|
|
|
@ -143,3 +143,36 @@ createwhitelist() {
|
|
|
|
|
done;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
checkwhitelist() {
|
|
|
|
|
|
|
|
|
|
echo " ";
|
|
|
|
|
echo " - Checking priv-app permissions...";
|
|
|
|
|
|
|
|
|
|
aapt="util/aapt";
|
|
|
|
|
privpermlist="util/privperms.lst";
|
|
|
|
|
|
|
|
|
|
[ -f "$resdldir/$privpermlist" ] || { echo "ERROR: No privileged permission list to check" >&2; return 1; }
|
|
|
|
|
[ -f "$resdldir/$aapt" ] || { echo "ERROR: No aapt found" >&2; return 1; }
|
|
|
|
|
|
|
|
|
|
privlogfile="$(ls -t $reldir/update-*.log | head)";
|
|
|
|
|
for privappfile in $(cat "$reldir/$privlogfile" | grep -Po "FILE: [^,]*" | cut -d" " -f2 | grep -o "/system/priv-app/.*/.*.apk"); do
|
|
|
|
|
[ -f "$privappfile" ] || { echo "ERROR: Privapp $privappfile not found" >&2; continue; }
|
|
|
|
|
privperms="";
|
|
|
|
|
privapppackage="$("$resdldir/$aapt" dump badging "$privappfile" | grep -o "package: name=[^ ]*" | sed "s|'| |g" | awk '{ print $3 }')"
|
|
|
|
|
privappperms="$("$resdldir/$aapt" dump permissions "$privappfile" | grep -o "uses-permission: name=[^ ]*" | sed "s|'| |g" | awk '{ print $3 }' | sort -u)";
|
|
|
|
|
for privperm in in $privappperms; do
|
|
|
|
|
grep -q "$privperm" "$resdldir/$privpermlist" || continue;
|
|
|
|
|
grep -q "$privperm" "$resdir/system/etc/permissions/$privapppackage.xml" && continue;
|
|
|
|
|
privperms="$privperm $privperms";
|
|
|
|
|
done;
|
|
|
|
|
[ "$privperms" ] || continue;
|
|
|
|
|
echo " ";
|
|
|
|
|
echo " -- File: $privappfile";
|
|
|
|
|
echo " -- Package: $privapppackage";
|
|
|
|
|
for permentry in $privperms; do
|
|
|
|
|
echo " ++ Needs whitelisting perm $permentry";
|
|
|
|
|
done;
|
|
|
|
|
done;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|