[Soot-list] Soot cannot get the body and the callers of the overloaded method

Dr. Yury Zhauniarovich yzhauniarovich at hbku.edu.qa
Tue Feb 28 02:26:06 EST 2017 

Dear community,

I faced with a problem and do not know how to solve an issue and what is its cause. I would be glad if someone can point me for a direction.

I have the following issue with Soot. I try to analyze the Android framework files. In particular, I would like to find all places in the code where system services are added, the corresponding method signatures are defined in the smAddMethodSignatures array (see the code in the end).

When I ran the following code, I am able to find the callers and the body of the method for the first signature but not for the second. For the second signature, the active body is an empty string, and there are no caller, although from the sources it is obvious that such methods exist. Here is the error when I try to get active body:


Exception in thread "main" java.lang.RuntimeException: no active body present for method <android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder,boolean)>
        at soot.SootMethod.getActiveBody(SootMethod.java:323)
        at com.tmp.BAnalysisApp.getRegisteredServicesClasses(BAnalysisApp.java:85)
        at com.tmp.BAnalysisApp.main(BAnalysisApp.java:47)

I am a novice with Soot, and I may miss something. However, it seems to me that there is a bug in Soot analyzing overloaded methods. I also filled an issue in the tracker with a pretty 700 number: https://github.com/Sable/soot/issues/700

Here is the code of an MWE that I use:


import java.util.Collections;
import java.util.Iterator;
import java.util.List;

import soot.PackManager;
import soot.Scene;
import soot.SootClass;
import soot.SootMethod;
import soot.jimple.toolkits.callgraph.CallGraph;
import soot.jimple.toolkits.callgraph.Edge;
import soot.options.Options;

public class BAnalysisApp {
    private final static String SERVICES_DEX_DIR_PATH = "/home/yury/tmp/tmp_services/";
    private final static String ANDROID_BOOT_JAR_PATH = "/home/yury/tmp/android-boot-25.jar";

    // searched method signatures
    // public static void addService(String name, IBinder service)
    // public static void addService(String name, IBinder service, boolean allowIsolated)
    private final static String[] smAddMethodSignatures = {
            "<android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder)>",
            "<android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder,boolean)>" };

    public static void main(String[] args) {
        prepareSoot();
        List<SootClass> registeredServices = getRegisteredServicesClasses();
    }

    private static void prepareSoot() {
        soot.G.reset();
        Options.v().set_src_prec(Options.src_prec_apk);
        Options.v().set_process_dir(Collections.singletonList(SERVICES_DEX_DIR_PATH));
        Options.v().set_process_multiple_dex(true);
        Options.v().set_force_android_jar(ANDROID_BOOT_JAR_PATH);
        Options.v().set_whole_program(true);
        Options.v().set_allow_phantom_refs(true);
        Options.v().set_output_format(Options.output_format_none);
        Options.v().setPhaseOption("cg.spark", "on");
        Scene.v().loadNecessaryClasses();
        PackManager.v().runPacks();
    }

    private static List<SootClass> getRegisteredServicesClasses() {
        final CallGraph cg = Scene.v().getCallGraph();
        for (String mthSig : smAddMethodSignatures) {
            SootMethod smAddServiceMth = Scene.v().grabMethod(mthSig);
            System.out.println(mthSig);
            //printing the body
            System.out.println(smAddServiceMth.getActiveBody().toString());
            //iterating over the caller methods
            Iterator<Edge> edgeIterator = cg.edgesInto(smAddServiceMth);
            while (edgeIterator.hasNext()) {
                Edge mtdEdge = edgeIterator.next();
                SootMethod srcMtd = mtdEdge.src();
                System.out.println(srcMtd.getSignature());
                System.out.println(mtdEdge.srcStmt().toString());
            }
        }
        return null;
    }
}


--
Best Regards,
Yury Zhauniarovich


CONFIDENTIALITY  NOTICE:
This email and any attachments transmitted with it are confidential and intended for the use of individual or entity to which it is addressed. If you have received this email in error, please delete it immediately and inform the sender. Unless you are the intended recipient, you may not use, disclose, copy or distribute this email or any attachments included. The contents of this email, including any attachments, may be subjected to copyright law. In such cases, the contents may not be copied, adapted, distributed or transmitted without the consent of the copyright owner.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170228/99e8c93b/attachment.html>

More information about the Soot-list mailing list