tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Migrate insertkeys.py to Python3

Browse source 
PEM files are ASCII-encoded, open them as text file (as opposed to
binary). Avoid relying on __del__. Introduce a prologue and epilogue
methods to emit the <policy> tag only once per output.

Test: build plat_mac_permissions.xml on bramble and compare with
      previous version; identical
Test: build product_mac_permissions.xml on bramble and compare with
      previous version; identical
Test: build system_ext_mac_permissions.xml on bramble and compare with
      previous version; identical
Test: build vendor_mac_permissions.xml on bramble and compare with
      previous version; identical
Bug: 200119288
Change-Id: Iced0acf75bff756453918a411aecb9f4ef8f825d
This commit is contained in:
Thiébaud Weksteen 2021-12-03 13:38:04 +11:00
parent 26950bb361
commit 9870725336
3 changed files with 25 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
mac_permissions.mk
View file

@ -26,12 +26,12 @@ all_plat_keys := platform media networkstack shared testkey
all_plat_keys := $(all_plat_keys:%=$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))/%.x509.pem)
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_plat_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(plat_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
$(LOCAL_BUILT_MODULE): $(plat_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys \
$(all_plat_mac_perms_files) $(all_plat_keys)
@mkdir -p $(dir $@)
$(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
MAINLINE_SEPOLICY_DEV_CERTIFICATES="$(MAINLINE_SEPOLICY_DEV_CERTIFICATES)" \
$(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
$(HOST_OUT_EXECUTABLES)/insertkeys -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
all_plat_keys :=
all_plat_mac_perms_files :=
@ -63,10 +63,10 @@ $(system_ext_mac_perms_keys.tmp): $(all_system_ext_mac_perms_keys) $(M4)
$(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_system_ext_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(system_ext_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
$(LOCAL_BUILT_MODULE): $(system_ext_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys \
$(all_system_ext_mac_perms_files)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
system_ext_mac_perms_keys.tmp :=
all_system_ext_mac_perms_files :=
@ -97,10 +97,10 @@ $(product_mac_perms_keys.tmp): $(all_product_mac_perms_keys) $(M4)
$(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_product_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(product_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
$(LOCAL_BUILT_MODULE): $(product_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys \
$(all_product_mac_perms_files)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
product_mac_perms_keys.tmp :=
all_product_mac_perms_files :=
@ -131,11 +131,11 @@ $(vendor_mac_perms_keys.tmp): $(all_vendor_mac_perms_keys) $(M4)
$(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_vendor_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(vendor_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
$(LOCAL_BUILT_MODULE): $(vendor_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys \
$(all_vendor_mac_perms_files)
@mkdir -p $(dir $@)
$(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
$(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
$(HOST_OUT_EXECUTABLES)/insertkeys -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
vendor_mac_perms_keys.tmp :=
all_vendor_mac_perms_files :=
@ -166,10 +166,10 @@ $(odm_mac_perms_keys.tmp): $(all_odm_mac_perms_keys) $(M4)
$(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_odm_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(odm_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
$(LOCAL_BUILT_MODULE): $(odm_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys \
$(all_odm_mac_perms_files)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
odm_mac_perms_keys.tmp :=
all_odm_mac_perms_files :=

5
tools/Android.bp
View file

@ -59,8 +59,7 @@ cc_binary_host {
srcs: ["version_policy.c"],
}
cc_prebuilt_binary {
name: "insertkeys.py",
python_binary_host {
name: "insertkeys",
srcs: ["insertkeys.py"],
host_supported: true,
}

24
tools/insertkeys.py
View file

@ -1,8 +1,8 @@
#!/usr/bin/env python
#!/usr/bin/env python3
from xml.sax import saxutils, handler, make_parser
from optparse import OptionParser
import ConfigParser
import configparser
import logging
import base64
import sys
@ -32,7 +32,7 @@ class GenerateKeys(object):
if not os.path.isfile(path):
sys.exit("Path " + path + " does not exist or is not a file!")
pkFile = open(path, 'rb').readlines()
pkFile = open(path, 'r').readlines()
base64Key = ""
lineNo = 1
certNo = 1
@ -66,7 +66,7 @@ class GenerateKeys(object):
self._base64Key.append(base64Key)
try:
# Pkgmanager and setool see hex strings with lowercase, lets be consistent
self._base16Key.append(base64.b16encode(base64.b64decode(base64Key)).lower())
self._base16Key.append(base64.b16encode(base64.b64decode(base64Key)).decode('ascii').lower())
except TypeError:
sys.exit("Invalid certificate, certificate "+ str(certNo) + " found in file: "
+ path)
@ -79,7 +79,7 @@ class GenerateKeys(object):
# If we haven't started the certificate, then we should not encounter any data
elif not inCert:
if line is not "":
if line != "":
sys.exit("Detected erroneous line \""+ line + "\" on " + str(lineNo)
+ " in pem file: " + path)
@ -107,7 +107,7 @@ class GenerateKeys(object):
def getBase64Keys(self):
return self._base64Key
class ParseConfig(ConfigParser.ConfigParser):
class ParseConfig(configparser.ConfigParser):
# This must be lowercase
OPTION_WILDCARD_TAG = "all"
@ -160,15 +160,16 @@ class ReplaceTags(handler.ContentHandler):
XML_ENCODING_TAG = '<?xml version="1.0" encoding="iso-8859-1"?>'
def __init__(self, keyMap, out=sys.stdout):
handler.ContentHandler.__init__(self)
self._keyMap = keyMap
self._out = out
def prologue(self):
self._out.write(ReplaceTags.XML_ENCODING_TAG)
self._out.write("<!-- AUTOGENERATED FILE DO NOT MODIFY -->")
self._out.write("<policy>")
def __del__(self):
def epilogue(self):
self._out.write("</policy>")
def startElement(self, tag, attrs):
@ -210,8 +211,6 @@ class ReplaceTags(handler.ContentHandler):
if __name__ == "__main__":
# Intentional double space to line up equls signs and opening " for
# readability.
usage = "usage: %prog [options] CONFIG_FILE MAC_PERMISSIONS_FILE [MAC_PERMISSIONS_FILE...]\n"
usage += "This tool allows one to configure an automatic inclusion\n"
usage += "of signing keys into the mac_permision.xml file(s) from the\n"
@ -262,6 +261,9 @@ if __name__ == "__main__":
logging.info(k + " : " + str(key_map[k]))
# Generate the XML file with markup replaced with keys
parser = make_parser()
parser.setContentHandler(ReplaceTags(key_map, output_file))
handler = ReplaceTags(key_map, output_file)
parser.setContentHandler(handler)
handler.prologue()
for f in args[1:]:
parser.parse(f)
handler.epilogue()