:module syntax support properties in apex_key

public_key and private_key properties support :module syntax so that the
key pairs can be dynamically created during the build, which is useful
for one-time keys.

Bug: 128960614
Test: m (apex_test amended)

Change-Id: I249b1d29f247784193b0d733a7b6a20274ece105

apex/apex_test.go

@@ -161,6 +161,8 @@ func testApex(t *testing.T, bp string) *android.TestContext {
 		"vendor/foo/devkeys/testkey.pem":       nil,
 		"NOTICE":                               nil,
 		"custom_notice":                        nil,
+		"testkey2.avbpubkey":                   nil,
+		"testkey2.pem":                         nil,
 	})
 	_, errs := ctx.ParseFileList(".", []string{"Android.bp"})
 	android.FailIfErrored(t, errs)
@@ -1194,3 +1196,36 @@ func TestApexInProductPartition(t *testing.T) {
 	}
 
 }
+
+func TestApexKeyFromOtherModule(t *testing.T) {
+	ctx := testApex(t, `
+		apex_key {
+			name: "myapex.key",
+			public_key: ":my.avbpubkey",
+			private_key: ":my.pem",
+			product_specific: true,
+		}
+
+		filegroup {
+			name: "my.avbpubkey",
+			srcs: ["testkey2.avbpubkey"],
+		}
+
+		filegroup {
+			name: "my.pem",
+			srcs: ["testkey2.pem"],
+		}
+	`)
+
+	apex_key := ctx.ModuleForTests("myapex.key", "android_common").Module().(*apexKey)
+	expected_pubkey := "testkey2.avbpubkey"
+	actual_pubkey := apex_key.public_key_file.String()
+	if actual_pubkey != expected_pubkey {
+		t.Errorf("wrong public key path. expected %q. actual %q", expected_pubkey, actual_pubkey)
+	}
+	expected_privkey := "testkey2.pem"
+	actual_privkey := apex_key.private_key_file.String()
+	if actual_privkey != expected_privkey {
+		t.Errorf("wrong private key path. expected %q. actual %q", expected_privkey, actual_privkey)
+	}
+}

apex/key.go

@@ -45,11 +45,11 @@ type apexKey struct {
 }
 
 type apexKeyProperties struct {
-	// Path to the public key file in avbpubkey format. Installed to the device.
+	// Path or module to the public key file in avbpubkey format. Installed to the device.
 	// Base name of the file is used as the ID for the key.
-	Public_key *string
-	// Path to the private key file in pem format. Used to sign APEXs.
-	Private_key *string
+	Public_key *string `android:"path"`
+	// Path or module to the private key file in pem format. Used to sign APEXs.
+	Private_key *string `android:"path"`
 
 	// Whether this key is installable to one of the partitions. Defualt: true.
 	Installable *bool
@@ -68,16 +68,27 @@ func (m *apexKey) installable() bool {
 }
 
 func (m *apexKey) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+	// If the keys are from other modules (i.e. :module syntax) respect it.
+	// Otherwise, try to locate the key files in the default cert dir or
+	// in the local module dir
+	if android.SrcIsModule(String(m.properties.Public_key)) != "" {
+		m.public_key_file = android.PathForModuleSrc(ctx, String(m.properties.Public_key))
+	} else {
 		m.public_key_file = ctx.Config().ApexKeyDir(ctx).Join(ctx, String(m.properties.Public_key))
-	m.private_key_file = ctx.Config().ApexKeyDir(ctx).Join(ctx, String(m.properties.Private_key))
-
 		// If not found, fall back to the local key pairs
 		if !android.ExistentPathForSource(ctx, m.public_key_file.String()).Valid() {
 			m.public_key_file = android.PathForModuleSrc(ctx, String(m.properties.Public_key))
 		}
+	}
+
+	if android.SrcIsModule(String(m.properties.Private_key)) != "" {
+		m.private_key_file = android.PathForModuleSrc(ctx, String(m.properties.Private_key))
+	} else {
+		m.private_key_file = ctx.Config().ApexKeyDir(ctx).Join(ctx, String(m.properties.Private_key))
 		if !android.ExistentPathForSource(ctx, m.private_key_file.String()).Valid() {
 			m.private_key_file = android.PathForModuleSrc(ctx, String(m.properties.Private_key))
 		}
+	}
 
 	pubKeyName := m.public_key_file.Base()[0 : len(m.public_key_file.Base())-len(m.public_key_file.Ext())]
 	privKeyName := m.private_key_file.Base()[0 : len(m.private_key_file.Base())-len(m.private_key_file.Ext())]