Documentation
¶
Overview ¶
Package android provides Android-specific APK inspection logic. It parses AndroidManifest.xml and resources.arsc from the ZIP archive and normalizes the extracted data into the mobilepkg report model.
Index ¶
- Variables
- func Inspect(zr *zip.Reader, sections uint64, r io.ReaderAt, size int64, ...) (*Result, []Diagnostic, error)
- func InspectAAB(r io.ReaderAt, size int64, sections uint64, iconSizePx int, ...) (*Result, []Diagnostic, error)
- func InspectAPKS(zr *zip.Reader, sections uint64, maxEntryBytes int64, ...) (*Result, []Diagnostic, error)
- func InspectXAPK(zr *zip.Reader, sections uint64, maxEntryBytes int64, ...) (*Result, []Diagnostic, error)
- func OpenAllInnerAPKs(zr *zip.Reader, maxEntryBytes int64) ([]NamedZipReader, []Diagnostic)
- type CertResult
- type DataSpecInfo
- type Diagnostic
- type DomainConfig
- type ExportedComponent
- type InnerArchiveValidator
- type IntentFilterInfo
- type NamedZipReader
- type NetworkSecurityPolicy
- type Result
- type SigningResult
Constants ¶
This section is empty.
Variables ¶
var ( // ErrManifestNotFound indicates that AndroidManifest.xml is missing. ErrManifestNotFound = errors.New("android: AndroidManifest.xml not found in archive") // ErrManifestParseFailed indicates that AndroidManifest.xml could not be parsed. ErrManifestParseFailed = errors.New("android: failed to parse AndroidManifest.xml") )
Sentinel errors for Android inspection failures.
var ErrEntryOversize = errors.New("entry exceeds size limit")
ErrEntryOversize is returned when a ZIP entry exceeds the size limit.
Functions ¶
func Inspect ¶
func Inspect(zr *zip.Reader, sections uint64, r io.ReaderAt, size int64, maxEntryBytes int64) (*Result, []Diagnostic, error)
Inspect extracts information from an APK ZIP archive. The sections parameter is a bitmask controlling which data to extract. Bit positions match the mobilepkg.Section constants:
bit 0: Identity, bit 1: Version, bit 2: EntryPoint, bit 3: Permissions, bit 4: Icon, bit 5: PlatformRaw, bit 6: SDK, bit 7: Signing
r and size are the underlying io.ReaderAt for the APK file, used for V2/V3 signing block extraction. They may be nil if signing is not requested.
func InspectAAB ¶
func InspectAAB(r io.ReaderAt, size int64, sections uint64, iconSizePx int, maxEntryBytes int64) (*Result, []Diagnostic, error)
InspectAAB extracts information from an Android App Bundle (AAB). The AAB manifest is encoded in protobuf format. Identity, version, entry point, permissions, SDK constraints, and platform raw data are extracted directly from the protobuf manifest without the aab-parser library. The library is only initialised when Icon or Label resource resolution is required, because its parseManifest method contains a debug fmt.Println that pollutes stdout.
iconSizePx selects the icon density closest to the given pixel size; zero means the best available candidate.
func InspectAPKS ¶
func InspectAPKS(zr *zip.Reader, sections uint64, maxEntryBytes int64, validate InnerArchiveValidator) (*Result, []Diagnostic, error)
InspectAPKS extracts information from an APKS (bundletool output) archive. It locates the base-master split APK and delegates to the standard APK inspector for full analysis. If validate is non-nil, it is called on the inner base APK archive before parsing.
func InspectXAPK ¶
func InspectXAPK(zr *zip.Reader, sections uint64, maxEntryBytes int64, validate InnerArchiveValidator) (*Result, []Diagnostic, error)
InspectXAPK extracts information from an XAPK archive. It parses manifest.json for quick metadata and delegates to the standard APK inspector for deeper analysis of the base APK inside. If validate is non-nil, it is called on the inner base APK archive before parsing its manifest and resources.
func OpenAllInnerAPKs ¶ added in v0.2.0
func OpenAllInnerAPKs(zr *zip.Reader, maxEntryBytes int64) ([]NamedZipReader, []Diagnostic)
OpenAllInnerAPKs opens every .apk entry inside the outer archive, returning named readers and diagnostics for any that failed to open. At most [maxInnerAPKs] inner APKs are opened; additional entries are reported as diagnostics.
