| The XML files in this directory are taken from the packages tag of a test APK signed with the |
| certificates and keys under the certs/ directory. To recreate the XML files run the following: |
| |
| 1. Build the test APK: |
| mmm -j cts/hostsidetests/appsecurity/test-apps/tinyapp/ |
| |
| 2. Sign the APK with the first signer: |
| apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \ |
| --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8 |
| |
| 3. Install the APK on a device: |
| adb install test.apk |
| |
| 4. Pull the packages.xml file containing the new entry for the APK from the device: |
| adb pull /data/system/packages.xml |
| |
| 5. Search the packages.xml file for the package name 'android.appsecurity.cts.tinyapp'. Following is |
| the full entry when the APK is signed as above: |
| |
| <package name="android.appsecurity.cts.tinyapp" codePath="/data/app/android.appsecurity.cts.tiny |
| app-4ix3umoWct_iD26jQ03Z_g==" nativeLibraryPath="/data/app/android.appsecurity.cts.tinyapp-4ix3u |
| moWct_iD26jQ03Z_g==/lib" publicFlags="805879364" privateFlags="0" ft="1663710dd00" it="1663710de |
| 41" ut="1663710de41" version="10" userId="10051"> |
| <sigs count="1" schemeVersion="3"> |
| <cert index="16" key="3082016c30820111a003020102020900ca0fb64dfb66e772300a06082a8648ce3d |
| 04030230123110300e06035504030c0765632d70323536301e170d3136303333313134353830365a170d3433 |
| 303831373134353830365a30123110300e06035504030c0765632d703235363059301306072a8648ce3d0201 |
| 06082a8648ce3d03010703420004a65f113d22cb4913908307ac31ee2ba0e9138b785fac6536d14ea2ce90d2 |
| b4bfe194b50cdc8e169f54a73a991ef0fa76329825be078cc782740703da44b4d7eba350304e301d0603551d |
| 0e04160414d4133568b95b30158b322071ea8c43ff5b05ccc8301f0603551d23041830168014d4133568b95b |
| 30158b322071ea8c43ff5b05ccc8300c0603551d13040530030101ff300a06082a8648ce3d04030203490030 |
| 46022100f504a0866caef029f417142c5cb71354c79ffcd1d640618dfca4f19e16db78d6022100f8eea48297 |
| 99c06cad08c6d3d2d2ec05e0574154e747ea0fdbb8042cb655aadd" /> |
| </sigs> |
| <proper-signing-keyset identifier="480" /> |
| </package> |
| |
| The PackageSignatures#readXml and writeXml methods read and write everything within the sigs tag. |
| The tags and attributes within the sigs tag can be modified and used to verify various good and |
| error paths for the PackageSignaturesTest. |
| |
| Step 2 can be modified to sign with multiple signers by running one of the following commands: |
| |
| - To sign with two signers in the lineage (after the signing key has been rotated once): |
| apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \ |
| --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8 --next-signer --cert \ |
| certs/ec-p256_2.x509.der --key certs/ec-p256_2.pk8 --lineage certs/ec-p256-lineage-2-signers |
| |
| - To sign with three signers in the lineage (after the second key rotation): |
| apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \ |
| --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8 --next-signer --cert \ |
| certs/ec-p256_3.x509.der --key certs/ec-p256_3.pk8 --lineage certs/ec-p256-lineage-3-signers |
| |
| - To sign with two distinct signers (NOTE: The V3 signature scheme only supports a single signer, |
| so this method can only be used with signature schemes V1 and V2): |
| apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \ |
| --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8 --next-signer --cert \ |
| certs/ec-p256_3.x509.der --key certs/ec-p256_3.pk8 --v3-signing-enabled false |