# Variant: Privileged app
include $(CLEAR_VARS)
-# this needs to be a privileged application
-LOCAL_PRIVILEGED_MODULE := true
+LOCAL_MODULE := CtsShimPrivPrebuilt
LOCAL_MODULE_TAGS := optional
-LOCAL_SDK_VERSION := current
-LOCAL_PROGUARD_ENABLED := disabled
-LOCAL_DEX_PREOPT := false
-
-LOCAL_PACKAGE_NAME := CtsShimPriv
-
-#TODO need to find the correct certificate
-#Change in conjunction with cts/hostsidetests/appsecurity/test-apps/IntentFilterApp
-LOCAL_CERTIFICATE := platform
-LOCAL_MANIFEST_FILE := priv_shim/AndroidManifest.xml
+# this needs to be a privileged application
+LOCAL_PRIVILEGED_MODULE := true
+LOCAL_MODULE_CLASS := APPS
+LOCAL_BUILT_MODULE_STEM := package.apk
+# Make sure the build system doesn't try to resign the APK
+LOCAL_CERTIFICATE := PRESIGNED
-include $(BUILD_PACKAGE)
+LOCAL_SRC_FILES := CtsShimPriv.apk
+include $(BUILD_PREBUILT)
###########################################################
include $(CLEAR_VARS)
+LOCAL_MODULE := CtsShimPrebuilt
LOCAL_MODULE_TAGS := optional
-LOCAL_SDK_VERSION := current
-LOCAL_PROGUARD_ENABLED := disabled
-LOCAL_DEX_PREOPT := false
-
-LOCAL_PACKAGE_NAME := CtsShim
-
-#TODO need to find the correct certificate
-#Change in conjunction with cts/hostsidetests/appsecurity/test-apps/IntentFilterApp
-LOCAL_CERTIFICATE := platform
-LOCAL_MANIFEST_FILE := shim/AndroidManifest.xml
+LOCAL_MODULE_CLASS := APPS
+LOCAL_BUILT_MODULE_STEM := package.apk
+# Make sure the build system doesn't try to resign the APK
+LOCAL_CERTIFICATE := PRESIGNED
-include $(BUILD_PACKAGE)
+LOCAL_SRC_FILES := CtsShim.apk
+include $(BUILD_PREBUILT)
--- /dev/null
+*.pk8
+*.pem
+
--- /dev/null
+#
+# Copyright (C) 2016 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_PATH := $(my-dir)
+
+###########################################################
+# Variant: Privileged app
+
+include $(CLEAR_VARS)
+# this needs to be a privileged application
+LOCAL_PRIVILEGED_MODULE := true
+
+LOCAL_MODULE_TAGS := optional
+LOCAL_SDK_VERSION := current
+LOCAL_PROGUARD_ENABLED := disabled
+LOCAL_DEX_PREOPT := false
+
+LOCAL_PACKAGE_NAME := CtsShimPriv
+
+LOCAL_MANIFEST_FILE := shim_priv/AndroidManifest.xml
+
+include $(BUILD_PACKAGE)
+
+
+###########################################################
+# Variant: Privileged app upgrade
+
+include $(CLEAR_VARS)
+# this needs to be a privileged application
+LOCAL_PRIVILEGED_MODULE := true
+
+LOCAL_MODULE_TAGS := optional
+LOCAL_SDK_VERSION := current
+LOCAL_PROGUARD_ENABLED := disabled
+LOCAL_DEX_PREOPT := false
+
+LOCAL_PACKAGE_NAME := CtsShimPrivUpgrade
+
+LOCAL_MANIFEST_FILE := shim_priv_upgrade/AndroidManifest.xml
+
+include $(BUILD_PACKAGE)
+
+
+###########################################################
+# Variant: System app
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_TAGS := optional
+LOCAL_SDK_VERSION := current
+LOCAL_PROGUARD_ENABLED := disabled
+LOCAL_DEX_PREOPT := false
+
+LOCAL_PACKAGE_NAME := CtsShim
+
+LOCAL_MANIFEST_FILE := shim/AndroidManifest.xml
+
+include $(BUILD_PACKAGE)
+
--- /dev/null
+
+The CTS shim is a package that resides on a device's /system partition in order
+to verify certain upgrade scenarios. Not only must it not contain code, but, it
+must specify the singular APK that can be used to upgrade it.
