releasetools: Fix an issue in handling PRESIGNED APEX keys. For PRESIGNED APEXes, we should keep carrying the matching public keys at /system/etc/security/apex. Bug: 129148142 Test: Run sign_target_files_apks.py on a target_files.zip with presigned APEXes. Check the output zip. Change-Id: I2e941fd9b10e99d2db9df1e5308cbbe8c760177b (cherry picked from commit bf3fb024cd8ccbf74c0a7fdc8168792f2805089d)

commit: 1e4cbfaf5c23c8a3be92b747725d18bc31d2d1d6 [log] [tgz]
author: Tao Bao <tbao@google.com> Fri Mar 22 13:15:39 2019 -0700
committer: Tao Bao <tbao@google.com> Fri Mar 22 14:11:24 2019 -0700
tree: 6724d56b28c6c1728cf1db111b8a4e22e2f44c55
parent: c62b9a2347718f8cc86d28fe3a4e94d1a11ca98d [diff] [blame]
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 75a98fd..2a5cd4a 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py

@@ -600,7 +600,7 @@
     else:
       common.ZipWriteStr(output_tf_zip, out_info, data)
 
-  # Update APEX payload public keys.
+  # Copy or update APEX payload public keys.
   for info in input_tf_zip.infolist():
     filename = info.filename
     if (os.path.dirname(filename) != 'SYSTEM/etc/security/apex' or
@@ -609,8 +609,10 @@
 
     name = os.path.basename(filename)
 
-    # Skip PRESIGNED APEXes.
+    # Copy the keys for PRESIGNED APEXes.
     if name not in updated_apex_payload_keys:
+      data = input_tf_zip.read(filename)
+      common.ZipWriteStr(output_tf_zip, info, data)
       continue
 
     key_path = updated_apex_payload_keys[name]
commit	1e4cbfaf5c23c8a3be92b747725d18bc31d2d1d6	[log] [tgz]
author	Tao Bao <tbao@google.com>	Fri Mar 22 13:15:39 2019 -0700
committer	Tao Bao <tbao@google.com>	Fri Mar 22 14:11:24 2019 -0700
tree	6724d56b28c6c1728cf1db111b8a4e22e2f44c55
parent	c62b9a2347718f8cc86d28fe3a4e94d1a11ca98d [diff] [blame]