Switch boot jars package check to using dex jars

The switch to use dex jars instead of class jars means that a boot jar
that is defined by a dex_import module will now be checked against the
package_allowed_list.txt so it is possible that it will detect
previously unreported problems.

Test: m check-boot-jars - for failing and passing cases
Bug: 171479578
Bug: 125517186
Change-Id: Ie614898dade0fb43c9418d7afb9138169db6f097

scripts/check_boot_jars/check_boot_jars.py

@@ -3,7 +3,7 @@
 """
 Check boot jars.
 
-Usage: check_boot_jars.py <package_allow_list_file> <jar1> <jar2> ...
+Usage: check_boot_jars.py <dexdump_path> <package_allow_list_file> <jar1> <jar2> ...
 """
 import logging
 import os.path
@@ -38,28 +38,44 @@ def LoadAllowList(filename):
     return False
   return True
 
+# Pattern that matches the class descriptor in a "Class descriptor" line output
+# by dexdump and extracts the class name - with / instead of .
+CLASS_DESCRIPTOR_RE = re.compile("'L([^;]+);'")
 
-def CheckJar(allow_list_path, jar):
-  """Check a jar file.
+def CheckDexJar(dexdump_path, allow_list_path, jar):
+  """Check a dex jar file.
   """
-  # Get the list of files inside the jar file.
-  p = subprocess.Popen(args='jar tf %s' % jar,
+  # Get the class descriptor lines in the dexdump output. This filters out lines
+  # that do not contain class descriptors to reduce the size of the data read by
+  # this script.
+  p = subprocess.Popen(args='%s %s | grep "Class descriptor "' % (dexdump_path, jar),
       stdout=subprocess.PIPE, shell=True)
   stdout, _ = p.communicate()
   if p.returncode != 0:
     return False
-  items = stdout.split()
+  # Split the output into lines
+  lines = stdout.split('\n')
   classes = 0
-  for f in items:
-    if f.endswith('.class'):
-      classes += 1
-      package_name = os.path.dirname(f)
-      package_name = package_name.replace('/', '.')
-      if not package_name or not allow_list_re.match(package_name):
-        print >> sys.stderr, ('Error: %s contains class file %s, whose package name %s is empty or'
-                              ' not in the allow list %s of packages allowed on the bootclasspath.'
-                              % (jar, f, package_name, allow_list_path))
-        return False
+  for line in lines:
+    # The last line will be empty
+    if line == '':
+      continue
+    # Try and find the descriptor on the line. Fail immediately if it cannot be found
+    # as the dexdump output has probably changed.
+    found = CLASS_DESCRIPTOR_RE.search(line)
+    if not found:
+      print >> sys.stderr, ('Could not find class descriptor in line `%s`' % line)
+      return False
+    # Extract the class name (using / instead of .) from the class descriptor line
+    f = found.group(1)
+    classes += 1
+    package_name = os.path.dirname(f)
+    package_name = package_name.replace('/', '.')
+    if not package_name or not allow_list_re.match(package_name):
+      print >> sys.stderr, ('Error: %s contains class file %s, whose package name "%s" is empty or'
+                            ' not in the allow list %s of packages allowed on the bootclasspath.'
+                            % (jar, f, package_name, allow_list_path))
+      return False
   if classes == 0:
     print >> sys.stderr, ('Error: %s does not contain any class files.' % jar)
     return False
@@ -67,17 +83,18 @@ def CheckJar(allow_list_path, jar):
 
 
 def main(argv):
-  if len(argv) < 2:
+  if len(argv) < 3:
     print __doc__
     return 1
-  allow_list_path = argv[0]
+  dexdump_path = argv[0]
+  allow_list_path = argv[1]
 
   if not LoadAllowList(allow_list_path):
     return 1
 
   passed = True
-  for jar in argv[1:]:
-    if not CheckJar(allow_list_path, jar):
+  for jar in argv[2:]:
+    if not CheckDexJar(dexdump_path, allow_list_path, jar):
       passed = False
   if not passed:
     return 1