Skip exported classes with a secure base classes

Summary: These classes don't add permissions in the manifest but add them through their baseclasses. We currently skip some of these in the specific source generators (e.g. services) but having this centralized seems preferred and also adds a couple we didn't have yet.

Reviewed By: anwesht

Differential Revision: D62580643

fbshipit-source-id: 1fa139231c208f61877cd330eee837e11152a6b6

source/model-generator/ContentProviderGenerator.cpp

@@ -72,7 +72,7 @@ std::vector<Model> ContentProviderGenerator::emit_method_models(
 
     for (const auto& tag_info : manifest_class_info.component_tags) {
       if (tag_info.tag == ComponentTag::Provider) {
-        auto* dex_class = redex::get_class(tag_info.classname);
+        const auto* dex_class = redex::get_class(tag_info.classname);
         if (dex_class) {
           std::unordered_set<std::string_view> parent_classes =
               generator::get_custom_parents_from_class(dex_class);

source/model-generator/ManifestSourceGenerator.cpp

@@ -21,6 +21,32 @@
 
 namespace marianatrench {
 
+namespace {
+
+static const std::unordered_set<std::string> permission_base_class_prefixes = {
+    "Lcom/facebook/secure/content/FbPermissions",
+    "Lcom/facebook/secure/content/Secure",
+    "Lcom/oculus/content/OculusFbPermissions",
+    "Lcom/facebook/secure/service/FbPermissions",
+    "Lcom/facebook/secure/ktx/service/FbPermissions",
+    "Lcom/oculus/security/basecomponent/OculusFbPermission",
+    "Lcom/facebook/secure/content/FbPermissions",
+    "Lcom/facebook/secure/receiver/Family",
+    "Lcom/facebook/secure/receiver/Internal"};
+
+bool has_secure_base_class(const DexClass* dex_class) {
+  auto parent_classes = generator::get_custom_parents_from_class(dex_class);
+  for (const auto& parent_class : parent_classes) {
+    for (const auto& class_prefix : permission_base_class_prefixes) {
+      if (boost::starts_with(parent_class, class_prefix)) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+} // namespace
+
 ManifestSourceGenerator::ManifestSourceGenerator(Context& context)
     : ModelGenerator("manifest_source_generator", context) {
   mt_assert_log(
@@ -52,7 +78,7 @@ std::vector<Model> ManifestSourceGenerator::emit_method_models(
       const auto* dex_klass = type_class(redex::get_type(tag_info.classname));
       if (dex_klass == nullptr) {
         LOG(5, "Could not find dex type for classname: {}", tag_info.classname);
-      } else {
+      } else if (!has_secure_base_class(dex_klass)) {
         exported_classes.emplace(dex_klass);
       }
     }

source/model-generator/ModelGenerator.cpp

@@ -146,7 +146,7 @@ std::unordered_set<std::string_view> generator::get_parents_from_class(
 }
 
 std::unordered_set<std::string_view> generator::get_custom_parents_from_class(
-    DexClass* dex_class) {
+    const DexClass* dex_class) {
   std::unordered_set<std::string_view> parent_classes;
 
   while (true) {

source/model-generator/ModelGenerator.h

@@ -182,7 +182,7 @@ std::unordered_set<std::string_view> get_parents_from_class(
     DexClass* dex_class,
     bool include_interfaces);
 std::unordered_set<std::string_view> get_custom_parents_from_class(
-    DexClass* dex_class);
+    const DexClass* dex_class);
 std::string get_outer_class(std::string_view classname);
 
 bool is_numeric_data_type(const DataType& type);

source/model-generator/ServiceSourceGenerator.cpp

@@ -63,7 +63,7 @@ std::vector<Model> ServiceSourceGenerator::emit_method_models(
 
     for (const auto& tag_info : manifest_class_info.component_tags) {
       if (tag_info.tag == ComponentTag::Service) {
-        auto* dex_class = redex::get_class(tag_info.classname);
+        const auto* dex_class = redex::get_class(tag_info.classname);
         if (dex_class) {
           std::unordered_set<std::string_view> parent_classes =
               generator::get_custom_parents_from_class(dex_class);