README
1The XML files in this directory are taken from the packages tag of a test APK signed with the 2certificates and keys under the certs/ directory. To recreate the XML files run the following: 3 41. Build the test APK: 5mmm -j cts/hostsidetests/appsecurity/test-apps/tinyapp/ 6 72. Sign the APK with the first signer: 8apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \ 9 --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8 10 113. Install the APK on a device: 12adb install test.apk 13 144. Pull the packages.xml file containing the new entry for the APK from the device: 15adb pull /data/system/packages.xml 16 175. Search the packages.xml file for the package name 'android.appsecurity.cts.tinyapp'. Following is 18 the full entry when the APK is signed as above: 19 20 <package name="android.appsecurity.cts.tinyapp" codePath="/data/app/android.appsecurity.cts.tiny 21 app-4ix3umoWct_iD26jQ03Z_g==" nativeLibraryPath="/data/app/android.appsecurity.cts.tinyapp-4ix3u 22 moWct_iD26jQ03Z_g==/lib" publicFlags="805879364" privateFlags="0" ft="1663710dd00" it="1663710de 23 41" ut="1663710de41" version="10" userId="10051"> 24 <sigs count="1" schemeVersion="3"> 25 <cert index="16" key="3082016c30820111a003020102020900ca0fb64dfb66e772300a06082a8648ce3d 26 04030230123110300e06035504030c0765632d70323536301e170d3136303333313134353830365a170d3433 27 303831373134353830365a30123110300e06035504030c0765632d703235363059301306072a8648ce3d0201 28 06082a8648ce3d03010703420004a65f113d22cb4913908307ac31ee2ba0e9138b785fac6536d14ea2ce90d2 29 b4bfe194b50cdc8e169f54a73a991ef0fa76329825be078cc782740703da44b4d7eba350304e301d0603551d 30 0e04160414d4133568b95b30158b322071ea8c43ff5b05ccc8301f0603551d23041830168014d4133568b95b 31 30158b322071ea8c43ff5b05ccc8300c0603551d13040530030101ff300a06082a8648ce3d04030203490030 32 46022100f504a0866caef029f417142c5cb71354c79ffcd1d640618dfca4f19e16db78d6022100f8eea48297 33 99c06cad08c6d3d2d2ec05e0574154e747ea0fdbb8042cb655aadd" /> 34 </sigs> 35 <proper-signing-keyset identifier="480" /> 36 </package> 37 38The PackageSignatures#readXml and writeXml methods read and write everything within the sigs tag. 39The tags and attributes within the sigs tag can be modified and used to verify various good and 40error paths for the PackageSignaturesTest. 41 42Step 2 can be modified to sign with multiple signers by running one of the following commands: 43 44- To sign with two signers in the lineage (after the signing key has been rotated once): 45apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \ 46 --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8 --next-signer --cert \ 47 certs/ec-p256_2.x509.der --key certs/ec-p256_2.pk8 --lineage certs/ec-p256-lineage-2-signers 48 49- To sign with three signers in the lineage (after the second key rotation): 50apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \ 51 --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8 --next-signer --cert \ 52 certs/ec-p256_3.x509.der --key certs/ec-p256_3.pk8 --lineage certs/ec-p256-lineage-3-signers 53 54- To sign with two distinct signers (NOTE: The V3 signature scheme only supports a single signer, 55 so this method can only be used with signature schemes V1 and V2): 56apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \ 57 --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8 --next-signer --cert \ 58 certs/ec-p256_3.x509.der --key certs/ec-p256_3.pk8 --v3-signing-enabled false 59