forked from openkylin/platform_build
Merge "Finds APK shared UID violations when merging target files."
This commit is contained in:
commit
50c0f97fe7
|
@ -16,8 +16,6 @@
|
|||
|
||||
shareduid_violation_modules_filename := $(PRODUCT_OUT)/shareduid_violation_modules.json
|
||||
|
||||
find_shareduid_script := $(BUILD_SYSTEM)/tasks/find-shareduid-violation.py
|
||||
|
||||
$(shareduid_violation_modules_filename): $(INSTALLED_SYSTEMIMAGE_TARGET) \
|
||||
$(INSTALLED_RAMDISK_TARGET) \
|
||||
$(INSTALLED_BOOTIMAGE_TARGET) \
|
||||
|
@ -26,9 +24,9 @@ $(shareduid_violation_modules_filename): $(INSTALLED_SYSTEMIMAGE_TARGET) \
|
|||
$(INSTALLED_PRODUCTIMAGE_TARGET) \
|
||||
$(INSTALLED_SYSTEM_EXTIMAGE_TARGET)
|
||||
|
||||
$(shareduid_violation_modules_filename): $(find_shareduid_script)
|
||||
$(shareduid_violation_modules_filename): $(HOST_OUT_EXECUTABLES)/find_shareduid_violation
|
||||
$(shareduid_violation_modules_filename): $(AAPT2)
|
||||
$(find_shareduid_script) \
|
||||
$(HOST_OUT_EXECUTABLES)/find_shareduid_violation \
|
||||
--product_out $(PRODUCT_OUT) \
|
||||
--aapt $(AAPT2) \
|
||||
--copy_out_system $(TARGET_COPY_OUT_SYSTEM) \
|
||||
|
|
|
@ -1,99 +0,0 @@
|
|||
#!/usr/bin/env python3
|
||||
#
|
||||
# Copyright (C) 2019 The Android Open Source Project
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
import argparse
|
||||
import json
|
||||
import os
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
from collections import defaultdict
|
||||
from glob import glob
|
||||
|
||||
def parse_args():
|
||||
"""Parse commandline arguments."""
|
||||
parser = argparse.ArgumentParser(description='Find sharedUserId violators')
|
||||
parser.add_argument('--product_out', help='PRODUCT_OUT directory',
|
||||
default=os.environ.get("PRODUCT_OUT"))
|
||||
parser.add_argument('--aapt', help='Path to aapt or aapt2',
|
||||
default="aapt2")
|
||||
parser.add_argument('--copy_out_system', help='TARGET_COPY_OUT_SYSTEM',
|
||||
default="system")
|
||||
parser.add_argument('--copy_out_vendor', help='TARGET_COPY_OUT_VENDOR',
|
||||
default="vendor")
|
||||
parser.add_argument('--copy_out_product', help='TARGET_COPY_OUT_PRODUCT',
|
||||
default="product")
|
||||
parser.add_argument('--copy_out_system_ext', help='TARGET_COPY_OUT_SYSTEM_EXT',
|
||||
default="system_ext")
|
||||
return parser.parse_args()
|
||||
|
||||
def execute(cmd):
|
||||
p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
||||
out, err = map(lambda b: b.decode('utf-8'), p.communicate())
|
||||
return p.returncode == 0, out, err
|
||||
|
||||
def make_aapt_cmds(file):
|
||||
return [aapt + ' dump ' + file + ' --file AndroidManifest.xml',
|
||||
aapt + ' dump xmltree ' + file + ' --file AndroidManifest.xml']
|
||||
|
||||
def extract_shared_uid(file):
|
||||
for cmd in make_aapt_cmds(file):
|
||||
success, manifest, error_msg = execute(cmd)
|
||||
if success:
|
||||
break
|
||||
else:
|
||||
print(error_msg, file=sys.stderr)
|
||||
sys.exit()
|
||||
|
||||
for l in manifest.split('\n'):
|
||||
if "sharedUserId" in l:
|
||||
return l.split('"')[-2]
|
||||
return None
|
||||
|
||||
|
||||
args = parse_args()
|
||||
|
||||
product_out = args.product_out
|
||||
aapt = args.aapt
|
||||
|
||||
partitions = (
|
||||
("system", args.copy_out_system),
|
||||
("vendor", args.copy_out_vendor),
|
||||
("product", args.copy_out_product),
|
||||
("system_ext", args.copy_out_system_ext),
|
||||
)
|
||||
|
||||
shareduid_app_dict = defaultdict(list)
|
||||
|
||||
for part, location in partitions:
|
||||
for f in glob(os.path.join(product_out, location, "*", "*", "*.apk")):
|
||||
apk_file = os.path.basename(f)
|
||||
shared_uid = extract_shared_uid(f)
|
||||
|
||||
if shared_uid is None:
|
||||
continue
|
||||
shareduid_app_dict[shared_uid].append((part, apk_file))
|
||||
|
||||
|
||||
output = defaultdict(lambda: defaultdict(list))
|
||||
|
||||
for uid, app_infos in shareduid_app_dict.items():
|
||||
partitions = {p for p, _ in app_infos}
|
