1*b7c941bbSAndroid Build Coastguard Worker// 2*b7c941bbSAndroid Build Coastguard Worker// Copyright (C) 2020 The Android Open Source Project 3*b7c941bbSAndroid Build Coastguard Worker// 4*b7c941bbSAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 5*b7c941bbSAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 6*b7c941bbSAndroid Build Coastguard Worker// You may obtain a copy of the License at 7*b7c941bbSAndroid Build Coastguard Worker// 8*b7c941bbSAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 9*b7c941bbSAndroid Build Coastguard Worker// 10*b7c941bbSAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 11*b7c941bbSAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 12*b7c941bbSAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*b7c941bbSAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 14*b7c941bbSAndroid Build Coastguard Worker// limitations under the License. 15*b7c941bbSAndroid Build Coastguard Worker// 16*b7c941bbSAndroid Build Coastguard Worker 17*b7c941bbSAndroid Build Coastguard Workerpackage { 18*b7c941bbSAndroid Build Coastguard Worker default_team: "trendy_team_platform_security", 19*b7c941bbSAndroid Build Coastguard Worker // See: http://go/android-license-faq 20*b7c941bbSAndroid Build Coastguard Worker default_applicable_licenses: ["Android-Apache-2.0"], 21*b7c941bbSAndroid Build Coastguard Worker} 22*b7c941bbSAndroid Build Coastguard Worker 23*b7c941bbSAndroid Build Coastguard Worker// This is the default test package signed with the default key. 24*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 25*b7c941bbSAndroid Build Coastguard Worker name: "CtsPkgInstallTinyApp", 26*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 27*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 28*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 29*b7c941bbSAndroid Build Coastguard Worker "cts", 30*b7c941bbSAndroid Build Coastguard Worker "general-tests", 31*b7c941bbSAndroid Build Coastguard Worker ], 32*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 33*b7c941bbSAndroid Build Coastguard Worker} 34*b7c941bbSAndroid Build Coastguard Worker 35*b7c941bbSAndroid Build Coastguard Worker// This is the test package v2 signed with the default key. 36*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 37*b7c941bbSAndroid Build Coastguard Worker name: "CtsPkgInstallTinyAppV2", 38*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-v2.xml", 39*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 40*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 41*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 42*b7c941bbSAndroid Build Coastguard Worker "cts", 43*b7c941bbSAndroid Build Coastguard Worker "general-tests", 44*b7c941bbSAndroid Build Coastguard Worker ], 45*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 46*b7c941bbSAndroid Build Coastguard Worker} 47*b7c941bbSAndroid Build Coastguard Worker 48*b7c941bbSAndroid Build Coastguard Worker// This is the test package signed using the V1/V2 signature schemes with 49*b7c941bbSAndroid Build Coastguard Worker// two signers targeting SDK version 30 with sandbox version 1. From this 50*b7c941bbSAndroid Build Coastguard Worker// package the v1-ec-p256-two-signers-targetSdk-30.apk is created with the 51*b7c941bbSAndroid Build Coastguard Worker// following command: 52*b7c941bbSAndroid Build Coastguard Worker// apksigner sign --in v1v2-ec-p256-two-signers-targetSdk-30.apk --out 53*b7c941bbSAndroid Build Coastguard Worker// v1-ec-p256-two-signers-targetSdk-30.apk --cert ec-p256.x509.pem --key 54*b7c941bbSAndroid Build Coastguard Worker// ec-p256.pk8 --next-signer --cert ec-p256_2.x509.pem --key ec-p256_2.pk8 55*b7c941bbSAndroid Build Coastguard Worker// --v2-signing-enabled false --v3-signing-enabled false --v4-signing-enabled false 56*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 57*b7c941bbSAndroid Build Coastguard Worker name: "v1v2-ec-p256-two-signers-targetSdk-30", 58*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-sandbox-v1.xml", 59*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256", 60*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [":ec-p256_2"], 61*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 62*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 63*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 64*b7c941bbSAndroid Build Coastguard Worker "cts", 65*b7c941bbSAndroid Build Coastguard Worker "general-tests", 66*b7c941bbSAndroid Build Coastguard Worker ], 67*b7c941bbSAndroid Build Coastguard Worker sdk_version: "30", 68*b7c941bbSAndroid Build Coastguard Worker} 69*b7c941bbSAndroid Build Coastguard Worker 70*b7c941bbSAndroid Build Coastguard Worker// This is the test package signed using the V3 signature scheme 71*b7c941bbSAndroid Build Coastguard Worker// with the previous key in the lineage and part of a sharedUid. 