[Soot-list] A question about dummyMain of FlowDroid

ll lljjkkzz001 at 126.com
Sun May 28 21:46:54 EDT 2017 

Hi Steven,


Thanks for your reply!


I am in my hometown now, and I will try to check as you mentioned later. 



Could you please describe to me the process of the construct dummy main method? I am a little confused about this.   


and when I looked at the output log , I noticed that the loop generated five dummy main methods, the first four times have the specified local that indicate widgetProvider. But at the last time, the dummy main mehtod has not the widgetProvider local. 
I feel strange because I think the newest dummy main is more content than before due to find more callback methods.


why at the last dummymain lost the entryPoint class widgetProvider? Could you please give me some advice about the a little strange issue? 


thanks,
Jia




At 2017-05-28 05:44:27, "Arzt, Steven" <steven.arzt at sit.fraunhofer.de> wrote:


Hi Jia,

 

we indeed do not have support for the AppWidgetProvider class in FlowDroid. Your approach to extend FlowDroid sounds correct and it would be great if you could contribute your changes back to the FlowDroid open source project once everything works.

 

Now for the problem: Can you please check that generateBroadcastReceiverLifecycle() is called at all for the widget provider? Maybe the provider is not detected as a special type of broadcast receiver.

 

If the method is called, you can use the debugger to step into searchAndBuildMethod() to see why no invocation is added to the dummy main method. Maybe FlowDroid is unable to find the method for some reason.

 

Best regards,

  Steven

 

From: Soot-list [mailto:soot-list-bounces at cs.mcgill.ca] On Behalf Of ll
Sent: Tuesday, May 23, 2017 7:46 AM
To:soot-list at cs.mcgill.ca
Subject: [Soot-list] A question about dummyMain of FlowDroid

 

Hi all,

 

I tried to use the flowdroid to detect an apk, there is  a class extends AppWidgetProvider in the apk  and I found no any edge in the class found in call graph. 

I made some try but did not work, here is the detailed information that I really expect to get your help: 

 

the subClass is :

public class WidgetProvider extends BaseWidgetProvider{

       ....

       ....

       onReceive() ...

}

 

the parentClass is :

public abstract class BaseWidgetProvider extends AppWidgetProvider{

     ...

     @overide

     public void onUpdate(Context context,AppWidgetManager appWidgetManager,int[] appWidegtIds){

                ...

                new BulkUpdateAsyncTask(....).execute((Void[]) null);

     }

}

 

I want to find the implicit call chain : WidgetProvider::onUpdate()--> BulkUpdateAsyncTask::execute --> BulkUpdateAsyncTask::doInbackground, but I could not find the call chain, so I try to look at the source code of flowDroid , the following is my analysis of the possible reasons:  

           "when FlowDroid constructed the dummyMain ,  The WidgetProvider is only considered to be the normal BroadcastReceiver ,  only invoked 'onReceive()' in the dummyMain.  "

 

So I try to add the stmt in generateBroadcastReceiverLifecycle() at AndroidEntryPointCreator.java:

| |
|

Stmt onReceiveStmt = searchAndBuildMethod(AndroidEntryPointConstants.BROADCAST_ONRECEIVE, currentClass, entryPoints, classLocal);

|

  +Stmt onUpdateStmt = searchAndBuildMethod(AndroidEntryPointConstants.AppWIDGETPROVIDER_ONUPDATE,currentClass, entryPoints) 

 

AndroidEntryPointConstants.AppWIDGETPROVIDER_ONUPDATE is "void onUpdate(android.content.Context,android.appwidget.AppWidgetManager,int[])"

 

Unfortunately, The above changes have no other effect 。I still did not find  any edge about the update() through the code :calligraph.edgesInto(m)  、calligraph.edgesOutOf(m)

More perplexing ,I also did not find any edge about the BaseWidgetProvider::onReceive() through calligraph Whether or not I added the above onUpdateStmt.

Finally,I tried to look the dummymain , and find an important fact:

In the previous constructs, there are widgetProvider local value. but in the last construct dummymain, no the local value.  

 

What is the reason for this?  Could you give me some advice about solving the problem?

 

I am looking forward to your reply! 

 

ps: the option is below:

 

 

 

 

thanks,

Jia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170529/ac897f63/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 82058 bytes
Desc: not available
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170529/ac897f63/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 101211 bytes
Desc: not available
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170529/ac897f63/attachment-0003.jpg>

More information about the Soot-list mailing list