1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
#!/usr/bin/env python3
import subprocess
import argparse
import re
import sys
import zipfile
def check_target_sdk_less_than_30(args):
if not args.aapt2:
sys.exit('--aapt2 is required')
regex = re.compile(r"targetSdkVersion: *'([0-9]+)'")
output = subprocess.check_output([args.aapt2, "dump", "badging", args.apk], text=True)
targetSdkVersion = None
for line in output.splitlines():
match = regex.fullmatch(line.strip())
if match:
targetSdkVersion = int(match.group(1))
break
if targetSdkVersion is None or targetSdkVersion >= 30:
sys.exit(args.apk + ": Prebuilt, presigned apks with targetSdkVersion >= 30 (or a codename targetSdkVersion) must set preprocessed: true in the Android.bp definition (because they must be signed with signature v2, and the build system would wreck that signature otherwise)")
def has_preprocessed_issues(args, *, fail=False):
if not args.zipalign:
sys.exit('--zipalign is required')
ret = subprocess.run([args.zipalign, '-c', '-p', '4', args.apk], stdout=subprocess.DEVNULL).returncode
if ret != 0:
if fail:
sys.exit(args.apk + ': Improper zip alignment')
return True
with zipfile.ZipFile(args.apk) as zf:
for info in zf.infolist():
if info.filename.startswith('lib/') and info.filename.endswith('.so') and info.compress_type != zipfile.ZIP_STORED:
if fail:
sys.exit(args.apk + ': Contains compressed JNI libraries')
return True
# It's ok for non-privileged apps to have compressed dex files
if args.privileged and args.uncompress_priv_app_dex:
if info.filename.endswith('.dex') and info.compress_type != zipfile.ZIP_STORED:
if fail:
sys.exit(args.apk + ': Contains compressed dex files and is privileged')
return True
return False
def main():
# This script enforces requirements for presigned apps as documented in:
# go/gms-uncompressed-jni-slides
# https://docs.partner.android.com/gms/building/integrating/jni-libs
# https://docs.partner.android.com/gms/policies/domains/mba#jni-lib
parser = argparse.ArgumentParser()
parser.add_argument('--aapt2', help = "the path to the aapt2 executable")
parser.add_argument('--zipalign', help = "the path to the zipalign executable")
parser.add_argument('--skip-preprocessed-apk-checks', action = 'store_true', help = "the value of the soong property with the same name")
parser.add_argument('--preprocessed', action = 'store_true', help = "the value of the soong property with the same name")
parser.add_argument('--privileged', action = 'store_true', help = "the value of the soong property with the same name")
parser.add_argument('--uncompress-priv-app-dex', action = 'store_true', help = "the value of the product variable with the same name")
parser.add_argument('apk', help = "the apk to check")
parser.add_argument('stampfile', help = "a file to touch if successful")
args = parser.parse_args()
if not args.preprocessed:
check_target_sdk_less_than_30(args)
elif args.skip_preprocessed_apk_checks:
if not has_preprocessed_issues(args):
sys.exit('This module sets `skip_preprocessed_apk_checks: true`, but does not actually have any issues. Please remove `skip_preprocessed_apk_checks`.')
else:
has_preprocessed_issues(args, fail=True)
subprocess.check_call(["touch", args.stampfile])
if __name__ == "__main__":
main()
|