72*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 73*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-1-sharedUid", 74*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-shareduid.xml", 75*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256", 76*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 77*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 78*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 79*b7c941bbSAndroid Build Coastguard Worker "cts", 80*b7c941bbSAndroid Build Coastguard Worker "general-tests", 81*b7c941bbSAndroid Build Coastguard Worker ], 82*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 83*b7c941bbSAndroid Build Coastguard Worker} 84*b7c941bbSAndroid Build Coastguard Worker 85*b7c941bbSAndroid Build Coastguard Worker// This is the test package signed using the V3 signature scheme with 86*b7c941bbSAndroid Build Coastguard Worker// a rotated key and one signer in the lineage with default capabilities. 87*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 88*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2-default-caps", 89*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 90*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [":ec-p256"], 91*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por_1_2-default-caps", 92*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 93*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 94*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 95*b7c941bbSAndroid Build Coastguard Worker "cts", 96*b7c941bbSAndroid Build Coastguard Worker "general-tests", 97*b7c941bbSAndroid Build Coastguard Worker ], 98*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 99*b7c941bbSAndroid Build Coastguard Worker} 100*b7c941bbSAndroid Build Coastguard Worker 101*b7c941bbSAndroid Build Coastguard Worker// This is the test package signed using the V3 signature scheme with 102*b7c941bbSAndroid Build Coastguard Worker// a rotated key and multiple signers in the lineage with default 103*b7c941bbSAndroid Build Coastguard Worker// capabilities. 104*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 105*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por-1_2_3_4_5-default-caps", 106*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_5", 107*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [":ec-p256"], 108*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por-1_2_3_4_5-default-caps", 109*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 110*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 111*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 112*b7c941bbSAndroid Build Coastguard Worker "cts", 113*b7c941bbSAndroid Build Coastguard Worker "general-tests", 114*b7c941bbSAndroid Build Coastguard Worker ], 115*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 116*b7c941bbSAndroid Build Coastguard Worker} 117*b7c941bbSAndroid Build Coastguard Worker 118*b7c941bbSAndroid Build Coastguard Worker// This is the test package signed using the V3 signature scheme with 119*b7c941bbSAndroid Build Coastguard Worker// a rotated key and part of a shareduid. The capabilities of this lineage 120*b7c941bbSAndroid Build Coastguard Worker// grant access to the previous key in the lineage to join the sharedUid. 121*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 122*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid", 123*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-shareduid.xml", 124*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 125*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [":ec-p256"], 126*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por_1_2-default-caps", 127*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 128*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 129*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 130*b7c941bbSAndroid Build Coastguard Worker "cts", 131*b7c941bbSAndroid Build Coastguard Worker "general-tests", 132*b7c941bbSAndroid Build Coastguard Worker ], 133*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 134*b7c941bbSAndroid Build Coastguard Worker} 135*b7c941bbSAndroid Build Coastguard Worker 136*b7c941bbSAndroid Build Coastguard Worker// This is the test package signed using the V3 signature scheme with 137*b7c941bbSAndroid Build Coastguard Worker// a rotated key and part of a shareduid. The signing lineage begins 138*b7c941bbSAndroid Build Coastguard Worker// with a key that is not in any of the other lineages and is intended 139*b7c941bbSAndroid Build Coastguard Worker// to verify that two packages signed with lineages that have diverged 140*b7c941bbSAndroid Build Coastguard Worker// ancestors are not allowed to be installed in the same sharedUserId. 