||||
if len(partitions) > 1:
|
||||
for part in partitions:
|
||||
output[uid][part].extend([a for p, a in app_infos if p == part])
|
||||
|
||||
print(json.dumps(output, indent=2, sort_keys=True))
|
|
@ -369,6 +369,32 @@ python_binary_host {
|
|||
],
|
||||
}
|
||||
|
||||
python_defaults {
|
||||
name: "releasetools_find_shareduid_violation_defaults",
|
||||
srcs: [
|
||||
"find_shareduid_violation.py",
|
||||
],
|
||||
libs: [
|
||||
"releasetools_common",
|
||||
],
|
||||
}
|
||||
|
||||
python_binary_host {
|
||||
name: "find_shareduid_violation",
|
||||
defaults: [
|
||||
"releasetools_binary_defaults",
|
||||
"releasetools_find_shareduid_violation_defaults",
|
||||
],
|
||||
}
|
||||
|
||||
python_library_host {
|
||||
name: "releasetools_find_shareduid_violation",
|
||||
defaults: [
|
||||
"releasetools_find_shareduid_violation_defaults",
|
||||
"releasetools_library_defaults",
|
||||
],
|
||||
}
|
||||
|
||||
python_binary_host {
|
||||
name: "make_recovery_patch",
|
||||
defaults: ["releasetools_binary_defaults"],
|
||||
|
@ -403,6 +429,7 @@ python_binary_host {
|
|||
"releasetools_build_super_image",
|
||||
"releasetools_check_target_files_vintf",
|
||||
"releasetools_common",
|
||||
"releasetools_find_shareduid_violation",
|
||||
"releasetools_img_from_target_files",
|
||||
"releasetools_ota_from_target_files",
|
||||
],
|
||||
|
@ -505,6 +532,7 @@ python_defaults {
|
|||
"releasetools_build_super_image",
|
||||
"releasetools_check_target_files_vintf",
|
||||
"releasetools_common",
|
||||
"releasetools_find_shareduid_violation",
|
||||
"releasetools_img_from_target_files",
|
||||
"releasetools_ota_from_target_files",
|
||||
"releasetools_verity_utils",
|
||||
|
|
|
@ -0,0 +1,175 @@
|
|||
#!/usr/bin/env python
|
||||
#
|
||||
# Copyright (C) 2019 The Android Open Source Project
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
"""Find APK sharedUserId violators.
|
||||
|
||||
Usage: find_shareduid_violation [args]
|
||||
|
||||
--product_out
|
||||
PRODUCT_OUT directory
|
||||
|
||||
--aapt
|
||||
Path to aapt or aapt2
|
||||
|
||||
--copy_out_system
|
||||
TARGET_COPY_OUT_SYSTEM
|
||||
|
||||
--copy_out_vendor_
|
||||
TARGET_COPY_OUT_VENDOR
|
||||
|
||||
--copy_out_product
|
||||
TARGET_COPY_OUT_PRODUCT
|
||||
|
||||
--copy_out_system_ext
|
||||
TARGET_COPY_OUT_SYSTEM_EXT
|
||||
"""
|
||||
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
import re
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
from collections import defaultdict
|
||||
from glob import glob
|
||||
|
||||
import common
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
OPTIONS = common.OPTIONS
|
||||
OPTIONS.product_out = os.environ.get("PRODUCT_OUT")
|
||||
OPTIONS.aapt = "aapt2"
|
||||
OPTIONS.copy_out_system = "system"
|
||||
OPTIONS.copy_out_vendor = "vendor"
|
||||
OPTIONS.copy_out_product = "product"
|
||||
OPTIONS.copy_out_system_ext = "system_ext"
|
||||
|
||||
|
||||
def execute(cmd):
|
||||
p = subprocess.Popen(
|
||||
cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
||||
out, err = map(lambda b: b.decode("utf-8"), p.communicate())
|
||||
return p.returncode == 0, out, err
|
||||
|
||||
|
||||
def make_aapt_cmds(aapt, apk):
|
||||
return [
|
||||
aapt + " dump " + apk + " --file AndroidManifest.xml",
|
||||
aapt + " dump xmltree " + apk + " --file AndroidManifest.xml"
|
||||
]
|
||||
|
||||
|
||||
def extract_shared_uid(aapt, apk):
|
||||
for cmd in make_aapt_cmds(aapt, apk):
|
||||
success, manifest, error_msg = execute(cmd)
|
||||
if success:
|
||||
break
|
||||
else:
|
||||
logger.error(error_msg)
|
||||
sys.exit()
|
||||
|
||||
pattern = re.compile(r"sharedUserId.*=\"([^\"]*)")
|
||||
|
||||
for line in manifest.split("\n"):
|
||||
match = pattern.search(line)
|
||||
if match:
|
||||
return match.group(1)
|
||||
return None
|
||||
|
||||
|
||||
def FindShareduidViolation(product_out, partition_map, aapt="aapt2"):
|
||||
"""Find sharedUserId violators in the given partitions.
