forked from stopipv/isdi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
android_permissions.py
310 lines (263 loc) · 12.4 KB
/
android_permissions.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
"""
Must work completely from the dumps, no interaction with the device is required.
"""
from rsonlite import simpleparse
from runcmd import run_command, catch_err
import pandas as pd
import datetime
import config
import re
import json
#MAP = config.ANDROID_PERMISSIONS
DUMPPKG = 'dumppkg'
def _parse_time(time_str):
"""
Parse a time string e.g. (2h13m) into a timedelta object.
Modified from virhilo's answer at https://stackoverflow.com/a/4628148/851699
:param time_str: A string identifying a duration. (eg. 2h13m)
:return datetime.timedelta: A datetime.timedelta object
"""
timedelta_re = re.compile(
r'^\+((?P<days>[\.\d]+?)d)?((?P<hours>[\.\d]+?)h)?((?P<minutes>[\.\d]+?)m)?((?P<seconds>[\.\d]+?)s)?((?P<milliseconds>[\.\d]+?)ms)?')
parts = timedelta_re.match(time_str)
assert parts is not None, "Could not parse any time information from '{}'."\
"Examples of valid strings: '+8h', '+2d8h5m20s', '+2m4s'".format(time_str)
time_params = {name: float(param) for name,
param in parts.groupdict().items() if param}
return datetime.timedelta(**time_params)
s = 'VIBRATE: allow; time=+29d3h41m32s800ms ago; duration=+1s13ms\nCAMERA: allow; time=+38d23h30m11s6ms ago; duration=+420ms\nRECORD_AUDIO: allow; time=+38d23h19m35s283ms ago; duration=+10s237ms\nWAKE_LOCK: allow; time=+16m12s788ms ago; duration=+10s67ms\nTOAST_WINDOW: allow; time=+38d23h22m57s645ms ago; duration=+4s2ms\nREAD_EXTERNAL_STORAGE: allow; time=+2h7m13s715ms ago\nWRITE_EXTERNAL_STORAGE: allow; time=+2h7m13s715ms ago\nRUN_IN_BACKGROUND: allow; time=+15m2s867ms ago'
def recent_permissions_used(appid):
df = pd.DataFrame(
columns=[
'appId',
'op',
'mode',
'timestamp',
'time_ago',
'duration'])
cmd = '{cli} shell appops get {app}'
recently_used = catch_err(run_command(cmd, app=appid))
if 'No operations.' in recently_used:
return df
record = {'appId': appid}
now = datetime.datetime.now()
print(recently_used)
for permission in recently_used.split('\n')[:-1]:
permission_attrs = permission.split(';')
record['op'] = permission_attrs[0].split(':')[0]
record['mode'] = permission_attrs[0].split(':')[1].strip()
if len(permission_attrs) == 2:
record['timestamp'] = (
now -
_parse_time(
permission_attrs[1].split('=')[1].strip())).strftime(
config.DATE_STR)
# TODO: keep time_ago? that leaks when the consultation was.
record['time_ago'] = permission_attrs[1].split('=')[1].strip()
else:
record['timestamp'] = 'unknown (op)'
record['time_ago'] = 'unknown (op)'
record['duration'] = 'unknown (op)'
df.loc[df.shape[0]] = record
continue
# NOTE: can convert this with timestamp + _parse_time('duration')
if len(permission_attrs) == 3:
record['duration'] = permission_attrs[2].split('=')[1].strip()
else:
record['duration'] = 'unspecified'
df.loc[df.shape[0]] = record
return df.sort_values(by=['time_ago']).reset_index(drop=True)
def package_info(dumpf, appid):