141*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 142*b7c941bbSAndroid Build Coastguard Worker name: "v3-por_Y_1_2-default-caps-sharedUid", 143*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-shareduid.xml", 144*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 145*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [ 146*b7c941bbSAndroid Build Coastguard Worker ":rsa-2048", 147*b7c941bbSAndroid Build Coastguard Worker ":ec-p256", 148*b7c941bbSAndroid Build Coastguard Worker ], 149*b7c941bbSAndroid Build Coastguard Worker lineage: ":por_Y_1_2-default-caps", 150*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 151*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 152*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 153*b7c941bbSAndroid Build Coastguard Worker "cts", 154*b7c941bbSAndroid Build Coastguard Worker "general-tests", 155*b7c941bbSAndroid Build Coastguard Worker ], 156*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 157*b7c941bbSAndroid Build Coastguard Worker} 158*b7c941bbSAndroid Build Coastguard Worker 159*b7c941bbSAndroid Build Coastguard Worker// This is the test package signed using the V3 signature scheme with 160*b7c941bbSAndroid Build Coastguard Worker// a rotated key and part of a shareduid. The capabilities of this lineage 161*b7c941bbSAndroid Build Coastguard Worker// prevent the previous key in the lineage from joining the sharedUid. 162*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 163*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2-no-shUid-cap-sharedUid", 164*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-shareduid.xml", 165*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 166*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [":ec-p256"], 167*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por_1_2-no-shUid-cap", 168*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 169*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 170*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 171*b7c941bbSAndroid Build Coastguard Worker "cts", 172*b7c941bbSAndroid Build Coastguard Worker "general-tests", 173*b7c941bbSAndroid Build Coastguard Worker ], 174*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 175*b7c941bbSAndroid Build Coastguard Worker} 176*b7c941bbSAndroid Build Coastguard Worker 177*b7c941bbSAndroid Build Coastguard Worker// This is the test package signed using the V3 signature scheme with 178*b7c941bbSAndroid Build Coastguard Worker// a rotated key and part of a shareduid. The capabilities of this lineage 179*b7c941bbSAndroid Build Coastguard Worker// prevent the previous key in the lineage from using a signature permission. 180*b7c941bbSAndroid Build Coastguard Worker// This package is intended to verify shared signing keys in separate app 181*b7c941bbSAndroid Build Coastguard Worker// lineages retain their own declared capabilities. 182*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 183*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2-no-perm-cap-sharedUid", 184*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-shareduid.xml", 185*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 186*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [":ec-p256"], 187*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por_1_2-no-perm-cap", 188*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 189*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 190*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 191*b7c941bbSAndroid Build Coastguard Worker "cts", 192*b7c941bbSAndroid Build Coastguard Worker "general-tests", 193*b7c941bbSAndroid Build Coastguard Worker ], 194*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 195*b7c941bbSAndroid Build Coastguard Worker} 196*b7c941bbSAndroid Build Coastguard Worker 197*b7c941bbSAndroid Build Coastguard Worker// This is the test package with a new name intended to be installed 198*b7c941bbSAndroid Build Coastguard Worker// alongside the original test package when verifying platform behavior when 199*b7c941bbSAndroid Build Coastguard Worker// two apps share the same previous signer in their lineage with different 200*b7c941bbSAndroid Build Coastguard Worker// capabilities granted; the lineage for this package prevents an app signed 201*b7c941bbSAndroid Build Coastguard Worker// with the previous signing key from joining a sharedUserId. 