Support removing AVB public keys

AVB public keys might be installed into the first-stage ramdisk.
This CL supports removing some AVB keys during the signing process,
which can be useful when a key needs to be revoked.

Also correcting the path of force_debuggable detection.

Bug: 150109393
Test: make dist
Test: ./build/tools/releasetools/sign_target_files_apks \
      --remove_avb_public_keys key1.avbpubkey,key2.avbpubkey \
      out/dist/*-target_files-*.zip signed-target_files.zip
Change-Id: I1af95adbbec655f40121f3392965dd1950aca4e5

tools/releasetools/sign_target_files_apks.py

@@ -91,6 +91,14 @@ Usage:  sign_target_files_apks [flags] input_target_files output_target_files
       Replace the veritykeyid in BOOT/cmdline of input_target_file_zip
       with keyid of the cert pointed by <path_to_X509_PEM_cert_file>.
 
+  --remove_avb_public_keys <key1>,<key2>,...
+      Remove AVB public keys from the first-stage ramdisk. The key file to
+      remove is located at either of the following dirs:
+        - BOOT/RAMDISK/avb/ or
+        - BOOT/RAMDISK/first_stage_ramdisk/avb/
+      The second dir will be used for lookup if BOARD_USES_RECOVERY_AS_BOOT is
+      set to true.
+
   --avb_{boot,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
          vbmeta_vendor}_algorithm <algorithm>
   --avb_{boot,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
@@ -150,6 +158,7 @@ OPTIONS.replace_ota_keys = False
 OPTIONS.replace_verity_public_key = False
 OPTIONS.replace_verity_private_key = False
 OPTIONS.replace_verity_keyid = False
+OPTIONS.remove_avb_public_keys = None
 OPTIONS.tag_changes = ("-test-keys", "-dev-keys", "+release-keys")
 OPTIONS.avb_keys = {}
 OPTIONS.avb_algorithms = {}
@@ -585,6 +594,18 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
           filename in ("BOOT/RAMDISK/verity_key",
                        "ROOT/verity_key")):
       pass
+    elif (OPTIONS.remove_avb_public_keys and
+          (filename.startswith("BOOT/RAMDISK/avb/") or
+           filename.startswith("BOOT/RAMDISK/first_stage_ramdisk/avb/"))):
+        matched_removal = False
+        for key_to_remove in OPTIONS.remove_avb_public_keys:
+          if filename.endswith(key_to_remove):
+            matched_removal = True
+            print("Removing AVB public key from ramdisk: %s" % filename)
+            break
+        if not matched_removal:
+          # Copy it verbatim if we don't want to remove it.
+          common.ZipWriteStr(output_tf_zip, out_info, data)
 
     # Skip verity keyid (for system_root_image use) if we will replace it.
     elif OPTIONS.replace_verity_keyid and filename == "BOOT/cmdline":
@@ -610,8 +631,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
     # Should NOT sign boot-debug.img.
     elif filename in (
         "BOOT/RAMDISK/force_debuggable",
-        "RECOVERY/RAMDISK/force_debuggable"
+        "BOOT/RAMDISK/first_stage_ramdisk/force_debuggable"):
-        "RECOVERY/RAMDISK/first_stage_ramdisk/force_debuggable"):
       raise common.ExternalError("debuggable boot.img cannot be signed")
 
     # A non-APK file; copy it verbatim.
@@ -1135,6 +1155,8 @@ def main(argv):
       OPTIONS.replace_verity_private_key = (True, a)
     elif o == "--replace_verity_keyid":
       OPTIONS.replace_verity_keyid = (True, a)
+    elif o == "--remove_avb_public_keys":
+      OPTIONS.remove_avb_public_keys = a.split(",")
     elif o == "--avb_vbmeta_key":
       OPTIONS.avb_keys['vbmeta'] = a
     elif o == "--avb_vbmeta_algorithm":
@@ -1203,6 +1225,7 @@ def main(argv):
           "replace_verity_public_key=",
           "replace_verity_private_key=",
           "replace_verity_keyid=",
+          "remove_avb_public_keys=",
           "avb_apex_extra_args=",
           "avb_vbmeta_algorithm=",
           "avb_vbmeta_key=",