1#!/usr/bin/env python
2#
3# Copyright (C) 2018 The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#      http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16"""
17Generate API lists for non-SDK API enforcement.
18"""
19import argparse
20from collections import defaultdict
21import os
22import sys
23import re
24import functools
25
26# Names of flags recognized by the `hiddenapi` tool.
27FLAG_WHITELIST = "whitelist"
28FLAG_GREYLIST = "greylist"
29FLAG_BLACKLIST = "blacklist"
30FLAG_GREYLIST_MAX_O = "greylist-max-o"
31FLAG_GREYLIST_MAX_P = "greylist-max-p"
32FLAG_GREYLIST_MAX_Q = "greylist-max-q"
33FLAG_CORE_PLATFORM_API = "core-platform-api"
34FLAG_PUBLIC_API = "public-api"
35FLAG_SYSTEM_API = "system-api"
36FLAG_TEST_API = "test-api"
37
38# List of all known flags.
39FLAGS_API_LIST = [
40    FLAG_WHITELIST,
41    FLAG_GREYLIST,
42    FLAG_BLACKLIST,
43    FLAG_GREYLIST_MAX_O,
44    FLAG_GREYLIST_MAX_P,
45    FLAG_GREYLIST_MAX_Q,
46]
47ALL_FLAGS = FLAGS_API_LIST + [
48    FLAG_CORE_PLATFORM_API,
49    FLAG_PUBLIC_API,
50    FLAG_SYSTEM_API,
51    FLAG_TEST_API,
52    ]
53
54FLAGS_API_LIST_SET = set(FLAGS_API_LIST)
55ALL_FLAGS_SET = set(ALL_FLAGS)
56
57# Suffix used in command line args to express that only known and
58# otherwise unassigned entries should be assign the given flag.
59# For example, the P dark greylist is checked in as it was in P,
60# but signatures have changes since then. The flag instructs this
61# script to skip any entries which do not exist any more.
62FLAG_IGNORE_CONFLICTS_SUFFIX = "-ignore-conflicts"
63
64# Suffix used in command line args to express that all apis within a given set
65# of packages should be assign the given flag.
66FLAG_PACKAGES_SUFFIX = "-packages"
67
68# Regex patterns of fields/methods used in serialization. These are
69# considered public API despite being hidden.
70SERIALIZATION_PATTERNS = [
71    r'readObject\(Ljava/io/ObjectInputStream;\)V',
72    r'readObjectNoData\(\)V',
73    r'readResolve\(\)Ljava/lang/Object;',
74    r'serialVersionUID:J',
75    r'serialPersistentFields:\[Ljava/io/ObjectStreamField;',
76    r'writeObject\(Ljava/io/ObjectOutputStream;\)V',
77    r'writeReplace\(\)Ljava/lang/Object;',
78]
79
80# Single regex used to match serialization API. It combines all the
81# SERIALIZATION_PATTERNS into a single regular expression.
82SERIALIZATION_REGEX = re.compile(r'.*->(' + '|'.join(SERIALIZATION_PATTERNS) + r')$')
83
84# Predicates to be used with filter_apis.
85HAS_NO_API_LIST_ASSIGNED = lambda api, flags: not FLAGS_API_LIST_SET.intersection(flags)
86IS_SERIALIZATION = lambda api, flags: SERIALIZATION_REGEX.match(api)
87
88def get_args():
89    """Parses command line arguments.
90
91    Returns:
92        Namespace: dictionary of parsed arguments
93    """
94    parser = argparse.ArgumentParser()
95    parser.add_argument('--output', required=True)
96    parser.add_argument('--csv', nargs='*', default=[], metavar='CSV_FILE',
97        help='CSV files to be merged into output')
98
99    for flag in ALL_FLAGS:
100        ignore_conflicts_flag = flag + FLAG_IGNORE_CONFLICTS_SUFFIX
101        packages_flag = flag + FLAG_PACKAGES_SUFFIX
102        parser.add_argument('--' + flag, dest=flag, nargs='*', default=[], metavar='TXT_FILE',
103            help='lists of entries with flag "' + flag + '"')
104        parser.add_argument('--' + ignore_conflicts_flag, dest=ignore_conflicts_flag, nargs='*',
105            default=[], metavar='TXT_FILE',
106            help='lists of entries with flag "' + flag +
107                 '". skip entry if missing or flag conflict.')
