diff --git a/bundle.json b/bundle.json index 39019e5e34bd39b0334760e035608b5c8d8ae956..92e1ec868a0ba94f8ab9c45da7ca3190fcf872ee 100644 --- a/bundle.json +++ b/bundle.json @@ -20,7 +20,8 @@ "code_signature_support_oh_code_sign", "code_signature_enable_xpm_mode", "code_signature_support_oh_release_app", - "code_signature_support_app_allow_list" + "code_signature_support_app_allow_list", + "code_signature_support_local_debugger" ], "adapted_system_type": [ "standard" ], "rom": "1024KB", diff --git a/code_signature.gni b/code_signature.gni index 261f38a81c6b86590beb4b85611bc260c3157a83..b8466b701b6bf6de0365443b1bf8618a857607d1 100644 --- a/code_signature.gni +++ b/code_signature.gni @@ -26,6 +26,7 @@ declare_args() { code_signature_support_oh_release_app = false code_signature_support_app_allow_list = false code_signature_screenlock_mgr_enable = false + code_signature_support_local_debugger = false if (defined(global_parts_info) && defined(global_parts_info.theme_screenlock_mgr)) { code_signature_screenlock_mgr_enable = true diff --git a/services/key_enable/BUILD.gn b/services/key_enable/BUILD.gn index 03629e708f5a4542b72d9abbb0a82fb60cd5bf59..fe1dd29903914faf3a6d4e75b00a899a352d1517 100644 --- a/services/key_enable/BUILD.gn +++ b/services/key_enable/BUILD.gn @@ -50,6 +50,11 @@ ohos_rust_executable("key_enable") { } else { rustenv += [ "support_openharmony_ca=off" ] } + if (code_signature_support_local_debugger) { + rustenv += [ "support_local_debugger=on" ] + } else { + rustenv += [ "support_local_debugger=off" ] + } crate_name = "key_enable" crate_type = "bin" subsystem_name = "security" @@ -81,6 +86,11 @@ ohos_rust_shared_ffi("key_enable_lib") { } else { rustenv += [ "support_openharmony_ca=off" ] } + if (code_signature_support_local_debugger) { + rustenv += [ "support_local_debugger=on" ] + } else { + rustenv += [ "support_local_debugger=off" ] + } crate_name = "key_enable" subsystem_name = "security" part_name = "code_signature" diff --git a/services/key_enable/src/cert_path_utils.rs b/services/key_enable/src/cert_path_utils.rs index ff73a24955136594ec08b1578dffec26fc573a47..62693cf8ffac02b1384df163b833dc9ab790a10f 100644 --- a/services/key_enable/src/cert_path_utils.rs +++ b/services/key_enable/src/cert_path_utils.rs @@ -160,7 +160,8 @@ impl TrustCertPath { /// add signing cert paths to kernel pub fn add_cert_paths(&self) -> Result<(), CertPathError> { for cert_path in &self.app_sources { - if !unsafe { IsDeveloperModeOn() } && &cert_path.mode == "Dev" { + if env!("support_local_debugger") != "on" + && !unsafe { IsDeveloperModeOn() } && &cert_path.mode == "Dev" { continue; } if !cert_path.subject.is_empty() diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index ee2890dea26c6ee1a8b9ce61f5442cdb0e3d7d5b..d543e626998c553d9d08fafc2d98accd521a2e23 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -301,6 +301,11 @@ ohos_rust_static_library("rust_key_enable_lib") { } else { rustenv += [ "support_openharmony_ca=off" ] } + if (code_signature_support_local_debugger) { + rustenv += [ "support_local_debugger=on" ] + } else { + rustenv += [ "support_local_debugger=off" ] + } crate_name = "key_enable" crate_type = "rlib" subsystem_name = "security"