[Soot-list] Android Framework Methods in Callgraph

Bernd Bergler bernd.bergler at gmail.com
Fri Jun 13 12:54:43 EDT 2014 

Hi!
I am currently working on the analysis of an Android application with soot.
After a bit of research and a lot of info from this mailing list everything
is working quite nicely.
I can construct the CallGraph and solve the IFDSReachingDefinitions problem
as expected.


I am interested in the input of specific Android framework methods(e.g.
ContentRecolver.query()).
But I am to able to get the Units which contain the actual invoke. I works
as expected for methods within the app.
I cant even get edges from or to the desired method from the callgraph, but
when looking at the jimple file I see
as expected the invoke of the method which should result in an edge in the
callgraph.

$r6 = virtualinvoke $r1.<android.content.ContentResolver:
android.database.Cursor
query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String)>($r2,
null, null, null, null);

It seems like the callgraph contains only app internal calls. Is there a
setting so i get the full call graph( wich all the edges to the stubs in
the android.jar)

Any suggestions what could be wrong or how i could get the desired result?

The code which should return the associated units.
        CallGraph callGraph = Scene.v().getCallGraph();
        String method = "<android.content.ContentResolver:
android.database.Cursor
query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String)>";
        SootMethod smX = Scene.v().getMethod(method);
        Iterator<Edge> edges = callGraph.edgesInto(smX);
        while (edges.hasNext()) {
            //Returns no edge
            System.out.println(smX.getName());
        }

        edges = callGraph.edgesOutOf(smX);
        while (edges.hasNext()) {
            //Returns no edge
            System.out.println(smX.getName());
        }


      //System.out.println(smX.getActiveBody());
      //crashes because not body asscocaited with framework mehtod

        Collection<Unit> units = icfg.getCallersOf(smX);

        for (Unit unit : units) {
            //Returns no edge
            System.out.println(unit.toString());
        }


The code to generate the callgraph:

        Options.v().set_src_prec(Options.src_prec_apk);

Options.v().set_process_dir(Collections.singletonList(getApkFile().getAbsolutePath()));
        Options.v().set_android_jars(platfromFolder);
        Options.v().set_whole_program(true);
        Options.v().set_allow_phantom_refs(true);
        Options.v().set_output_format(Options.output_format_none);
        Options.v().setPhaseOption("cg.spark", "on");
        Options.v().ignore_resolution_errors();
        Options.v().set_output_format(Options.output_format_J);

        Scene.v().loadNecessaryClasses();

        SootMethod entryPoint =
app.getEntryPointCreator().createDummyMain();
        Options.v().set_main_class(entryPoint.getSignature());
        Scene.v().setEntryPoints(Collections.singletonList(entryPoint));

I use a self built version of soot and heros.

Bernd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140613/bb5b9ab1/attachment-0001.html

More information about the Soot-list mailing list