New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Add permission check script #943
base: master
Are you sure you want to change the base?
Conversation
Added Python script (modified version of MindTheGApps one) to check missing privapp permissions along with permission check in the add_sourceapp.sh so that we don't miss new privapp permissions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @nezorflame !
I have some small points of feedback, but already looks very good
import os | ||
import subprocess | ||
import sys | ||
from xml.etree import ElementTree |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also do a check if these imported libraries are available in our checktools (or other graceful dealing with dependencies)
|
||
# Definitions for privileged permissions | ||
ANDROID_MANIFEST_XML = \ | ||
'https://raw.githubusercontent.com/LineageOS/android_frameworks_base/lineage-19.0/core/res/AndroidManifest.xml' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we host our own file for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And rather also a local copy in our repository than requesting a file from the internet every time we add an apk.
#!/usr/bin/python3 | ||
# | ||
# Copyright (C) 2021 Paul Keith <javelinanddart@gmail.com> | ||
# |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you made any changes, also add your own name
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You mean instead of the original author's name or next to it? I've placed my name lower on line 14.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO you should move line 14 to here
I don't see any issues above what Maarten has commented |
@@ -188,7 +194,10 @@ addlib() { | |||
checkpermissions() { | |||
apk="$1" | |||
echo "Checking if any extra privapp-permissions are needed..." | |||
python scripts/verify-permissions.py "$apk" | |||
missingperms=$(python3 scripts/verify-permissions.py "$apk" 2>&1 >/dev/null) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does the python script give a return code? That is probably easy to check for than testing if it returns a string.
@@ -139,6 +139,14 @@ $notinzip";; | |||
fi | |||
echo "APK is complete, certificate is valid and signed by Google" | |||
|
|||
checkpermissions "$apk" | |||
checked="$?" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Checking the return-code here is not very easy to read/understand.
I think it would be better to handle both the checking and any errors in the checkpermission() function itself.
#!/usr/bin/python3 | ||
# | ||
# Copyright (C) 2021 Paul Keith <javelinanddart@gmail.com> | ||
# |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO you should move line 14 to here
Added Python script (modified version of MindTheGApps one) to check missing privapp permissions.
Also modified add_sourceapp.sh so that it also checks missing permissions for the added APKs.