[Soot-list] [Android Framework Bodies]

Arzt, Steven steven.arzt at sit.fraunhofer.de
Tue Feb 28 13:04:11 EST 2017 

Hi Claudio,

For performance reasons, Soot doesn't load the Android classes by default, but keeps them as phantoms. You need to change this behavior if you want the code in the Android classes to be analyzed. The SetupApplicationClass has a method setSootConfig() with which you can specify an alternate Soot configuration. The default implementation in SootConfigForAndroid explicitly excluded all Android system classes.

The next thing to look at would be the taint wrapper, i.e., the explicit library model that we apply to some of the Android system classes. The best idea would probably be to disable the taint wrapper entirely using SetupApplication.setTaintWrapper(null). That can significantly increase the computation time in case you have real implementation inside your modified platform JAR file, though. If that happens, you probably need to create a modified taint wrapper that distinguishes between the methods you want to analyze and the ones for which FlowDroid shall still rely on the explicit models.

Best regards,
  Steven

-----Original Message-----
From: claudio [mailto:claudio.rizzo.2015 at live.rhul.ac.uk] 
Sent: Tuesday, February 28, 2017 6:57 PM
To: Arzt, Steven <steven.arzt at sit.fraunhofer.de>; soot-list at cs.mcgill.ca
Subject: Re: [Soot-list] [Android Framework Bodies]

Hi Steven,

First for the reply!

I try to explain it better.

I have successfully used soot to modify an android.jar file. In particular I modified a stub method in the URI class, such that its method "<android.net.Uri: android.net.Uri parse(java.lang.String)>" 
contains a static call to Log.i("STRING..", TaintedValue).

I run FlowDroid with this modified android.jar as Android platform. 
Since Log.i is defined as a Sink, I would expect to find a flow to it which I can't find. I am sure that the value is tainted, since I added
"<android.net.Uri: android.net.Uri parse(java.lang.String)>" itself ad a Sink and I indeed see flows to it.

Bests,

Claudio


On 28/02/17 17:50, Arzt, Steven wrote:
> Hi Claudio,
>
> I'm not exactly sure what you are trying to achieve. What do you mean by "FlowDroid won't benefit of this"? In which way do you want FlowDroid to benefit from your model? What exactly is your model? Are you creating a different entry point for callgraph construction? Or do you provide something else?
>
> Best regards,
>    Steven
>
> -----Original Message-----
> From: Soot-list [mailto:soot-list-bounces at cs.mcgill.ca] On Behalf Of 
> claudio
> Sent: Tuesday, February 28, 2017 6:32 PM
> To: soot-list at cs.mcgill.ca
> Subject: [Soot-list] [Android Framework Bodies]
>
> Dear all,
>
> I am trying to give a model to some of the Android framework model. I am able to generate the model I need, however running a static analysis through Flowdroid won't benefit of this.
>
> I went through the source code and the reason seems to be that soot 
> doesn't load the body of some of the Android framework methods. I was
> wondering: is there a way to load those body ? I tried using the --sysflow flag in flowdroid but didn't work.
>
> Bests,
>
> Claudio
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list

More information about the Soot-list mailing list