Loading core/tasks/boot_jars_package_check.mk 0 → 100644 +42 −0 Original line number Diff line number Diff line # Copyright (C) 2014 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Rules to check if classes in the boot jars are from the whitelisted packages. # ifdef PRODUCT_BOOT_JARS intermediates := $(call intermediates-dir-for, PACKAGING, boot-jars-package-check,,COMMON) stamp := $(intermediates)/stamp built_boot_jars := $(foreach j, $(PRODUCT_BOOT_JARS), \ $(call intermediates-dir-for, JAVA_LIBRARIES, $(j),,COMMON)/classes.jar) script := build/core/tasks/check_boot_jars/check_boot_jars.py whitelist_file := build/core/tasks/check_boot_jars/package_whitelist.txt $(stamp): PRIVATE_BOOT_JARS := $(built_boot_jars) $(stamp): PRIVATE_SCRIPT := $(script) $(stamp): PRIVATE_WHITELIST := $(whitelist_file) $(stamp) : $(built_boot_jars) $(script) $(whitelist_file) @echo "Check package name for $(PRIVATE_BOOT_JARS)" $(hide) $(PRIVATE_SCRIPT) $(PRIVATE_WHITELIST) $(PRIVATE_BOOT_JARS) $(hide) mkdir -p $(dir $@) && touch $@ .PHONY: check-boot-jars check-boot-jars : $(stamp) # Run check-boot-jars by default droidcore : check-boot-jars endif # PRODUCT_BOOT_JARS core/tasks/check_boot_jars/check_boot_jars.py 0 → 100755 +83 −0 Original line number Diff line number Diff line #!/usr/bin/env python """ Check boot jars. Usage: check_boot_jars.py <package_whitelist_file> <jar1> <jar2> ... """ import logging import os.path import re import subprocess import sys # The compiled whitelist RE. whitelist_re = None def LoadWhitelist(filename): """ Load and compile whitelist regular expressions from filename. """ lines = [] with open(filename, 'r') as f: for line in f: line = line.strip() if not line or line.startswith('#'): continue lines.append(line) combined_re = r'^(%s)$' % '|'.join(lines) global whitelist_re try: whitelist_re = re.compile(combined_re) except re.error: logging.exception( 'Cannot compile package whitelist regular expression: %r', combined_re) whitelist_re = None return False return True def CheckJar(jar): """Check a jar file. """ # Get the list of files inside the jar file. p = subprocess.Popen(args='jar tf %s' % jar, stdout=subprocess.PIPE, shell=True) stdout, _ = p.communicate() if p.returncode != 0: return False items = stdout.split() for f in items: if f.endswith('.class'): package_name = os.path.dirname(f) package_name = package_name.replace('/', '.') # Skip class without a package name if package_name and not whitelist_re.match(package_name): print >> sys.stderr, ('Error: %s: unknown package name of class file %s' % (jar, f)) return False return True def main(argv): if len(argv) < 2: print __doc__ sys.exit(1) if not LoadWhitelist(argv[0]): sys.exit(1) passed = True for jar in argv[1:]: if not CheckJar(jar): passed = False if not passed: return 1 return 0 if __name__ == '__main__': main(sys.argv[1:]) core/tasks/check_boot_jars/package_whitelist.txt 0 → 100644 +214 −0 Original line number Diff line number Diff line # Boot jar package name whitelist. # Each line is interpreted as a regular expression. ################################################### # core-libart.jar java\.awt\.font java\.beans java\.io java\.lang java\.lang\.annotation java\.lang\.ref java\.lang\.reflect java\.math java\.net java\.nio java\.nio\.channels java\.nio\.channels\.spi