fix: validate type names (#4113)

Author: IgorEisberg

brut.apktool/apktool-lib/src/main/java/brut/androlib/res/ResDecoder.java

@@ -141,8 +141,8 @@ private void generateValuesXmls(ResPackage pkg, Directory outDir, ResXmlSerializ
             List<ResEntry> entries = mapEntry.getValue();
             entries.sort(Comparator.comparing(ResEntry::getResId));
 
-            String outFileName = "res/values" + qualifiers + "/"
-                               + (typeName.endsWith("s") ? typeName : typeName + "s") + ".xml";
+            String outFileName = "res/values" + qualifiers + "/" + (typeName.endsWith("s") ? typeName
+                : typeName.equals("^attr-private") ? "attrs-private" : typeName + "s") + ".xml";
             try (OutputStream out = outDir.getFileOutput(outFileName)) {
                 serial.setOutput(out, null);
                 serial.startDocument(null, null);

brut.apktool/apktool-lib/src/main/java/brut/androlib/res/table/ResTypeSpec.java

@@ -44,7 +44,40 @@ public ResTypeSpec(ResPackage pkg, int id, String name) {
         assert pkg != null && id > 0 && name != null;
         mPackage = pkg;
         mId = id;
-        mName = name;
+        // Some apps may have obfuscated or malicious type names.
+        mName = isValidTypeName(name) ? name : String.format("invalid%02X", id);
+    }
+
+    private static boolean isValidTypeName(String name) {
+        switch (name) {
+            case "anim":
+            case "animator":
+            case "array":
+            case "attr":
+            case "^attr-private":
+            case "bool":
+            case "color":
+            case "dimen":
+            case "drawable":
+            case "font":
+            case "fraction":
+            case "id":
+            case "integer":
+            case "interpolator":
+            case "layout":
+            case "menu":
+            case "mipmap":
+            case "navigation":
+            case "plurals":
+            case "raw":
+            case "string":
+            case "style":
+            case "transition":
+            case "xml":
+                return true;
+            default:
+                return false;
+        }
     }
 
     public ResPackage getPackage() {
@@ -61,9 +94,9 @@ public String getName() {
 
     public boolean isBagType() {
         switch (mName) {
+            case "array":
             case "attr":
             case "^attr-private":
-            case "array":
             case "plurals":
             case "style":
                 return true;

brut.apktool/apktool-lib/src/main/java/brut/androlib/res/table/value/ResBag.java

@@ -31,11 +31,11 @@ protected ResBag(ResReference parent) {
 
     public static ResBag parse(String typeName, ResReference parent, RawItem[] rawItems) {
         switch (typeName) {
+            case "array":
+                return ResArray.parse(parent, rawItems);
             case "attr":
             case "^attr-private":
                 return ResAttribute.parse(parent, rawItems);
-            case "array":
-                return ResArray.parse(parent, rawItems);
             case "plurals":
                 return ResPlural.parse(parent, rawItems);
             case "style":