Merge "Revert "Merge "Adding sepolicy sign params to sign_target_files_apks."... (729fa46e) · Commits · e / os / android_build

tools/releasetools/common.py

+0 −1

Original line number	Original line	Diff line number	Diff line
	@@ -97,7 +97,6 @@ class Options(object):
	self.stash_threshold = 0.8		self.stash_threshold = 0.8
	self.logfile = None		self.logfile = None
	self.host_tools = {}		self.host_tools = {}
	self.sepolicy_name = 'sepolicy.apex'


	OPTIONS = Options()		OPTIONS = Options()

tools/releasetools/sign_apex.py

+1 −2

Original line number	Original line	Diff line number	Diff line
	@@ -61,7 +61,6 @@ import apex_utils
	import common		import common

	logger = logging.getLogger(__name__)		logger = logging.getLogger(__name__)
	OPTIONS = common.OPTIONS


	def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree,		def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree,
	@@ -82,7 +81,7 @@ def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree,
	apk_keys=apk_keys,		apk_keys=apk_keys,
	signing_args=signing_args,		signing_args=signing_args,
	sign_tool=sign_tool,		sign_tool=sign_tool,
	is_sepolicy=apex_file.endswith(OPTIONS.sepolicy_name),		is_sepolicy=apex_file.endswith("sepolicy.apex"),
	sepolicy_key=sepolicy_key,		sepolicy_key=sepolicy_key,
	sepolicy_cert=sepolicy_cert,		sepolicy_cert=sepolicy_cert,
	fsverity_tool=fsverity_tool)		fsverity_tool=fsverity_tool)

tools/releasetools/sign_target_files_apks.py

+10 −80

Original line number	Original line	Diff line number	Diff line
	@@ -137,15 +137,6 @@ Usage: sign_target_files_apks [flags] input_target_files output_target_files
	--android_jar_path <path>		--android_jar_path <path>
	Path to the android.jar to repack the apex file.		Path to the android.jar to repack the apex file.

	--sepolicy_key <key>
	Optional flag that specifies the sepolicy signing key, defaults to payload_key for the sepolicy.apex.

	--sepolicy_cert <cert>
	Optional flag that specifies the sepolicy signing cert.

	--fsverity_tool <path>
	Optional flag that specifies the path to fsverity tool to sign SEPolicy, defaults to fsverity.

	--allow_gsi_debug_sepolicy		--allow_gsi_debug_sepolicy
	Allow the existence of the file 'userdebug_plat_sepolicy.cil' under		Allow the existence of the file 'userdebug_plat_sepolicy.cil' under
	(/system/system_ext\|/system_ext)/etc/selinux.		(/system/system_ext\|/system_ext)/etc/selinux.
	@@ -205,9 +196,6 @@ OPTIONS.gki_signing_extra_args = None
	OPTIONS.android_jar_path = None		OPTIONS.android_jar_path = None
	OPTIONS.vendor_partitions = set()		OPTIONS.vendor_partitions = set()
	OPTIONS.vendor_otatools = None		OPTIONS.vendor_otatools = None
	OPTIONS.sepolicy_key = None
	OPTIONS.sepolicy_cert = None
	OPTIONS.fsverity_tool = None
	OPTIONS.allow_gsi_debug_sepolicy = False		OPTIONS.allow_gsi_debug_sepolicy = False


	@@ -247,8 +235,6 @@ ALLOWED_VENDOR_PARTITIONS = set(["vendor", "odm"])
	def IsApexFile(filename):		def IsApexFile(filename):
	return filename.endswith(".apex") or filename.endswith(".capex")		return filename.endswith(".apex") or filename.endswith(".capex")

	def IsSepolicyApex(filename):
	return filename.endswith(OPTIONS.sepolicy_name)

	def GetApexFilename(filename):		def GetApexFilename(filename):
	name = os.path.basename(filename)		name = os.path.basename(filename)
	@@ -271,24 +257,6 @@ def GetApkCerts(certmap):

	return certmap		return certmap

	def GetSepolicyKeys(keys_info):
	"""Gets SEPolicy signing keys applying overrides from command line options.

	Args:
	keys_info: A dict that maps from the SEPolicy APEX filename to a tuple of
	(sepolicy_key, sepolicy_cert, fsverity_tool).

