From fc7fe9358cd21bcd895627e7113d52617eb0c3f4 Mon Sep 17 00:00:00 2001
From: Remi NGUYEN VAN <reminv@google.com>
Date: Wed, 15 May 2019 16:14:51 +0900
Subject: [PATCH] Add build targets for non-mainline NetworkStack

Add PlatformCaptivePortalLogin and PlatformNetworkPermissionConfig build
targets to override CaptivePortalLogin and NetworkPermissionConfig with
platform-key-signed packages easily. The added packages are unused by
default but can simplify setup for OEMs that use InProcessNetworkStack.

Bug: 132635211
Test: Added the new packages to sailfish build, built image: device has
      the proper packages signed with the right keys, networking and
      captive portal working fine.

(clean cherry-pick from qt-dev)
Change-Id: Id7590c7d10958467e900fd32a70de53398f18721
Merged-In: I09656deb6ba928f56b478adebb60268fa6f484b0
---
 packages/CaptivePortalLogin/Android.bp      | 20 +++++++++++++++++---
 packages/NetworkPermissionConfig/Android.bp | 21 +++++++++++++++++----
 packages/NetworkStack/Android.bp            |  6 ++++--
 3 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/packages/CaptivePortalLogin/Android.bp b/packages/CaptivePortalLogin/Android.bp
index 732acca6094fd..c9183f6c1dd70 100644
--- a/packages/CaptivePortalLogin/Android.bp
+++ b/packages/CaptivePortalLogin/Android.bp
@@ -14,12 +14,11 @@
 // limitations under the License.
 //
 
-android_app {
-    name: "CaptivePortalLogin",
+java_defaults {
+    name: "CaptivePortalLoginDefaults",
     srcs: ["src/**/*.java"],
     sdk_version: "system_current",
     min_sdk_version: "28",
-    certificate: "networkstack",
     static_libs: [
         "android-support-v4",
         "metrics-constants-protos",
@@ -27,3 +26,18 @@ android_app {
     ],
     manifest: "AndroidManifest.xml",
 }
+
+android_app {
+    name: "CaptivePortalLogin",
+    defaults: ["CaptivePortalLoginDefaults"],
+    certificate: "networkstack",
+}
+
+// Alternative CaptivePortalLogin signed with the platform cert, to use
+// with InProcessNetworkStack.
+android_app {
+    name: "PlatformCaptivePortalLogin",
+    defaults: ["CaptivePortalLoginDefaults"],
+    certificate: "platform",
+    overrides: ["CaptivePortalLogin"],
+}
diff --git a/packages/NetworkPermissionConfig/Android.bp b/packages/NetworkPermissionConfig/Android.bp
index d0d3276c0e32d..6e50459a1dd38 100644
--- a/packages/NetworkPermissionConfig/Android.bp
+++ b/packages/NetworkPermissionConfig/Android.bp
@@ -14,15 +14,28 @@
 // limitations under the License.
 //
 
-// Stub APK to define permissions for NetworkStack
-android_app {
-    name: "NetworkPermissionConfig",
+java_defaults {
+    name: "NetworkPermissionConfigDefaults",
     // TODO: mark app as hasCode=false in manifest once soong stops complaining about apps without
     // a classes.dex.
     srcs: ["src/**/*.java"],
     platform_apis: true,
     min_sdk_version: "28",
-    certificate: "networkstack",
     privileged: true,
     manifest: "AndroidManifest.xml",
 }
+
+// Stub APK to define permissions for NetworkStack
+android_app {
+    name: "NetworkPermissionConfig",
+    defaults: ["NetworkPermissionConfigDefaults"],
+    certificate: "networkstack",
+}
+
+// Alternative stub APK signed with platform certificate. To use with InProcessNetworkStack.
+android_app {
+    name: "PlatformNetworkPermissionConfig",
+    defaults: ["NetworkPermissionConfigDefaults"],
+    certificate: "platform",
+    overrides: ["NetworkPermissionConfig"],
+}
diff --git a/packages/NetworkStack/Android.bp b/packages/NetworkStack/Android.bp
index 64718da8333b6..e15526a571f5e 100644
--- a/packages/NetworkStack/Android.bp
+++ b/packages/NetworkStack/Android.bp
@@ -98,8 +98,6 @@ java_defaults {
     optimize: {
         proguard_flags_files: ["proguard.flags"],
     },
-    // The permission configuration *must* be included to ensure security of the device
-    required: ["NetworkPermissionConfig"],
 }
 
 // Non-updatable network stack running in the system server process for devices not using the module
@@ -110,6 +108,8 @@ android_app {
     manifest: "AndroidManifest_InProcess.xml",
     // InProcessNetworkStack is a replacement for NetworkStack
     overrides: ["NetworkStack"],
+    // The permission configuration *must* be included to ensure security of the device
+    required: ["PlatformNetworkPermissionConfig"],
 }
 
 // Updatable network stack packaged as an application
@@ -119,6 +119,8 @@ android_app {
     certificate: "networkstack",
     manifest: "AndroidManifest.xml",
     use_embedded_native_libs: true,
+    // The permission configuration *must* be included to ensure security of the device
+    required: ["NetworkPermissionConfig"],
 }
 
 genrule {