关于APP权限列表的收集整理

针对目前越来越验证的app隐私条款政策，收集app授权列表，并对的app授权进行验证，应该是目前需要人防面临的一个问题。
验证app权限的使用，计划三步完成：

1. 收集app有关的权限列表
2. 收集app调用的第三方的权限列表
3. 收集app操作各阶段的权限列表

先分享第一步的实现：
基本思路：

• 使用ADB链接的设备
• 使用dumpsys package xxx，筛选软件包权限相关的信息
• 使用excel保存app的权限列表

Python脚本的实现：

# coding:utf-8
"""
@note:APP使用权限收集
@author: Qred
@file: PermissionList.py
@time: 2019/12/22
"""
import argparse
import os
import re
import time

import xlwt


class baseClass(object):
	def __init__(self, phone_id, PACKAGE_NAME):
		self.phone_id = phone_id
		self.PACKAGE_NAME = PACKAGE_NAME

		self.MAX_INVALID_LINE = 5
		self.DECLARED_PERMISSIONS = 'declared permissions'
		self.REQUESTED_PERMISSIONS = 'requested permissions'
		self.INSTALL_PERMISSIONS = 'install permissions'
		self.RUNTIME_PERMISSIONS = 'runtime permissions'
		self.STOP_KEY = 'Package Changes:'

	def dump_get_perminfo_line(self):
		'''获取授权列表'''
		titles = []
		locked = 0
		Dict = {}
		ret = self.dump_execute_perminfo()
		for title in ret.readlines():
			if len(title) == 0:
				break

			if locked != 0 and 'permission' in title:
				title = re.sub(r"[:|,]", " ", title)
				title = re.sub(r"(\[ | \])", "", title)
				line = title.split()
				titles.append(line)

			if self.DECLARED_PERMISSIONS in title:
				locked = 1
			elif self.REQUESTED_PERMISSIONS in title:
				Dict.update({self.DECLARED_PERMISSIONS: titles[:-1]})
				titles = []
				locked = 2
			elif self.INSTALL_PERMISSIONS in title:
				Dict.update({self.REQUESTED_PERMISSIONS: titles[:-1]})
				titles = []
				locked = 3
			elif self.RUNTIME_PERMISSIONS in title:
				Dict.update({self.INSTALL_PERMISSIONS: titles[:-1]})
				titles = []
				locked = 4
			elif self.STOP_KEY in title:
				Dict.update({self.RUNTIME_PERMISSIONS: titles[:-2]})
				titles = []
				locked = 5

		return Dict

	def dump_execute_perminfo(self):
		'''获取命令行所有数据'''
		ret = 0
		if self.phone_id != '':
			cmd = "adb -s " + self.phone_id + " shell dumpsys package " + self.PACKAGE_NAME
			ret = os.popen(cmd)
		else:
			cmd = "adb shell dumpsys package " + self.PACKAGE_NAME
			ret = os.popen(cmd)
		# print(cmd)
		return ret

	def write_info_excel(self):
		'''将数据写入excel'''
		Dict = self.dump_get_perminfo_line()
		time_stamp = time.strftime(time.strftime("%Y-%m-%d-%H-%M-%S", time.localtime()))
		if self.phone_id != '' :
			phone_id = self.phone_id[0:3] + '_p'
		else:
			phone_id = 'P'
		path = os.getcwd() + '\\' + phone_id + "ermissionList_" + time_stamp + ".xlsx"
		Excel = xlwt.Workbook()
		WorkSheet = Excel.add_sheet("permission_list")

		i = 0
		for key in Dict.keys():
			j = 0
			WorkSheet.write(i, j, key)
			j += 1
			for values in Dict[key]:
				k = j
				for val in values:
					WorkSheet.write(i, k, val)
					k += 1
				i += 1
		Excel.save(path)  # 保存文件


def arg():
	# 命令行解析器
	# -d 设备id
	# -p 测试应用包名，默认值：com.kascend.chushou
	# -h 帮助文档
	parse = argparse.ArgumentParser(usage='This script is mainly used to get performance data \n 此脚本主要用于获取权限数据',
	                                description='Devices is required, and the package name (the default is Baidu APP) \n 需传参设备devices，包名（默认是boss直聘APP)')
	parse.add_argument('-d', help='devices', type=str, nargs='?', default=None)
	parse.add_argument('-p', help='package name', type=str, nargs='?', default=None)
	args = parse.parse_args()
	# print vars(args)
	return args


def initParameters():
	global DEVICE_ID, PACKAGE_NAME, PRINT_OR_WRITE

	args = arg()

	if args.d != None:  # devices
		DEVICE_ID = args.d
	else:
		DEVICE_ID = ''

	if args.p != None:  # 包名
		PACKAGE_NAME = args.p
	if args.p == None:  # 包名
		PACKAGE_NAME = 'com.hpbr.bosszhipin' 


if __name__ == '__main__':
	initParameters()
	# 指定DEVICE_ID, PACKAGE_NAME后，可直接运行脚本
	tmp = baseClass(DEVICE_ID, PACKAGE_NAME)  # '', 'com.hpbr.bosszhipin'
	tmp.write_info_excel()
	

脚本的使用：
1.查看已连接的设备：

adb devices

2.在脚本所在的路径下，调用脚本

python PermissionList.py -d device_id  -p com.xxx.xxx

3.在同级的目录下会有对应的含有“permissions”名称的excel生成。
————供大家参考——————