python读取文件信息,来自原始ext4映像的权限

2024-04-28 10:22:09 发布

您现在位置:Python中文网/ 问答频道 /正文
6507 3

我正在尝试解包android 11图像/从raw.img获取selinux信息、符号链接等信息

我正在使用这个奇妙的工具:https://github.com/cubinator/ext4/blob/master/ext4.py35.py

我的代码如下所示:

#!/usr/bin/env python3

import argparse
import sys
import os
import ext4

parser = argparse.ArgumentParser(description='Read <modes, symlinks, contexts and capabilities> from an ext4 image')
parser.add_argument('ext4_image', help='Path to ext4 image to process')
args = parser.parse_args()
exists = os.path.isfile(args.ext4_image)
if not exists:
    print("Error: input file " f"[{args.ext4_image}]" " was not found")
    sys.exit(1)

file = open(args.ext4_image, "rb")
volume = ext4.Volume(file)

def scan_dir (root_inode, root_path = ""):
    for entry_name, entry_inode_idx, entry_type in root_inode.open_dir():
        if entry_name == "." or entry_name == "..":
            continue
        entry_inode = root_inode.volume.get_inode(entry_inode_idx)
        entry_inode_path = root_path + "/" + entry_name
        if entry_inode.is_dir:
            scan_dir(entry_inode, entry_inode_path)
        if entry_inode_path[-1] == '/':
            continue
        xattrs_perms = list(entry_inode.xattrs())
        found_cap = False
        found_con = False
        if "security.capability" in f"{xattrs_perms}": found_cap = True
        if "security.selinux" in f"{xattrs_perms}": found_con = True
        contexts = ""
        capability = ", \"capabilities\", 0x0"
        if found_cap:
            if found_con:
                capability = f"{xattrs_perms[1:2]}"
            else:
                capability = f"{xattrs_perms[0:1]}"
            capability = capability.split(" ")[1][:-3][+2:].encode('utf-8').decode('unicode-escape').encode('ISO-8859-1')
            capability = hex(int.from_bytes(capability[4:8] + capability[14:18], "little"))
            capability = ", \"capabilities\", " f"{capability}"
            capability = f"{capability}"
        if found_con:
            contexts = f"{xattrs_perms[0:1]}"
            contexts = f"{contexts.split( )[1].split('x00')[0][:-1][+2:]}"
            contexts = f"{contexts}"
        filefolder = ''.join(entry_inode_path.split('/', 1))
        print("set_metadata(\""f"{filefolder}" "\", \"uid\", " f"{str(entry_inode.inode.i_uid)}" ", \"gid\", " f"{str(entry_inode.inode.i_gid)}"  ", \"mode\", " f"{entry_inode.inode.i_mode & 0x1FF:0>4o}" f"{capability}" ", \"selabel\", \"" f"{contexts}" "\");")

scan_dir(volume.root)
file.close()

然后我只需要做./read.py vendor.img就行了

直到最近,我尝试了android 11上的这个奇怪的vendor.img,发现了这个奇怪的问题

Traceback (most recent call last):
  File "./tools/metadata.py", line 53, in <module>
    scan_dir(volume.root)
  File "./tools/metadata.py", line 26, in scan_dir
    scan_dir(entry_inode, entry_inode_path)
  File "./tools/metadata.py", line 26, in scan_dir
    scan_dir(entry_inode, entry_inode_path)
  File "./tools/metadata.py", line 29, in scan_dir
    xattrs_perms = list(entry_inode.xattrs())
  File "/home/semaphore/unpacker/tools/ext4.py", line 976, in xattrs
    for xattr_name, xattr_value in self._parse_xattrs(inline_data[offset:], 0, prefix_override = prefix_override):
  File "/home/semaphore/unpacker/tools/ext4.py", line 724, in _parse_xattrs
    xattr_inode = self.volume.get_inode(xattr.e_value_inum, InodeType.FILE)
NameError: name 'xattr' is not defined

我已尝试删除if,并仅在此处将代码保留在else之后:https://github.com/cubinator/ext4/blob/master/ext4.py35.py#L722

不幸的是没有运气。看来工具还没完成?但没有其他选择

欢迎任何帮助:)

多谢各位

编辑:有人建议用xattr_entry替换xattr 所以我做了,我得到了这个错误:takes 2 positional arguments but 3 were given

我试着修复它,结果:

File "/home/semaphore/unpacker/tools/ext4.py", line 724, in _parse_xattrs
  xattr_inode = self.volume.get_inode(xattr_entry.e_value_inum)
File "/home/semaphore/unpacker/tools/ext4.py", line 595, in get_inode
  inode_table_offset = self.group_descriptors[group_idx].bg_inode_table * self.block_size
IndexError: list index out of range

我无法修复此错误:(

除了从原始ext4映像获取selinux信息、功能、uid、gid和权限之外,还有其他方法吗


Tags: pathinpyscanifdirfileentry
2条回答
网友
1楼 · 编辑于 2024-04-28 10:22:09

我读到你曾试图自己解决这个问题,但你从未发布过你当前使用的代码片段

我不确定,但在我看来,您修改了get_inode的签名,而不是修改传递给它的参数

例如,您是否尝试过:

xattr_inode = self.volume.get_inode(xattr_entry.e_value_inum)
网友
2楼 · 编辑于 2024-04-28 10:22:09

我想出了另一种方法

首先装载映像(需要root访问):

os.system("sudo mount -t ext4 -o loop vendor.img vendor")

然后在每个文件上使用:os.lstatos.getxattr。它提供了所有信息:

stat_info = os.lstat(file)
try:
    cap = hex(int.from_bytes(os.getxattr(file, "security.capability")[4:8] + os.getxattr(file, "security.capability")[14:18], "little"))
except:
    cap = "0x0"
try:
    selabel = os.getxattr(file, b"security.selinux", follow_symlinks=False).decode().strip('\n\0')
except:
    selabel = "u:object_r:unlabeled:s0"
metadata.append("set_metadata(\"/" + file + "\", \"uid\", " + str(stat_info.st_uid) + ", \"gid\", " + str(stat_info.st_gid) + ", \"mode\", " + oct(stat_info.st_mode)[-4:] + ", \"capabilities\", " + cap + ", \"selabel\", \"" + selabel + "\");")

像这样。这是我能找到的唯一解决办法

相关问题 更多 >

    编程相关推荐