diff options
| -rw-r--r-- | Android.mk | 1 | ||||
| -rw-r--r-- | tools/veridex/Android.bp | 2 | ||||
| -rw-r--r-- | tools/veridex/Android.mk | 35 | ||||
| -rw-r--r-- | tools/veridex/README.md | 14 | ||||
| -rwxr-xr-x | tools/veridex/appcompat.sh | 51 |
5 files changed, 102 insertions, 1 deletions
diff --git a/Android.mk b/Android.mk index 558986e562..e4f4e74cb2 100644 --- a/Android.mk +++ b/Android.mk @@ -67,6 +67,7 @@ include $(art_path)/tools/Android.mk include $(art_path)/tools/ahat/Android.mk include $(art_path)/tools/amm/Android.mk include $(art_path)/tools/dexfuzz/Android.mk +include $(art_path)/tools/veridex/Android.mk include $(art_path)/libart_fake/Android.mk ART_HOST_DEPENDENCIES := \ diff --git a/tools/veridex/Android.bp b/tools/veridex/Android.bp index ff181c89a7..a74bf3d7f9 100644 --- a/tools/veridex/Android.bp +++ b/tools/veridex/Android.bp @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -art_cc_binary { +cc_binary { name: "veridex", host_supported: true, srcs: [ diff --git a/tools/veridex/Android.mk b/tools/veridex/Android.mk new file mode 100644 index 0000000000..4183054193 --- /dev/null +++ b/tools/veridex/Android.mk @@ -0,0 +1,35 @@ +# +# Copyright (C) 2018 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +LOCAL_PATH := $(call my-dir) + +system_stub_dex := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/core_dex_intermediates/classes.dex +$(system_stub_dex): PRIVATE_MIN_SDK_VERSION := 1000 +$(system_stub_dex): $(TOPDIR)prebuilts/sdk/system_current/android.jar | $(ZIP2ZIP) $(DX) + $(transform-classes-d8.jar-to-dex) + + +oahl_stub_dex := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/oahl_dex_intermediates/classes.dex +$(oahl_stub_dex): PRIVATE_MIN_SDK_VERSION := 1000 +$(oahl_stub_dex): $(TOPDIR)prebuilts/sdk/org.apache.http.legacy/org.apache.http.legacy.jar | $(ZIP2ZIP) $(DX) + $(transform-classes-d8.jar-to-dex) + +.PHONY: appcompat + +appcompat: $(system_stub_dex) $(oahl_stub_dex) $(HOST_OUT_EXECUTABLES)/veridex \ + ${TARGET_OUT_COMMON_INTERMEDIATES}/PACKAGING/hiddenapi-light-greylist.txt \ + ${TARGET_OUT_COMMON_INTERMEDIATES}/PACKAGING/hiddenapi-dark-greylist.txt \ + ${TARGET_OUT_COMMON_INTERMEDIATES}/PACKAGING/hiddenapi-blacklist.txt diff --git a/tools/veridex/README.md b/tools/veridex/README.md new file mode 100644 index 0000000000..0f91b08771 --- /dev/null +++ b/tools/veridex/README.md @@ -0,0 +1,14 @@ +appcompat.sh +============ + +Given an APK, finds API uses that fall into the blacklist/greylists APIs. + +NOTE: appcompat.sh is still under development. It can report +API uses that do not execute at runtime, and reflection uses +that do not exist. It can also miss on reflection uses. + +To build it: +> make appcompat + +To run it: +> ./art/tools/veridex/appcompat.sh test.apk diff --git a/tools/veridex/appcompat.sh b/tools/veridex/appcompat.sh new file mode 100755 index 0000000000..f75aa4f0d0 --- /dev/null +++ b/tools/veridex/appcompat.sh @@ -0,0 +1,51 @@ +#!/bin/bash +# +# Copyright (C) 2018 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# We want to be at the root for simplifying the "out" detection +# logic. +if [ ! -d art ]; then + echo "Script needs to be run at the root of the android tree." + exit 1 +fi + +# Logic for setting out_dir from build/make/core/envsetup.mk: +if [[ -z $OUT_DIR ]]; then + if [[ -z $OUT_DIR_COMMON_BASE ]]; then + OUT=out + else + OUT=${OUT_DIR_COMMON_BASE}/${PWD##*/} + fi +else + OUT=${OUT_DIR} +fi + +PACKAGING=${OUT}/target/common/obj/PACKAGING + +if [ -z "$ANDROID_HOST_OUT" ] ; then + ANDROID_HOST_OUT=${OUT}/host/linux-x86 +fi + +echo "NOTE: appcompat.sh is still under development. It can report" +echo "API uses that do not execute at runtime, and reflection uses" +echo "that do not exist. It can also miss on reflection uses." + + +${ANDROID_HOST_OUT}/bin/veridex \ + --core-stubs=${PACKAGING}/core_dex_intermediates/classes.dex:${PACKAGING}/oahl_dex_intermediates/classes.dex \ + --blacklist=${PACKAGING}/hiddenapi-blacklist.txt \ + --light-greylist=${PACKAGING}/hiddenapi-light-greylist.txt \ + --dark-greylist=${PACKAGING}/hiddenapi-dark-greylist.txt \ + --dex-file=$1 |