# FIXME: add check on all permissions, too.
# need to get
# requested permissions:
# install permissions:
# runtime permissions:
cmd = "sed -n -e '/Package \[{appid}\]/,/Package \[/p' {dumpf}"\
.format(appid=appid, dumpf=dumpf.replace('.json', '.txt'))
print(cmd)
# TODO: Need to udpate it once the catch_err function is fixed.
package_dump = run_command(cmd).stdout.read().decode()
# cmd = '{cli} shell dumpsys usagestats {app} | grep "App Standby States:" -A 1'\
# .format(cli=config.ADB_PATH, app=appid)
# now = datetime.datetime.now()
#usage_stats = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)\
# .stdout.read().decode('utf-8')#.strip()
'''
App Standby States:
package=net.cybrook.trackview u=0 bucket=10 reason=u-mb used=+4m41s645ms usedScr=+2m19s198ms lastPred=+19d0h27m2s920ms activeLeft=+55m18s355ms wsLeft=-30d6h13m15s667ms lastJob=-24855d3h14m7s432ms idle=n
totalElapsedTime=+305d6h7m59s376ms
totalScreenOnTime=+67d8h56m19s585ms
'''
'''
# switch to top method after tests
package_dump = open(DUMPPKG, 'r').read()
#print(package_dump)
'''
try:
sp = simpleparse(package_dump)
except AttributeError as e:
print(package_dump)
return []
try:
# FIXME: TypeError: list indices must be integers or slices, not str
# FIXME: don't rely on rsonlite to parse correctly? Seems to miss the
# Packages:. for now, using sed to filter out potential hazards in
# parsing output.
if isinstance(sp, list):
sp = sp[0]
_, pkg = sp.popitem()
if isinstance(pkg, list):
pkg = pkg[0]
except IndexError as e:
print(e)
print('Didn\'t parse correctly. Not sure why.')
return [], {}
print("pkg={}".format(json.dumps(pkg, indent=2)))
install_perms = [k.split(':')[0] for k, v in
pkg.get('install permissions:', {}).items()]
requested_perms = pkg.get('requested permissions:', [])
#usage_stats = filter(None, usage_stats.split('\n')[1].split(' '))
#usage_stats = dict(item.split('=') for item in usage_stats)
# print(usage_stats)
pkg_info = {}
pkg_info['firstInstallTime'] = pkg.get('firstInstallTime', '')
pkg_info['lastUpdateTime'] = pkg.get('lastUpdateTime', '')
pkg_info['versionCode'] = pkg.get('versionCode', '')
pkg_info['versionName'] = pkg.get('versionName', '')
#pkg_info['used'] = now - _parse_time(usage_stats['used'])
#pkg_info['usedScr'] = now - _parse_time(usage_stats['usedScr'])
#('User 0: installed', 'true hidden=false stopped=false notLaunched=false enabled=0\nlastDisabledCaller: com.android.vending\ngids=[3003]\nruntime permissions:')
#inst_det_key = [v for k,v in pkg.items() if 'User 0:' in k][0]
#install_details = dict(item.split('=') for item in inst_det_key.strip().split(' ')[1:])
#install_details = {k:bool(strtobool(install_details[k])) for k in install_details}
# print(install_details)
all_perms = list(set(requested_perms) | set(install_perms))
return all_perms, pkg_info
def gather_permissions_labels():
# FIXME: would probably put in global db?
cmd = '{cli} shell getprop ro.product.model'
model = catch_err(run_command(cmd, outf=MAP)).strip().replace(' ', '_')
cmd = '{cli} shell pm list permissions -g -f > {outf}'
#perms = catch_err(run_command(cmd, outf=model+'.permissions'))
perms = catch_err(
run_command(
cmd,
outf='static_data/android_permissions.txt'))
def permissions_map():
groupcols = ['group', 'group_package', 'group_label', 'group_description']
pcols = [
'permission',
'package',
'label',
'description',
'protectionLevel']
sp = simpleparse(open('Pixel2.permissions', 'r').read())
df = pd.DataFrame(columns=groupcols + pcols)
record = {}
ungrouped_d = dict.fromkeys(groupcols, 'ungrouped')
for group in sp[1]:
record['group'] = group.split(':')[1]
if record['group'] == '':
for permission in sp[1][group]:
record['permission'] = permission.split(':')[1]
for permission_attr in sp[1][group][permission]:
label, val = permission_attr.split(':')
record[label.replace('+ ', '')] = val
df.loc[df.shape[0]] = {**record, **ungrouped_d}
else:
for group_attr in sp[1][group]:
if isinstance(group_attr, str):
label, val = group_attr.split(':')
record['group_' + label.replace('+ ', '')] = val
else:
for permission in group_attr:
record['permission'] = permission.split(':')[1]
for permission_attr in group_attr[permission]:
label, val = permission_attr.split(':')
record[label.replace('+ ', '')] = val
df.loc[df.shape[0]] = record
df.to_csv('static_data/android_permissions.csv')
return df
def all_permissions(dumpf, appid):
'''
Returns a tuple of human-friendly permissions (including recently used), non human-friendly app ops,
non human-friendly permissions, and summary stats.