108        parser.add_argument('--' + packages_flag, dest=packages_flag, nargs='*',
109            default=[], metavar='TXT_FILE',
110            help='lists of packages to be added to ' + flag + ' list')
111
112    return parser.parse_args()
113
114def read_lines(filename):
115    """Reads entire file and return it as a list of lines.
116
117    Lines which begin with a hash are ignored.
118
119    Args:
120        filename (string): Path to the file to read from.
121
122    Returns:
123        Lines of the file as a list of string.
124    """
125    with open(filename, 'r') as f:
126        lines = f.readlines();
127    lines = filter(lambda line: not line.startswith('#'), lines)
128    lines = map(lambda line: line.strip(), lines)
129    return set(lines)
130
131def write_lines(filename, lines):
132    """Writes list of lines into a file, overwriting the file it it exists.
133
134    Args:
135        filename (string): Path to the file to be writting into.
136        lines (list): List of strings to write into the file.
137    """
138    lines = map(lambda line: line + '\n', lines)
139    with open(filename, 'w') as f:
140        f.writelines(lines)
141
142def extract_package(signature):
143    """Extracts the package from a signature.
144
145    Args:
146        signature (string): JNI signature of a method or field.
147
148    Returns:
149        The package name of the class containing the field/method.
150    """
151    full_class_name = signature.split(";->")[0]
152    # Example: Landroid/hardware/radio/V1_2/IRadio$Proxy
153    if (full_class_name[0] != "L"):
154        raise ValueError("Expected to start with 'L': %s" % full_class_name)
155    full_class_name = full_class_name[1:]
156    # If full_class_name doesn't contain '/', then package_name will be ''.
157    package_name = full_class_name.rpartition("/")[0]
158    return package_name.replace('/', '.')
159
160class FlagsDict:
161    def __init__(self):
162        self._dict_keyset = set()
163        self._dict = defaultdict(set)
164
165    def _check_entries_set(self, keys_subset, source):
166        assert isinstance(keys_subset, set)
167        assert keys_subset.issubset(self._dict_keyset), (
168            "Error processing: {}\n"
169            "The following entries were unexpected:\n"
170            "{}"
171            "Please visit go/hiddenapi for more information.").format(
172                source, "".join(map(lambda x: "  " + str(x), keys_subset - self._dict_keyset)))
173
174    def _check_flags_set(self, flags_subset, source):
175        assert isinstance(flags_subset, set)
176        assert flags_subset.issubset(ALL_FLAGS_SET), (
177            "Error processing: {}\n"
178            "The following flags were not recognized: \n"
179            "{}\n"
180            "Please visit go/hiddenapi for more information.").format(
181                source, "\n".join(flags_subset - ALL_FLAGS_SET))
182
183    def filter_apis(self, filter_fn):
184        """Returns APIs which match a given predicate.
185
186        This is a helper function which allows to filter on both signatures (keys) and
187        flags (values). The built-in filter() invokes the lambda only with dict's keys.
188
189        Args:
190            filter_fn : Function which takes two arguments (signature/flags) and returns a boolean.
191
192        Returns:
193            A set of APIs which match the predicate.
194        """
195        return set(filter(lambda x: filter_fn(x, self._dict[x]), self._dict_keyset))
196
197    def get_valid_subset_of_unassigned_apis(self, api_subset):
198        """Sanitizes a key set input to only include keys which exist in the dictionary
199        and have not been assigned any API list flags.
200
201        Args:
202            entries_subset (set/list): Key set to be sanitized.
203
204        Returns:
205            Sanitized key set.
206        """
207        assert isinstance(api_subset, set)
208        return api_subset.intersection(self.filter_apis(HAS_NO_API_LIST_ASSIGNED))
209
210    def generate_csv(self):
211        """Constructs CSV entries from a dictionary.
212
213        Returns:
214            List of lines comprising a CSV file. See "parse_and_merge_csv" for format description.
215        """
216        return sorted(map(lambda api: ",".join([api] + sorted(self._dict[api])), self._dict))
217
218    def parse_and_merge_csv(self, csv_lines, source = "<unknown>"):
219        """Parses CSV entries and merges them into a given dictionary.
