1#!/bin/bash 2 3# Copyright 2018 The ChromiumOS Authors 4# Use of this source code is governed by a BSD-style license that can be 5# found in the LICENSE file. 6 7. "$(dirname "$0")/common.sh" 8 9####################################### 10# Return name according to the current signing debug key. The name is used to 11# select key files. 12# Globals: 13# None 14# Arguments: 15# sha1: signature of the APK. 16# keyset: "cheets" or "aosp" build? 17# Outputs: 18# Writes the name of the key to stdout. 19# Returns: 20# 0 on success, non-zero on error. 21####################################### 22android_choose_key() { 23 local sha1="$1" 24 local keyset="$2" 25 26 if [[ "${keyset}" != "aosp" && "${keyset}" != "cheets" ]]; then 27 error "Unknown Android build keyset '${keyset}'." 28 return 1 29 fi 30 31 # Fingerprints below are generated by: 32 # 'cheets' keyset: 33 # $ keytool -file vendor/google_arc/certs/cheetskeys/$NAME.x509.pem \ 34 # -printcert | grep SHA1: 35 # 'aosp' keyset: 36 # $ keytool -file build/target/product/security/$NAME.x509.pem -printcert \ 37 # | grep SHA1: 38 declare -A platform_sha=( 39 ['cheets']='AA:04:E0:5F:82:9C:7E:D1:B9:F8:FC:99:6C:5A:54:43:83:D9:F5:BC' 40 ['aosp']='27:19:6E:38:6B:87:5E:76:AD:F7:00:E7:EA:84:E4:C6:EE:E3:3D:FA' 41 ) 42 declare -A media_sha=( 43 ['cheets']='D4:C4:2D:E0:B9:1B:15:72:FA:7D:A7:21:E0:A6:09:94:B4:4C:B5:AE' 44 ['aosp']='B7:9D:F4:A8:2E:90:B5:7E:A7:65:25:AB:70:37:AB:23:8A:42:F5:D3' 45 ) 46 declare -A shared_sha=( 47 ['cheets']='38:B6:2C:E1:75:98:E3:E1:1C:CC:F6:6B:83:BB:97:0E:2D:40:6C:AE' 48 ['aosp']='5B:36:8C:FF:2D:A2:68:69:96:BC:95:EA:C1:90:EA:A4:F5:63:0F:E5' 49 ) 50 declare -A release_sha=( 51 ['cheets']='EC:63:36:20:23:B7:CB:66:18:70:D3:39:3C:A9:AE:7E:EF:A9:32:42' 52 ['aosp']='61:ED:37:7E:85:D3:86:A8:DF:EE:6B:86:4B:D8:5B:0B:FA:A5:AF:81' 53 ) 54 declare -A networkstack_sha=( 55 ['cheets']='7C:AD:D6:52:41:69:E7:A4:47:6F:DA:74:D0:8E:F0:48:3A:6F:00:ED' 56 ['aosp']='7C:8B:DA:BD:21:F9:53:A1:B1:8C:CB:E7:B9:13:93:D9:FD:F9:48:30' 57 ) 58 59 case "${sha1}" in 60 "${platform_sha["${keyset}"]}") 61 echo "platform" 62 ;; 63 "${media_sha["${keyset}"]}") 64 echo "media" 65 ;; 66 "${shared_sha["${keyset}"]}") 67 echo "shared" 68 ;; 69 "${release_sha["${keyset}"]}") 70 # The release_sha[] fingerprint is from devkey. Translate to releasekey. 71 echo "releasekey" 72 ;; 73 "${networkstack_sha["${keyset}"]}") 74 echo "networkstack" 75 ;; 76 *) 77 # Not a framework apk. Do not re-sign. 78 echo "" 79 ;; 80 esac 81 return 0 82} 83 84####################################### 85# Extract 'ro.build.flavor' property from build property file. 86# Globals: 87# None 88# Arguments: 89# build_prop_file: path to build property file. 90# Outputs: 91# Writes the value of the property to stdout. 92# Returns: 93# 0 on success, non-zero on error. 94####################################### 95android_get_build_flavor_prop() { 96 local build_prop_file="$1" 97 local flavor_prop="" 98 99 if ! flavor_prop=$(sudo \ 100 grep -a "^ro\.build\.flavor=" "${build_prop_file}"); then 101 return 1 102 fi 103 flavor_prop=$(echo "${flavor_prop}" | cut -d "=" -f2) 104 echo "${flavor_prop}" 105 return 0 106} 107 108####################################### 109# Pick the expected keyset ('cheets', 'aosp') depending on the build flavor. 110# Globals: 111# None 112# Arguments: 113# flavor_prop: the value of the build flavor property. 114# Outputs: 115# Writes the name of the keyset to stdout. 116# Returns: 117# 0 on success, non-zero on error. 118####################################### 119android_choose_signing_keyset() { 120 local flavor_prop="$1" 121 122 # Property ro.build.flavor follows those patterns: 123 # - cheets builds: 124 # ro.build.flavor=cheets_${arch}-user(debug) 125 # - SDK builds: 126 # ro.build.flavor=sdk_google_cheets_${arch}-user(debug) # For N 127 # ro.build.flavor=sdk_cheets_${arch}-user(debug) # For P 128 # - AOSP builds: 129 # ro.build.flavor=aosp_cheets_${arch}-user(debug) 130 # "cheets" and "SDK" builds both use the same signing keys, cheetskeys. "AOSP" 131 # builds use the public AOSP signing keys. 132 if [[ "${flavor_prop}" == aosp_cheets_* ]]; then 133 keyset="aosp" 134 elif [[ "${flavor_prop}" == cheets_* || 135 "${flavor_prop}" == sdk_cheets_* || 136 "${flavor_prop}" == sdk_google_cheets_* || 137 "${flavor_prop}" == bertha_* ]]; then 138 keyset="cheets" 139 else 140 return 1 141 fi 142 echo "${keyset}" 143 return 0 144} 145