search

ashish-gehani / SPADE

SPADE: Support for Provenance Auditing in Distributed Environments
GNU General Public License v3.0
160 stars 70 forks source link

Deployment Failure: Unable to deploy SPADE on Android Device #143

Closed zjujgy98 closed 6 days ago

zjujgy98 commented 2 weeks ago

I'm following the tutorial to deploy SPADE on an Android system. I installed the required SDK, Java, and software packages accordingly. While trying to run SPADE with the commands below, I encountered a Java version compatibility issue:

cd SPADE
./configure

The configure script produces an error saying: configure: error: The java compiler version must be 11.0 or 12.0 or 13.0 or 14.0 So, I switched to Java version 11. After addressing the Java version issue by switching to Java version 11, I proceeded with the make android-build command. However, this led to another error related to the build tools, particularly the dx compiler:

Library/Android/sdk/build-tools/19.1.0//dx --dex --output=android-lib/lucene-core-3.5.0.jar lib/lucene-core-3.5.0.jar
...
UNEXPECTED TOP-LEVEL EXCEPTION:
com.android.dx.cf.iface.ParseException: InvokeDynamic not supported

Upon investigation, I identified that the MAKEFILE was referencing the outdated dx compiler, which does not support InvokeDynamic. Here's the original command from the MAKEFILE:

@cd build \
$(ANDROID_BUILD_TOOLS)/dx --dex --verbose --no-strict --output=../android-build/android-spade.jar spade;

To resolve this, I updated the compiler command to use the newer d8 tool: find build/spade -name "*.class" | xargs /Users/guangyuan/Library/Android/sdk/build-tools/33.0.0/d8 --release --min-api 26 --lib /Users/guangyuan/Library/Android/sdk/platforms/android-33/android.jar --output android-build/android-spade.jar I've set the min-api level to 26, and used the Android build tools version 33.0.0, which allowed the compilation to proceed without the aforementioned error. However, upon executing make android-start & I encountered several errors. The first error was related to loading the settings file:

SEVERE: SHUTTING DOWN! Failed to load settings file at path: 'cfg/spade.core.Kernel.config'
java.lang.Exception: Failed to get keys values entries
Failed to read keys values entries file
No file to read lines from at path: 'cfg/spade.core.Kernel.config'

Upon verification, I confirmed that the spade.core.Kernel.config file does exist in the SPADE directory. To remedy this, I modified Makefile and used adb push to transfer the configuration file to the Android emulator's folder:

$(ANDROID_SDK_TOOLS)/platform-tools/adb shell "mkdir /sdcard/spade/cfg"
$(ANDROID_SDK_TOOLS)/platform-tools/adb push cfg/spade.core.Kernel.config /sdcard/spade/cfg/spade.core.Kernel.config;
$(ANDROID_SDK_TOOLS)/platform-tools/adb push cfg/spade.client.Control.config

Following the previous steps, I resolved the initial issue with the settings file by pushing spade.core.Kernel.config to the emulator. However, another error arose when trying to run the application again:

SEVERE: SHUTTING DOWN! Failed to load settings file at path: 'cfg/spade.core.Kernel.config'
java.lang.Exception: Invalid value for key 'server_public_keystore'
    at spade.core.Settings.load(Settings.java:285)
    ...
Caused by: java.lang.Exception: File does not exist

This error pointed to an issue with the server_public_keystore key within the spade.core.Kernel.config file, where either the key file location was incorrect, or the file itself was absent from the Android device's specified path. On examining the Makefile, I noted a command related to key generation:

all:    build
./bin/keys/generatekeys.sh

In response, I executed the generatekeys.sh script to generate the necessary keys and then pushed the key files to the designated cfg folder on the Android device using the following commands:

shell
$(ANDROID_SDK_TOOLS)/platform-tools/adb shell "mkdir /sdcard/spade/cfg/keys"
$(ANDROID_SDK_TOOLS)/platform-tools/adb push cfg/keys/. /sdcard/spade/cfg/keys/;

After pushing the key files and resolving the server_public_keystore issue, SPADE appeared to start running on the Android device with no further errors reported in the output:

Library/Android/sdk/platform-tools/adb shell "cd /sdcard/spade; dalvikvm -Xmx512M -cp android-spade.jar spade.core.Kernel android"
Apr 25, 2024 2:23:23 PM spade.core.Kernel getHostName INFO: SPADE host name: 'localhost'

However, beyond this point, there is no additional output and, notably, the file audit.dot which is expected to be produced by SPADE, is absent from /sdcard/spade/ after the process ends. I am at a loss on how to further diagnose or resolve this issue and would greatly appreciate any assistance or insights into why SPADE isn't performing as expected.

Additionally, I would like to mention that I have attempted to deploy SPADE on both an Android 13 device and an emulator configured with "android-26;default;arm64-v8a". Despite following the necessary steps and attempting various troubleshooting methods as detailed above, the issue persists across both environments, with SPADE running but not producing the expected audit.dot file.

ashish-gehani commented 2 weeks ago

See this. Updating the Wiki to reflect it.

ashish-gehani commented 2 weeks ago

The immediate issue is as follows. The Strace reporter and Graphviz storage need to be added. ~2015, this was done by configuring conf/spade.config here. Currently, this can be added to cfg/spade.client.Control.config.

zjujgy98 commented 2 weeks ago

Thank you for your prompt and helpful response. Despite your advice, I'm still encountering difficulties. Initially, running ./configure with Java 1.8, I received an error indicating that I should use Java version 11, 12, 13, or 14. Considering Java 11 was released in 2018, it's challenging to recreate the exact environment from 2015 that SPADE was likely developed in. Following your guidance, I modified the spade.client.Control.config, and then I executed the Kernel with the following command:

emu64a:/sdcard/spade $ dalvikvm -Xmx512M -cp android-spade.jar spade.core.Kernel android The only output was establishing the SPADE host name:

Apr 29, 2024 2:05:49 PM spade.core.Kernel getHostName INFO: SPADE host name: 'localhost' Afterwards, there was no further activity or output, Attempting to run the shutdown command with dalvikvm and make android-stop produced no effect:

emu64a:/sdcard/spade $ dalvikvm -cp android-spade.jar spade.client.Android shutdown
emu64a:/sdcard/spade $ ps
The process list showed that dalvikvm was running, but the SPADE system did not appear to be executing as intended:
plaintext
USER           PID  PPID     VSZ    RSS WCHAN            ADDR S NAME
shell         7376   453 10822172  3228 __do_sys_+          0 S sh
shell         7406  7376 13831736 91072 futex_wai+          0 S dalvikvm
shell         7559  7376 10943656  3292 0                   0 R ps

I would greatly appreciate any further assistance you can provide. What might be hindering SPADE from running correctly, and how can I ascertain that it's performing the expected tasks?

ashish-gehani commented 6 days ago

The Strace reporter uses strace which relies on the ptrace() system call to attach to target processes. It appears the default Android configuration disallows this now:

emu64a:/ $ strace -p `pidof zygote64`
strace: attach: ptrace(PTRACE_SEIZE, 318): Operation not permitted