diff --git a/core/tasks/boot_jars_package_check.mk b/core/tasks/boot_jars_package_check.mk new file mode 100644 index 000000000..39144aa72 --- /dev/null +++ b/core/tasks/boot_jars_package_check.mk @@ -0,0 +1,42 @@ +# Copyright (C) 2014 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Rules to check if classes in the boot jars are from the whitelisted packages. +# + +ifdef PRODUCT_BOOT_JARS + +intermediates := $(call intermediates-dir-for, PACKAGING, boot-jars-package-check,,COMMON) +stamp := $(intermediates)/stamp +built_boot_jars := $(foreach j, $(PRODUCT_BOOT_JARS), \ + $(call intermediates-dir-for, JAVA_LIBRARIES, $(j),,COMMON)/classes.jar) +script := build/core/tasks/check_boot_jars/check_boot_jars.py +whitelist_file := build/core/tasks/check_boot_jars/package_whitelist.txt + +$(stamp): PRIVATE_BOOT_JARS := $(built_boot_jars) +$(stamp): PRIVATE_SCRIPT := $(script) +$(stamp): PRIVATE_WHITELIST := $(whitelist_file) +$(stamp) : $(built_boot_jars) $(script) $(whitelist_file) + @echo "Check package name for $(PRIVATE_BOOT_JARS)" + $(hide) $(PRIVATE_SCRIPT) $(PRIVATE_WHITELIST) $(PRIVATE_BOOT_JARS) + $(hide) mkdir -p $(dir $@) && touch $@ + +.PHONY: check-boot-jars +check-boot-jars : $(stamp) + +# Run check-boot-jars by default +droidcore : check-boot-jars + +endif # PRODUCT_BOOT_JARS diff --git a/core/tasks/check_boot_jars/check_boot_jars.py b/core/tasks/check_boot_jars/check_boot_jars.py new file mode 100755 index 000000000..89d9ee827 --- /dev/null +++ b/core/tasks/check_boot_jars/check_boot_jars.py @@ -0,0 +1,83 @@ +#!/usr/bin/env python + +""" +Check boot jars. + +Usage: check_boot_jars.py ... +""" +import logging +import os.path +import re +import subprocess +import sys + + +# The compiled whitelist RE. +whitelist_re = None + + +def LoadWhitelist(filename): + """ Load and compile whitelist regular expressions from filename. + """ + lines = [] + with open(filename, 'r') as f: + for line in f: + line = line.strip() + if not line or line.startswith('#'): + continue + lines.append(line) + combined_re = r'^(%s)$' % '|'.join(lines) + global whitelist_re + try: + whitelist_re = re.compile(combined_re) + except re.error: + logging.exception( + 'Cannot compile package whitelist regular expression: %r', + combined_re) + whitelist_re = None + return False + return True + + +def CheckJar(jar): + """Check a jar file. + """ + # Get the list of files inside the jar file. + p = subprocess.Popen(args='jar tf %s' % jar, + stdout=subprocess.PIPE, shell=True) + stdout, _ = p.communicate() + if p.returncode != 0: + return False + items = stdout.split() + for f in items: + if f.endswith('.class'): + package_name = os.path.dirname(f) + package_name = package_name.replace('/', '.') + # Skip class without a package name + if package_name and not whitelist_re.match(package_name): + print >> sys.stderr, ('Error: %s: unknown package name of class file %s' + % (jar, f)) + return False + return True + + +def main(argv): + if len(argv) < 2: + print __doc__ + sys.exit(1) + + if not LoadWhitelist(argv[0]): + sys.exit(1) + + passed = True + for jar in argv[1:]: + if not CheckJar(jar): + passed = False + if not passed: + return 1 + + return 0 + + +if __name__ == '__main__': + main(sys.argv[1:]) diff --git a/core/tasks/check_boot_jars/package_whitelist.txt b/core/tasks/check_boot_jars/package_whitelist.txt new file mode 100644 index 000000000..4d6261572 --- /dev/null +++ b/core/tasks/check_boot_jars/package_whitelist.txt @@ -0,0 +1,214 @@ +# Boot jar package name whitelist. +# Each line is interpreted as a regular expression. + +################################################### +# core-libart.jar +java\.awt\.font +java\.beans +java\.io +java\.lang +java\.lang\.annotation +java\.lang\.ref +java\.lang\.reflect +java\.math +java\.net +java\.nio +java\.nio\.channels +java\.nio\.channels\.spi +java\.nio\.charset +java\.nio\.charset\.spi +java\.security +java\.security\.acl +java\.security\.cert +java\.security\.interfaces +java\.security\.spec +java\.sql +java\.text +java\.util +java\.util\.concurrent +java\.util\.concurrent\.atomic +java\.util\.concurrent\.locks +java\.util\.jar +java\.util\.logging +java\.util\.prefs +java\.util\.regex +java\.util\.zip +javax\.crypto +javax\.crypto\.interfaces +javax\.crypto\.spec +javax\.net +javax\.net\.ssl +javax\.security\.auth +javax\.security\.auth\.callback +javax\.security\.auth\.login +javax\.security\.auth\.x500 +javax\.security\.cert +javax\.sql +javax\.xml +javax\.xml\.datatype +javax\.xml\.namespace +javax\.xml\.parsers +javax\.xml\.transform +javax\.xml\.transform\.dom +javax\.xml\.transform\.sax +javax\.xml\.transform\.stream +javax\.xml\.validation +javax\.xml\.xpath +sun\.misc +org\.w3c\.dom +org\.w3c\.dom\.ls +org\.w3c\.dom\.traversal + +# TODO: Move these internal org.apache.harmony classes to libcore.