|
||||
|
||||
Args:
|
||||
product_out: The base directory containing the partition directories.
|
||||
partition_map: A map of partition name -> directory name.
|
||||
aapt: The name of the aapt binary. Defaults to aapt2.
|
||||
|
||||
Returns:
|
||||
A string containing a JSON object describing the shared UIDs.
|
||||
"""
|
||||
shareduid_app_dict = defaultdict(lambda: defaultdict(list))
|
||||
|
||||
for part, location in partition_map.items():
|
||||
for f in glob(os.path.join(product_out, location, "*", "*", "*.apk")):
|
||||
apk_file = os.path.basename(f)
|
||||
shared_uid = extract_shared_uid(aapt, f)
|
||||
|
||||
if shared_uid is None:
|
||||
continue
|
||||
shareduid_app_dict[shared_uid][part].append(apk_file)
|
||||
|
||||
# Only output sharedUserId values that appear in >1 partition.
|
||||
output = {}
|
||||
for uid, partitions in shareduid_app_dict.items():
|
||||
if len(partitions) > 1:
|
||||
output[uid] = shareduid_app_dict[uid]
|
||||
|
||||
return json.dumps(output, indent=2, sort_keys=True)
|
||||
|
||||
|
||||
def main():
|
||||
common.InitLogging()
|
||||
|
||||
def option_handler(o, a):
|
||||
if o == "--product_out":
|
||||
OPTIONS.product_out = a
|
||||
elif o == "--aapt":
|
||||
OPTIONS.aapt = a
|
||||
elif o == "--copy_out_system":
|
||||
OPTIONS.copy_out_system = a
|
||||
elif o == "--copy_out_vendor":
|
||||
OPTIONS.copy_out_vendor = a
|
||||
elif o == "--copy_out_product":
|
||||
OPTIONS.copy_out_product = a
|
||||
elif o == "--copy_out_system_ext":
|
||||
OPTIONS.copy_out_system_ext = a
|
||||
else:
|
||||
return False
|
||||
return True
|
||||
|
||||
args = common.ParseOptions(
|
||||
sys.argv[1:],
|
||||
__doc__,
|
||||
extra_long_opts=[
|
||||
"product_out=",
|
||||
"aapt=",
|
||||
"copy_out_system=",
|
||||
"copy_out_vendor=",
|
||||
"copy_out_product=",
|
||||
"copy_out_system_ext=",
|
||||
],
|
||||
extra_option_handler=option_handler)
|
||||
|
||||
if args:
|
||||
common.Usage(__doc__)
|
||||
sys.exit(1)
|
||||
|
||||
partition_map = {
|
||||
"system": OPTIONS.copy_out_system,
|
||||
"vendor": OPTIONS.copy_out_vendor,
|
||||
"product": OPTIONS.copy_out_product,
|
||||
"system_ext": OPTIONS.copy_out_system_ext,
|
||||
}
|
||||
|
||||
print(
|
||||
FindShareduidViolation(OPTIONS.product_out, partition_map, OPTIONS.aapt))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
|
@ -98,6 +98,7 @@ import build_super_image
|
|||
import check_target_files_vintf
|
||||
import common
|
||||
import img_from_target_files
|
||||
import find_shareduid_violation
|
||||
import ota_from_target_files
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
@ -943,6 +944,21 @@ def merge_target_files(temp_dir, framework_target_files, framework_item_list,
|
|||
if not check_target_files_vintf.CheckVintf(output_target_files_temp_dir):
|
||||
raise RuntimeError('Incompatible VINTF metadata')
|
||||
|
||||
shareduid_violation_modules = os.path.join(
|
||||
output_target_files_temp_dir, 'META', 'shareduid_violation_modules.json')
|
||||
with open(shareduid_violation_modules, 'w') as f:
|
||||
partition_map = {
|
||||
'system': 'SYSTEM',
|
||||
'vendor': 'VENDOR',
|
||||
'product': 'PRODUCT',
|
||||
'system_ext': 'SYSTEM_EXT',
|
||||
}
|
||||
violation = find_shareduid_violation.FindShareduidViolation(
|
||||
output_target_files_temp_dir, partition_map)
|
||||
f.write(violation)
|
||||
# TODO(b/171431774): Add a check to common.py to check if the
|
||||
# shared UIDs cross the input build partition boundary.
|
||||
|
||||
generate_images(output_target_files_temp_dir, rebuild_recovery)
|
||||
|
||||
generate_super_empty_image(output_target_files_temp_dir, output_super_empty)
|
||||
|
|
Loading…
Reference in New Issue