_NAME := v3-rsa-2048-decl-knownSigner-str-const-ec-p256-1 291LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 292LOCAL_LICENSE_CONDITIONS := notice 293LOCAL_MANIFEST_FILE := AndroidManifest-decl-knownSigner-str-const.xml 294LOCAL_CERTIFICATE := $(cert_dir)/rsa-2048 295include $(BUILD_CTS_SUPPORT_PACKAGE) 296 297# This is a version of the companion package that uses the permission 298# declared with the knownSigner flag. This app's current signer is in 299# the array of certificate digests as declared by the test package 300# above. 301include $(LOCAL_PATH)/base.mk 302LOCAL_PACKAGE_NAME := v3-ec-p256_3-companion-uses-knownSigner 303LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 304LOCAL_LICENSE_CONDITIONS := notice 305LOCAL_MANIFEST_FILE := AndroidManifest-uses-knownSigner.xml 306LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_3 307include $(BUILD_CTS_SUPPORT_PACKAGE) 308 309# This is a version of the companion package that uses the permission 310# declared with the knownSigner flag. This app's current signer is not 311# in the array of certificate digests as declared by the test package 312# above. 313include $(LOCAL_PATH)/base.mk 314LOCAL_PACKAGE_NAME := v3-ec-p256_2-companion-uses-knownSigner 315LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 316LOCAL_LICENSE_CONDITIONS := notice 317LOCAL_MANIFEST_FILE := AndroidManifest-uses-knownSigner.xml 318LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 319include $(BUILD_CTS_SUPPORT_PACKAGE) 320 321# This is a version of the companion package that uses the permission 322# declared with the knownSigner flag. This app is signed with a rotated 323# signing key with the current signer not in the array of certificate 324# digests as declared by the test package, but the previous signer in 325# the lineage is. This app can be used to verify that knownSigner 326# permissions are also granted if the app was previously signed with 327# one of the declared digests. 328include $(LOCAL_PATH)/base.mk 329LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-companion-uses-knownSigner 330LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 331LOCAL_LICENSE_CONDITIONS := notice 332LOCAL_MANIFEST_FILE := AndroidManifest-uses-knownSigner.xml 333LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 334LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 335LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-default-caps 336include $(BUILD_CTS_SUPPORT_PACKAGE) 337 338cert_dir := 339