def filter_manifest_permission_requests(apk, analyzed_apk):
"""
Initializes the requested permissions from the manifest of the app to analyze
:param apk: An Androguard APK instance
:param analyzed_apk: The result of the whole analysis as instance of :class:`~analysis_result.AnalyzedApk`
:return: The initialized instance of :class:`~analysis_result.AnalyzedApk`
"""
# type: (APK, AnalyzedApk) -> AnalyzedApk
# initialize dictionary for permissions
logging.info("Loading dictionary for permissions...")
# Androguard only supports SDK versions lower until 25
if analyzed_apk.target_sdk > 25:
perms = load_permissions(25)
else:
perms = load_permissions(analyzed_apk.target_sdk)
# list for permissions requested in manifest
requested_permissions = []
try:
for requested_permission in apk.get_permissions():
# only consider permissions that are aosp permissions...
if requested_permission in perms.keys():
# ... and which are classified as "dangerous"
if perms[requested_permission][
"protectionLevel"] == "dangerous":
logging.info("%s uses permission %s." %
(analyzed_apk.app_name, requested_permission))
requested_permissions.append(requested_permission)
if requested_permissions:
analyzed_apk.no_permission_declared = False
else:
logging.warning("%s requests no permissions in its manifest!" %
analyzed_apk.app_name)
analyzed_apk.requested_permissions_from_manifest = requested_permissions
except KeyError:
logging.error("Key Error during extraction of requested permissions!")
analyzed_apk.error = True
finally:
return analyzed_apk
def testPermissionLoading(self):
"""Test if fallbacks for permission lists are working"""
from androguard.core.api_specific_resources import load_permissions
from androguard.core.androconf import load_api_specific_resource_module, InvalidResourceError, CONF
import re
root = 'androguard/core/api_specific_resources'
levels = filter(lambda x: re.match(r'^permissions_\d+\.json$', x), os.listdir(os.path.join(root, "aosp_permissions")))
levels = list(map(lambda x: int(x[:-5].split('_')[1]), levels))
min_level = min(levels)
max_level = max(levels)
self.assertGreater(min_level, 0)
self.assertGreater(max_level, 0)
self.assertNotEqual(load_permissions(min_level), {})
self.assertNotEqual(load_permissions(min_level, 'groups'), {})
self.assertNotEqual(load_permissions(max_level), {})
self.assertNotEqual(load_permissions(max_level, 'groups'), {})
self.assertNotEqual(load_permissions(max_level - 1), {})
self.assertNotEqual(load_permissions(max_level - 1, 'groups'), {})
self.assertNotEqual(load_permissions(min_level + 1), {})
self.assertNotEqual(load_permissions(min_level + 1, 'groups'), {})
self.assertEqual(load_permissions(min_level - 1), load_permissions(min_level))
self.assertEqual(load_permissions(max_level + 1), load_permissions(max_level))
self.assertEqual(load_permissions(0), load_permissions(min_level))
self.assertEqual(load_permissions(1337), load_permissions(max_level))
with self.assertRaises(ValueError):
load_permissions(23, 'foobar')
with self.assertRaises(InvalidResourceError):
load_api_specific_resource_module('blablabla')
self.assertEqual(load_permissions(16), load_api_specific_resource_module('aosp_permissions', 16))
self.assertEqual(load_permissions(CONF['DEFAULT_API']), load_api_specific_resource_module('aosp_permissions'))
for level in levels:
perm = load_permissions(level)
self.assertIn('android.permission.INTERNET', perm)
self.assertIsInstance(perm, dict)
self.assertIsInstance(perm['android.permission.INTERNET'], dict)
self.assertIn('description', perm['android.permission.INTERNET'])
self.assertIn('label', perm['android.permission.INTERNET'])
self.assertIn('protectionLevel', perm['android.permission.INTERNET'])
self.assertIn('permissionGroup', perm['android.permission.INTERNET'])
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
__author__ = 'Zhenghao Lu'
import androguard.core.api_specific_resources as apis
import pickle
import re
# put all permissions and apis in a list and a dict
permissions = apis.load_permissions(25)
mappings = apis.load_permission_mappings(25)
list_perm_api = []
dict_perm_api = {}
for permission in permissions.keys():
list_perm_api.append(permission)
for api in mappings.keys():
m = re.match(r'(.*\;?)\-(.*?)\-.*', api)
the_api = m.group(1) + m.group(2)
list_perm_api.append(the_api)
for index, perm_api in enumerate(list_perm_api):
dict_perm_api[perm_api] = index
with open('list_perm_api.p', 'wb') as fp:
pickle.dump(list_perm_api, fp)
with open('dict_perm_api.p', 'wb') as fp:
pickle.dump(dict_perm_api, fp)
def testPermissionLoading(self):
"""Test if fallbacks for permission lists are working"""
from androguard.core.api_specific_resources import load_permissions
from androguard.core.androconf import load_api_specific_resource_module, InvalidResourceError, CONF
import re
root = 'androguard/core/api_specific_resources'
levels = filter(lambda x: re.match(r'^permissions_\d+\.json$', x), os.listdir(os.path.join(root, "aosp_permissions")))
levels = list(map(lambda x: int(x[:-5].split('_')[1]), levels))
min_level = min(levels)
max_level = max(levels)
self.assertGreater(min_level, 0)
self.assertGreater(max_level, 0)
self.assertNotEqual(load_permissions(min_level), {})
self.assertNotEqual(load_permissions(min_level, 'groups'), {})
self.assertNotEqual(load_permissions(max_level), {})
self.assertNotEqual(load_permissions(max_level, 'groups'), {})
self.assertNotEqual(load_permissions(max_level - 1), {})
self.assertNotEqual(load_permissions(max_level - 1, 'groups'), {})
self.assertNotEqual(load_permissions(min_level + 1), {})
self.assertNotEqual(load_permissions(min_level + 1, 'groups'), {})
self.assertEqual(load_permissions(min_level - 1), load_permissions(min_level))
self.assertEqual(load_permissions(max_level + 1), load_permissions(max_level))
self.assertEqual(load_permissions(0), load_permissions(min_level))
self.assertEqual(load_permissions(1337), load_permissions(max_level))
with self.assertRaises(ValueError):
load_permissions(23, 'foobar')
with self.assertRaises(InvalidResourceError):
load_api_specific_resource_module('blablabla')
self.assertEqual(load_permissions(16), load_api_specific_resource_module('aosp_permissions', 16))
self.assertEqual(load_permissions(CONF['DEFAULT_API']), load_api_specific_resource_module('aosp_permissions'))
for level in levels:
perm = load_permissions(level)
self.assertIn('android.permission.INTERNET', perm)
self.assertIsInstance(perm, dict)
self.assertIsInstance(perm['android.permission.INTERNET'], dict)
self.assertIn('description', perm['android.permission.INTERNET'])
self.assertIn('label', perm['android.permission.INTERNET'])
self.assertIn('protectionLevel', perm['android.permission.INTERNET'])
self.assertIn('permissionGroup', perm['android.permission.INTERNET'])