protection level for custom permissions #1046

2024-10-07 02:03:30 +00:00 · 2024-05-14 23:11:50 +03:00 · 2024-05-14 23:11:50 +03:00 · 1bd82d4ce5
commit 1bd82d4ce5
parent ef5d45efd5
2 changed files with 46 additions and 4 deletions
--- a/androguard/core/apk/init.py
+++ b/androguard/core/apk/init.py
@ -41,6 +41,40 @@ from loguru import logger
 NS_ANDROID_URI = 'http://schemas.android.com/apk/res/android'
 NS_ANDROID = '{{{}}}'.format(NS_ANDROID_URI)  # Namespace as used by etree

+# Dictionary of the different protection levels mapped to their corresponding attribute names as described in
+# https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/content/pm/PermissionInfo.java
+protection_flags_to_attributes = {
+    "0x00000000": "normal",
+    "0x00000001": "dangerous",
+    "0x00000002": "signature",
+    "0x00000003": "signature or system",
+    "0x00000004": "internal",
+    "0x00000010": "privileged",
+    "0x00000020": "development",
+    "0x00000040": "appop",
+    "0x00000080": "pre23",
+    "0x00000100": "installer",
+    "0x00000200": "verifier",
+    "0x00000400": "preinstalled",
+    "0x00000800": "setup",
+    "0x00001000": "instant",
+    "0x00002000": "runtime only",
+    "0x00004000": "oem",
+    "0x00008000": "vendor privileged",
+    "0x00010000": "system text classifier",
+    "0x00020000": "wellbeing",
+    "0x00040000": "documenter",
+    "0x00080000": "configurator",
+    "0x00100000": "incident report approver",
+    "0x00200000": "app predictor",
+    "0x00400000": "module",
+    "0x00800000": "companion",
+    "0x01000000": "retail demo",
+    "0x02000000": "recents",
+    "0x04000000": "role",
+    "0x08000000": "known signer"
+}
+
 def parse_lxml_dom(tree):
    handler = SAX2DOM()
    lxml.sax.saxify(tree, handler)
@ -1301,10 +1335,14 @@ class APK:
            if i in self.permission_module:
                x = self.permission_module[i]
                l[i] = [x["protectionLevel"], x["label"], x["description"]]
-            else:
-                # FIXME: the permission might be signature, if it is defined by the app itself!
-                l[i] = ["normal", "Unknown permission from android reference",
+            elif i in self.declared_permissions:
+                protectionLevel_hex = self.declared_permissions[i]["protectionLevel"]
+                protectionLevel = protection_flags_to_attributes[protectionLevel_hex]
+                l[i] = [protectionLevel, "Unknown permission from android reference",
                        "Unknown permission from android reference"]
+            else:
+                # Is there a valid case not belonging to the above two?
+                logger.error(f"Unknown permission {i}")
        return self._fill_deprecated_permissions(l)

    def get_requested_aosp_permissions(self) -> list[str]:
--- a/tests/test_apk.py
+++ b/tests/test_apk.py
@ -7,7 +7,7 @@ import hashlib
 import binascii
 from unittest.mock import patch, MagicMock

-from androguard.core import apk
+from androguard.core import apk, axml
 from androguard.core.analysis.analysis import Analysis
 from androguard.core.apk import APK
 from androguard.core.axml import AXMLPrinter
@ -695,6 +695,10 @@ class APKTest(unittest.TestCase):
            self.assertIn('protectionLevel', perm['android.permission.INTERNET'])
            self.assertIn('permissionGroup', perm['android.permission.INTERNET'])

+    def testCustomPermissionProtectionLevel(self):
+        a = APK(os.path.join(test_dir, 'data/APK/com.example.android.tvleanback.apk'))
+        self.assertEqual(a.get_details_permissions()["com.example.android.tvleanback.ACCESS_VIDEO_DATA"][0], 'signature')
+
    def testShortNamesInManifest(self):
        """Test if shortnames are correctly handled"""
        a = apk.APK(os.path.join(test_dir, 'data/APK/AndroidManifest_ShortName.apk'))