202*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 203*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2-no-shUid-cap-declperm2", 204*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-declperm2.xml", 205*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 206*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [":ec-p256"], 207*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por_1_2-no-shUid-cap", 208*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 209*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 210*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 211*b7c941bbSAndroid Build Coastguard Worker "cts", 212*b7c941bbSAndroid Build Coastguard Worker "general-tests", 213*b7c941bbSAndroid Build Coastguard Worker ], 214*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 215*b7c941bbSAndroid Build Coastguard Worker} 216*b7c941bbSAndroid Build Coastguard Worker 217*b7c941bbSAndroid Build Coastguard Worker// This is the first companion package signed using the V3 signature scheme 218*b7c941bbSAndroid Build Coastguard Worker// with a rotated key and part of a sharedUid. The capabilities of this lineage 219*b7c941bbSAndroid Build Coastguard Worker// grant access to the previous key in the lineage to join the sharedUid. 220*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 221*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid-companion", 222*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-companion-shareduid.xml", 223*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 224*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [":ec-p256"], 225*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por_1_2-default-caps", 226*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 227*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 228*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 229*b7c941bbSAndroid Build Coastguard Worker "cts", 230*b7c941bbSAndroid Build Coastguard Worker "general-tests", 231*b7c941bbSAndroid Build Coastguard Worker ], 232*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 233*b7c941bbSAndroid Build Coastguard Worker} 234*b7c941bbSAndroid Build Coastguard Worker 235*b7c941bbSAndroid Build Coastguard Worker// This is the first companion package signed using the V3 signature scheme 236*b7c941bbSAndroid Build Coastguard Worker// with a rotated key and part of a sharedUid. The capabilities of this lineage 237*b7c941bbSAndroid Build Coastguard Worker// prevent the previous signing key from joining the sharedUserId. 238*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 239*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2-no-shUid-cap-sharedUid-companion", 240*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-companion-shareduid.xml", 241*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 242*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [":ec-p256"], 243*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por_1_2-no-shUid-cap", 244*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 245*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 246*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 247*b7c941bbSAndroid Build Coastguard Worker "cts", 248*b7c941bbSAndroid Build Coastguard Worker "general-tests", 249*b7c941bbSAndroid Build Coastguard Worker ], 250*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 251*b7c941bbSAndroid Build Coastguard Worker} 252*b7c941bbSAndroid Build Coastguard Worker 253*b7c941bbSAndroid Build Coastguard Worker// This is the companion package signed using the V3 signature scheme with 254*b7c941bbSAndroid Build Coastguard Worker// a rotated key and part of a shareduid. The signing lineage begins 255*b7c941bbSAndroid Build Coastguard Worker// with a key that is not in any of the other lineages and is intended 256*b7c941bbSAndroid Build Coastguard Worker// to verify that two packages signed with lineages that have diverged 257*b7c941bbSAndroid Build Coastguard Worker// ancestors are not allowed to be installed in the same sharedUserId. 258*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 259*b7c941bbSAndroid Build Coastguard Worker name: "v3-por_Z_1_2-default-caps-sharedUid-companion", 260*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-shareduid.xml", 261*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 262*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [ 263*b7c941bbSAndroid Build Coastguard Worker ":dsa-2048", 264*b7c941bbSAndroid Build Coastguard Worker ":ec-p256", 265*b7c941bbSAndroid Build Coastguard Worker ], 266*b7c941bbSAndroid Build Coastguard Worker lineage: ":por_Z_1_2-default-caps", 267*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 268*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 269*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 270*b7c941bbSAndroid Build Coastguard Worker "cts", 271*b7c941bbSAndroid Build Coastguard Worker "general-tests", 272*b7c941bbSAndroid Build Coastguard Worker ], 273*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 274*b7c941bbSAndroid Build Coastguard Worker} 275*b7c941bbSAndroid Build Coastguard Worker 276*b7c941bbSAndroid Build Coastguard Worker// This is the first companion package signed using the V3 signature scheme 277*b7c941bbSAndroid Build Coastguard Worker// with a rotated key and part of a sharedUid but without the signing lineage. 