Check system certificate violation for product apks Only if enforcement option is enable, it makes build error when there is apk located at system partition but signed with system certificate. Bug: 74699609 Test: m -j Change-Id: I23c41f2665dd97abac3e77d1c82d81ff91b894eb

commit: c9464144a89b5d666d250eb36fb78b467a889074 [log] [tgz]
author: Jeongik Cha <jeongik@google.com> Mon Jan 07 12:07:27 2019 +0900
committer: Jeongik Cha <jeongik@google.com> Thu Jan 10 11:40:45 2019 +0900
tree: 76ceabf478d50ec174b99bbbd3b6e5b1fbf6c2af
parent: 10ed054a6b8de5024455a0d36edf1b3280559c07 [diff] [blame]
diff --git a/java/app.go b/java/app.go
index 3b2305f..4bae78a 100644
--- a/java/app.go
+++ b/java/app.go

@@ -263,6 +263,20 @@
 
 	packageFile := android.PathForModuleOut(ctx, "package.apk")
 	CreateAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates)
+
+	if !a.Module.Platform() {
+		certPath := a.certificate.Pem.String()
+		systemCertPath := ctx.Config().DefaultAppCertificateDir(ctx).String()
+		if strings.HasPrefix(certPath, systemCertPath) {
+			enforceSystemCert := ctx.Config().EnforceSystemCertificate()
+			whitelist := ctx.Config().EnforceSystemCertificateWhitelist()
+
+			if enforceSystemCert && !inList(a.Module.Name(), whitelist) {
+				ctx.PropertyErrorf("certificate", "The module in product partition cannot be signed with certificate in system.")
+			}
+		}
+	}
+
 	a.outputFile = packageFile
 
 	bundleFile := android.PathForModuleOut(ctx, "base.zip")
commit	c9464144a89b5d666d250eb36fb78b467a889074	[log] [tgz]
author	Jeongik Cha <jeongik@google.com>	Mon Jan 07 12:07:27 2019 +0900
committer	Jeongik Cha <jeongik@google.com>	Thu Jan 10 11:40:45 2019 +0900
tree	76ceabf478d50ec174b99bbbd3b6e5b1fbf6c2af
parent	10ed054a6b8de5024455a0d36edf1b3280559c07 [diff] [blame]