| Cole Faust | 9c5c09f | 2023-09-06 16:11:44 -0700 | [diff] [blame] | 1 | #!/usr/bin/env python3 |
| 2 | |
| 3 | import subprocess |
| 4 | import argparse |
| 5 | import re |
| 6 | import sys |
| 7 | import zipfile |
| 8 | |
| 9 | def check_target_sdk_less_than_30(args): |
| 10 | if not args.aapt2: |
| 11 | sys.exit('--aapt2 is required') |
| 12 | regex = re.compile(r"targetSdkVersion: *'([0-9]+)'") |
| 13 | output = subprocess.check_output([args.aapt2, "dump", "badging", args.apk], text=True) |
| 14 | targetSdkVersion = None |
| 15 | for line in output.splitlines(): |
| 16 | match = regex.fullmatch(line.strip()) |
| 17 | if match: |
| 18 | targetSdkVersion = int(match.group(1)) |
| 19 | break |
| 20 | |
| 21 | if targetSdkVersion is None or targetSdkVersion >= 30: |
| 22 | sys.exit(args.apk + ": Prebuilt, presigned apks with targetSdkVersion >= 30 (or a codename targetSdkVersion) must set preprocessed: true in the Android.bp definition (because they must be signed with signature v2, and the build system would wreck that signature otherwise)") |
| 23 | |
| 24 | def has_preprocessed_issues(args, *, fail=False): |
| 25 | if not args.zipalign: |
| 26 | sys.exit('--zipalign is required') |
| 27 | ret = subprocess.run([args.zipalign, '-c', '-p', '4', args.apk], stdout=subprocess.DEVNULL).returncode |
| 28 | if ret != 0: |
| 29 | if fail: |
| 30 | sys.exit(args.apk + ': Improper zip alignment') |
| 31 | return True |
| 32 | |
| 33 | with zipfile.ZipFile(args.apk) as zf: |
| 34 | for info in zf.infolist(): |
| 35 | if info.filename.startswith('lib/') and info.filename.endswith('.so') and info.compress_type != zipfile.ZIP_STORED: |
| 36 | if fail: |
| 37 | sys.exit(args.apk + ': Contains compressed JNI libraries') |
| 38 | return True |
| 39 | # It's ok for non-privileged apps to have compressed dex files, see go/gms-uncompressed-jni-slides |
| Rashid Zaman | 3bd2870 | 2024-07-23 17:23:05 -0700 | [diff] [blame] | 40 | if args.privileged and args.uncompress_priv_app_dex: |
| Cole Faust | 9c5c09f | 2023-09-06 16:11:44 -0700 | [diff] [blame] | 41 | if info.filename.endswith('.dex') and info.compress_type != zipfile.ZIP_STORED: |
| 42 | if fail: |
| 43 | sys.exit(args.apk + ': Contains compressed dex files and is privileged') |
| 44 | return True |
| 45 | return False |
| 46 | |
| 47 | |
| 48 | def main(): |
| 49 | parser = argparse.ArgumentParser() |
| 50 | parser.add_argument('--aapt2', help = "the path to the aapt2 executable") |
| 51 | parser.add_argument('--zipalign', help = "the path to the zipalign executable") |
| 52 | parser.add_argument('--skip-preprocessed-apk-checks', action = 'store_true', help = "the value of the soong property with the same name") |
| 53 | parser.add_argument('--preprocessed', action = 'store_true', help = "the value of the soong property with the same name") |
| 54 | parser.add_argument('--privileged', action = 'store_true', help = "the value of the soong property with the same name") |
| Rashid Zaman | 3bd2870 | 2024-07-23 17:23:05 -0700 | [diff] [blame] | 55 | parser.add_argument('--uncompress-priv-app-dex', action = 'store_true', help = "the value of the product variable with the same name") |
| Cole Faust | 9c5c09f | 2023-09-06 16:11:44 -0700 | [diff] [blame] | 56 | parser.add_argument('apk', help = "the apk to check") |
| 57 | parser.add_argument('stampfile', help = "a file to touch if successful") |
| 58 | args = parser.parse_args() |
| 59 | |
| 60 | if not args.preprocessed: |
| 61 | check_target_sdk_less_than_30(args) |
| 62 | elif args.skip_preprocessed_apk_checks: |
| 63 | if not has_preprocessed_issues(args): |
| 64 | sys.exit('This module sets `skip_preprocessed_apk_checks: true`, but does not actually have any issues. Please remove `skip_preprocessed_apk_checks`.') |
| 65 | else: |
| 66 | has_preprocessed_issues(args, fail=True) |
| 67 | |
| 68 | subprocess.check_call(["touch", args.stampfile]) |
| 69 | |
| 70 | if __name__ == "__main__": |
| 71 | main() |