+
+NOTE: The need to include a binary on the system image may be deprecated if a
+solution involving a temporarily writable /system partition is implemented.
+
+MAKING THE PREBUILTS
+In order to generate the upgrade key, the shim directory needs to be built multiple
+times. First to generate the upgrade APK [so its hash can be obtained] and again
+once the hash has been included as part of the pre-installed APK.
+
+build:
+ $ mmm frameworks/base/packages/CtsShim/build
+
+update the manifest:
+ $ sed -i -e "s/__HASH__/`sha512sum out/target/product/shamu/system/priv-app/CtsShimPrivUpgrade/CtsShimPrivUpgrade.apk | cut -d' ' -f1`/" \
+ frameworks/base/packages/CtsShim/build/shim_priv/AndroidManifest.xml
+
+build:
+ $ mmm frameworks/base/packages/CtsShim/build
+
+update prebuilts:
+ $ cp out/target/product/shamu/system/priv-app/CtsShimPrivUpgrade/CtsShimPrivUpgrade.apk \
+ cts/hostsidetests/appsecurity/test-apps/IntentFilterApp
+ $ cp out/target/product/shamu/system/priv-app/CtsShimPriv/CtsShimPriv.apk \
+ frameworks/base/packages/CtsShim
+
+revert manifest:
+ $ pushd frameworks/base && git checkout -- packages/CtsShim/build/shim_priv/AndroidManifest.xml && popd
+
+Finally, upload and submit both the cts/ and frameworks/base/ repos.
\ No newline at end of file
<!-- Manifest for the system CTS shim -->
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
- package="com.android.cts.system.ctsshim">
- <application android:label="CtsShim">
+ xmlns:tools="http://schemas.android.com/tools"
+ package="com.android.cts.ctsshim"
+ tools:ignore="MissingVersion" >
+
+ <application
+ android:hasCode="false"
+ tools:ignore="AllowBackup,MissingApplicationIcon" >
<!-- These activities don't actually exist; define them just to test the filters !-->
<!-- Manifest for the privileged CTS shim -->
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
- package="com.android.cts.priv.ctsshim">
- <application android:label="CtsShim">
+ xmlns:tools="http://schemas.android.com/tools"
+ package="com.android.cts.priv.ctsshim"
+ tools:ignore="MissingVersion" >
+
+ <restrict-upgrade
+ android:hash="__HASH__" />
+
+ <application
+ android:hasCode="false"
+ tools:ignore="AllowBackup,MissingApplicationIcon" >
<!-- These activities don't actually exist; define them just to test the filters !-->
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- Manifest for the privileged CTS shim upgrade -->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ xmlns:tools="http://schemas.android.com/tools"
+ package="com.android.cts.priv.ctsshim"
+ tools:ignore="MissingVersion" >
+
+ <application
+ android:hasCode="false"
+ tools:ignore="AllowBackup,MissingApplicationIcon" >
+
+ <!-- These activities don't actually exist; define them just to test the filters !-->
+
+ <!-- install test; [some] high priority filters granted -->
+ <activity android:name=".InstallPriority">
+ <!-- normal actions; priority will be granted -->
+ <intent-filter android:priority="100">
+ <action android:name="android.intent.action.SEARCH" />
+ <category android:name="android.intent.category.INFO" />
+ </intent-filter>
+
+ <!-- protected actions; priority will be denied -->
+ <intent-filter android:priority="100">
+ <action android:name="android.intent.action.VIEW" />
+ <category android:name="android.intent.category.BROWSABLE" />
+ </intent-filter>
+ <intent-filter android:priority="100">
+ <action android:name="android.intent.action.SEND" />
+ </intent-filter>
+ <intent-filter android:priority="100">
+ <action android:name="android.intent.action.SEND_MULTIPLE" />
+ </intent-filter>
+ <intent-filter android:priority="100">
+ <action android:name="android.intent.action.SENDTO" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; single, equivalent filter -->
+ <activity android:name=".UpgradeMatch">
+ <intent-filter android:priority="500">
+ <action android:name="com.android.cts.action.MATCH" />