278*b7c941bbSAndroid Build Coastguard Worker// This app is intended to test lineage scenarios where an app is only signed 279*b7c941bbSAndroid Build Coastguard Worker// with the latest key in the lineage. 280*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 281*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-2-sharedUid-companion", 282*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-companion-shareduid.xml", 283*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 284*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 285*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 286*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 287*b7c941bbSAndroid Build Coastguard Worker "cts", 288*b7c941bbSAndroid Build Coastguard Worker "general-tests", 289*b7c941bbSAndroid Build Coastguard Worker ], 290*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 291*b7c941bbSAndroid Build Coastguard Worker} 292*b7c941bbSAndroid Build Coastguard Worker 293*b7c941bbSAndroid Build Coastguard Worker// This is the second companion package signed using the V3 signature scheme 294*b7c941bbSAndroid Build Coastguard Worker// with the previous key in the lineage and part of a sharedUid. 295*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 296*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-1-sharedUid-companion2", 297*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-companion2-shareduid.xml", 298*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256", 299*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 300*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 301*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 302*b7c941bbSAndroid Build Coastguard Worker "cts", 303*b7c941bbSAndroid Build Coastguard Worker "general-tests", 304*b7c941bbSAndroid Build Coastguard Worker ], 305*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 306*b7c941bbSAndroid Build Coastguard Worker} 307*b7c941bbSAndroid Build Coastguard Worker 308*b7c941bbSAndroid Build Coastguard Worker// This is the second companion package signed using the V3 signature scheme 309*b7c941bbSAndroid Build Coastguard Worker// with a rotated key and part of a sharedUid. The capabilities of this lineage 310*b7c941bbSAndroid Build Coastguard Worker// prevent the previous signing key from joining the sharedUserId. 311*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 312*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2-no-shUid-cap-sharedUid-companion2", 313*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-companion2-shareduid.xml", 314*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 315*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [":ec-p256"], 316*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por_1_2-no-shUid-cap", 317*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 318*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 319*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 320*b7c941bbSAndroid Build Coastguard Worker "cts", 321*b7c941bbSAndroid Build Coastguard Worker "general-tests", 322*b7c941bbSAndroid Build Coastguard Worker ], 323*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 324*b7c941bbSAndroid Build Coastguard Worker} 325*b7c941bbSAndroid Build Coastguard Worker 326*b7c941bbSAndroid Build Coastguard Worker// This is the third companion package signed using the V3 signature scheme 327*b7c941bbSAndroid Build Coastguard Worker// with a rotated key and part of a sharedUid. The capabilities of this lineage 328*b7c941bbSAndroid Build Coastguard Worker// grant access to the previous key in the lineage to join the sharedUid. 329*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 330*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2-default-caps-sharedUid-companion3", 331*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-companion3-shareduid.xml", 332*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 333*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [":ec-p256"], 334*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por_1_2-default-caps", 335*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 336*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 337*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 338*b7c941bbSAndroid Build Coastguard Worker "cts", 339*b7c941bbSAndroid Build Coastguard Worker "general-tests", 340*b7c941bbSAndroid Build Coastguard Worker ], 341*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 342*b7c941bbSAndroid Build Coastguard Worker} 343*b7c941bbSAndroid Build Coastguard Worker 344*b7c941bbSAndroid Build Coastguard Worker// This is a version of the test package that declares a signature permission. 