1# 2# Copyright (C) 2020 The Android Open Source Project 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15# 16 17LOCAL_PATH := $(call my-dir) 18 19cert_dir := cts/hostsidetests/appsecurity/certs/pkgsigverify 20 21# This is the default test package signed with the default key. 22include $(LOCAL_PATH)/base.mk 23LOCAL_PACKAGE_NAME := CtsPkgInstallTinyApp 24LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 25LOCAL_LICENSE_CONDITIONS := notice 26include $(BUILD_CTS_SUPPORT_PACKAGE) 27 28# This is the test package v2 signed with the default key. 29include $(LOCAL_PATH)/base.mk 30LOCAL_MANIFEST_FILE := AndroidManifest-v2.xml 31LOCAL_PACKAGE_NAME := CtsPkgInstallTinyAppV2 32LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 33LOCAL_LICENSE_CONDITIONS := notice 34include $(BUILD_CTS_SUPPORT_PACKAGE) 35 36# This is the test package signed using the V1/V2 signature schemes with 37# two signers targeting SDK version 30 with sandbox version 1. From this 38# package the v1-ec-p256-two-signers-targetSdk-30.apk is created with the 39# following command: 40# apksigner sign --in v1v2-ec-p256-two-signers-targetSdk-30.apk --out 41# v1-ec-p256-two-signers-targetSdk-30.apk --cert ec-p256.x509.pem --key 42# ec-p256.pk8 --next-signer --cert ec-p256_2.x509.pem --key ec-p256_2.pk8 43# --v2-signing-enabled false --v3-signing-enabled false --v4-signing-enabled false 44include $(LOCAL_PATH)/base.mk 45LOCAL_SDK_VERSION := 30 46LOCAL_MANIFEST_FILE := AndroidManifest-sandbox-v1.xml 47LOCAL_PACKAGE_NAME := v1v2-ec-p256-two-signers-targetSdk-30 48LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 49LOCAL_LICENSE_CONDITIONS := notice 50LOCAL_CERTIFICATE := $(cert_dir)/ec-p256 51LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256_2 52include $(BUILD_CTS_SUPPORT_PACKAGE) 53 54# This is the test package signed using the V3 signature scheme 55# with the previous key in the lineage and part of a sharedUid. 56include $(LOCAL_PATH)/base.mk 57LOCAL_PACKAGE_NAME := v3-ec-p256-1-sharedUid 58LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 59LOCAL_LICENSE_CONDITIONS := notice 60LOCAL_MANIFEST_FILE := AndroidManifest-shareduid.xml 61LOCAL_CERTIFICATE := $(cert_dir)/ec-p256 62include $(BUILD_CTS_SUPPORT_PACKAGE) 63 64# This is the test package signed using the V3 signature scheme with 65# a rotated key and one signer in the lineage with default capabilities. 66include $(LOCAL_PATH)/base.mk 67LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-default-caps 68LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 69LOCAL_LICENSE_CONDITIONS := notice 70LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 71LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 72LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-default-caps 73include $(BUILD_CTS_SUPPORT_PACKAGE) 74 75# This is the test package signed using the V3 signature scheme with 76# a rotated key and part of a shareduid. The capabilities of this lineage 77# grant access to the previous key in the lineage to join the sharedUid. 78include $(LOCAL_PATH)/base.mk 79LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-default-caps-sharedUid 80LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 81LOCAL_LICENSE_CONDITIONS := notice 82LOCAL_MANIFEST_FILE := AndroidManifest-shareduid.xml 83LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 84LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 85LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-default-caps 86include $(BUILD_CTS_SUPPORT_PACKAGE) 87 88# This is the test package signed using the V3 signature scheme with 89# a rotated key and part of a shareduid. The signing lineage begins 90# with a key that is not in any of the other lineages and is intended 91# to verify that two packages signed with lineages that have diverged 92# ancestors are not allowed to be installed in the same sharedUserId. 93include $(LOCAL_PATH)/base.mk 94LOCAL_PACKAGE_NAME := v3-por_Y_1_2-default-caps-sharedUid 95LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 96LOCAL_LICENSE_CONDITIONS := notice 97LOCAL_MANIFEST_FILE := AndroidManifest-shareduid.xml 98LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 99LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/rsa-2048 $(cert_dir)/ec-p256 100LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/por_Y_1_2-default-caps 101include $(BUILD_CTS_SUPPORT_PACKAGE) 102 103# This is the test package signed using the V3 signature scheme with 104# a rotated key and part of a shareduid. The capabilities of this lineage 105# prevent the previous key in the lineage from joining the sharedUid. 