LineageOS/android_development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "privapp_permissions: Check product privapp_permissions" am: 8349562e0d

Browse Source 
Change-Id: I6d694d9ee054898065a7ec4067d4f3c496c59746
This commit is contained in:
Automerger Merge Worker
2020-02-27 02:15:49 +00:00
parent a44e7ca2e4 8349562e0d
commit 9d9e53f9ef
1 changed files with 137 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
tools/privapp_permissions/privapp_permissions.py
View File

@@ -38,7 +38,7 @@ Generates privapp-permissions.xml file for priv-apps.
Usage:
Specify which apk to generate priv-app permissions for. If no apk is \
specified, this will default to all APKs under "<ANDROID_PRODUCT_OUT>/ \
system/priv-app".
system/priv-app and (system/)product/priv-app".
Examples:
@@ -156,9 +156,18 @@ class Resources(object):
'You must either set up your build environment, or specify a '
'device to run against. See --help for more info.')
self.privapp_apks = self._resolve_apks(apks)
self.permissions_dir = self._resolve_sys_path('system/etc/permissions')
self.sysconfig_dir = self._resolve_sys_path('system/etc/sysconfig')
self.system_privapp_apks, self.product_privapp_apks =(
self._resolve_apks(apks))
self.system_permissions_dir = (
self._resolve_sys_path('system/etc/permissions'))
self.system_sysconfig_dir = (
self._resolve_sys_path('system/etc/sysconfig'))
self.product_permissions_dir = (
self._resolve_sys_path('product/etc/permissions',
'system/product/etc/permissions'))
self.product_sysconfig_dir = (
self._resolve_sys_path('product/etc/sysconfig',
'system/product/etc/sysconfig'))
self.framework_res_apk = self._resolve_sys_path('system/framework/'
'framework-res.apk')
@@ -289,7 +298,8 @@ class Resources(object):
be found.
"""
if not apks:
return self._resolve_all_privapps()
return (self._resolve_all_system_privapps(),
self._resolve_all_product_privapps())
ret_apks = []
for apk in apks:
@@ -306,29 +316,77 @@ class Resources(object):
raise MissingResourceError('File "%s" does not exist.' % apk)
else:
ret_apks.append(apk)
return ret_apks
return ret_apks, None
def _resolve_all_privapps(self):
def _resolve_all_system_privapps(self):
"""Extract package name and requested permissions."""
if self._is_android_env:
priv_app_dir = os.path.join(os.environ['ANDROID_PRODUCT_OUT'],
'system/priv-app')
system_priv_app_dir = (
os.path.join(os.environ['ANDROID_PRODUCT_OUT'],
'system/priv-app'))
else:
try:
priv_app_dir = self.adb.pull('/system/priv-app/')
system_priv_app_dir = self.adb.pull('/system/priv-app/')
except subprocess.CalledProcessError:
raise MissingResourceError(
'Directory "/system/priv-app" could not be pulled from on '
'device "%s".' % self.adb.serial)
return get_output('find %s -name "*.apk"' % priv_app_dir).split()
return get_output('find %s -name "*.apk"' % system_priv_app_dir).split()
def _resolve_sys_path(self, file_path):
def _resolve_all_product_privapps(self):
"""Extract package name and requested permissions."""
if self._is_android_env:
product_priv_app_dir = (
os.path.join(os.environ['ANDROID_PRODUCT_OUT'],
'product/priv-app'))
if not os.path.exists(product_priv_app_dir):
product_priv_app_dir = (
os.path.join(os.environ['ANDROID_PRODUCT_OUT'],
'system/product/priv-app'))
else:
try:
product_priv_app_dir = self.adb.pull('/product/priv-app/')
except subprocess.CalledProcessError:
print('Warning: Directory "/product/priv-app" could not be '
'pulled from on device "%s". Trying '
'"/system/product/priv-app"' % self.adb.serial,
file=sys.stderr)
try:
product_priv_app_dir = (
self.adb.pull('/system/product/priv-app/'))
except subprocess.CalledProcessError:
raise MissingResourceError(
'Directory "/system/product/priv-app" could not be '
'pulled from on device "%s".' % self.adb.serial)
return get_output(
'find %s -name "*.apk"' % product_priv_app_dir).split()
def _resolve_sys_path(self, file_path, fallback_file_path=None):
"""Resolves a path that is a part of an Android System Image."""