	Returns:
	A dict that contains the updated APEX key mapping, which should be used for
	the current signing.
	"""
	for name in keys_info:
	(sepolicy_key, sepolicy_cert, fsverity_tool) = keys_info[name]
	sepolicy_key = OPTIONS.sepolicy_key if OPTIONS.sepolicy_key else sepolicy_key
	sepolicy_cert = OPTIONS.sepolicy_cert if OPTIONS.sepolicy_cert else sepolicy_cert
	fsverity_tool = OPTIONS.fsverity_tool if OPTIONS.fsverity_tool else fsverity_tool
	keys_info[name] = (sepolicy_key, sepolicy_cert, fsverity_tool)
	return keys_info

	def GetApexKeys(keys_info, key_map):		def GetApexKeys(keys_info, key_map):
	"""Gets APEX payload and container signing keys by applying the mapping rules.		"""Gets APEX payload and container signing keys by applying the mapping rules.
	@@ -551,7 +519,7 @@ def IsBuildPropFile(filename):
	def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,		def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
	apk_keys, apex_keys, key_passwords,		apk_keys, apex_keys, key_passwords,
	platform_api_level, codename_to_api_level_map,		platform_api_level, codename_to_api_level_map,
	compressed_extension, sepolicy_keys):		compressed_extension):
	# maxsize measures the maximum filename length, including the ones to be		# maxsize measures the maximum filename length, including the ones to be
	# skipped.		# skipped.
	try:		try:
	@@ -619,17 +587,6 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
	print(" : %-*s payload (%s)" % (		print(" : %-*s payload (%s)" % (
	maxsize, name, payload_key))		maxsize, name, payload_key))

	sepolicy_key = None
	sepolicy_cert = None
	fsverity_tool = None

	if IsSepolicyApex(name):
	(sepolicy_key, sepolicy_cert, fsverity_tool) = sepolicy_keys[name]
	print(" : %-*s sepolicy key (%s)" % (
	maxsize, name, sepolicy_key))
	print(" : %-*s sepolicy cert (%s)" % (
	maxsize, name, sepolicy_cert))

	signed_apex = apex_utils.SignApex(		signed_apex = apex_utils.SignApex(
	misc_info['avb_avbtool'],		misc_info['avb_avbtool'],
	data,		data,
	@@ -640,11 +597,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
	codename_to_api_level_map,		codename_to_api_level_map,
	no_hashtree=None, # Let apex_util determine if hash tree is needed		no_hashtree=None, # Let apex_util determine if hash tree is needed
	signing_args=OPTIONS.avb_extra_args.get('apex'),		signing_args=OPTIONS.avb_extra_args.get('apex'),
	sign_tool=sign_tool,		sign_tool=sign_tool)
	is_sepolicy=IsSepolicyApex(name),
	sepolicy_key=sepolicy_key,
	sepolicy_cert=sepolicy_cert,
	fsverity_tool=fsverity_tool)
	common.ZipWrite(output_tf_zip, signed_apex, filename)		common.ZipWrite(output_tf_zip, signed_apex, filename)

	else:		else:
	@@ -1254,24 +1207,20 @@ def GetCodenameToApiLevelMap(input_tf_zip):
	def ReadApexKeysInfo(tf_zip):		def ReadApexKeysInfo(tf_zip):
	"""Parses the APEX keys info from a given target-files zip.		"""Parses the APEX keys info from a given target-files zip.

	Given a target-files ZipFile, parses the META/apexkeys.txt entry and returns		Given a target-files ZipFile, parses the META/apexkeys.txt entry and returns a
	two dicts, the first one contains the mapping from APEX names		dict that contains the mapping from APEX names (e.g. com.android.tzdata) to a
	(e.g. com.android.tzdata) to a tuple of (payload_key, container_key,		tuple of (payload_key, container_key, sign_tool).
	sign_tool). The second one maps the sepolicy APEX name to a tuple containing
	(sepolicy_key, sepolicy_cert, fsverity_tool).

	Args:		Args:
	tf_zip: The input target_files ZipFile (already open).		tf_zip: The input target_files ZipFile (already open).

