diff --git a/java/app.go b/java/app.go index 03e233059..706f99a83 100755 --- a/java/app.go +++ b/java/app.go @@ -563,19 +563,6 @@ func processMainCert(m android.ModuleBase, certPropValue string, certificates [] certificates = append([]Certificate{mainCert}, certificates...) } - if !m.Platform() { - certPath := certificates[0].Pem.String() - systemCertPath := ctx.Config().DefaultAppCertificateDir(ctx).String() - if strings.HasPrefix(certPath, systemCertPath) { - enforceSystemCert := ctx.Config().EnforceSystemCertificate() - allowed := ctx.Config().EnforceSystemCertificateAllowList() - - if enforceSystemCert && !inList(m.Name(), allowed) { - ctx.PropertyErrorf("certificate", "The module in product partition cannot be signed with certificate in system.") - } - } - } - if len(certificates) > 0 { mainCertificate = certificates[0] } else { @@ -591,6 +578,20 @@ func processMainCert(m android.ModuleBase, certPropValue string, certificates [] } } + if !m.Platform() { + certPath := mainCertificate.Pem.String() + systemCertPath := ctx.Config().DefaultAppCertificateDir(ctx).String() + if strings.HasPrefix(certPath, systemCertPath) { + enforceSystemCert := ctx.Config().EnforceSystemCertificate() + allowed := ctx.Config().EnforceSystemCertificateAllowList() + + if enforceSystemCert && !inList(m.Name(), allowed) { + ctx.PropertyErrorf("certificate", "The module in product partition cannot be signed with certificate in system.") + } + } + } + + return mainCertificate, certificates } diff --git a/java/app_test.go b/java/app_test.go index 7e97b0fb1..b154bc990 100644 --- a/java/app_test.go +++ b/java/app_test.go @@ -3382,6 +3382,14 @@ func TestAppMissingCertificateAllowMissingDependencies(t *testing.T) { srcs: ["a.java"], certificate: ":missing_certificate", sdk_version: "current", + } + + android_app { + name: "bar", + srcs: ["a.java"], + certificate: ":missing_certificate", + product_specific: true, + sdk_version: "current", }`) foo := result.ModuleForTests("foo", "android_common")