privapp_permissions: Check product privapp_permissions

* permission whitelists need to get placed on the same partition as the apps themselves
* check product and system individually and generate XMLs accordingly

Test: Verify missing entries for system and product get generated on hotdog
Test: Verify missing entries for system and system/product get generated on taimen and maple
Change-Id: I37bd5c7b738caaab93019688c6a944dc6bbffa75

Author: Myself5

tools/privapp_permissions/privapp_permissions.py

@@ -38,7 +38,7 @@
 Usage:
     Specify which apk to generate priv-app permissions for. If no apk is \
 specified, this will default to all APKs under "<ANDROID_PRODUCT_OUT>/ \
-system/priv-app".
+system/priv-app and (system/)product/priv-app".
 
 Examples:
 
@@ -156,9 +156,18 @@ def __init__(self, adb_path=None, aapt_path=None, use_device=None,
                 'You must either set up your build environment, or specify a '
                 'device to run against. See --help for more info.')
 
-        self.privapp_apks = self._resolve_apks(apks)
-        self.permissions_dir = self._resolve_sys_path('system/etc/permissions')
-        self.sysconfig_dir = self._resolve_sys_path('system/etc/sysconfig')
+        self.system_privapp_apks, self.product_privapp_apks =(
+                self._resolve_apks(apks))
+        self.system_permissions_dir = (
+                self._resolve_sys_path('system/etc/permissions'))
+        self.system_sysconfig_dir = (
+                self._resolve_sys_path('system/etc/sysconfig'))
+        self.product_permissions_dir = (
+                self._resolve_sys_path('product/etc/permissions',
+                                       'system/product/etc/permissions'))
+        self.product_sysconfig_dir = (
+                self._resolve_sys_path('product/etc/sysconfig',
+                                       'system/product/etc/sysconfig'))
         self.framework_res_apk = self._resolve_sys_path('system/framework/'
                                                         'framework-res.apk')
 
@@ -289,7 +298,8 @@ def _resolve_apks(self, apks):
             be found.
         """
         if not apks:
-            return self._resolve_all_privapps()
+            return (self._resolve_all_system_privapps(),
+                   self._resolve_all_product_privapps())
 
         ret_apks = []
         for apk in apks:
@@ -306,29 +316,77 @@ def _resolve_apks(self, apks):
                 raise MissingResourceError('File "%s" does not exist.' % apk)
             else:
                 ret_apks.append(apk)
-        return ret_apks
+        return ret_apks, None
 
-    def _resolve_all_privapps(self):
+    def _resolve_all_system_privapps(self):
         """Extract package name and requested permissions."""
         if self._is_android_env:
-            priv_app_dir = os.path.join(os.environ['ANDROID_PRODUCT_OUT'],
-                                        'system/priv-app')
+            system_priv_app_dir = (
+                    os.path.join(os.environ['ANDROID_PRODUCT_OUT'],
+                                            'system/priv-app'))
         else:
             try:
-                priv_app_dir = self.adb.pull('/system/priv-app/')
+                system_priv_app_dir = self.adb.pull('/system/priv-app/')
             except subprocess.CalledProcessError:
                 raise MissingResourceError(
                     'Directory "/system/priv-app" could not be pulled from on '
                     'device "%s".' % self.adb.serial)
 
-        return get_output('find %s -name "*.apk"' % priv_app_dir).split()
+        return get_output('find %s -name "*.apk"' % system_priv_app_dir).split()
 
-    def _resolve_sys_path(self, file_path):
+    def _resolve_all_product_privapps(self):
+        """Extract package name and requested permissions."""
+        if self._is_android_env:
+            product_priv_app_dir = (
+                    os.path.join(os.environ['ANDROID_PRODUCT_OUT'],
+                                            'product/priv-app'))
+            if not os.path.exists(product_priv_app_dir):
+                product_priv_app_dir  = (
+                        os.path.join(os.environ['ANDROID_PRODUCT_OUT'],
+                                                'system/product/priv-app'))
+        else:
+            try:
+                product_priv_app_dir = self.adb.pull('/product/priv-app/')
+            except subprocess.CalledProcessError:
+                print('Warning: Directory "/product/priv-app" could not be '
+                        'pulled from on device "%s". Trying '
+                        '"/system/product/priv-app"' % self.adb.serial,
+                        file=sys.stderr)
+                try:
+                    product_priv_app_dir = (
+                            self.adb.pull('/system/product/priv-app/'))
+                except subprocess.CalledProcessError:
+                    raise MissingResourceError(
+                        'Directory "/system/product/priv-app" could not be '
+                        'pulled from on device "%s".' % self.adb.serial)
+
+        return get_output(
+                'find %s -name "*.apk"' % product_priv_app_dir).split()
+
+    def _resolve_sys_path(self, file_path, fallback_file_path=None):
         """Resolves a path that is a part of an Android System Image."""
         if self._is_android_env:
-            return os.path.join(os.environ['ANDROID_PRODUCT_OUT'], file_path)
+            sys_path = (
+                    os.path.join(os.environ['ANDROID_PRODUCT_OUT'], file_path))
+            if not os.path.exists(sys_path):
+                sys_path = (
+                        os.path.join(os.environ['ANDROID_PRODUCT_OUT'],
+                        fallback_file_path))
         else:
-            return self.adb.pull(file_path)
+            try:
+                sys_path = self.adb.pull(file_path)
+            except subprocess.CalledProcessError:
+                print('Warning: Directory %s could not be pulled from on device'
+                        '"%s". Trying "/system/product/priv-app"'
+                        % (file_path, self.adb.serial), file=sys.stderr)
+                try:
+                    sys_path = self.adb.pull(fallback_file_path)
+                except subprocess.CalledProcessError:
+                    raise MissingResourceError(
+                        'Directory %s could not be pulled from on '
+                        'device "%s".' % (fallback_file_path, self.adb.serial))
+
+        return sys_path
 
