Sign each APEX with different container certificate Each APEX is signed with different certificate. The test certificate (along with the private key) is com.android.<name>.x509.pem and com.android.<name>.pk8. The files are in the same directory as the APEX is defined and is referenced via android_app_certificate module named com.android.<name>.certificate. The test certificate could then be overridden via PRODUCT_CERTIFICATE_OVERRIDES := <apex_module_name>:<new_cert_module_name> Test: jarsigner -verify -verbose -certs out/target/product/blueline/system/apex/com.android.media.swcodec.apex shows ... X.509, CN=com.android.media.swcodec, OU=Android, O=Android, L=Mountain View, ST=California, C=US Change-Id: I3a967fa640ce77177763b78a34a2df05f70ce60f

commit: 7705791edec14e21ab4ea28d777be4a9dba52284 [log] [tgz]
author: Jiyong Park <jiyong@google.com> Mon Feb 11 12:30:20 2019 +0900
committer: Jiyong Park <jiyong@google.com> Fri Feb 15 11:00:22 2019 +0900
tree: 2a460b666028b46c06616d25b39306a46f8b6a80
parent: 3ef4f718f24fa593638a6001fba6aa4e3cad4374 [diff] [blame]
diff --git a/apex/Android.bp b/apex/Android.bp
index 6e0a908..88b519a 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp

@@ -53,6 +53,7 @@
     ],
     use_vendor: true,
     key: "com.android.media.swcodec.key",
+    certificate: ":com.android.media.swcodec.certificate",
 }
 
 apex_key {
@@ -71,3 +72,8 @@
     name: "com.android.media.certificate",
     certificate: "com.android.media",
 }
+
+android_app_certificate {
+    name: "com.android.media.swcodec.certificate",
+    certificate: "com.android.media.swcodec",
+}
commit	7705791edec14e21ab4ea28d777be4a9dba52284	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Mon Feb 11 12:30:20 2019 +0900
committer	Jiyong Park <jiyong@google.com>	Fri Feb 15 11:00:22 2019 +0900
tree	2a460b666028b46c06616d25b39306a46f8b6a80
parent	3ef4f718f24fa593638a6001fba6aa4e3cad4374 [diff] [blame]