sign_apex --sign_tool

A new argument is a custom signing tool for APEX contents. When
specified, apex_util invokes the tool with payload's key and payload
directory.

For now, the Virt APEX has its own custom signing tool (sign_virt_apex)
to re-sign filesystem images in it.

Bug: 193504286
Test: atest releasetools_test
Test: m sign_apex sign_virt_apex
Test: sign_apex --sign_tool sign_virt_apex --payload_key ..
  --container_key .. resigned.apex
      adb install resigned.apex
      reboot & vm run-app
Change-Id: Ic4d369c2ba42a8295044a0a75e054dc8def93208
diff --git a/tools/releasetools/sign_apex.py b/tools/releasetools/sign_apex.py
index fb947f4..679f57a 100755
--- a/tools/releasetools/sign_apex.py
+++ b/tools/releasetools/sign_apex.py
@@ -39,6 +39,9 @@
   --codename_to_api_level_map Q:29,R:30,...
       A Mapping of codename to api level.  This is useful to provide sdk targeting
       information to APK Signer.
+
+  --sign_tool <sign_tool>
+      Optional flag that specifies a custom signing tool for the contents of the apex.
 """
 
 import logging
@@ -52,7 +55,7 @@
 
 
 def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree,
-                 apk_keys=None, signing_args=None, codename_to_api_level_map=None):
+                 apk_keys=None, signing_args=None, codename_to_api_level_map=None, sign_tool=None):
   """Signs the given apex file."""
   with open(apex_file, 'rb') as input_fp:
     apex_data = input_fp.read()
@@ -66,7 +69,8 @@
       codename_to_api_level_map=codename_to_api_level_map,
       no_hashtree=no_hashtree,
       apk_keys=apk_keys,
-      signing_args=signing_args)
+      signing_args=signing_args,
+      sign_tool=sign_tool)
 
 
 def main(argv):
@@ -100,6 +104,8 @@
         if 'extra_apks' not in options:
           options['extra_apks'] = {}
         options['extra_apks'].update({n: key})
+    elif o == '--sign_tool':
+      options['sign_tool'] = a
     else:
       return False
     return True
@@ -114,6 +120,7 @@
           'payload_extra_args=',
           'payload_key=',
           'extra_apks=',
+          'sign_tool=',
       ],
       extra_option_handler=option_handler)
 
@@ -133,7 +140,8 @@
       apk_keys=options.get('extra_apks', {}),
       signing_args=options.get('payload_extra_args'),
       codename_to_api_level_map=options.get(
-          'codename_to_api_level_map', {}))
+          'codename_to_api_level_map', {}),
+      sign_tool=options['sign_tool'])
   shutil.copyfile(signed_apex, args[1])
   logger.info("done.")