Revert "Let signapk access internal APIs under OpenJDK 9 toolchain"
This reverts commit 9cc3c76abd9c8fa159616883e06526d56b5136e5 which
added command-line parameters to the invocation of SignApk to permit
it to access sun.** classes which are not accessible by default in
Java 9. This hack is no longer needed because SignApk no longer needs
this access because of tools/apksig commit
b40d3e4821bc9cb094b0ff13153340e3a0da1b3f which switched APK JAR
signature generation logic away from directly using sun.** classes.
Test: find out -name CtsPkgInstallTinyApp* | xargs rm -Rf
mmma -j74 cts/hostsidetests/appsecurity/test-apps/tinyapp
Test: find out -name CtsPkgInstallTinyApp* | xargs rm -Rf
EXPERIMENTAL_USE_OPENJDK9=target1.8 \
OVERRIDE_ANDROID_JAVA_HOME=<path to Java 9 SDK> \
PATH=${OVERRIDE_ANDROID_JAVA_HOME}/bin:${PATH} \
mmma -j74 cts/hostsidetests/appsecurity/test-apps/tinyapp
Bug: 37137869
Change-Id: I389c366f8a5bed56c496293bc871458adbedb0e8
diff --git a/core/definitions.mk b/core/definitions.mk
index 023410c..2136eaf 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -2701,14 +2701,10 @@
$(call sign-package-arg,$@)
endef
-# signapk uses internal APIs from sun.security.{pkcs,x509}; see http://b/37137869
# $(1): the package file we are signing.
define sign-package-arg
$(hide) mv $(1) $(1).unsigned
-$(hide) $(JAVA) -Djava.library.path=$(SIGNAPK_JNI_LIBRARY_PATH) \
- $(if $(EXPERIMENTAL_USE_OPENJDK9),--add-exports java.base/sun.security.pkcs=ALL-UNNAMED,) \
- $(if $(EXPERIMENTAL_USE_OPENJDK9),--add-exports java.base/sun.security.x509=ALL-UNNAMED,) \
- -jar $(SIGNAPK_JAR) \
+$(hide) $(JAVA) -Djava.library.path=$(SIGNAPK_JNI_LIBRARY_PATH) -jar $(SIGNAPK_JAR) \
$(PRIVATE_CERTIFICATE) $(PRIVATE_PRIVATE_KEY) \
$(PRIVATE_ADDITIONAL_CERTIFICATES) $(1).unsigned $(1).signed
$(hide) mv $(1).signed $(1)