	Returns:		Returns:
	name : (payload_key, container_key, sign_tool)		(payload_key, container_key, sign_tool):
	- payload_key contains the path to the payload signing key		- payload_key contains the path to the payload signing key
	- container_key contains the path to the container signing key		- container_key contains the path to the container signing key
	- sign_tool is an apex-specific signing tool for its payload contents		- sign_tool is an apex-specific signing tool for its payload contents
	name : (sepolicy_key, sepolicy_cert, fsverity_tool)
	"""		"""
	keys = {}		keys = {}
	sepolicy_keys = {}
	for line in tf_zip.read('META/apexkeys.txt').decode().split('\n'):		for line in tf_zip.read('META/apexkeys.txt').decode().split('\n'):
	line = line.strip()		line = line.strip()
	if not line:		if not line:
	@@ -1282,9 +1231,6 @@ def ReadApexKeysInfo(tf_zip):
	r'private_key="(?P<PAYLOAD_PRIVATE_KEY>.*)"\s+'		r'private_key="(?P<PAYLOAD_PRIVATE_KEY>.*)"\s+'
	r'container_certificate="(?P<CONTAINER_CERT>.*)"\s+'		r'container_certificate="(?P<CONTAINER_CERT>.*)"\s+'
	r'container_private_key="(?P<CONTAINER_PRIVATE_KEY>.*?)"'		r'container_private_key="(?P<CONTAINER_PRIVATE_KEY>.*?)"'
	r'(\s+sepolicy_key="(?P<SEPOLICY_KEY>.*?)")?'
	r'(\s+sepolicy_certificate="(?P<SEPOLICY_CERT>.*?)")?'
	r'(\s+fsverity_tool="(?P<FSVERITY_TOOL>.*?)")?'
	r'(\s+partition="(?P<PARTITION>.*?)")?'		r'(\s+partition="(?P<PARTITION>.*?)")?'
	r'(\s+sign_tool="(?P<SIGN_TOOL>.*?)")?$',		r'(\s+sign_tool="(?P<SIGN_TOOL>.*?)")?$',
	line)		line)
	@@ -1313,18 +1259,12 @@ def ReadApexKeysInfo(tf_zip):
	container_private_key, OPTIONS.private_key_suffix):		container_private_key, OPTIONS.private_key_suffix):
	container_key = container_cert[:-len(OPTIONS.public_key_suffix)]		container_key = container_cert[:-len(OPTIONS.public_key_suffix)]
	else:		else:
	raise ValueError("Failed to parse container keys: \n{} **** {}".format(container_cert, container_private_key))		raise ValueError("Failed to parse container keys: \n{}".format(line))

	sign_tool = matches.group("SIGN_TOOL")		sign_tool = matches.group("SIGN_TOOL")
	keys[name] = (payload_private_key, container_key, sign_tool)		keys[name] = (payload_private_key, container_key, sign_tool)

	if IsSepolicyApex(name):		return keys
	sepolicy_key = matches.group('SEPOLICY_KEY')
	sepolicy_cert = matches.group('SEPOLICY_CERT')
	fsverity_tool = matches.group('FSVERITY_TOOL')
	sepolicy_keys[name] = (sepolicy_key, sepolicy_cert, fsverity_tool)

	return keys, sepolicy_keys


	def BuildVendorPartitions(output_zip_path):		def BuildVendorPartitions(output_zip_path):
	@@ -1541,12 +1481,6 @@ def main(argv):
	OPTIONS.vendor_otatools = a		OPTIONS.vendor_otatools = a
	elif o == "--vendor_partitions":		elif o == "--vendor_partitions":
	OPTIONS.vendor_partitions = set(a.split(","))		OPTIONS.vendor_partitions = set(a.split(","))
	elif o == '--sepolicy_key':
	OPTIONS.sepolicy_key = a
	elif o == '--sepolicy_cert':
	OPTIONS.sepolicy_cert = a
	elif o == '--fsverity_tool':
	OPTIONS.fsverity_tool = a
	elif o == "--allow_gsi_debug_sepolicy":		elif o == "--allow_gsi_debug_sepolicy":
	OPTIONS.allow_gsi_debug_sepolicy = True		OPTIONS.allow_gsi_debug_sepolicy = True
	else:		else:
	@@ -1601,9 +1535,6 @@ def main(argv):
	"gki_signing_extra_args=",		"gki_signing_extra_args=",
	"vendor_partitions=",		"vendor_partitions=",
	"vendor_otatools=",		"vendor_otatools=",
	"sepolicy_key=",
	"sepolicy_cert=",
	"fsverity_tool=",
	"allow_gsi_debug_sepolicy",		"allow_gsi_debug_sepolicy",
	],		],
	extra_option_handler=option_handler)		extra_option_handler=option_handler)
	@@ -1626,9 +1557,8 @@ def main(argv):
	apk_keys_info, compressed_extension = common.ReadApkCerts(input_zip)		apk_keys_info, compressed_extension = common.ReadApkCerts(input_zip)
	apk_keys = GetApkCerts(apk_keys_info)		apk_keys = GetApkCerts(apk_keys_info)

