2d8e1a7e59
The switch to use dex jars instead of class jars means that a boot jar that is defined by a dex_import module will now be checked against the package_allowed_list.txt so it is possible that it will detect previously unreported problems. Test: m check-boot-jars - for failing and passing cases Bug: 171479578 Bug: 125517186 Change-Id: Ie614898dade0fb43c9418d7afb9138169db6f097
107 lines
3.0 KiB
Python
Executable File
107 lines
3.0 KiB
Python
Executable File
#!/usr/bin/env python
|
|
|
|
"""
|
|
Check boot jars.
|
|
|
|
Usage: check_boot_jars.py <dexdump_path> <package_allow_list_file> <jar1> <jar2> ...
|
|
"""
|
|
import logging
|
|
import os.path
|
|
import re
|
|
import subprocess
|
|
import sys
|
|
|
|
|
|
# The compiled allow list RE.
|
|
allow_list_re = None
|
|
|
|
|
|
def LoadAllowList(filename):
|
|
""" Load and compile allow list regular expressions from filename.
|
|
"""
|
|
lines = []
|
|
with open(filename, 'r') as f:
|
|
for line in f:
|
|
line = line.strip()
|
|
if not line or line.startswith('#'):
|
|
continue
|
|
lines.append(line)
|
|
combined_re = r'^(%s)$' % '|'.join(lines)
|
|
global allow_list_re
|
|
try:
|
|
allow_list_re = re.compile(combined_re)
|
|
except re.error:
|
|
logging.exception(
|
|
'Cannot compile package allow list regular expression: %r',
|
|
combined_re)
|
|
allow_list_re = None
|
|
return False
|
|
return True
|
|
|
|
# Pattern that matches the class descriptor in a "Class descriptor" line output
|
|
# by dexdump and extracts the class name - with / instead of .
|
|
CLASS_DESCRIPTOR_RE = re.compile("'L([^;]+);'")
|
|
|
|
def CheckDexJar(dexdump_path, allow_list_path, jar):
|
|
"""Check a dex jar file.
|
|
"""
|
|
# Get the class descriptor lines in the dexdump output. This filters out lines
|
|
# that do not contain class descriptors to reduce the size of the data read by
|
|
# this script.
|
|
p = subprocess.Popen(args='%s %s | grep "Class descriptor "' % (dexdump_path, jar),
|
|
stdout=subprocess.PIPE, shell=True)
|
|
stdout, _ = p.communicate()
|
|
if p.returncode != 0:
|
|
return False
|
|
# Split the output into lines
|
|
lines = stdout.split('\n')
|
|
classes = 0
|
|
for line in lines:
|
|
# The last line will be empty
|
|
if line == '':
|
|
continue
|
|
# Try and find the descriptor on the line. Fail immediately if it cannot be found
|
|
# as the dexdump output has probably changed.
|
|
found = CLASS_DESCRIPTOR_RE.search(line)
|
|
if not found:
|
|
print >> sys.stderr, ('Could not find class descriptor in line `%s`' % line)
|
|
return False
|
|
# Extract the class name (using / instead of .) from the class descriptor line
|
|
f = found.group(1)
|
|
classes += 1
|
|
package_name = os.path.dirname(f)
|
|
package_name = package_name.replace('/', '.')
|
|
if not package_name or not allow_list_re.match(package_name):
|
|
print >> sys.stderr, ('Error: %s contains class file %s, whose package name "%s" is empty or'
|
|
' not in the allow list %s of packages allowed on the bootclasspath.'
|
|
% (jar, f, package_name, allow_list_path))
|
|
return False
|
|
if classes == 0:
|
|
print >> sys.stderr, ('Error: %s does not contain any class files.' % jar)
|
|
return False
|
|
return True
|
|
|
|
|
|
def main(argv):
|
|
if len(argv) < 3:
|
|
print __doc__
|
|
return 1
|
|
dexdump_path = argv[0]
|
|
allow_list_path = argv[1]
|
|
|
|
if not LoadAllowList(allow_list_path):
|
|
return 1
|
|
|
|
passed = True
|
|
for jar in argv[2:]:
|
|
if not CheckDexJar(dexdump_path, allow_list_path, jar):
|
|
passed = False
|
|
if not passed:
|
|
return 1
|
|
|
|
return 0
|
|
|
|
|
|
if __name__ == '__main__':
|
|
sys.exit(main(sys.argv[1:]))
|