diff options
author | Dan Willemsen <dwillemsen@google.com> | 2017-11-03 15:53:52 -0700 |
---|---|---|
committer | Manjae Park <manjaepark@google.com> | 2020-05-29 14:31:59 -0700 |
commit | b4fd146a2e027c0d966203530e8630158b536493 (patch) | |
tree | 84cebf5303c1bcb5ee6e813385a52d170e37b2ae | |
parent | b0a84d936e009dd937a91480bc82e951d90dad06 (diff) | |
download | build-b4fd146a2e027c0d966203530e8630158b536493.tar.gz |
Add PRODUCT_ADB_KEYSandroid-security-8.1.0_r87android-security-8.1.0_r86android-security-8.1.0_r85android-security-8.1.0_r84android-security-8.1.0_r83android-security-8.1.0_r82android-8.1.0_r81android-8.1.0_r80android-8.1.0_r79
This easily allow products to add custom adb keys for debuggable builds.
To use, provide a public key created by `adb keygen` to
PRODUCT_ADB_KEYS.
This way automated test farms don't need manual intervention to
authenticate to the device over adb, but we don't disable security for
everyone else.
Add an inherit-product-if-exists hook to aosp_* targets so that our
build servers can add a key for our test farms.
Bug: 32891559
Test: lunch aosp_marlin-userdebug; m bootimage
Test: lunch aosp_marlin-user; m bootimage
Change-Id: I1720644d89ec5289fbe99f95ebcdfbb3f3b20e67
-rw-r--r-- | core/product.mk | 3 | ||||
-rw-r--r-- | core/product_config.mk | 16 | ||||
-rw-r--r-- | target/product/embedded.mk | 5 | ||||
-rw-r--r-- | target/product/full_base.mk | 3 | ||||
-rw-r--r-- | target/product/security/Android.mk | 13 |
5 files changed, 31 insertions, 9 deletions
diff --git a/core/product.mk b/core/product.mk index 4682dac992..102d17f2d8 100644 --- a/core/product.mk +++ b/core/product.mk @@ -141,8 +141,7 @@ _product_var_list := \ PRODUCT_ART_USE_READ_BARRIER \ PRODUCT_IOT \ PRODUCT_SYSTEM_HEADROOM \ - PRODUCT_MINIMIZE_JAVA_DEBUG_INFO \ - PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS \ + PRODUCT_ADB_KEYS \ diff --git a/core/product_config.mk b/core/product_config.mk index f7ae834fbc..7707a5d307 100644 --- a/core/product_config.mk +++ b/core/product_config.mk @@ -449,10 +449,12 @@ PRODUCT_ENFORCE_RRO_TARGETS := \ PRODUCT_SYSTEM_HEADROOM := \ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_HEADROOM)) -# Whether to save disk space by minimizing java debug info -PRODUCT_MINIMIZE_JAVA_DEBUG_INFO := \ - $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_MINIMIZE_JAVA_DEBUG_INFO)) - -# Whether any paths are excluded from sanitization when SANITIZE_TARGET=integer_overflow -PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS := \ - $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS)) +# ADB keys for debuggable builds +PRODUCT_ADB_KEYS := +ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),) + PRODUCT_ADB_KEYS := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ADB_KEYS)) +endif +ifneq ($(filter-out 0 1,$(words $(PRODUCT_ADB_KEYS))),) + $(error Only one file may be in PRODUCT_ADB_KEYS: $(PRODUCT_ADB_KEYS)) +endif +.KATI_READONLY := PRODUCT_ADB_KEYS diff --git a/target/product/embedded.mk b/target/product/embedded.mk index 7efa686326..4d6bb8b923 100644 --- a/target/product/embedded.mk +++ b/target/product/embedded.mk @@ -109,6 +109,11 @@ PRODUCT_PACKAGES += \ fs_config_files \ fs_config_dirs +# If there are product-specific adb keys defined, install them on debuggable +# builds. +PRODUCT_PACKAGES_DEBUG += \ + adb_keys + # Ensure that this property is always defined so that bionic_systrace.cpp # can rely on it being initially set by init. PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \ diff --git a/target/product/full_base.mk b/target/product/full_base.mk index 65bdf0f1b4..305f373148 100644 --- a/target/product/full_base.mk +++ b/target/product/full_base.mk @@ -56,3 +56,6 @@ $(call inherit-product, $(SRC_TARGET_DIR)/product/locales_full.mk) # Get everything else from the parent package $(call inherit-product, $(SRC_TARGET_DIR)/product/generic_no_telephony.mk) + +# Add adb keys to debuggable AOSP builds (if they exist) +$(call inherit-product-if-exists, vendor/google/security/adb/vendor_key.mk) diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk index 5a40397abf..4142ea9149 100644 --- a/target/product/security/Android.mk +++ b/target/product/security/Android.mk @@ -10,3 +10,16 @@ LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) include $(BUILD_PREBUILT) + +####################################### +# adb key, if configured via PRODUCT_ADB_KEYS +ifdef PRODUCT_ADB_KEYS + ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),) + include $(CLEAR_VARS) + LOCAL_MODULE := adb_keys + LOCAL_MODULE_CLASS := ETC + LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) + LOCAL_PREBUILT_MODULE_FILE := $(PRODUCT_ADB_KEYS) + include $(BUILD_PREBUILT) + endif +endif |