java\.nio\.charset java\.nio\.charset\.spi java\.security java\.security\.acl java\.security\.cert java\.security\.interfaces java\.security\.spec java\.sql java\.text java\.util java\.util\.concurrent java\.util\.concurrent\.atomic java\.util\.concurrent\.locks java\.util\.jar java\.util\.logging java\.util\.prefs java\.util\.regex java\.util\.zip javax\.crypto javax\.crypto\.interfaces javax\.crypto\.spec javax\.net javax\.net\.ssl javax\.security\.auth javax\.security\.auth\.callback javax\.security\.auth\.login javax\.security\.auth\.x500 javax\.security\.cert javax\.sql javax\.xml javax\.xml\.datatype javax\.xml\.namespace javax\.xml\.parsers javax\.xml\.transform javax\.xml\.transform\.dom javax\.xml\.transform\.sax javax\.xml\.transform\.stream javax\.xml\.validation javax\.xml\.xpath sun\.misc org\.w3c\.dom org\.w3c\.dom\.ls org\.w3c\.dom\.traversal # TODO: Move these internal org.apache.harmony classes to libcore.* org\.apache\.harmony\.crypto\.internal org\.apache\.harmony\.dalvik org\.apache\.harmony\.dalvik\.ddmc org\.apache\.harmony\.luni\.internal\.util org\.apache\.harmony\.security org\.apache\.harmony\.security\.asn1 org\.apache\.harmony\.security\.fortress org\.apache\.harmony\.security\.pkcs10 org\.apache\.harmony\.security\.pkcs7 org\.apache\.harmony\.security\.pkcs8 org\.apache\.harmony\.security\.provider\.crypto org\.apache\.harmony\.security\.utils org\.apache\.harmony\.security\.x501 org\.apache\.harmony\.security\.x509 org\.apache\.harmony\.security\.x509\.tsp org\.apache\.harmony\.xml org\.apache\.harmony\.xml\.dom org\.apache\.harmony\.xml\.parsers org\.json org\.xmlpull\.v1 org\.xmlpull\.v1\.sax2 # TODO: jarjar org.kxml2.io to com.android org\.kxml2\.io org\.kxml2\.io org\.xml org\.xml\.sax org\.xml\.sax\.ext org\.xml\.sax\.helpers dalvik\..* libcore\..* android\..* com\.android\..* ################################################### # core-junit.jar junit\.extensions junit\.framework ################################################### # ext.jar # TODO: jarjar javax.sip to com.android javax\.sip javax\.sip\.address javax\.sip\.header javax\.sip\.message # TODO: jarjar org.apache.commons to com.android org\.apache\.commons\.codec org\.apache\.commons\.codec\.binary org\.apache\.commons\.codec\.language org\.apache\.commons\.codec\.net org\.apache\.commons\.logging org\.apache\.commons\.logging\.impl org\.apache\.http org\.apache\.http\.auth org\.apache\.http\.auth\.params org\.apache\.http\.client org\.apache\.http\.client\.entity org\.apache\.http\.client\.methods org\.apache\.http\.client\.params org\.apache\.http\.client\.protocol org\.apache\.http\.client\.utils org\.apache\.http\.conn org\.apache\.http\.conn\.params org\.apache\.http\.conn\.routing org\.apache\.http\.conn\.scheme org\.apache\.http\.conn\.ssl org\.apache\.http\.conn\.util org\.apache\.http\.cookie org\.apache\.http\.cookie\.params org\.apache\.http\.entity org\.apache\.http\.impl org\.apache\.http\.impl\.auth org\.apache\.http\.impl\.client org\.apache\.http\.impl\.client org\.apache\.http\.impl\.conn org\.apache\.http\.impl\.conn\.tsccm org\.apache\.http\.impl\.cookie org\.apache\.http\.impl\.entity org\.apache\.http\.impl\.io org\.apache\.http\.impl\.io org\.apache\.http\.io org\.apache\.http\.message org\.apache\.http\.params