[Soot-list] FlowDroid: adding support for more components

Steven Arzt Steven.Arzt at cased.de
Tue Jun 7 03:40:22 EDT 2016 

Hi Denis,

 

The list of callbacks was just created by taking all of the interfaces in Android and then ruling out those that are not callbacks. The second step was a manual effort based on the Android documentation.

 

If you just need to make sure that all methods inside the fragments are called at some point, you still need to identify the fragments and their respective host activity so that fragment methods are associated with the right activity. Once you have that, you can have a simpler extension of the AndroidEntryPointCreator that just calls these methods sequentially.

 

The AndroidCallbacks file is most likely not going to help you. FlowDroid expects an explicit registration function that registers such callback handlers. With fragments, this is not the case. They are rather defined in the layout XML files.

 

Best regards,

  Steven

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Denis Bogdanas
Gesendet: Montag, 6. Juni 2016 20:37
An: Steven Arzt
Cc: soot-list at CS.McGill.CA
Betreff: Re: [Soot-list] FlowDroid: adding support for more components

 

Thanks,


What if I just want to make sure all methods called by the framework on Fragment are included in the call graph? I don't need precise lifecycle modelling. Will my method above work?

Also, can you please answer to q1? The list of callbacks seems large, I tend to believe it was generated somehow.

 

On 6 June 2016 at 02:21, Steven Arzt <Steven.Arzt at cased.de> wrote:

Hi Denis,

 

We might add support for fragments to FlowDroid in an internal project in the not-so-far future, but I cannot give you a definite schedule for that. If it happens and when it’s done, it will also be merged into the open-source tool.

 

The AndroidCallbacks.txt file doesn’t help here. That file only lists the interfaces that contain callback methods. If such an interface is implemented in the app, all of its methods are considered as callbacks. There is no ordering of callbacks, because they can happen at any time in Android. You can’t tell, for instance, whether there is first an incoming SMS message and then a low battery state or vice versa. Fragments, on the other hand, have a well-defined lifecycle just like an Activity. Even more, the Fragment lifecycle integrates with the one of its parent Activity. To faithfully model this lifecycle, you would have to extend the AndroidEntryPointCreator class. If you want to add this support, look at what we already have in that class. You essentially need to create a bigger and more involved dummy main method.

 

Best regards,

  Steven

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Denis Bogdanas
Gesendet: Montag, 6. Juni 2016 00:41
An: soot-list at CS.McGill.CA
Betreff: [Soot-list] FlowDroid: adding support for more components

 

Hi Steven,

I'm thinking to add support for more Android components to FlowDroid. At least supporting Fragment is a must for my project.

I have a few questions:

- How was  the file AndroidCallbacks.txt produced? Manually, or through some tool/methodology?


 

- To support Fragment: if I just read the top-level fragments from Manifest the way Activity classes are read, and add the Fragment to AndroidCallbacks.txt, will that work? If not, could you suggest what shoud I do?

 

thanks,

-- 

Denis




-- 

Denis

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20160607/c468fbb7/attachment.html

More information about the Soot-list mailing list