1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
#!/usr/bin/env python
"""Check boot jars.
Usage: check_boot_jars.py <dexdump_path> <package_allow_list_file> <jar1> \
<jar2> ...
"""
from __future__ import print_function
import logging
import re
import subprocess
import sys
import xml.etree.ElementTree
# The compiled allow list RE.
allow_list_re = None
def LoadAllowList(filename):
""" Load and compile allow list regular expressions from filename."""
lines = []
with open(filename, 'r') as f:
for line in f:
line = line.strip()
if not line or line.startswith('#'):
continue
lines.append(line)
combined_re = r'^(%s)$' % '|'.join(lines)
global allow_list_re #pylint: disable=global-statement
try:
allow_list_re = re.compile(combined_re)
except re.error:
logging.exception(
'Cannot compile package allow list regular expression: %r',
combined_re)
allow_list_re = None
return False
return True
def CheckDexJar(dexdump_path, allow_list_path, jar):
"""Check a dex jar file."""
# Use dexdump to generate the XML representation of the dex jar file.
p = subprocess.Popen(
args='%s -l xml %s' % (dexdump_path, jar),
stdout=subprocess.PIPE,
shell=True)
stdout, _ = p.communicate()
if p.returncode != 0:
return False
packages = 0
try:
# TODO(b/172063475) - improve performance
root = xml.etree.ElementTree.fromstring(stdout)
except xml.etree.ElementTree.ParseError as e:
print('Error processing jar %s - %s' % (jar, e), file=sys.stderr)
print(stdout, file=sys.stderr)
return False
for package_elt in root.iterfind('package'):
packages += 1
package_name = package_elt.get('name')
if not package_name or not allow_list_re.match(package_name):
# Report the name of a class in the package as it is easier to
# navigate to the source of a concrete class than to a package
# which is often required to investigate this failure.
class_name = package_elt[0].get('name')
if package_name:
class_name = package_name + '.' + class_name
print((
'Error: %s contains class file %s, whose package name "%s" is '
'empty or not in the allow list %s of packages allowed on the '
'bootclasspath.'
% (jar, class_name, package_name, allow_list_path)),
file=sys.stderr)
return False
if packages == 0:
print(('Error: %s does not contain any packages.' % jar),
file=sys.stderr)
return False
return True
def main(argv):
if len(argv) < 3:
print(__doc__)
return 1
dexdump_path = argv[0]
allow_list_path = argv[1]
if not LoadAllowList(allow_list_path):
return 1
passed = True
for jar in argv[2:]:
if not CheckDexJar(dexdump_path, allow_list_path, jar):
passed = False
if not passed:
return 1
return 0
if __name__ == '__main__':
sys.exit(main(sys.argv[1:]))
|
