[Soot-list] Soot cannot get the body and the callers of the overloaded method

Arzt, Steven steven.arzt at sit.fraunhofer.de
Tue Feb 28 04:54:32 EST 2017 

Hi Yuri,

There are several possible explanations for the behavior you encounter. One is that Soot didn’t actually find the class. Can you check whether the class ServiceManager is a phantom, i.e., isPhantom() returns true on the SootClass? If that is the case, the class is probably missing from the JAR file you are using.

An alternative explanation would be that the class is there, but is not loaded. The easiest solution would be to do something like this right before you call loadNecessaryClasses():

                Scene.v().addBasicClass(“android.os.ServiceManager”, SootClass.BODIES);

That line tells Soot to load this class and all method bodies inside it, even if would normally be excluded for some reason. To see whether a class was loaded (and to which extent), check the “resolvingLevel” property of the SootClass. You need level 3 (=SootClass.BODIES) to be able to have bodies. Since method bodies are loaded on demand, you might have level 3 and no bodies in some cases. In that case, SootMethod.retrieveActiveBody() should do the trick. That might all sound complex at first, but the core idea is that Soot only loads what is ultimately necessary to improve speed and reduce memory pressure.

Best regards,
  Steven

From: Soot-list [mailto:soot-list-bounces at cs.mcgill.ca] On Behalf Of Gian Luca Scoccia
Sent: Tuesday, February 28, 2017 10:44 AM
To: Dr. Yury Zhauniarovich <yzhauniarovich at hbku.edu.qa>
Cc: soot-list at CS.McGill.CA
Subject: Re: [Soot-list] Soot cannot get the body and the callers of the overloaded method

Where did you get the android framework files? Keep in mind that those that those that come with Flowdroid (https://github.com/secure-software-engineering/soot-infoflow-android) only contain stubs/summaries of many methods. You have to get your own android jar files.

2017-02-28 8:26 GMT+01:00 Dr. Yury Zhauniarovich <yzhauniarovich at hbku.edu.qa<mailto:yzhauniarovich at hbku.edu.qa>>:
Dear community,

I faced with a problem and do not know how to solve an issue and what is its cause. I would be glad if someone can point me for a direction.

I have the following issue with Soot. I try to analyze the Android framework files. In particular, I would like to find all places in the code where system services are added, the corresponding method signatures are defined in the smAddMethodSignatures array (see the code in the end).

When I ran the following code, I am able to find the callers and the body of the method for the first signature but not for the second. For the second signature, the active body is an empty string, and there are no caller, although from the sources it is obvious that such methods exist. Here is the error when I try to get active body:


Exception in thread "main" java.lang.RuntimeException: no active body present for method <android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder,boolean)>

       at soot.SootMethod.getActiveBody(SootMethod.java:323)

       at com.tmp.BAnalysisApp.getRegisteredServicesClasses(BAnalysisApp.java:85)

       at com.tmp.BAnalysisApp.main(BAnalysisApp.java:47)

I am a novice with Soot, and I may miss something. However, it seems to me that there is a bug in Soot analyzing overloaded methods. I also filled an issue in the tracker with a pretty 700 number: https://github.com/Sable/soot/issues/700

Here is the code of an MWE that I use:


import java.util.Collections;

import java.util.Iterator;

import java.util.List;



import soot.PackManager;

import soot.Scene;

import soot.SootClass;

import soot.SootMethod;

import soot.jimple.toolkits.callgraph.CallGraph;

import soot.jimple.toolkits.callgraph.Edge;

import soot.options.Options;



public class BAnalysisApp {

    private final static String SERVICES_DEX_DIR_PATH = "/home/yury/tmp/tmp_services/";

    private final static String ANDROID_BOOT_JAR_PATH = "/home/yury/tmp/android-boot-25.jar";



    // searched method signatures

    // public static void addService(String name, IBinder service)

    // public static void addService(String name, IBinder service, boolean allowIsolated)

    private final static String[] smAddMethodSignatures = {

           "<android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder)>",

           "<android.os.ServiceManager: void addService(java.lang.String,android.os.IBinder,boolean)>" };



    public static void main(String[] args) {

       prepareSoot();

       List<SootClass> registeredServices = getRegisteredServicesClasses();

    }



    private static void prepareSoot() {

       soot.G.reset();

       Options.v().set_src_prec(Options.src_prec_apk);

       Options.v().set_process_dir(Collections.singletonList(SERVICES_DEX_DIR_PATH));

       Options.v().set_process_multiple_dex(true);

       Options.v().set_force_android_jar(ANDROID_BOOT_JAR_PATH);

       Options.v().set_whole_program(true);

       Options.v().set_allow_phantom_refs(true);

       Options.v().set_output_format(Options.output_format_none);

       Options.v().setPhaseOption("cg.spark", "on");

       Scene.v().loadNecessaryClasses();

       PackManager.v().runPacks();

    }



    private static List<SootClass> getRegisteredServicesClasses() {

       final CallGraph cg = Scene.v().getCallGraph();

       for (String mthSig : smAddMethodSignatures) {

           SootMethod smAddServiceMth = Scene.v().grabMethod(mthSig);

           System.out.println(mthSig);

            //printing the body

           System.out.println(smAddServiceMth.getActiveBody().toString());

            //iterating over the caller methods

           Iterator<Edge> edgeIterator = cg.edgesInto(smAddServiceMth);

           while (edgeIterator.hasNext()) {

               Edge mtdEdge = edgeIterator.next();

               SootMethod srcMtd = mtdEdge.src();

               System.out.println(srcMtd.getSignature());

               System.out.println(mtdEdge.srcStmt().toString());

           }

       }

       return null;

    }

}


--
Best Regards,
Yury Zhauniarovich


CONFIDENTIALITY NOTICE:
This email and any attachments transmitted with it are confidential and intended for the use of individual or entity to which it is addressed. If you have received this email in error, please delete it immediately and inform the sender. Unless you are the intended recipient, you may not use, disclose, copy or distribute this email or any attachments included. The contents of this email, including any attachments, may be subjected to copyright law. In such cases, the contents may not be copied, adapted, distributed or transmitted without the consent of the copyright owner.

_______________________________________________
Soot-list mailing list
Soot-list at CS.McGill.CA<mailto:Soot-list at CS.McGill.CA>
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list



--
_______________________________________________________

Ph.D. Student at Gran Sasso Science Institute (GSSI)<http://www.gssi.infn.it>
Personal Page<http://cs.gssi.infn.it/people/scoccia/>
Linkedin Profile<https://it.linkedin.com/in/gianlucascoccia>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170228/0e23ef27/attachment-0001.html>

More information about the Soot-list mailing list