一. 签名文件路径
由DEFAULT_SYSTEM_DEV_CERTIFICATE决定
在build/core/config.mk可知
ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
else
DEFAULT_SYSTEM_DEV_CERTIFICATE := build/make/target/product/security/testkey
endif
它又由PRODUCT_DEFAULT_DEV_CERTIFICATE决定
我们可以在不同的产品mk中定义PRODUCT_DEFAULT_DEV_CERTIFICATE
比如,device/mediatek/*****/device.mk
PRODUCT_DEFAULT_DEV_CERTIFICATE := vendor/google_mediatek/security/releasekey
二. 签名文件名称
由LOCAL_CERTIFICATE决定
在build/core/package_internal.mk中
# Pick a key to sign the package with. If this package hasn't specified
# an explicit certificate, use the default.
# Secure release builds will have their packages signed after the fact,
# so it's ok for these private keys to be in the clear.
ifeq ($(LOCAL_CERTIFICATE),)
LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
endif
ifeq ($(LOCAL_CERTIFICATE),EXTERNAL)
# The special value "EXTERNAL" means that we will sign it with the
# default devkey, apply predexopt, but then expect the final .apk
# (after dexopting) to be signed by an outside tool.
LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
PACKAGES.$(LOCAL_PACKAGE_NAME).EXTERNAL_KEY := 1
endif
# If this is not an absolute certificate, assign it to a generic one.
ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)
LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)
endif
如果应用的Android.mk中没有定义LOCAL_CERTIFICATE,则调用默认的testkey签名文件
如果定义LOCAL_CERTIFICATE:=platform,则表示使用平台签名,这样的话这个apk就拥有了和system相同的签名,因为系统级别的签名也是使用的platform来签名,此时使用android:sharedUserId="android.uid.system"才有用!
三. 获取apk签名的MD5值
1. 安装好jdk并配好环境
2. cmd中执行命令:keytool -printcert -jarfile xxx.apk