[Soot-list] Soot cannot get the body and the callers of the overloaded method
Gian Luca Scoccia
loscoccia at gmail.com
Tue Feb 28 04:43:56 EST 2017
Where did you get the android framework files? Keep in mind that those that
those that come with Flowdroid (
https://github.com/secure-software-engineering/soot-infoflow-android) only
contain stubs/summaries of many methods. You have to get your own android
jar files.
2017-02-28 8:26 GMT+01:00 Dr. Yury Zhauniarovich <yzhauniarovich at hbku.edu.qa
>:
> Dear community,
>
> I faced with a problem and do not know how to solve an issue and what is
> its cause. I would be glad if someone can point me for a direction.
>
> I have the following issue with Soot. I try to analyze the Android
> framework files. In particular, I would like to find all places in the code
> where system services are added, the corresponding method signatures are
> defined in the smAddMethodSignatures array (see the code in the end).
>
> When I ran the following code, I am able to find the callers and the body
> of the method for the first signature but not for the second. For the
> second signature, the active body is an empty string, and there are no
> caller, although from the sources it is obvious that such methods exist.
> Here is the error when I try to get active body:
>
> Exception in thread "main" java.lang.RuntimeException: no active body present for method <android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder,boolean)>
> at soot.SootMethod.getActiveBody(SootMethod.java:323)
> at com.tmp.BAnalysisApp.getRegisteredServicesClasses(BAnalysisApp.java:85)
> at com.tmp.BAnalysisApp.main(BAnalysisApp.java:47)
>
>
> I am a novice with Soot, and I may miss something. However, it seems to me
> that there is a bug in Soot analyzing overloaded methods. I also filled an
> issue in the tracker with a pretty 700 number: https://github.com/
> Sable/soot/issues/700
>
> Here is the code of an MWE that I use:
>
> import java.util.Collections;
> import java.util.Iterator;
> import java.util.List;
>
> import soot.PackManager;
> import soot.Scene;
> import soot.SootClass;
> import soot.SootMethod;
> import soot.jimple.toolkits.callgraph.CallGraph;
> import soot.jimple.toolkits.callgraph.Edge;
> import soot.options.Options;
>
> public class BAnalysisApp {
> private final static String SERVICES_DEX_DIR_PATH = "/home/yury/tmp/tmp_services/";
> private final static String ANDROID_BOOT_JAR_PATH = "/home/yury/tmp/android-boot-25.jar";
>
> // searched method signatures
> // public static void addService(String name, IBinder service)
> // public static void addService(String name, IBinder service, boolean allowIsolated)
> private final static String[] smAddMethodSignatures = {
> "<android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder)>",
> "<android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder,boolean)>" };
>
> public static void main(String[] args) {
> prepareSoot();
> List<SootClass> registeredServices = getRegisteredServicesClasses();
> }
>
> private static void prepareSoot() {
> soot.G.reset();
> Options.v().set_src_prec(Options.src_prec_apk);
> Options.v().set_process_dir(Collections.singletonList(SERVICES_DEX_DIR_PATH));
> Options.v().set_process_multiple_dex(true);
> Options.v().set_force_android_jar(ANDROID_BOOT_JAR_PATH);
> Options.v().set_whole_program(true);
> Options.v().set_allow_phantom_refs(true);
> Options.v().set_output_format(Options.output_format_none);
> Options.v().setPhaseOption("cg.spark", "on");
> Scene.v().loadNecessaryClasses();
> PackManager.v().runPacks();
> }
>
> private static List<SootClass> getRegisteredServicesClasses() {
> final CallGraph cg = Scene.v().getCallGraph();
> for (String mthSig : smAddMethodSignatures) {
> SootMethod smAddServiceMth = Scene.v().grabMethod(mthSig);
> System.out.println(mthSig);
> //printing the body
> System.out.println(smAddServiceMth.getActiveBody().toString());
> //iterating over the caller methods
> Iterator<Edge> edgeIterator = cg.edgesInto(smAddServiceMth);
> while (edgeIterator.hasNext()) {
> Edge mtdEdge = edgeIterator.next();
> SootMethod srcMtd = mtdEdge.src();
> System.out.println(srcMtd.getSignature());
> System.out.println(mtdEdge.srcStmt().toString());
> }
> }
> return null;
> }
> }
>
>
>
> --
> Best Regards,
> Yury Zhauniarovich
>
>
> CONFIDENTIALITY NOTICE:
> This email and any attachments transmitted with it are confidential and
> intended for the use of individual or entity to which it is addressed. If
> you have received this email in error, please delete it immediately and
> inform the sender. Unless you are the intended recipient, you may not use,
> disclose, copy or distribute this email or any attachments included. The
> contents of this email, including any attachments, may be subjected to
> copyright law. In such cases, the contents may not be copied, adapted,
> distributed or transmitted without the consent of the copyright owner.
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
>
--
_______________________________________________________
Ph.D. Student at Gran Sasso Science Institute (GSSI)
<http://www.gssi.infn.it>
Personal Page <http://cs.gssi.infn.it/people/scoccia/>
Linkedin Profile <https://it.linkedin.com/in/gianlucascoccia>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170228/fd435c40/attachment-0001.html>
More information about the Soot-list
mailing list