106include $(LOCAL_PATH)/base.mk 107LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-no-shUid-cap-sharedUid 108LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 109LOCAL_LICENSE_CONDITIONS := notice 110LOCAL_MANIFEST_FILE := AndroidManifest-shareduid.xml 111LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 112LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 113LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-no-shUid-cap 114include $(BUILD_CTS_SUPPORT_PACKAGE) 115 116# This is the first companion package signed using the V3 signature scheme 117# with a rotated key and part of a sharedUid. The capabilities of this lineage 118# grant access to the previous key in the lineage to join the sharedUid. 119include $(LOCAL_PATH)/base.mk 120LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-default-caps-sharedUid-companion 121LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 122LOCAL_LICENSE_CONDITIONS := notice 123LOCAL_MANIFEST_FILE := AndroidManifest-companion-shareduid.xml 124LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 125LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 126LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-default-caps 127include $(BUILD_CTS_SUPPORT_PACKAGE) 128 129# This is the companion package signed using the V3 signature scheme with 130# a rotated key and part of a shareduid. The signing lineage begins 131# with a key that is not in any of the other lineages and is intended 132# to verify that two packages signed with lineages that have diverged 133# ancestors are not allowed to be installed in the same sharedUserId. 134include $(LOCAL_PATH)/base.mk 135LOCAL_PACKAGE_NAME := v3-por_Z_1_2-default-caps-sharedUid-companion 136LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 137LOCAL_LICENSE_CONDITIONS := notice 138LOCAL_MANIFEST_FILE := AndroidManifest-shareduid.xml 139LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 140LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/dsa-2048 $(cert_dir)/ec-p256 141LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/por_Z_1_2-default-caps 142include $(BUILD_CTS_SUPPORT_PACKAGE) 143 144# This is the first companion package signed using the V3 signature scheme 145# with a rotated key and part of a sharedUid but without the signing lineage. 146# This app is intended to test lineage scenarios where an app is only signed 147# with the latest key in the lineage. 148include $(LOCAL_PATH)/base.mk 149LOCAL_PACKAGE_NAME := v3-ec-p256-2-sharedUid-companion 150LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 151LOCAL_LICENSE_CONDITIONS := notice 152LOCAL_MANIFEST_FILE := AndroidManifest-companion-shareduid.xml 153LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 154include $(BUILD_CTS_SUPPORT_PACKAGE) 155 156# This is the second companion package signed using the V3 signature scheme 157# with the previous key in the lineage and part of a sharedUid. 158include $(LOCAL_PATH)/base.mk 159LOCAL_PACKAGE_NAME := v3-ec-p256-1-sharedUid-companion2 160LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 161LOCAL_LICENSE_CONDITIONS := notice 162LOCAL_MANIFEST_FILE := AndroidManifest-companion2-shareduid.xml 163LOCAL_CERTIFICATE := $(cert_dir)/ec-p256 164include $(BUILD_CTS_SUPPORT_PACKAGE) 165 166# This is a version of the test package that declares a signature permission. 167# The lineage used to sign this test package does not trust the first signing 168# key but grants default capabilities to the second signing key. 169include $(LOCAL_PATH)/base.mk 170LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2_3-1-no-caps-2-default-declperm 171LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 172LOCAL_LICENSE_CONDITIONS := notice 173LOCAL_MANIFEST_FILE := AndroidManifest-declperm.xml 174LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_3 175LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 176LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por-1_2_3-1-no-caps-2-default 177include $(BUILD_CTS_SUPPORT_PACKAGE) 178 179# This is a version of the test package that declares a signature permission. 180# The lineage used to sign this test package does not trust either of the signing 181# keys so an app with only common signers in the lineage should not be granted the 182# permission. 183include $(LOCAL_PATH)/base.mk 184LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2_3-no-caps-declperm 185LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 186LOCAL_LICENSE_CONDITIONS := notice 187LOCAL_MANIFEST_FILE := AndroidManifest-declperm.xml 188LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_3 189LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 190LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por-1_2_3-no-caps 191include $(BUILD_CTS_SUPPORT_PACKAGE) 192 193# This is a version of the companion package that requests the signature permission 194# declared by the test package above. This package is signed with a signing key that 195# diverges from the package above and is intended to verify that a common signing 196# key in the lineage that is still granted the permission capability is sufficient 197# to be granted a signature permission. 