if self._is_android_env:
return os.path.join(os.environ['ANDROID_PRODUCT_OUT'], file_path)
sys_path = (
os.path.join(os.environ['ANDROID_PRODUCT_OUT'], file_path))
if not os.path.exists(sys_path):
sys_path = (
os.path.join(os.environ['ANDROID_PRODUCT_OUT'],
fallback_file_path))
else:
return self.adb.pull(file_path)
try:
sys_path = self.adb.pull(file_path)
except subprocess.CalledProcessError:
print('Warning: Directory %s could not be pulled from on device'
'"%s". Trying "/system/product/priv-app"'
% (file_path, self.adb.serial), file=sys.stderr)
try:
sys_path = self.adb.pull(fallback_file_path)
except subprocess.CalledProcessError:
raise MissingResourceError(
'Directory %s could not be pulled from on '
'device "%s".' % (fallback_file_path, self.adb.serial))
return sys_path
def get_output(command):
@@ -390,17 +448,38 @@ def parse_args():
help='A list of paths to priv-app APKs to generate permissions for. '
'To make a path device-side, prefix the path with "device:".'
)
parser.add_argument(
'-w',
'--writetodisk',
action='store_true',
default=False,
required=False,
help='Whether or not to store the generated permissions directly to '
'a file. See --systemfile/--productfile for more information.'
)
parser.add_argument(
'--systemfile',
default='./system.xml',
required=False,
help='Path to system permissions file. Default value is ./system.xml'
)
parser.add_argument(
'--productfile',
default='./product.xml',
required=False,
help='Path to system permissions file. Default value is ./product.xml'
)
cmd_args = parser.parse_args()
return cmd_args
def create_permission_file(resources):
def create_permission_file(resources, privapp_apks, permissions_dir,
sysconfig_dir, file=None):
# Parse base XML files in /etc dir, permissions listed there don't have
# to be re-added
base_permissions = {}
base_xml_files = itertools.chain(list_xml_files(resources.permissions_dir),
list_xml_files(resources.sysconfig_dir))
base_xml_files = itertools.chain(list_xml_files(permissions_dir),
list_xml_files(sysconfig_dir))
for xml_file in base_xml_files:
parse_config_xml(xml_file, base_permissions)
@@ -409,7 +488,7 @@ def create_permission_file(resources):
apps_redefine_base = []
results = {}
for priv_app in resources.privapp_apks:
for priv_app in privapp_apks:
pkg_info = extract_pkg_and_requested_permissions(resources.aapt,
priv_app)
pkg_name = pkg_info['package_name']
@@ -426,7 +505,8 @@ def create_permission_file(resources):
results[pkg_name] = sorted(priv_perms)
print_xml(results, apps_redefine_base)
if file is not None:
print_xml(results, apps_redefine_base, file)
def print_xml(results, apps_redefine_base, fd=sys.stdout):
"""Print results to the given file."""
@@ -572,7 +652,43 @@ if __name__ == '__main__':
serial=args.serial,
apks=args.apks
)
create_permission_file(tool_resources)
system_permission_file=None
product_permission_file=None
print('#' * 80)
print('#')
if args.writetodisk:
print('#System XML written to %s:' % args.systemfile)
system_permission_file = open(args.systemfile, 'w')
else:
print('#System XML:')
print('#')
print('#' * 80)
create_permission_file(
tool_resources,
tool_resources.system_privapp_apks,
tool_resources.system_permissions_dir,
tool_resources.system_sysconfig_dir,
system_permission_file)
if args.writetodisk:
system_permission_file.close()
if tool_resources.product_privapp_apks:
print('#' * 80)
print('#')
if args.writetodisk:
print('#Product XML written to %s:' % args.productfile)
product_permission_file = open(args.productfile, 'w')
else:
print('#Product XML:')
print('#')
print('#' * 80)
create_permission_file(
tool_resources,
tool_resources.product_privapp_apks,
tool_resources.product_permissions_dir,
tool_resources.product_sysconfig_dir,
product_permission_file)
if args.writetodisk:
product_permission_file.close()
except MissingResourceError as e:
print(str(e), file=sys.stderr)
exit(1)