org\.apache\.http\.protocol org\.apache\.http\.util # TODO: jarjar gov.nist to com.android gov\.nist\.core gov\.nist\.core\.net gov\.nist\.javax\.sip gov\.nist\.javax\.sip\.address gov\.nist\.javax\.sip\.clientauthutils gov\.nist\.javax\.sip\.header gov\.nist\.javax\.sip\.header\.extensions gov\.nist\.javax\.sip\.header\.ims gov\.nist\.javax\.sip\.message gov\.nist\.javax\.sip\.parser gov\.nist\.javax\.sip\.parser\.extensions gov\.nist\.javax\.sip\.parser\.ims gov\.nist\.javax\.sip\.stack org\.ccil\.cowan\.tagsoup org\.ccil\.cowan\.tagsoup\.jaxp ################################################### # framework.jar javax\.microedition\.khronos\.opengles javax\.microedition\.khronos\.egl android ################################################### # telephony-common.jar com\.google\..* ################################################### # apache-xml.jar org\.apache\.xml\.res org\.apache\.xml\.utils org\.apache\.xml\.utils\.res org\.apache\.xml\.dtm org\.apache\.xml\.dtm\.ref org\.apache\.xml\.dtm\.ref\.dom2dtm org\.apache\.xml\.dtm\.ref\.sax2dtm org\.apache\.xml\.serializer org\.apache\.xml\.serializer\.utils org\.apache\.xml\.serializer\.dom3 org\.apache\.xpath org\.apache\.xpath\.operations org\.apache\.xpath\.domapi org\.apache\.xpath\.functions org\.apache\.xpath\.res org\.apache\.xpath\.axes org\.apache\.xpath\.objects org\.apache\.xpath\.patterns org\.apache\.xpath\.jaxp org\.apache\.xpath\.compiler org\.apache\.xalan org\.apache\.xalan\.res org\.apache\.xalan\.templates org\.apache\.xalan\.serialize org\.apache\.xalan\.extensions org\.apache\.xalan\.processor org\.apache\.xalan\.transformer org\.apache\.xalan\.xslt Loading
core/tasks/boot_jars_package_check.mk 0 → 100644 +42 −0 Original line number Diff line number Diff line # Copyright (C) 2014 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Rules to check if classes in the boot jars are from the whitelisted packages. # ifdef PRODUCT_BOOT_JARS intermediates := $(call intermediates-dir-for, PACKAGING, boot-jars-package-check,,COMMON) stamp := $(intermediates)/stamp built_boot_jars := $(foreach j, $(PRODUCT_BOOT_JARS), \ $(call intermediates-dir-for, JAVA_LIBRARIES, $(j),,COMMON)/classes.jar) script := build/core/tasks/check_boot_jars/check_boot_jars.py whitelist_file := build/core/tasks/check_boot_jars/package_whitelist.txt $(stamp): PRIVATE_BOOT_JARS := $(built_boot_jars) $(stamp): PRIVATE_SCRIPT := $(script) $(stamp): PRIVATE_WHITELIST := $(whitelist_file) $(stamp) : $(built_boot_jars) $(script) $(whitelist_file) @echo "Check package name for $(PRIVATE_BOOT_JARS)" $(hide) $(PRIVATE_SCRIPT) $(PRIVATE_WHITELIST) $(PRIVATE_BOOT_JARS) $(hide) mkdir -p $(dir $@) && touch $@ .PHONY: check-boot-jars check-boot-jars : $(stamp) # Run check-boot-jars by default droidcore : check-boot-jars endif # PRODUCT_BOOT_JARS
core/tasks/check_boot_jars/check_boot_jars.py 0 → 100755 +83 −0 Original line number Diff line number Diff line #!/usr/bin/env python """ Check boot jars. Usage: check_boot_jars.py <package_whitelist_file> <jar1> <jar2> ... """ import logging import os.path import re import subprocess import sys # The compiled whitelist RE. whitelist_re = None def LoadWhitelist(filename): """ Load and compile whitelist regular expressions from filename. """ lines = [] with open(filename, 'r') as f: for line in f: line = line.strip() if not line or line.startswith('#'): continue lines.append(line) combined_re = r'^(%s)$' % '|'.join(lines) global whitelist_re try: whitelist_re = re.compile(combined_re) except re.error: logging.exception( 'Cannot compile package whitelist regular expression: %r', combined_re) whitelist_re = None return False return True def CheckJar(jar): """Check a jar file. """ # Get the list of files inside the jar file. p = subprocess.Popen(args='jar tf %s' % jar, stdout=subprocess.PIPE, shell=True) stdout, _ = p.communicate() if p.returncode != 0: return False items = stdout.split() for f in items: if f.endswith('.class'): package_name = os.path.dirname(f) package_name = package_name.replace('/', '.') # Skip class without a package name if package_name and not whitelist_re.match(package_name): print >> sys.stderr, ('Error: %s: unknown package name of class file %s' % (jar, f)) return False return True def main(argv): if len(argv) < 2: print __doc__ sys.exit(1) if not LoadWhitelist(argv[0]): sys.exit(1) passed = True for jar in argv[1:]: if not CheckJar(jar): passed = False if not passed: return 1 return 0 if __name__ == '__main__': main(sys.argv[1:])
core/tasks/check_boot_jars/package_whitelist.txt 0 → 100644 +214 −0 Original line number Diff line number Diff line # Boot jar package name whitelist. # Each line is interpreted as a regular expression. ################################################### # core-libart.jar java\.awt\.font java\.beans java\.io java\.lang java\.lang\.annotation java\.lang\.ref java\.lang\.reflect java\.math java\.net java\.nio java\.nio\.channels java\.nio\.channels\.spi java\.nio\.charset java\.nio\.charset\.spi java\.security java\.security\.acl java\.security\.cert java\.security\.interfaces java\.security\.spec java\.sql java\.text java\.util java\.util\.concurrent java\.util\.concurrent\.atomic java\.util\.concurrent\.locks java\.util\.jar java\.util\.logging java\.util\.prefs java\.util\.regex java\.util\.zip javax\.crypto javax\.crypto\.interfaces javax\.crypto\.spec javax\.net javax\.net\.ssl javax\.security\.auth javax\.security\.auth\.callback javax\.security\.auth\.login javax\.security\.auth\.x500 javax\.security\.cert javax\.sql javax\.xml javax\.xml\.datatype javax\.xml\.namespace javax\.xml\.parsers javax\.xml\.transform javax\.xml\.transform\.dom javax\.xml\.transform\.sax javax\.xml\.transform\.stream javax\.xml\.validation javax\.xml\.xpath sun\.misc org\.w3c\.dom org\.w3c\.dom\.ls org\.w3c\.dom\.traversal # TODO: Move these internal org.apache.harmony classes to libcore.* org\.apache\.harmony\.crypto\.internal org\.apache\.harmony\.dalvik org\.apache\.harmony\.dalvik\.ddmc org\.apache\.harmony\.luni\.internal\.util org\.apache\.harmony\.security org\.apache\.harmony\.security\.asn1 org\.apache\.harmony\.security\.fortress org\.apache\.harmony\.security\.pkcs10 org\.apache\.harmony\.security\.pkcs7 org\.apache\.harmony\.security\.pkcs8 org\.apache\.harmony\.security\.provider\.crypto org\.apache\.harmony\.security\.utils org\.apache\.harmony\.security\.x501 org\.apache\.harmony\.security\.x509 org\.apache\.harmony\.security\.x509\.tsp org\.apache\.harmony\.xml org\.apache\.harmony\.xml\.dom org\.apache\.harmony\.xml\.parsers org\.json org\.xmlpull\.v1 org\.xmlpull\.v1\.sax2 # TODO: jarjar org.kxml2.io to com.android org\.kxml2\.io org\.kxml2\.io org\.xml org\.xml\.sax org\.xml\.sax\.ext org\.xml\.sax\.helpers dalvik\..* libcore\..* android\..* com\.android\..* ################################################### # core-junit.jar junit\.extensions junit\.framework ################################################### # ext.jar # TODO: jarjar javax.sip to com.android javax\.sip javax\.sip\.address javax\.sip\.header javax\.sip\.message # TODO: jarjar org.apache.commons to com.android org\.apache\.commons\.codec org\.apache\.commons\.codec\.binary org\.apache\.commons\.codec\.language org\.apache\.commons\.codec\.net org\.apache\.commons\.logging org\.apache\.commons\.logging\.impl org\.apache\.http org\.apache\.http\.auth org\.apache\.http\.auth\.params org\.apache\.http\.client org\.apache\.http\.client\.entity org\.apache\.http\.client\.methods org\.apache\.http\.client\.params org\.apache\.http\.client\.protocol org\.apache\.http\.client\.utils org\.apache\.http\.conn org\.apache\.http\.conn\.params org\.apache\.http\.conn\.routing org\.apache\.http\.conn\.scheme org\.apache\.http\.conn\.ssl org\.apache\.http\.conn\.util org\.apache\.http\.cookie org\.apache\.http\.cookie\.params org\.apache\.http\.entity org\.apache\.http\.impl org\.apache\.http\.impl\.auth org\.apache\.http\.impl\.client org\.apache\.http\.impl\.client org\.apache\.http\.impl\.conn org\.apache\.http\.impl\.conn\.tsccm org\.apache\.http\.impl\.cookie org\.apache\.http\.impl\.entity org\.apache\.http\.impl\.io org\.apache\.http\.impl\.io org\.apache\.http\.io org\.apache\.http\.message org\.apache\.http\.params org\.apache\.http\.protocol org\.apache\.http\.util # TODO: jarjar gov.nist to com.android gov\.nist\.core gov\.nist\.core\.net gov\.nist\.javax\.sip gov\.nist\.javax\.sip\.address gov\.nist\.javax\.sip\.clientauthutils gov\.nist\.javax\.sip\.header gov\.nist\.javax\.sip\.header\.extensions gov\.nist\.javax\.sip\.header\.ims gov\.nist\.javax\.sip\.message gov\.nist\.javax\.sip\.parser gov\.nist\.javax\.sip\.parser\.extensions gov\.nist\.javax\.sip\.parser\.ims gov\.nist\.javax\.sip\.stack org\.ccil\.cowan\.tagsoup org\.ccil\.cowan\.tagsoup\.jaxp ################################################### # framework.jar javax\.microedition\.khronos\.opengles javax\.microedition\.khronos\.egl android ################################################### # telephony-common.jar com\.google\..* ################################################### # apache-xml.jar org\.apache\.xml\.res org\.apache\.xml\.utils org\.apache\.xml\.utils\.res org\.apache\.xml\.dtm org\.apache\.xml\.dtm\.ref org\.apache\.xml\.dtm\.ref\.dom2dtm org\.apache\.xml\.dtm\.ref\.sax2dtm org\.apache\.xml\.serializer org\.apache\.xml\.serializer\.utils org\.apache\.xml\.serializer\.dom3 org\.apache\.xpath org\.apache\.xpath\.operations org\.apache\.xpath\.domapi org\.apache\.xpath\.functions org\.apache\.xpath\.res org\.apache\.xpath\.axes org\.apache\.xpath\.objects org\.apache\.xpath\.patterns org\.apache\.xpath\.jaxp org\.apache\.xpath\.compiler org\.apache\.xalan org\.apache\.xalan\.res org\.apache\.xalan\.templates org\.apache\.xalan\.serialize org\.apache\.xalan\.extensions org\.apache\.xalan\.processor org\.apache\.xalan\.transformer org\.apache\.xalan\.xslt
