Commits

Robert Craig committed 4b88a3b

Initial add of install policy script.
The intent of the script is to generate install time
policy permission stanzas that when added to the
mac_permissions.xml file will allow the app to pass
install time mac checks.

Comments (0)

Files changed (1)

construct_install_policy.py

+#!/usr/bin/env python
+
+"""
+Construct install policy stanzas for given apk(s). Each apk's
+AndroidManifest.xml is opened with aapt and the list of
+'uses-permission' tags are parsed. The resulting stanza can
+then be used as an entry with the mac_permissions.xml
+policy file.
+
+Usage:  construct_install_policy [flags] apks
+
+  -f  (--file)  <output_file>
+      The output file used to write the resulting permission policy stanzas.
+"""
+
+import sys
+import argparse
+import os
+import subprocess
+
+ANDROID_BUILD_TOP = os.environ["ANDROID_BUILD_TOP"]
+if not ANDROID_BUILD_TOP:
+  ANDROID_BUILD_TOP = "."
+
+
+def Uname():
+  """'uname' for constructing prebuilt/<...> and out/host/<...> paths."""
+  uname = os.uname()[0]
+  if uname == "Darwin":
+    proc = os.uname()[-1]
+    if proc == "i386" or proc == "x86_64":
+      return "darwin-x86"
+    return "darwin-ppc"
+  if uname == "Linux":
+    return "linux-x86"
+  return uname
+
+
+def main(argv):
+
+  parser = argparse.ArgumentParser(description='Turn an apk(s) manifest into install policy stanza format.')
+  parser.add_argument("-f", "--file", dest="output_file", help="output file for policy stanzas")
+  parser.add_argument('apks', nargs='+')
+
+  args = parser.parse_args()
+
+  aapt_path = os.path.join(ANDROID_BUILD_TOP, "out/host", Uname(), "bin/aapt")
+
+  if not os.path.isfile(aapt_path):
+    sys.exit("No aapt tool found at " + aapt_path + ". Maybe try building appt first.")
+
+  policy_string = ""
+  for apk in args.apks:
+    p = subprocess.Popen(["aapt", "dump", "permissions", apk],
+                   stdout=subprocess.PIPE)
+
+    aapt_perms, stderr = p.communicate()
+    if p.returncode:
+      sys.stderr.write("Failed reading manifest for " + apk + ". Skipping.\n")
+      continue
+
+    permissions = []
+    for line in aapt_perms.splitlines():
+      if line.startswith("package: "):
+        package_name = line[9:]
+      elif line.startswith("uses-permission: "):
+        permissions.append(line[17:])
+
+    if package_name and permissions:
+      policy_string += "<install-policy package-name=\"" + package_name + "\">\n"
+      for perm in permissions:
+        policy_string += "    <allow-permissions permission-name=\"" + perm + "\"/>\n"
+      policy_string += "</install-policy>\n"
+
+  FILE = sys.stdout
+  if args.output_file:
+    FILE = open(args.output_file, "w")
+
+  FILE.writelines(policy_string)
+
+
+if __name__ == "__main__":
+  main(sys.argv)