* +org\.apache\.harmony\.crypto\.internal +org\.apache\.harmony\.dalvik +org\.apache\.harmony\.dalvik\.ddmc +org\.apache\.harmony\.luni\.internal\.util +org\.apache\.harmony\.security +org\.apache\.harmony\.security\.asn1 +org\.apache\.harmony\.security\.fortress +org\.apache\.harmony\.security\.pkcs10 +org\.apache\.harmony\.security\.pkcs7 +org\.apache\.harmony\.security\.pkcs8 +org\.apache\.harmony\.security\.provider\.crypto +org\.apache\.harmony\.security\.utils +org\.apache\.harmony\.security\.x501 +org\.apache\.harmony\.security\.x509 +org\.apache\.harmony\.security\.x509\.tsp +org\.apache\.harmony\.xml +org\.apache\.harmony\.xml\.dom +org\.apache\.harmony\.xml\.parsers + +org\.json +org\.xmlpull\.v1 +org\.xmlpull\.v1\.sax2 + +# TODO: jarjar org.kxml2.io to com.android org\.kxml2\.io +org\.kxml2\.io +org\.xml +org\.xml\.sax +org\.xml\.sax\.ext +org\.xml\.sax\.helpers + +dalvik\..* +libcore\..* +android\..* +com\.android\..* + + +################################################### +# core-junit.jar +junit\.extensions +junit\.framework + + +################################################### +# ext.jar +# TODO: jarjar javax.sip to com.android +javax\.sip +javax\.sip\.address +javax\.sip\.header +javax\.sip\.message + +# TODO: jarjar org.apache.commons to com.android +org\.apache\.commons\.codec +org\.apache\.commons\.codec\.binary +org\.apache\.commons\.codec\.language +org\.apache\.commons\.codec\.net +org\.apache\.commons\.logging +org\.apache\.commons\.logging\.impl +org\.apache\.http +org\.apache\.http\.auth +org\.apache\.http\.auth\.params +org\.apache\.http\.client +org\.apache\.http\.client\.entity +org\.apache\.http\.client\.methods +org\.apache\.http\.client\.params +org\.apache\.http\.client\.protocol +org\.apache\.http\.client\.utils +org\.apache\.http\.conn +org\.apache\.http\.conn\.params +org\.apache\.http\.conn\.routing +org\.apache\.http\.conn\.scheme +org\.apache\.http\.conn\.ssl +org\.apache\.http\.conn\.util +org\.apache\.http\.cookie +org\.apache\.http\.cookie\.params +org\.apache\.http\.entity +org\.apache\.http\.impl +org\.apache\.http\.impl\.auth +org\.apache\.http\.impl\.client +org\.apache\.http\.impl\.client +org\.apache\.http\.impl\.conn +org\.apache\.http\.impl\.conn\.tsccm +org\.apache\.http\.impl\.cookie +org\.apache\.http\.impl\.entity +org\.apache\.http\.impl\.io +org\.apache\.http\.impl\.io +org\.apache\.http\.io +org\.apache\.http\.message +org\.apache\.http\.params +org\.apache\.http\.protocol +org\.apache\.http\.util + +# TODO: jarjar gov.nist to com.android +gov\.nist\.core +gov\.nist\.core\.net +gov\.nist\.javax\.sip +gov\.nist\.javax\.sip\.address +gov\.nist\.javax\.sip\.clientauthutils +gov\.nist\.javax\.sip\.header +gov\.nist\.javax\.sip\.header\.extensions +gov\.nist\.javax\.sip\.header\.ims +gov\.nist\.javax\.sip\.message +gov\.nist\.javax\.sip\.parser +gov\.nist\.javax\.sip\.parser\.extensions +gov\.nist\.javax\.sip\.parser\.ims +gov\.nist\.javax\.sip\.stack + +org\.ccil\.cowan\.tagsoup +org\.ccil\.cowan\.tagsoup\.jaxp + +################################################### +# framework.jar +javax\.microedition\.khronos\.opengles +javax\.microedition\.khronos\.egl + +android + + +################################################### +# telephony-common.jar +com\.google\..* + + +################################################### +# apache-xml.jar +org\.apache\.xml\.res +org\.apache\.xml\.utils +org\.apache\.xml\.utils\.res +org\.apache\.xml\.dtm +org\.apache\.xml\.dtm\.ref +org\.apache\.xml\.dtm\.ref\.dom2dtm +org\.apache\.xml\.dtm\.ref\.sax2dtm +org\.apache\.xml\.serializer +org\.apache\.xml\.serializer\.utils +org\.apache\.xml\.serializer\.dom3 +org\.apache\.xpath +org\.apache\.xpath\.operations +org\.apache\.xpath\.domapi +org\.apache\.xpath\.functions +org\.apache\.xpath\.res +org\.apache\.xpath\.axes +org\.apache\.xpath\.objects +org\.apache\.xpath\.patterns +org\.apache\.xpath\.jaxp +org\.apache\.xpath\.compiler +org\.apache\.xalan +org\.apache\.xalan\.res +org\.apache\.xalan\.templates +org\.apache\.xalan\.serialize +org\.apache\.xalan\.extensions +org\.apache\.xalan\.processor +org\.apache\.xalan\.transformer +org\.apache\.xalan\.xslt