[WIP] Add permission check script #943
Conversation
Added Python script (modified version of MindTheGApps one) to check missing privapp permissions along with permission check in the add_sourceapp.sh so that we don't miss new privapp permissions.
There was a problem hiding this comment.
Thanks @nezorflame !
I have some small points of feedback, but already looks very good
| import os | ||
| import subprocess | ||
| import sys | ||
| from xml.etree import ElementTree |
There was a problem hiding this comment.
Also do a check if these imported libraries are available in our checktools (or other graceful dealing with dependencies)
|
|
||
| # Definitions for privileged permissions | ||
| ANDROID_MANIFEST_XML = \ | ||
| 'https://raw.githubusercontent.com/LineageOS/android_frameworks_base/lineage-19.0/core/res/AndroidManifest.xml' |
There was a problem hiding this comment.
Can we host our own file for this?
There was a problem hiding this comment.
And rather also a local copy in our repository than requesting a file from the internet every time we add an apk.
| #!/usr/bin/python3 | ||
| # | ||
| # Copyright (C) 2021 Paul Keith <javelinanddart@gmail.com> | ||
| # |
There was a problem hiding this comment.
If you made any changes, also add your own name
There was a problem hiding this comment.
You mean instead of the original author's name or next to it? I've placed my name lower on line 14.
There was a problem hiding this comment.
IMHO you should move line 14 to here
|
I don't see any issues above what Maarten has commented |
nezorflame
changed the title
| @@ -188,7 +194,10 @@ addlib() { | |||
| checkpermissions() { | |||
| apk="$1" | |||
| echo "Checking if any extra privapp-permissions are needed..." | |||
| python scripts/verify-permissions.py "$apk" | |||
| missingperms=$(python3 scripts/verify-permissions.py "$apk" 2>&1 >/dev/null) | |||
There was a problem hiding this comment.
does the python script give a return code? That is probably easy to check for than testing if it returns a string.
| @@ -139,6 +139,14 @@ $notinzip";; | |||
| fi | |||
| echo "APK is complete, certificate is valid and signed by Google" | |||
|
|
|||
| checkpermissions "$apk" | |||
| checked="$?" | |||
There was a problem hiding this comment.
Checking the return-code here is not very easy to read/understand.
I think it would be better to handle both the checking and any errors in the checkpermission() function itself.
| #!/usr/bin/python3 | ||
| # | ||
| # Copyright (C) 2021 Paul Keith <javelinanddart@gmail.com> | ||
| # |
There was a problem hiding this comment.
IMHO you should move line 14 to here
Added Python script (modified version of MindTheGApps one) to check missing privapp permissions.
Also modified add_sourceapp.sh so that it also checks missing permissions for the added APKs.