103 lines
3.1 KiB
Python
Executable File
103 lines
3.1 KiB
Python
Executable File
#!/usr/bin/env python
|
|
"""Check boot jars.
|
|
|
|
Usage: check_boot_jars.py <dexdump_path> <package_allow_list_file> <jar1> \
|
|
<jar2> ...
|
|
"""
|
|
from __future__ import print_function
|
|
import logging
|
|
import re
|
|
import subprocess
|
|
import sys
|
|
import xml.etree.ElementTree
|
|
|
|
# The compiled allow list RE.
|
|
allow_list_re = None
|
|
|
|
|
|
def LoadAllowList(filename):
|
|
""" Load and compile allow list regular expressions from filename."""
|
|
lines = []
|
|
with open(filename, 'r') as f:
|
|
for line in f:
|
|
line = line.strip()
|
|
if not line or line.startswith('#'):
|
|
continue
|
|
lines.append(line)
|
|
combined_re = r'^(%s)$' % '|'.join(lines)
|
|
global allow_list_re #pylint: disable=global-statement
|
|
try:
|
|
allow_list_re = re.compile(combined_re)
|
|
except re.error:
|
|
logging.exception(
|
|
'Cannot compile package allow list regular expression: %r',
|
|
combined_re)
|
|
allow_list_re = None
|
|
return False
|
|
return True
|
|
|
|
def CheckDexJar(dexdump_path, allow_list_path, jar):
|
|
"""Check a dex jar file."""
|
|
# Use dexdump to generate the XML representation of the dex jar file.
|
|
p = subprocess.Popen(
|
|
args='%s -l xml %s' % (dexdump_path, jar),
|
|
stdout=subprocess.PIPE,
|
|
shell=True)
|
|
stdout, _ = p.communicate()
|
|
if p.returncode != 0:
|
|
return False
|
|
|
|
packages = 0
|
|
try:
|
|
# TODO(b/172063475) - improve performance
|
|
root = xml.etree.ElementTree.fromstring(stdout)
|
|
except xml.etree.ElementTree.ParseError as e:
|
|
print('Error processing jar %s - %s' % (jar, e), file=sys.stderr)
|
|
print(stdout, file=sys.stderr)
|
|
return False
|
|
for package_elt in root.iterfind('package'):
|
|
packages += 1
|
|
package_name = package_elt.get('name')
|
|
if not package_name or not allow_list_re.match(package_name):
|
|
# Report the name of a class in the package as it is easier to
|
|
# navigate to the source of a concrete class than to a package
|
|
# which is often required to investigate this failure.
|
|
class_name = package_elt[0].get('name')
|
|
if package_name:
|
|
class_name = package_name + '.' + class_name
|
|
print((
|
|
'Error: %s contains class file %s, whose package name "%s" is '
|
|
'empty or not in the allow list %s of packages allowed on the '
|
|
'bootclasspath.'
|
|
% (jar, class_name, package_name, allow_list_path)),
|
|
file=sys.stderr)
|
|
return False
|
|
if packages == 0:
|
|
print(('Error: %s does not contain any packages.' % jar),
|
|
file=sys.stderr)
|
|
return False
|
|
return True
|
|
|
|
def main(argv):
|
|
if len(argv) < 3:
|
|
print(__doc__)
|
|
return 1
|
|
dexdump_path = argv[0]
|
|
allow_list_path = argv[1]
|
|
|
|
if not LoadAllowList(allow_list_path):
|
|
return 1
|
|
|
|
passed = True
|
|
for jar in argv[2:]:
|
|
if not CheckDexJar(dexdump_path, allow_list_path, jar):
|
|
passed = False
|
|
if not passed:
|
|
return 1
|
|
|
|
return 0
|
|
|
|
|
|
if __name__ == '__main__':
|
|
sys.exit(main(sys.argv[1:]))
|