'''
app_perms, pkg_info = package_info(dumpf, appid)
recent_permissions = recent_permissions_used(appid)
permissions = pd.read_csv(config.ANDROID_PERMISSIONS_CSV)
permissions['label'] = permissions.apply(
lambda x: (x['permission'].rsplit('.', 1)[-1] if x['label'] == 'null'
else x['label']),
axis=1
)
app_permissions_tbl = permissions[permissions['permission'].isin(
app_perms)].reset_index(drop=True)
app_permissions_tbl['permission_abbrv'] = app_permissions_tbl\
.permission.str.rsplit('.', 1).str[-1]
# TODO: really 'unknown'?
hf_recent_permissions = pd.merge(
recent_permissions, app_permissions_tbl,
left_on='op', right_on='permission_abbrv',
how='right').fillna('Unknown permission')
no_hf_recent_permissions = recent_permissions[
~recent_permissions['op'].isin(app_permissions_tbl['permission_abbrv'])
]
no_hf = set(app_perms) - set(app_permissions_tbl['permission'].tolist())
stats = {'total_permissions': len(app_perms),
'hf_permissions': app_permissions_tbl.shape[0],
'recent_permissions': recent_permissions.shape[0],
'not_hf_ops': no_hf_recent_permissions.shape[0],
'not_hf_permissions': len(no_hf)}
return hf_recent_permissions, no_hf_recent_permissions, \
no_hf, {**stats, **pkg_info}
if __name__ == '__main__':
import sys
print(package_info('./phone_dumps/83c6500a47585595f72d654829cab29edd2c4f5253e6c05d5576cf04661fd6eb_android.txt', 'net.cybrook.trackview'))
exit()
appid = sys.argv[1]
app_perms, pkg_info = package_info(appid)
print(app_perms, pkg_info)
exit()
recent_permissions = recent_permissions_used(appid)
# permissions = permissions_map()
permissions = pd.read_csv(config.ANDROID_PERMISSIONS)
app_permissions_tbl = permissions[permissions['permission'].isin(
app_perms)].reset_index(drop=True)
hf_app_permissions = list(
zip(app_permissions_tbl.permission, app_permissions_tbl.label))
# FIXME: delete 'null' labels from counting as human readable.
print("'{}' uses {} app permissions:".format(appid, len(app_perms)))
print('{} have human-readable names, and {} were recently used:'
.format(app_permissions_tbl.shape[0], recent_permissions.shape[0]))
# for permission in hf_app_permissions:
# print(permission)
app_permissions_tbl['permission_abbrv'] = app_permissions_tbl['permission']\
.apply(lambda x: x.rsplit('.', 1)[-1])
# TODO: really 'unknown'?
hf_recent_permissions = pd.merge(
recent_permissions,
app_permissions_tbl,
left_on='op',
right_on='permission_abbrv',
how='right').fillna('unknown')
# print(hf_recent_permissions.columns)
# print(hf_recent_permissions.shape)
#print(hf_recent_permissions.op == hf_recent_permissions.permission_abbrv)
# print(hf_recent_permissions[['label','op','permission']])
# print(hf_recent_permissions[['label','timestamp','time_ago','permission']])
#print(hf_recent_permissions[['label','description','timestamp','time_ago', 'duration']])
print(hf_recent_permissions[['label', 'permission_abbrv', 'timestamp']])
no_hf_recent_permissions = recent_permissions[~recent_permissions['op'].isin(
app_permissions_tbl['permission_abbrv'])]
print("\nCouldn't find human-friendly descriptions for {} recently used app operations:"
.format(no_hf_recent_permissions.shape[0]))
print(no_hf_recent_permissions[[
'op', 'timestamp', 'time_ago', 'duration']])
no_hf = set(app_perms) - set(app_permissions_tbl['permission'].tolist())
print("\nCouldn't find human-friendly descriptions for {} app permissions:".format(len(no_hf)))
for x in no_hf:
hf = x.split('.')[-1]
hf = hf[:1] + hf[1:].lower().replace('_', ' ')
print("\t" + str(x) + " (" + str(hf) + ")")