[Soot-list] Missing API in callgraph

Steven Arzt Steven.Arzt at cased.de
Thu Apr 7 12:13:51 EDT 2016 

Hi Simone,

 

The reason why there is no outgoing edge from the isWifiEnabled() call is that Soot’s SPARK callgraph algorithm needs type information. SPARK must see the allocation site for the respective base object. It can then propagate the precise type onwards to the isWifiEnabled() call site. In this case, however, there is no call site in the code visible to SPARK. You call a factory method implemented in the Android SDK to get the object instance. This factory method then somehow internally calls the constructor, which is, however, invisible to SPARK, because in the stub JAR files shipped with the Android SDK, all those methods only throw NotImplementedExceptions. Without the constructor call (i.e., the inside of the factory method), there is no allocation site and thus no type information and thus no call edge.

 

There are several ways to deal with such problems. You can either include a fully-implemented version of the Android platform JAR file instead of stubbed version from the SDK. This will, however, drastically increase your computation time. The other possibility is to live with the missing call edges and handle them explicitly. That’s what FlowDroid does: When we see a call site with no outgoing call edges, the respective method implementation is unavailable and we consult a component called the TaintWrapper for an explicit model of that method. The TaintWrapper then implements rules for dealing with library methods.

 

Best regards,

  Steven

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Simone Aonzo
Gesendet: Donnerstag, 7. April 2016 18:03
An: soot-list at CS.McGill.CA
Betreff: [Soot-list] Missing API in callgraph

 

Hi all,

I use soot/flowdroid and I've a doubt about the generated callgraph of this code:

private void requireapi() {
        String msg = "WiFi-Disabled";
        WifiManager wifi = (WifiManager) getSystemService(Context.WIFI_SERVICE);
        if (wifi.isWifiEnabled())
            msg = "WiFi-Enabled";
        Toast toast = Toast.makeText(this, msg, Toast.LENGTH_LONG);
        toast.show();
    }


with soot, when I call the edgesOutOf(..)

Iterator<Edge> edgesOut = callGraph.edgesOutOf(sm);

the only edge that I found is:

STATIC edge: $r4 = staticinvoke <android.widget.Toast: android.widget.Toast makeText(android.content.Context,java.lang.CharSequence,int)>(r5, $r1, 1) in <com.example.testapp.MainActivity: void requireapi()> ==> <android.widget.Toast: android.widget.Toast makeText(android.content.Context,java.lang.CharSequence,int)>

why miss the getSystemService and the isWifiEnabled method?
both android.widget.Toast and  android.net.wifi.WifiManager are phantom classes!

Thanks for help,
Simone

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20160407/00f7b161/attachment.html

More information about the Soot-list mailing list