From 1e4cbfaf5c23c8a3be92b747725d18bc31d2d1d6 Mon Sep 17 00:00:00 2001
From: Tao Bao <tbao@google.com>
Date: Fri, 22 Mar 2019 13:15:39 -0700
Subject: [PATCH] releasetools: Fix an issue in handling PRESIGNED APEX keys.

For PRESIGNED APEXes, we should keep carrying the matching public keys
at /system/etc/security/apex.

Bug: 129148142
Test: Run sign_target_files_apks.py on a target_files.zip with presigned
      APEXes. Check the output zip.
Change-Id: I2e941fd9b10e99d2db9df1e5308cbbe8c760177b
(cherry picked from commit bf3fb024cd8ccbf74c0a7fdc8168792f2805089d)
---
 tools/releasetools/sign_target_files_apks.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 75a98fd5d..2a5cd4abf 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -600,7 +600,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
     else:
       common.ZipWriteStr(output_tf_zip, out_info, data)
 
-  # Update APEX payload public keys.
+  # Copy or update APEX payload public keys.
   for info in input_tf_zip.infolist():
     filename = info.filename
     if (os.path.dirname(filename) != 'SYSTEM/etc/security/apex' or
@@ -609,8 +609,10 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
 
     name = os.path.basename(filename)
 
-    # Skip PRESIGNED APEXes.
+    # Copy the keys for PRESIGNED APEXes.
     if name not in updated_apex_payload_keys:
+      data = input_tf_zip.read(filename)
+      common.ZipWriteStr(output_tf_zip, info, data)
       continue
 
     key_path = updated_apex_payload_keys[name]