[Soot-list] 'Value' class. Missing classes

Gregor Beatson gregor.beatson at gmail.com
Sun Jan 6 11:18:41 EST 2019 

Hi everyone,

I am trying to extract from an Android app's source code a list of
permissions which it may request using the requestPermissions() API call,
and have run into a couple of issues. Please excuse the slightly longer
email. I have tried to break up the issues, but I encountered them in the
same situation.

In my code, I am including Soot as a library rather than running the Jar,
and am able to loop through every body of every method of every class of an
app, and find InvokeStmt classes which call requestPermissions(). The next
step would be to determine which permissions are being given as the
arguments of this method. After going through Soot's documentation, I found
that I can get the arguments of the call through the Value class
(stmt.getInvokeExpr().getArg(n)). However, these Values only seem to
contain the names of the variables passed, (e.g. $a1), and no way to
actually get their real 'values', (e.g. "android.permission.CAMERA"). Is
there some other class/method I am missing which can do this? I realise
that one of these variables could have more than value depending on
conditional statements which may explain why there doesn't seem to be
something like that; but some way to at least see the *possible* values
would be nice. For a simplified example, if the app had something like:

public static void example(Activity activity, boolean exampleCondition) {
    int requestCode = 1;
    String[] perms = new String[2];
    perms[0] = "android.permission.CAMERA";
    if (exampleCondition) {
        perms[1] = "android.permission.ACCESS_FINE_LOCATION";
    }
    requestPermissions(activity, perms, requestCode);
}

...perhaps there could be some way to show that the list perms may contain
some subset of ["android.permission.CAMERA",
"android.permission.ACCESS_FINE_LOCATION"]?

As mentioned, I am looping through every body of every method of every
class of an app. I seem to be having another issue here. If I use the
debugger to stop at certain parts of execution, I can see where I am in the
app's code:

[image: image.png]
I thought it might be helpful if I could also look at the code in .jimple
files, as I could more easily see the surrounding code. I set the output
format flag to jimple, so that I could get all the app's (jimplified) code
in one directory. However, some classes (including that in the screenshot
above) are missing from this output:
[image: image.png]
Any idea why this might be -- that Soot seems to be able to find more
classes during execution than it can output? I thought that perhaps the
classes were empty, but they have methods with non-empty bodies.

Any help with either of these issues would be greatly appreciated. Thanks
in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20190106/59b9d136/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 26568 bytes
Desc: not available
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20190106/59b9d136/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 12460 bytes
Desc: not available
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20190106/59b9d136/attachment-0003.png>

More information about the Soot-list mailing list