	apex_keys_info, sepolicy_keys_info = ReadApexKeysInfo(input_zip)		apex_keys_info = ReadApexKeysInfo(input_zip)
	apex_keys = GetApexKeys(apex_keys_info, apk_keys)		apex_keys = GetApexKeys(apex_keys_info, apk_keys)
	sepolicy_keys = GetSepolicyKeys(sepolicy_keys_info)

	# TODO(xunchang) check for the apks inside the apex files, and abort early if		# TODO(xunchang) check for the apks inside the apex files, and abort early if
	# the keys are not available.		# the keys are not available.
	@@ -1646,7 +1576,7 @@ def main(argv):
	ProcessTargetFiles(input_zip, output_zip, misc_info,		ProcessTargetFiles(input_zip, output_zip, misc_info,
	apk_keys, apex_keys, key_passwords,		apk_keys, apex_keys, key_passwords,
	platform_api_level, codename_to_api_level_map,		platform_api_level, codename_to_api_level_map,
	compressed_extension, sepolicy_keys)		compressed_extension)

	common.ZipClose(input_zip)		common.ZipClose(input_zip)
	common.ZipClose(output_zip)		common.ZipClose(output_zip)

tools/releasetools/test_sign_target_files_apks.py

+5 −75

Original line number	Original line	Diff line number	Diff line
	@@ -476,7 +476,7 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
	target_files_zip.writestr('META/apexkeys.txt', self.APEX_KEYS_TXT)		target_files_zip.writestr('META/apexkeys.txt', self.APEX_KEYS_TXT)

	with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:		with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
	keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)		keys_info = ReadApexKeysInfo(target_files_zip)

	self.assertEqual({		self.assertEqual({
	'apex.apexd_test.apex': (		'apex.apexd_test.apex': (
	@@ -486,7 +486,6 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
	'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',		'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
	'build/make/target/product/security/testkey', None),		'build/make/target/product/security/testkey', None),
	}, keys_info)		}, keys_info)
	self.assertEqual({}, sepolicy_keys_info)

	def test_ReadApexKeysInfo_mismatchingContainerKeys(self):		def test_ReadApexKeysInfo_mismatchingContainerKeys(self):
	# Mismatching payload public / private keys.		# Mismatching payload public / private keys.
	@@ -516,7 +515,7 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
	target_files_zip.writestr('META/apexkeys.txt', apex_keys)		target_files_zip.writestr('META/apexkeys.txt', apex_keys)

	with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:		with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
	keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)		keys_info = ReadApexKeysInfo(target_files_zip)

	self.assertEqual({		self.assertEqual({
	'apex.apexd_test.apex': (		'apex.apexd_test.apex': (
	@@ -526,7 +525,6 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
	'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',		'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
	'build/make/target/product/security/testkey', None),		'build/make/target/product/security/testkey', None),
	}, keys_info)		}, keys_info)
	self.assertEqual({}, sepolicy_keys_info)

	def test_ReadApexKeysInfo_missingPayloadPublicKey(self):		def test_ReadApexKeysInfo_missingPayloadPublicKey(self):
	# Invalid lines will be skipped.		# Invalid lines will be skipped.
	@@ -540,7 +538,7 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
	target_files_zip.writestr('META/apexkeys.txt', apex_keys)		target_files_zip.writestr('META/apexkeys.txt', apex_keys)

	with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:		with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
	keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)		keys_info = ReadApexKeysInfo(target_files_zip)

	self.assertEqual({		self.assertEqual({
	'apex.apexd_test.apex': (		'apex.apexd_test.apex': (
	@@ -550,7 +548,6 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
	'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',		'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
	'build/make/target/product/security/testkey', None),		'build/make/target/product/security/testkey', None),
	}, keys_info)		}, keys_info)
	self.assertEqual({}, sepolicy_keys_info)