345*b7c941bbSAndroid Build Coastguard Worker// The lineage used to sign this test package does not trust the first signing 346*b7c941bbSAndroid Build Coastguard Worker// key but grants default capabilities to the second signing key. 347*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 348*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2_3-1-no-caps-2-default-declperm", 349*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-declperm.xml", 350*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_3", 351*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [ 352*b7c941bbSAndroid Build Coastguard Worker ":ec-p256", 353*b7c941bbSAndroid Build Coastguard Worker ], 354*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por-1_2_3-1-no-caps-2-default", 355*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 356*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 357*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 358*b7c941bbSAndroid Build Coastguard Worker "cts", 359*b7c941bbSAndroid Build Coastguard Worker "general-tests", 360*b7c941bbSAndroid Build Coastguard Worker ], 361*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 362*b7c941bbSAndroid Build Coastguard Worker} 363*b7c941bbSAndroid Build Coastguard Worker 364*b7c941bbSAndroid Build Coastguard Worker// This is a version of the test package that declares a signature permission. 365*b7c941bbSAndroid Build Coastguard Worker// The lineage used to sign this test package does not trust either of the signing 366*b7c941bbSAndroid Build Coastguard Worker// keys so an app with only common signers in the lineage should not be granted the 367*b7c941bbSAndroid Build Coastguard Worker// permission. 368*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 369*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2_3-no-caps-declperm", 370*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-declperm.xml", 371*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_3", 372*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [ 373*b7c941bbSAndroid Build Coastguard Worker ":ec-p256", 374*b7c941bbSAndroid Build Coastguard Worker ], 375*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por-1_2_3-no-caps", 376*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 377*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 378*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 379*b7c941bbSAndroid Build Coastguard Worker "cts", 380*b7c941bbSAndroid Build Coastguard Worker "general-tests", 381*b7c941bbSAndroid Build Coastguard Worker ], 382*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 383*b7c941bbSAndroid Build Coastguard Worker} 384*b7c941bbSAndroid Build Coastguard Worker 385*b7c941bbSAndroid Build Coastguard Worker// This is a version of the companion package that requests the signature permission 386*b7c941bbSAndroid Build Coastguard Worker// declared by the test package above. This package is signed with a signing key that 387*b7c941bbSAndroid Build Coastguard Worker// diverges from the package above and is intended to verify that a common signing 388*b7c941bbSAndroid Build Coastguard Worker// key in the lineage that is still granted the permission capability is sufficient 389*b7c941bbSAndroid Build Coastguard Worker// to be granted a signature permission. 390*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 391*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2_4-companion-usesperm", 392*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-companion-usesperm.xml", 393*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_4", 394*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [ 395*b7c941bbSAndroid Build Coastguard Worker ":ec-p256", 396*b7c941bbSAndroid Build Coastguard Worker ], 397*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por-1_2_4-default-caps", 398*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 399*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 400*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 401*b7c941bbSAndroid Build Coastguard Worker "cts", 402*b7c941bbSAndroid Build Coastguard Worker "general-tests", 403*b7c941bbSAndroid Build Coastguard Worker ], 404*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 405*b7c941bbSAndroid Build Coastguard Worker} 406*b7c941bbSAndroid Build Coastguard Worker 407*b7c941bbSAndroid Build Coastguard Worker// This is a version of the companion package that requests the signature permission 408*b7c941bbSAndroid Build Coastguard Worker// declared by the test package. This package is signed with the original signing 409*b7c941bbSAndroid Build Coastguard Worker// key and is intended to verify that a common signing key shared between two 410*b7c941bbSAndroid Build Coastguard Worker// lineages retains its capability from the package declaring the signature permission. 