APEXs can be signed with different keys

The name of the key used to sign an APEX is recorded in the vb metadata structure. When verifying the APEX, the name is retrived to find the corresponding public key from the /system/etc/security/apex directory. Bug: 115721587 Test: m apex.test; m /apex/com.android.example.apex@1 exists Change-Id: I55a1695483515a8f4ac7d593d11675d9dd340b36
author: Jiyong Park <jiyong@google.com> 2018-10-12 21:58:18 +0900
committer: Jiyong Park <jiyong@google.com> 2018-10-19 12:20:00 +0900
commit: c791f05b7179cc0fac8459cf62e7c9ac09c44408 (patch)
tree: 2c903761dc57f93951c4c957d9e9688facc65e3c /apexer/apexer.py
parent: e66772f9fc86778dfd882ca939c6f138544b27d8 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/apexer/apexer.py b/apexer/apexer.py
index fb0218c..636fd6f 100644
--- a/apexer/apexer.py
+++ b/apexer/apexer.py
@@ -228,6 +228,7 @@ def CreateApex(args, work_dir):
   cmd.append('--do_not_generate_fec')
   cmd.extend(['--algorithm', 'SHA256_RSA4096'])
   cmd.extend(['--key', args.key])
+  cmd.extend(['--prop', "apex.key:" + os.path.basename(os.path.splitext(args.key)[0])])
   cmd.extend(['--image', img_file])
   RunCommand(cmd, args.verbose)
author	Jiyong Park <jiyong@google.com>	2018-10-12 21:58:18 +0900
committer	Jiyong Park <jiyong@google.com>	2018-10-19 12:20:00 +0900
commit	c791f05b7179cc0fac8459cf62e7c9ac09c44408 (patch)
tree	2c903761dc57f93951c4c957d9e9688facc65e3c /apexer/apexer.py
parent	e66772f9fc86778dfd882ca939c6f138544b27d8 (diff)