	def test_ReadApexKeysInfo_presignedKeys(self):		def test_ReadApexKeysInfo_presignedKeys(self):
	apex_keys = self.APEX_KEYS_TXT + (		apex_keys = self.APEX_KEYS_TXT + (
	@@ -564,7 +561,7 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
	target_files_zip.writestr('META/apexkeys.txt', apex_keys)		target_files_zip.writestr('META/apexkeys.txt', apex_keys)

	with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:		with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
	keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)		keys_info = ReadApexKeysInfo(target_files_zip)

	self.assertEqual({		self.assertEqual({
	'apex.apexd_test.apex': (		'apex.apexd_test.apex': (
	@@ -574,7 +571,6 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
	'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',		'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
	'build/make/target/product/security/testkey', None),		'build/make/target/product/security/testkey', None),
	}, keys_info)		}, keys_info)
	self.assertEqual({}, sepolicy_keys_info)

	def test_ReadApexKeysInfo_presignedKeys(self):		def test_ReadApexKeysInfo_presignedKeys(self):
	apex_keys = self.APEX_KEYS_TXT + (		apex_keys = self.APEX_KEYS_TXT + (
	@@ -588,7 +584,7 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
	target_files_zip.writestr('META/apexkeys.txt', apex_keys)		target_files_zip.writestr('META/apexkeys.txt', apex_keys)

	with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:		with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
	keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)		keys_info = ReadApexKeysInfo(target_files_zip)

	self.assertEqual({		self.assertEqual({
	'apex.apexd_test.apex': (		'apex.apexd_test.apex': (
	@@ -598,72 +594,6 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
	'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',		'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
	'build/make/target/product/security/testkey', None),		'build/make/target/product/security/testkey', None),
	}, keys_info)		}, keys_info)
	self.assertEqual({}, sepolicy_keys_info)

	def test_ReadApexKeysInfo_withSepolicyKeys(self):
	apex_keys = self.APEX_KEYS_TXT + (
	'name="sepolicy.apex" '
	'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
	'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
	'container_certificate="build/make/target/product/security/testkey.x509.pem" '
	'container_private_key="build/make/target/product/security/testkey.pk8" '
	'sepolicy_key="build/make/target/product/security/testkey.key" '
	'sepolicy_certificate="build/make/target/product/security/testkey.x509.pem" '
	'fsverity_tool="fsverity"')
	target_files = common.MakeTempFile(suffix='.zip')
	with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
	target_files_zip.writestr('META/apexkeys.txt', apex_keys)

	with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
	keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)

	self.assertEqual({
	'apex.apexd_test.apex': (
	'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
	'build/make/target/product/security/testkey', None),
	'apex.apexd_test_different_app.apex': (
	'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
	'build/make/target/product/security/testkey', None),
	'sepolicy.apex': (
	'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
	'build/make/target/product/security/testkey', None),
	}, keys_info)
	self.assertEqual({'sepolicy.apex': (
	'build/make/target/product/security/testkey.key',
	'build/make/target/product/security/testkey.x509.pem',
	'fsverity'),
	}, sepolicy_keys_info)

	def test_ReadApexKeysInfo_withSepolicyApex(self):
	apex_keys = self.APEX_KEYS_TXT + (
	'name="sepolicy.apex" '
	'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
	'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
	'container_certificate="build/make/target/product/security/testkey.x509.pem" '
	'container_private_key="build/make/target/product/security/testkey.pk8" ')
	target_files = common.MakeTempFile(suffix='.zip')
	with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
	target_files_zip.writestr('META/apexkeys.txt', apex_keys)

	with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
	keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)

	self.assertEqual({
	'apex.apexd_test.apex': (
	'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
	'build/make/target/product/security/testkey', None),
	'apex.apexd_test_different_app.apex': (
	'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
	'build/make/target/product/security/testkey', None),
	'sepolicy.apex': (
	'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
	'build/make/target/product/security/testkey', None),
	}, keys_info)
	self.assertEqual({'sepolicy.apex': (
	None,
	None,
	None),
	}, sepolicy_keys_info)

	def test_ReplaceGkiSigningKey(self):		def test_ReplaceGkiSigningKey(self):
	common.OPTIONS.gki_signing_key = 'release_gki_key'		common.OPTIONS.gki_signing_key = 'release_gki_key'