diff options
| author | Dan Willemsen <dwillemsen@google.com> | 2017-11-03 15:53:52 -0700 |
|---|---|---|
| committer | Manjae Park <manjaepark@google.com> | 2020-05-29 14:28:18 -0700 |
| commit | 29a262f46886f50c6545a1320203d8119ca0f511 (patch) | |
| tree | 57867257c5d062262876c057fb69a6a8e25ec187 | |
| parent | 34b33deb0b6096996290348bdb107a30d83a305a (diff) | |
| download | build-oreo-security-release.tar.gz | |
Add PRODUCT_ADB_KEYSandroid-security-8.0.0_r54android-security-8.0.0_r53android-security-8.0.0_r52android-8.0.0_r51android-8.0.0_r50android-8.0.0_r49oreo-security-release
This easily allow products to add custom adb keys for debuggable builds.
To use, provide a public key created by `adb keygen` to
PRODUCT_ADB_KEYS.
This way automated test farms don't need manual intervention to
authenticate to the device over adb, but we don't disable security for
everyone else.
Add an inherit-product-if-exists hook to aosp_* targets so that our
build servers can add a key for our test farms.
Bug: 32891559
Test: lunch aosp_marlin-userdebug; m bootimage
Test: lunch aosp_marlin-user; m bootimage
Change-Id: I1720644d89ec5289fbe99f95ebcdfbb3f3b20e67
| -rw-r--r-- | core/product.mk | 1 | ||||
| -rw-r--r-- | core/product_config.mk | 10 | ||||
| -rw-r--r-- | target/product/embedded.mk | 5 | ||||
| -rw-r--r-- | target/product/full_base.mk | 3 | ||||
| -rw-r--r-- | target/product/security/Android.mk | 13 |
5 files changed, 32 insertions, 0 deletions
diff --git a/core/product.mk b/core/product.mk index 34cd21ca6a..a1eaa50846 100644 --- a/core/product.mk +++ b/core/product.mk @@ -133,6 +133,7 @@ _product_var_list := \ PRODUCT_ART_USE_READ_BARRIER \ PRODUCT_IOT \ PRODUCT_SYSTEM_HEADROOM \ + PRODUCT_ADB_KEYS \ diff --git a/core/product_config.mk b/core/product_config.mk index 32a3809353..98dc10dc8a 100644 --- a/core/product_config.mk +++ b/core/product_config.mk @@ -434,3 +434,13 @@ PRODUCT_ENFORCE_RRO_TARGETS := \ # Add reserved headroom to a system image. PRODUCT_SYSTEM_HEADROOM := \ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_HEADROOM)) + +# ADB keys for debuggable builds +PRODUCT_ADB_KEYS := +ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),) + PRODUCT_ADB_KEYS := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ADB_KEYS)) +endif +ifneq ($(filter-out 0 1,$(words $(PRODUCT_ADB_KEYS))),) + $(error Only one file may be in PRODUCT_ADB_KEYS: $(PRODUCT_ADB_KEYS)) +endif +.KATI_READONLY := PRODUCT_ADB_KEYS diff --git a/target/product/embedded.mk b/target/product/embedded.mk index 6217883a79..1a7d48416a 100644 --- a/target/product/embedded.mk +++ b/target/product/embedded.mk @@ -108,6 +108,11 @@ PRODUCT_PACKAGES += \ fs_config_files \ fs_config_dirs +# If there are product-specific adb keys defined, install them on debuggable +# builds. +PRODUCT_PACKAGES_DEBUG += \ + adb_keys + # Ensure that this property is always defined so that bionic_systrace.cpp # can rely on it being initially set by init. PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \ diff --git a/target/product/full_base.mk b/target/product/full_base.mk index 65bdf0f1b4..305f373148 100644 --- a/target/product/full_base.mk +++ b/target/product/full_base.mk @@ -56,3 +56,6 @@ $(call inherit-product, $(SRC_TARGET_DIR)/product/locales_full.mk) # Get everything else from the parent package $(call inherit-product, $(SRC_TARGET_DIR)/product/generic_no_telephony.mk) + +# Add adb keys to debuggable AOSP builds (if they exist) +$(call inherit-product-if-exists, vendor/google/security/adb/vendor_key.mk) diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk index 5a40397abf..4142ea9149 100644 --- a/target/product/security/Android.mk +++ b/target/product/security/Android.mk @@ -10,3 +10,16 @@ LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) include $(BUILD_PREBUILT) + +####################################### +# adb key, if configured via PRODUCT_ADB_KEYS +ifdef PRODUCT_ADB_KEYS + ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),) + include $(CLEAR_VARS) + LOCAL_MODULE := adb_keys + LOCAL_MODULE_CLASS := ETC + LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) + LOCAL_PREBUILT_MODULE_FILE := $(PRODUCT_ADB_KEYS) + include $(BUILD_PREBUILT) + endif +endif |