Config splits (config.<qualifier>.apk) are skipped by name since they never contain DEX. Other inner APKs that can be opened but contain no DEX entries are silently skipped. Inner APKs that exceed the size limit produce an info-level diagnostic (they are typically asset or OBB splits).
Types ¶
type CertResult ¶
type CertResult struct {
Subject string
Issuer string
NotBefore string // RFC 3339
NotAfter string // RFC 3339
SHA256Fingerprint string // hex
SerialNumber string
SignatureAlgorithm string
PublicKeyAlgorithm string
KeySize int
SelfSigned bool
}
CertResult holds a parsed X.509 certificate summary.
type DataSpecInfo ¶
DataSpecInfo holds scheme/host/path from an intent-filter <data> element.
type Diagnostic ¶
Diagnostic is a non-fatal issue found during Android inspection.
type DomainConfig ¶
type DomainConfig struct {
Domains []string `json:"domains"`
CleartextPermitted bool `json:"cleartext_permitted"`
HasPinSet bool `json:"has_pin_set"`
NestedConfigs []DomainConfig `json:"nested_configs,omitempty"`
}
DomainConfig represents a <domain-config> entry in network_security_config.xml.
type ExportedComponent ¶
type ExportedComponent struct {
Kind string // "activity", "service", "receiver", "provider"
Name string
Exported bool
Permission string
Authorities string // content provider authorities
IntentFilters []IntentFilterInfo // intent-filter details
ReadPermission string
WritePermission string
GrantURIPermissions string
}
ExportedComponent represents an Android component that is exported.
type InnerArchiveValidator ¶ added in v0.3.0
InnerArchiveValidator is a callback that validates an inner zip.Reader before it is used for parsing. The caller provides an implementation that applies archive safety checks (entry count, paths, compression ratio, etc.). A nil validator means no validation is performed.
type IntentFilterInfo ¶
type IntentFilterInfo struct {
Actions []string
Categories []string
DataSpecs []DataSpecInfo
}
IntentFilterInfo holds parsed intent-filter data for an exported component.
type NamedZipReader ¶ added in v0.2.0
NamedZipReader pairs a zip.Reader with the archive entry name it was opened from (e.g. "base.apk", "splits/base-master.apk").
type NetworkSecurityPolicy ¶
type NetworkSecurityPolicy struct {
CleartextPermitted bool `json:"cleartext_permitted"`
DomainConfigs []DomainConfig `json:"domain_configs,omitempty"`
TrustAnchors []string `json:"trust_anchors,omitempty"`
HasPinSet bool `json:"has_pin_set"`
HasDebugOverrides bool `json:"has_debug_overrides"`
}
NetworkSecurityPolicy holds the parsed content of an Android network_security_config.xml file.
type Result ¶
type Result struct {
PackageName string
Label string
VersionName string
VersionCode string
MainActivity string
Permissions []string
ExportedComponents []ExportedComponent
Debuggable bool
AllowBackup bool
UsesCleartextTraffic bool
TestOnly bool
ProfileableByShell bool
NetworkSecurityConfig string
NSCPolicy *NetworkSecurityPolicy
MinSDK string
TargetSDK string
Signing *SigningResult
IconPath string
IconBytes []byte
IconWidth int
IconHeight int
IconFormat string
RawManifest map[string]any
}
Result holds the extracted data from an Android APK.
type SigningResult ¶
type SigningResult struct {
Scheme string
Certs []CertResult
}
SigningResult holds the signing information extracted from an APK.
func ExtractSigningInfo ¶
func ExtractSigningInfo(zr *zip.Reader, r io.ReaderAt, size int64, maxEntryBytes int64) (*SigningResult, error)
ExtractSigningInfo attempts to extract signing information from an APK. It tries V1 (JAR signing) from the zip.Reader and V2/V3 from the io.ReaderAt (APK Signing Block). Returns nil if no signing is detected.
Source Files