Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 580f7b00 authored by Andrei Onea's avatar Andrei Onea Committed by Sam Delmerico
Browse files

Add script for modifying privapp permission allowlists 

This script will be used to change the package that is being allowed to
use privileged permissions.

Test: python scripts/modify_permissions_allowlist.py
Bug: 242509786
Change-Id: I1d7cb3c906ad39aef42ad4394953251db40d1bf1
parent 30208863

scripts/Android.bp

+17 −0
Original line number Original line Diff line number Diff line
@@ -237,3 +237,20 @@ sh_binary_host { 
    name: "jars-to-module-info-java",

    name: "jars-to-module-info-java",

    src: "jars-to-module-info-java.sh",

    src: "jars-to-module-info-java.sh",

}

}



python_binary_host {

    name: "modify_permissions_allowlist",

    main: "modify_permissions_allowlist.py",

    srcs: [

        "modify_permissions_allowlist.py",

    ],

}



python_test_host {

    name: "modify_permissions_allowlist_test",

    main: "modify_permissions_allowlist_test.py",

    srcs: [

        "modify_permissions_allowlist_test.py",

        "modify_permissions_allowlist.py",

    ],

}

scripts/modify_permissions_allowlist.py

0 → 100755
+70 −0
Original line number Original line Diff line number Diff line 
#!/usr/bin/env python

#

# Copyright (C) 2022 The Android Open Source Project

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#      http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

#

"""A tool for modifying privileged permission allowlists."""



from __future__ import print_function



import argparse

import sys

from xml.dom import minidom





class InvalidRootNodeException(Exception):

  pass





class InvalidNumberOfPrivappPermissionChildren(Exception):

  pass





def modify_allowlist(allowlist_dom, package_name):

  if allowlist_dom.documentElement.tagName != 'permissions':

    raise InvalidRootNodeException

  nodes = allowlist_dom.getElementsByTagName('privapp-permissions')

  if nodes.length != 1:

    raise InvalidNumberOfPrivappPermissionChildren

  privapp_permissions = nodes[0]

  privapp_permissions.setAttribute('package', package_name)





def parse_args():

  """Parse commandline arguments."""



  parser = argparse.ArgumentParser()

  parser.add_argument('input', help='input allowlist template file')

  parser.add_argument(

      'package_name', help='package name to use in the allowlist'

  )

  parser.add_argument('output', help='output allowlist file')



  return parser.parse_args()





def main():

  try:

    args = parse_args()

    doc = minidom.parse(args.input)

    modify_allowlist(doc, args.package_name)

    with open(args.output, 'w') as output_file:

      doc.writexml(output_file, encoding='utf-8')

  except Exception as err:

    print('error: ' + str(err), file=sys.stderr)

    sys.exit(-1)





if __name__ == '__main__':

  main()

scripts/modify_permissions_allowlist_test.py

0 → 100755
+76 −0
Original line number Original line Diff line number Diff line 
#!/usr/bin/env python

#

# Copyright (C) 2022 The Android Open Source Project

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#      http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

#

"""Unit tests for modify_permissions_allowlist.py."""



from __future__ import print_function



import unittest



from xml.dom import minidom



from modify_permissions_allowlist import InvalidRootNodeException, InvalidNumberOfPrivappPermissionChildren, modify_allowlist





class ModifyPermissionsAllowlistTest(unittest.TestCase):



  def test_invalid_root(self):

    xml_data = '<foo></foo>'

    xml_dom = minidom.parseString(xml_data)

    self.assertRaises(InvalidRootNodeException, modify_allowlist, xml_dom, 'x')



  def test_no_packages(self):

    xml_data = '<permissions></permissions>'

    xml_dom = minidom.parseString(xml_data)

    self.assertRaises(

        InvalidNumberOfPrivappPermissionChildren, modify_allowlist, xml_dom, 'x'

    )



  def test_multiple_packages(self):

    xml_data = (

        '<permissions>'

        '  <privapp-permissions package="foo.bar"></privapp-permissions>'

        '  <privapp-permissions package="bar.baz"></privapp-permissions>'

        '</permissions>'

    )

    xml_dom = minidom.parseString(xml_data)

    self.assertRaises(

        InvalidNumberOfPrivappPermissionChildren, modify_allowlist, xml_dom, 'x'

    )



  def test_modify_package_name(self):

    xml_data = (

        '<permissions>'

        '  <privapp-permissions package="foo.bar">'

        '    <permission name="myperm1"/>'

        '  </privapp-permissions>'

        '</permissions>'

    )

    xml_dom = minidom.parseString(xml_data)

    modify_allowlist(xml_dom, 'bar.baz')

    expected_data = (

        '<?xml version="1.0" ?>'

        '<permissions>'

        '  <privapp-permissions package="bar.baz">'

        '    <permission name="myperm1"/>'

        '  </privapp-permissions>'

        '</permissions>'

    )

    self.assertEqual(expected_data, xml_dom.toxml())





if __name__ == '__main__':

  unittest.main(verbosity=2)