diff --git a/java/app.go b/java/app.go index 334464772..e09509299 100755 --- a/java/app.go +++ b/java/app.go @@ -585,19 +585,6 @@ func processMainCert(m android.ModuleBase, certPropValue string, certificates [] certificates = append([]Certificate{mainCert}, certificates...) } - if !m.Platform() { - certPath := certificates[0].Pem.String() - systemCertPath := ctx.Config().DefaultAppCertificateDir(ctx).String() - if strings.HasPrefix(certPath, systemCertPath) { - enforceSystemCert := ctx.Config().EnforceSystemCertificate() - allowed := ctx.Config().EnforceSystemCertificateAllowList() - - if enforceSystemCert && !inList(m.Name(), allowed) { - ctx.PropertyErrorf("certificate", "The module in product partition cannot be signed with certificate in system.") - } - } - } - if len(certificates) > 0 { mainCertificate = certificates[0] } else { @@ -613,6 +600,20 @@ func processMainCert(m android.ModuleBase, certPropValue string, certificates [] } } + if !m.Platform() { + certPath := mainCertificate.Pem.String() + systemCertPath := ctx.Config().DefaultAppCertificateDir(ctx).String() + if strings.HasPrefix(certPath, systemCertPath) { + enforceSystemCert := ctx.Config().EnforceSystemCertificate() + allowed := ctx.Config().EnforceSystemCertificateAllowList() + + if enforceSystemCert && !inList(m.Name(), allowed) { + ctx.PropertyErrorf("certificate", "The module in product partition cannot be signed with certificate in system.") + } + } + } + + return mainCertificate, certificates } diff --git a/java/app_test.go b/java/app_test.go index 8a69a03e7..c485478eb 100644 --- a/java/app_test.go +++ b/java/app_test.go @@ -3382,6 +3382,14 @@ func TestAppMissingCertificateAllowMissingDependencies(t *testing.T) { srcs: ["a.java"], certificate: ":missing_certificate", sdk_version: "current", + } + + android_app { + name: "bar", + srcs: ["a.java"], + certificate: ":missing_certificate", + product_specific: true, + sdk_version: "current", }`) foo := result.ModuleForTests("foo", "android_common")