220
221        The expected CSV format is:
222            <api signature>,<flag1>,<flag2>,...,<flagN>
223
224        Args:
225            csv_lines (list of strings): Lines read from a CSV file.
226            source (string): Origin of `csv_lines`. Will be printed in error messages.
227
228        Throws:
229            AssertionError if parsed flags are invalid.
230        """
231        # Split CSV lines into arrays of values.
232        csv_values = [ line.split(',') for line in csv_lines ]
233
234        # Update the full set of API signatures.
235        self._dict_keyset.update([ csv[0] for csv in csv_values ])
236
237        # Check that all flags are known.
238        csv_flags = set(functools.reduce(
239            lambda x, y: set(x).union(y),
240            [ csv[1:] for csv in csv_values ],
241            []))
242        self._check_flags_set(csv_flags, source)
243
244        # Iterate over all CSV lines, find entry in dict and append flags to it.
245        for csv in csv_values:
246            flags = csv[1:]
247            if (FLAG_PUBLIC_API in flags) or (FLAG_SYSTEM_API in flags):
248                flags.append(FLAG_WHITELIST)
249            self._dict[csv[0]].update(flags)
250
251    def assign_flag(self, flag, apis, source="<unknown>"):
252        """Assigns a flag to given subset of entries.
253
254        Args:
255            flag (string): One of ALL_FLAGS.
256            apis (set): Subset of APIs to receive the flag.
257            source (string): Origin of `entries_subset`. Will be printed in error messages.
258
259        Throws:
260            AssertionError if parsed API signatures of flags are invalid.
261        """
262        # Check that all APIs exist in the dict.
263        self._check_entries_set(apis, source)
264
265        # Check that the flag is known.
266        self._check_flags_set(set([ flag ]), source)
267
268        # Iterate over the API subset, find each entry in dict and assign the flag to it.
269        for api in apis:
270            self._dict[api].add(flag)
271
272def main(argv):
273    # Parse arguments.
274    args = vars(get_args())
275
276    # Initialize API->flags dictionary.
277    flags = FlagsDict()
278
279    # Merge input CSV files into the dictionary.
280    # Do this first because CSV files produced by parsing API stubs will
281    # contain the full set of APIs. Subsequent additions from text files
282    # will be able to detect invalid entries, and/or filter all as-yet
283    # unassigned entries.
284    for filename in args["csv"]:
285        flags.parse_and_merge_csv(read_lines(filename), filename)
286
287    # Combine inputs which do not require any particular order.
288    # (1) Assign serialization API to whitelist.
289    flags.assign_flag(FLAG_WHITELIST, flags.filter_apis(IS_SERIALIZATION))
290
291    # (2) Merge text files with a known flag into the dictionary.
292    for flag in ALL_FLAGS:
293        for filename in args[flag]:
294            flags.assign_flag(flag, read_lines(filename), filename)
295
296    # Merge text files where conflicts should be ignored.
297    # This will only assign the given flag if:
298    # (a) the entry exists, and
299    # (b) it has not been assigned any other flag.
300    # Because of (b), this must run after all strict assignments have been performed.
301    for flag in ALL_FLAGS:
302        for filename in args[flag + FLAG_IGNORE_CONFLICTS_SUFFIX]:
303            valid_entries = flags.get_valid_subset_of_unassigned_apis(read_lines(filename))
304            flags.assign_flag(flag, valid_entries, filename)
305
306    # All members in the specified packages will be assigned the appropriate flag.
307    for flag in ALL_FLAGS:
308        for filename in args[flag + FLAG_PACKAGES_SUFFIX]:
309            packages_needing_list = set(read_lines(filename))
310            should_add_signature_to_list = lambda sig,lists: extract_package(
311                sig) in packages_needing_list and not lists
312            valid_entries = flags.filter_apis(should_add_signature_to_list)
313            flags.assign_flag(flag, valid_entries)
314
315    # Assign all remaining entries to the blacklist.
316    flags.assign_flag(FLAG_BLACKLIST, flags.filter_apis(HAS_NO_API_LIST_ASSIGNED))
317
318    # Write output.
319    write_lines(args["output"], flags.generate_csv())
320
321if __name__ == "__main__":
322    main(sys.argv)
323