[Soot-list] Soot cannot get the body and the callers of the overloaded method

Gian Luca Scoccia loscoccia at gmail.com
Tue Feb 28 04:43:56 EST 2017 

Where did you get the android framework files? Keep in mind that those that
those that come with Flowdroid (
https://github.com/secure-software-engineering/soot-infoflow-android) only
contain stubs/summaries of many methods. You have to get your own android
jar files.

2017-02-28 8:26 GMT+01:00 Dr. Yury Zhauniarovich <yzhauniarovich at hbku.edu.qa
>:

> Dear community,
>
> I faced with a problem and do not know how to solve an issue and what is
> its cause. I would be glad if someone can point me for a direction.
>
> I have the following issue with Soot. I try to analyze the Android
> framework files. In particular, I would like to find all places in the code
> where system services are added, the corresponding method signatures are
> defined in the smAddMethodSignatures array (see the code in the end).
>
> When I ran the following code, I am able to find the callers and the body
> of the method for the first signature but not for the second. For the
> second signature, the active body is an empty string, and there are no
> caller, although from the sources it is obvious that such methods exist.
> Here is the error when I try to get active body:
>
> Exception in thread "main" java.lang.RuntimeException: no active body present for method <android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder,boolean)>
> 	at soot.SootMethod.getActiveBody(SootMethod.java:323)
> 	at com.tmp.BAnalysisApp.getRegisteredServicesClasses(BAnalysisApp.java:85)
> 	at com.tmp.BAnalysisApp.main(BAnalysisApp.java:47)
>
>
> I am a novice with Soot, and I may miss something. However, it seems to me
> that there is a bug in Soot analyzing overloaded methods. I also filled an
> issue in the tracker with a pretty 700 number: https://github.com/
> Sable/soot/issues/700
>
> Here is the code of an MWE that I use:
>
> import java.util.Collections;
> import java.util.Iterator;
> import java.util.List;
>
> import soot.PackManager;
> import soot.Scene;
> import soot.SootClass;
> import soot.SootMethod;
> import soot.jimple.toolkits.callgraph.CallGraph;
> import soot.jimple.toolkits.callgraph.Edge;
> import soot.options.Options;
>
> public class BAnalysisApp {
>     private final static String SERVICES_DEX_DIR_PATH = "/home/yury/tmp/tmp_services/";
>     private final static String ANDROID_BOOT_JAR_PATH = "/home/yury/tmp/android-boot-25.jar";
>
>     // searched method signatures
>     // public static void addService(String name, IBinder service)
>     // public static void addService(String name, IBinder service, boolean allowIsolated)
>     private final static String[] smAddMethodSignatures = {
> 	    "<android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder)>",
> 	    "<android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder,boolean)>" };
>
>     public static void main(String[] args) {
> 	prepareSoot();
> 	List<SootClass> registeredServices = getRegisteredServicesClasses();
>     }
>
>     private static void prepareSoot() {
> 	soot.G.reset();
> 	Options.v().set_src_prec(Options.src_prec_apk);
> 	Options.v().set_process_dir(Collections.singletonList(SERVICES_DEX_DIR_PATH));
> 	Options.v().set_process_multiple_dex(true);
> 	Options.v().set_force_android_jar(ANDROID_BOOT_JAR_PATH);
> 	Options.v().set_whole_program(true);
> 	Options.v().set_allow_phantom_refs(true);
> 	Options.v().set_output_format(Options.output_format_none);
> 	Options.v().setPhaseOption("cg.spark", "on");
> 	Scene.v().loadNecessaryClasses();
> 	PackManager.v().runPacks();
>     }
>
>     private static List<SootClass> getRegisteredServicesClasses() {
> 	final CallGraph cg = Scene.v().getCallGraph();
> 	for (String mthSig : smAddMethodSignatures) {
> 	    SootMethod smAddServiceMth = Scene.v().grabMethod(mthSig);
> 	    System.out.println(mthSig);
>             //printing the body
> 	    System.out.println(smAddServiceMth.getActiveBody().toString());
>             //iterating over the caller methods
> 	    Iterator<Edge> edgeIterator = cg.edgesInto(smAddServiceMth);
> 	    while (edgeIterator.hasNext()) {
> 		Edge mtdEdge = edgeIterator.next();
> 		SootMethod srcMtd = mtdEdge.src();
> 		System.out.println(srcMtd.getSignature());
> 		System.out.println(mtdEdge.srcStmt().toString());
> 	    }
> 	}
> 	return null;
>     }
> }
>
>
>
> --
> Best Regards,
> Yury Zhauniarovich
>
>
> CONFIDENTIALITY NOTICE:
> This email and any attachments transmitted with it are confidential and
> intended for the use of individual or entity to which it is addressed. If
> you have received this email in error, please delete it immediately and
> inform the sender. Unless you are the intended recipient, you may not use,
> disclose, copy or distribute this email or any attachments included. The
> contents of this email, including any attachments, may be subjected to
> copyright law. In such cases, the contents may not be copied, adapted,
> distributed or transmitted without the consent of the copyright owner.
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
>


-- 
_______________________________________________________

Ph.D. Student at Gran Sasso Science Institute (GSSI)
<http://www.gssi.infn.it>
Personal Page <http://cs.gssi.infn.it/people/scoccia/>
Linkedin Profile <https://it.linkedin.com/in/gianlucascoccia>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170228/fd435c40/attachment-0001.html>

More information about the Soot-list mailing list