 
 def get_output(command):
@@ -390,17 +448,38 @@ def parse_args():
         help='A list of paths to priv-app APKs to generate permissions for. '
              'To make a path device-side, prefix the path with "device:".'
     )
+    parser.add_argument(
+        '-w',
+        '--writetodisk',
+        action='store_true',
+        default=False,
+        required=False,
+        help='Whether or not to store the generated permissions directly to '
+             'a file. See --systemfile/--productfile for more information.'
+    )
+    parser.add_argument(
+        '--systemfile',
+        default='./system.xml',
+        required=False,
+        help='Path to system permissions file. Default value is ./system.xml'
+    )
+    parser.add_argument(
+        '--productfile',
+        default='./product.xml',
+        required=False,
+        help='Path to system permissions file. Default value is ./product.xml'
+    )
     cmd_args = parser.parse_args()
 
     return cmd_args
 
-
-def create_permission_file(resources):
+def create_permission_file(resources, privapp_apks, permissions_dir,
+            sysconfig_dir, file=None):
     # Parse base XML files in /etc dir, permissions listed there don't have
     # to be re-added
     base_permissions = {}
-    base_xml_files = itertools.chain(list_xml_files(resources.permissions_dir),
-                                     list_xml_files(resources.sysconfig_dir))
+    base_xml_files = itertools.chain(list_xml_files(permissions_dir),
+                                     list_xml_files(sysconfig_dir))
     for xml_file in base_xml_files:
         parse_config_xml(xml_file, base_permissions)
 
@@ -409,7 +488,7 @@ def create_permission_file(resources):
 
     apps_redefine_base = []
     results = {}
-    for priv_app in resources.privapp_apks:
+    for priv_app in privapp_apks:
         pkg_info = extract_pkg_and_requested_permissions(resources.aapt,
                                                          priv_app)
         pkg_name = pkg_info['package_name']
@@ -426,7 +505,8 @@ def create_permission_file(resources):
             results[pkg_name] = sorted(priv_perms)
 
     print_xml(results, apps_redefine_base)
-
+    if file is not None:
+        print_xml(results, apps_redefine_base, file)
 
 def print_xml(results, apps_redefine_base, fd=sys.stdout):
     """Print results to the given file."""
@@ -572,7 +652,43 @@ def cleanup():
             serial=args.serial,
             apks=args.apks
         )
-        create_permission_file(tool_resources)
+        system_permission_file=None
+        product_permission_file=None
+        print('#' * 80)
+        print('#')
+        if args.writetodisk:
+            print('#System XML written to %s:' % args.systemfile)
+            system_permission_file = open(args.systemfile, 'w')
+        else:
+            print('#System XML:')
+        print('#')
+        print('#' * 80)
+        create_permission_file(
+            tool_resources,
+            tool_resources.system_privapp_apks,
+            tool_resources.system_permissions_dir,
+            tool_resources.system_sysconfig_dir,
+            system_permission_file)
+        if args.writetodisk:
+            system_permission_file.close()
+        if tool_resources.product_privapp_apks:
+            print('#' * 80)
+            print('#')
+            if args.writetodisk:
+                print('#Product XML written to %s:' % args.productfile)
+                product_permission_file = open(args.productfile, 'w')
+            else:
+                print('#Product XML:')
+            print('#')
+            print('#' * 80)
+            create_permission_file(
+                tool_resources,
+                tool_resources.product_privapp_apks,
+                tool_resources.product_permissions_dir,
+                tool_resources.product_sysconfig_dir,
+                product_permission_file)
+            if args.writetodisk:
+                product_permission_file.close()
     except MissingResourceError as e:
         print(str(e), file=sys.stderr)
         exit(1)