sign_target_files_apks

./build/tools/releasetools/sign_target_files_apks -d vendor/<vendor_name>/security/<product_name> <product_name>-target_files.zip signed-target-files.zip

If you have prebuilt and pre-signed apk's in your build that you don't want re-signed, you must explicitly ignore them by adding 

-e Foo.apk= 

to the command line for each apk you wish to ignore.

对apk手工签名：
signapk编译结束后在 android目录下/out/host/linux-x86/framework/signapk.jar
使用方法：java -jar signapk.jar platform.x509.pem platform.pk8 test.apk test_signed.apk
上面的signapk.jar platform.x509.pem platform.pk8都要用绝对路径，否则会报错找不到文件。

Reference:

  Creating Release Keys and Signing Builds

   Signing Your Applications