198include $(LOCAL_PATH)/base.mk 199LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2_4-companion-usesperm 200LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 201LOCAL_LICENSE_CONDITIONS := notice 202LOCAL_MANIFEST_FILE := AndroidManifest-companion-usesperm.xml 203LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_4 204LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 205LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por-1_2_4-default-caps 206include $(BUILD_CTS_SUPPORT_PACKAGE) 207 208# This is a version of the test package that declares a signature permission 209# with the knownSigner protection flag. This app is signed with the rsa-2048 210# signing key with the trusted certificates being ec-p256 and ec-p256_3. 211include $(LOCAL_PATH)/base.mk 212LOCAL_PACKAGE_NAME := v3-rsa-2048-decl-knownSigner-ec-p256-1-3 213LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 214LOCAL_LICENSE_CONDITIONS := notice 215LOCAL_MANIFEST_FILE := AndroidManifest-decl-knownSigner.xml 216LOCAL_CERTIFICATE := $(cert_dir)/rsa-2048 217include $(BUILD_CTS_SUPPORT_PACKAGE) 218 219# This is a version of the test package that declares a signature permission 220# without the knownSigner protection flag. This app is signed with the same 221# rsa-2048 signing key to allow updates from the package above. This app can 222# be used to verify behavior when an app initially uses the knownSigner flag 223# and subsequently removes the flag from the permission declaration. 224include $(LOCAL_PATH)/base.mk 225LOCAL_PACKAGE_NAME := v3-rsa-2048-declperm 226LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 227LOCAL_LICENSE_CONDITIONS := notice 228LOCAL_MANIFEST_FILE := AndroidManifest-declperm.xml 229LOCAL_CERTIFICATE := $(cert_dir)/rsa-2048 230include $(BUILD_CTS_SUPPORT_PACKAGE) 231 232# This is a version of the test package that declares a signature permission 233# with the knownSigner protection flag using a string resource instead of a 234# string-array resource for the trusted certs. 235include $(LOCAL_PATH)/base.mk 236LOCAL_PACKAGE_NAME := v3-rsa-2048-decl-knownSigner-str-res-ec-p256-1 237LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 238LOCAL_LICENSE_CONDITIONS := notice 239LOCAL_MANIFEST_FILE := AndroidManifest-decl-knownSigner-str-res.xml 240LOCAL_CERTIFICATE := $(cert_dir)/rsa-2048 241include $(BUILD_CTS_SUPPORT_PACKAGE) 242 243# This is a version of the test package that declares a signature permission 244# with the knownSigner protection flag using a string constant as the value 245# of the knownCerts attribute. 246include $(LOCAL_PATH)/base.mk 247LOCAL_PACKAGE_NAME := v3-rsa-2048-decl-knownSigner-str-const-ec-p256-1 248LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 249LOCAL_LICENSE_CONDITIONS := notice 250LOCAL_MANIFEST_FILE := AndroidManifest-decl-knownSigner-str-const.xml 251LOCAL_CERTIFICATE := $(cert_dir)/rsa-2048 252include $(BUILD_CTS_SUPPORT_PACKAGE) 253 254# This is a version of the companion package that uses the permission 255# declared with the knownSigner flag. This app's current signer is in 256# the array of certificate digests as declared by the test package 257# above. 258include $(LOCAL_PATH)/base.mk 259LOCAL_PACKAGE_NAME := v3-ec-p256_3-companion-uses-knownSigner 260LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 261LOCAL_LICENSE_CONDITIONS := notice 262LOCAL_MANIFEST_FILE := AndroidManifest-uses-knownSigner.xml 263LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_3 264include $(BUILD_CTS_SUPPORT_PACKAGE) 265 266# This is a version of the companion package that uses the permission 267# declared with the knownSigner flag. This app's current signer is not 268# in the array of certificate digests as declared by the test package 269# above. 270include $(LOCAL_PATH)/base.mk 271LOCAL_PACKAGE_NAME := v3-ec-p256_2-companion-uses-knownSigner 272LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 273LOCAL_LICENSE_CONDITIONS := notice 274LOCAL_MANIFEST_FILE := AndroidManifest-uses-knownSigner.xml 275LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 276include $(BUILD_CTS_SUPPORT_PACKAGE) 277 278# This is a version of the companion package that uses the permission 279# declared with the knownSigner flag. This app is signed with a rotated 280# signing key with the current signer not in the array of certificate 281# digests as declared by the test package, but the previous signer in 282# the lineage is. This app can be used to verify that knownSigner 283# permissions are also granted if the app was previously signed with 284# one of the declared digests. 285include $(LOCAL_PATH)/base.mk 286LOCAL_PACKAGE_NAME := v3-ec-p256-with-por_1_2-companion-uses-knownSigner 287LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 288LOCAL_LICENSE_CONDITIONS := notice 289LOCAL_MANIFEST_FILE := AndroidManifest-uses-knownSigner.xml 290LOCAL_CERTIFICATE := $(cert_dir)/ec-p256_2 291LOCAL_ADDITIONAL_CERTIFICATES := $(cert_dir)/ec-p256 292LOCAL_CERTIFICATE_LINEAGE := $(cert_dir)/ec-p256-por_1_2-default-caps 293include $(BUILD_CTS_SUPPORT_PACKAGE) 294 295cert_dir := 296