411*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 412*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-1-companion-usesperm", 413*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-companion-usesperm.xml", 414*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256", 415*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 416*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 417*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 418*b7c941bbSAndroid Build Coastguard Worker "cts", 419*b7c941bbSAndroid Build Coastguard Worker "general-tests", 420*b7c941bbSAndroid Build Coastguard Worker ], 421*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 422*b7c941bbSAndroid Build Coastguard Worker} 423*b7c941bbSAndroid Build Coastguard Worker 424*b7c941bbSAndroid Build Coastguard Worker// This is a version of the test package that declares a signature permission 425*b7c941bbSAndroid Build Coastguard Worker// with the knownSigner protection flag. This app is signed with the rsa-2048 426*b7c941bbSAndroid Build Coastguard Worker// signing key with the trusted certificates being ec-p256 and ec-p256_3. 427*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 428*b7c941bbSAndroid Build Coastguard Worker name: "v3-rsa-2048-decl-knownSigner-ec-p256-1-3", 429*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-decl-knownSigner.xml", 430*b7c941bbSAndroid Build Coastguard Worker certificate: ":rsa-2048", 431*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 432*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 433*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 434*b7c941bbSAndroid Build Coastguard Worker "cts", 435*b7c941bbSAndroid Build Coastguard Worker "general-tests", 436*b7c941bbSAndroid Build Coastguard Worker ], 437*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 438*b7c941bbSAndroid Build Coastguard Worker} 439*b7c941bbSAndroid Build Coastguard Worker 440*b7c941bbSAndroid Build Coastguard Worker// This is a version of the test package that declares a signature permission 441*b7c941bbSAndroid Build Coastguard Worker// without the knownSigner protection flag. This app is signed with the same 442*b7c941bbSAndroid Build Coastguard Worker// rsa-2048 signing key to allow updates from the package above. This app can 443*b7c941bbSAndroid Build Coastguard Worker// be used to verify behavior when an app initially uses the knownSigner flag 444*b7c941bbSAndroid Build Coastguard Worker// and subsequently removes the flag from the permission declaration. 445*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 446*b7c941bbSAndroid Build Coastguard Worker name: "v3-rsa-2048-declperm", 447*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-declperm.xml", 448*b7c941bbSAndroid Build Coastguard Worker certificate: ":rsa-2048", 449*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 450*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 451*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 452*b7c941bbSAndroid Build Coastguard Worker "cts", 453*b7c941bbSAndroid Build Coastguard Worker "general-tests", 454*b7c941bbSAndroid Build Coastguard Worker ], 455*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 456*b7c941bbSAndroid Build Coastguard Worker} 457*b7c941bbSAndroid Build Coastguard Worker 458*b7c941bbSAndroid Build Coastguard Worker// This is a version of the test package that declares a signature permission 459*b7c941bbSAndroid Build Coastguard Worker// with the knownSigner protection flag using a string resource instead of a 460*b7c941bbSAndroid Build Coastguard Worker// string-array resource for the trusted certs. 461*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 462*b7c941bbSAndroid Build Coastguard Worker name: "v3-rsa-2048-decl-knownSigner-str-res-ec-p256-1", 463*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-decl-knownSigner-str-res.xml", 464*b7c941bbSAndroid Build Coastguard Worker certificate: ":rsa-2048", 465*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 466*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 467*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 468*b7c941bbSAndroid Build Coastguard Worker "cts", 469*b7c941bbSAndroid Build Coastguard Worker "general-tests", 470*b7c941bbSAndroid Build Coastguard Worker ], 471*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 472*b7c941bbSAndroid Build Coastguard Worker} 473*b7c941bbSAndroid Build Coastguard Worker 474*b7c941bbSAndroid Build Coastguard Worker// This is a version of the test package that declares a signature permission 475*b7c941bbSAndroid Build Coastguard Worker// with the knownSigner protection flag using a string constant as the value 476*b7c941bbSAndroid Build Coastguard Worker// of the knownCerts attribute. 