[Soot-list] A question about dummyMain of FlowDroid
Arzt, Steven
steven.arzt at sit.fraunhofer.de
Sat May 27 17:44:27 EDT 2017
Hi Jia,
we indeed do not have support for the AppWidgetProvider class in FlowDroid. Your approach to extend FlowDroid sounds correct and it would be great if you could contribute your changes back to the FlowDroid open source project once everything works.
Now for the problem: Can you please check that generateBroadcastReceiverLifecycle() is called at all for the widget provider? Maybe the provider is not detected as a special type of broadcast receiver.
If the method is called, you can use the debugger to step into searchAndBuildMethod() to see why no invocation is added to the dummy main method. Maybe FlowDroid is unable to find the method for some reason.
Best regards,
Steven
From: Soot-list [mailto:soot-list-bounces at cs.mcgill.ca] On Behalf Of ll
Sent: Tuesday, May 23, 2017 7:46 AM
To: soot-list at cs.mcgill.ca
Subject: [Soot-list] A question about dummyMain of FlowDroid
Hi all,
I tried to use the flowdroid to detect an apk, there is a class extends AppWidgetProvider in the apk and I found no any edge in the class found in call graph.
I made some try but did not work, here is the detailed information that I really expect to get your help:
the subClass is :
public class WidgetProvider extends BaseWidgetProvider{
....
....
onReceive() ...
}
the parentClass is :
public abstract class BaseWidgetProvider extends AppWidgetProvider{
...
@overide
public void onUpdate(Context context,AppWidgetManager appWidgetManager,int[] appWidegtIds){
...
new BulkUpdateAsyncTask(....).execute((Void[]) null);
}
}
I want to find the implicit call chain : WidgetProvider::onUpdate()--> BulkUpdateAsyncTask::execute --> BulkUpdateAsyncTask::doInbackground, but I could not find the call chain, so I try to look at the source code of flowDroid , the following is my analysis of the possible reasons:
"when FlowDroid constructed the dummyMain , The WidgetProvider is only considered to be the normal BroadcastReceiver , only invoked 'onReceive()' in the dummyMain. "
So I try to add the stmt in generateBroadcastReceiverLifecycle() at AndroidEntryPointCreator.java:
Stmt onReceiveStmt = searchAndBuildMethod(AndroidEntryPointConstants.BROADCAST_ONRECEIVE, currentClass, entryPoints, classLocal);
+Stmt onUpdateStmt = searchAndBuildMethod(AndroidEntryPointConstants.AppWIDGETPROVIDER_ONUPDATE,currentClass, entryPoints)
AndroidEntryPointConstants.AppWIDGETPROVIDER_ONUPDATE is "void onUpdate(android.content.Context,android.appwidget.AppWidgetManager,int[])"
Unfortunately, The above changes have no other effect 。I still did not find any edge about the update() through the code :calligraph.edgesInto(m) 、calligraph.edgesOutOf(m)
More perplexing ,I also did not find any edge about the BaseWidgetProvider::onReceive() through calligraph Whether or not I added the above onUpdateStmt.
Finally,I tried to look the dummymain , and find an important fact:
In the previous constructs, there are widgetProvider local value. but in the last construct dummymain, no the local value.
What is the reason for this? Could you give me some advice about solving the problem?
I am looking forward to your reply!
ps: the option is below:
[cid:image001.jpg at 01D2D743.2901A500]
[cid:image002.jpg at 01D2D743.2901A500]
thanks,
Jia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170527/263b89af/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 82058 bytes
Desc: image001.jpg
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170527/263b89af/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 101211 bytes
Desc: image002.jpg
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170527/263b89af/attachment-0003.jpg>
More information about the Soot-list
mailing list