+ <category android:name="android.intent.category.INFO" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; multiple, equivalent filters -->
+ <activity android:name=".UpgradeMatchMultiple">
+ <intent-filter android:priority="500">
+ <action android:name="com.android.cts.action.MATCH_MULTIPLE" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; lower priority is okay -->
+ <activity android:name=".UpgradeLowerPriority">
+ <intent-filter android:priority="75">
+ <action android:name="com.android.cts.action.LOWER_PRIORITY" />
+ <category android:name="android.intent.category.INFO" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; action subset is "equivalent" -->
+ <activity android:name=".UpgradeActionSubset">
+ <intent-filter android:priority="100">
+ <action android:name="com.android.cts.action.ACTION_SUB_2" />
+ <category android:name="android.intent.category.DEFAULT" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; category subset is "equivalent" -->
+ <activity android:name=".UpgradeCategorySubset">
+ <intent-filter android:priority="100">
+ <action android:name="com.android.cts.action.CATEGORY_SUB" />
+ <category android:name="android.intent.category.INFO" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; scheme subset is "equivalent" -->
+ <activity android:name=".UpgradeSchemeSubset">
+ <intent-filter android:priority="100">
+ <action android:name="com.android.cts.action.SCHEME_SUB" />
+ <data android:scheme="flubber" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; authority subset is "equivalent" -->
+ <activity android:name=".UpgradeAuthoritySubset">
+ <intent-filter android:priority="100">
+ <action android:name="com.android.cts.action.AUTHORITY_SUB" />
+ <data android:host="goo.gl" android:port="443" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; new activity cannot get >0 priority -->
+ <activity android:name=".UpgradeNewActivity">
+ <intent-filter android:priority="100">
+ <action android:name="com.android.cts.action.NEW_ACTIVITY" />
+ <category android:name="android.intent.category.INFO" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; new action cannot get >0 priority -->
+ <activity android:name=".UpgradeNewAction">
+ <intent-filter android:priority="100">
+ <action android:name="com.android.cts.action.NEW_ACTION" />
+ <action android:name="com.android.cts.action.NEW_ACTION_2" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; new category cannot get >0 priority -->
+ <activity android:name=".UpgradeNewCategory">
+ <intent-filter android:priority="100">
+ <action android:name="com.android.cts.action.NEW_CATEGORY" />
+ <category android:name="android.intent.category.INFO" />
+ <category android:name="android.intent.category.DEFAULT" />
+ <category android:name="android.intent.category.DOODLE" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; new scheme cannot get >0 priority -->
+ <activity android:name=".UpgradeNewScheme">
+ <intent-filter android:priority="100">
+ <action android:name="com.android.cts.action.NEW_SCHEME" />
+ <data android:scheme="content" />
+ <data android:scheme="flubber" />
+ <data android:scheme="zoodle" />
+ <data android:scheme="zowie" />
+ </intent-filter>
+ </activity>
+
+ <!-- upgrade test; new authority cannot get >0 priority -->
+ <activity android:name=".UpgradeNewAuthority">
+ <intent-filter android:priority="100">
+ <action android:name="com.android.cts.action.NEW_AUTHORITY" />
+ <data android:host="www.google.com" android:port="80" />
+ <data android:host="www.google.com" android:port="8080" />
+ <data android:host="mail.google.com" android:port="80" />
+ <data android:host="goo.gl" android:port="443" />
+ <data android:host="www.google.com" android:port="443" />
+ </intent-filter>
+ </activity>
+
+ <uses-library android:name="android.test.runner" />
+ </application>
+
+</manifest>
+