477*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 478*b7c941bbSAndroid Build Coastguard Worker name: "v3-rsa-2048-decl-knownSigner-str-const-ec-p256-1", 479*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-decl-knownSigner-str-const.xml", 480*b7c941bbSAndroid Build Coastguard Worker certificate: ":rsa-2048", 481*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 482*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 483*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 484*b7c941bbSAndroid Build Coastguard Worker "cts", 485*b7c941bbSAndroid Build Coastguard Worker "general-tests", 486*b7c941bbSAndroid Build Coastguard Worker ], 487*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 488*b7c941bbSAndroid Build Coastguard Worker} 489*b7c941bbSAndroid Build Coastguard Worker 490*b7c941bbSAndroid Build Coastguard Worker// This is a version of the companion package that uses the permission 491*b7c941bbSAndroid Build Coastguard Worker// declared with the knownSigner flag. This app's current signer is in 492*b7c941bbSAndroid Build Coastguard Worker// the array of certificate digests as declared by the test package 493*b7c941bbSAndroid Build Coastguard Worker// above. 494*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 495*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256_3-companion-uses-knownSigner", 496*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-uses-knownSigner.xml", 497*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_3", 498*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 499*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 500*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 501*b7c941bbSAndroid Build Coastguard Worker "cts", 502*b7c941bbSAndroid Build Coastguard Worker "general-tests", 503*b7c941bbSAndroid Build Coastguard Worker ], 504*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 505*b7c941bbSAndroid Build Coastguard Worker} 506*b7c941bbSAndroid Build Coastguard Worker 507*b7c941bbSAndroid Build Coastguard Worker// This is a version of the companion package that uses the permission 508*b7c941bbSAndroid Build Coastguard Worker// declared with the knownSigner flag. This app's current signer is not 509*b7c941bbSAndroid Build Coastguard Worker// in the array of certificate digests as declared by the test package 510*b7c941bbSAndroid Build Coastguard Worker// above. 511*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 512*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256_2-companion-uses-knownSigner", 513*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-uses-knownSigner.xml", 514*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 515*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 516*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 517*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 518*b7c941bbSAndroid Build Coastguard Worker "cts", 519*b7c941bbSAndroid Build Coastguard Worker "general-tests", 520*b7c941bbSAndroid Build Coastguard Worker ], 521*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 522*b7c941bbSAndroid Build Coastguard Worker} 523*b7c941bbSAndroid Build Coastguard Worker 524*b7c941bbSAndroid Build Coastguard Worker// This is a version of the companion package that uses the permission 525*b7c941bbSAndroid Build Coastguard Worker// declared with the knownSigner flag. This app is signed with a rotated 526*b7c941bbSAndroid Build Coastguard Worker// signing key with the current signer not in the array of certificate 527*b7c941bbSAndroid Build Coastguard Worker// digests as declared by the test package, but the previous signer in 528*b7c941bbSAndroid Build Coastguard Worker// the lineage is. This app can be used to verify that knownSigner 529*b7c941bbSAndroid Build Coastguard Worker// permissions are also granted if the app was previously signed with 530*b7c941bbSAndroid Build Coastguard Worker// one of the declared digests. 531*b7c941bbSAndroid Build Coastguard Workerandroid_test_helper_app { 532*b7c941bbSAndroid Build Coastguard Worker name: "v3-ec-p256-with-por_1_2-companion-uses-knownSigner", 533*b7c941bbSAndroid Build Coastguard Worker manifest: "AndroidManifest-uses-knownSigner.xml", 534*b7c941bbSAndroid Build Coastguard Worker certificate: ":ec-p256_2", 535*b7c941bbSAndroid Build Coastguard Worker additional_certificates: [ 536*b7c941bbSAndroid Build Coastguard Worker ":ec-p256", 537*b7c941bbSAndroid Build Coastguard Worker ], 538*b7c941bbSAndroid Build Coastguard Worker lineage: ":ec-p256-por_1_2-default-caps", 539*b7c941bbSAndroid Build Coastguard Worker srcs: ["src/**/*.java"], 540*b7c941bbSAndroid Build Coastguard Worker // resource_dirs is the default value: ["res"] 541*b7c941bbSAndroid Build Coastguard Worker test_suites: [ 542*b7c941bbSAndroid Build Coastguard Worker "cts", 543*b7c941bbSAndroid Build Coastguard Worker "general-tests", 544*b7c941bbSAndroid Build Coastguard Worker ], 545*b7c941bbSAndroid Build Coastguard Worker sdk_version: "current", 546*b7c941bbSAndroid Build Coastguard Worker} 547