-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to import additional jar files #789
Comments
You only put additional JAR files on the classpath. If your APK file references classes from these JAR files, they will be analyzed together with the app. However, FlowDroid will build its dummy main method from the APK and will only consider the app's lifecycle including callbacks as entry points. If a method in the JAR is never called from the APK, it won't be analyzed. I'm generally not sure what your intended semantics of combining an APK with a JAR file are. |
Thank you for your explanation. As some apps are packed, I manually dump the dynamically loaded DEX files during runtime, and convert them to JAR files and then combine them with the APK file for a more complete analysis of the app. As you said, only when the APK calls the methods in the jar will they be analyzed. Can I achieve this purpose? |
I understand your goal, but it won't be easy. The APK dynamically loads the additional DEX files and uses a special class loader and reflection to transfer the control flow into the additional classes that were loaded. The normal callgraph doesn't capture this behavior. The target classes and methods are part of the Soot scene, but the calls still use reflection. You would need to re-write the Jimple code to replace the class loading and reflective calls with proper method calls before building the callgraph. |
Thank you for your reply. Rewriting the Jimple code is difficult for me. If I simply add additional JAR files to the classpath and put edges of the classes in the JAR files into the CallGraph, will the classes/method from the JAR files appear in the final output leak path? will they participate in the taint analysis? |
Dear developers @StevenArzt @t1mlange ,
I used the
Options.v().set_soot_classpath()
andconfig.getAnalysisFileConfig().setAdditionalClasspath()
to import the jar files of apps except the apk package into the framework. However, when FlowDroid builds CallGraph and does taint analysis, he analysis results appear to be the same as when only the apk was imported. The jar files I imported seems to be useless, may I ask why? How can I fix it?My code:
The text was updated successfully, but these errors were encountered: