May I ask how to exclude methods in libraries when building the call graph?

[RichardHoOoOo]

Hi I am familiar with soot and now I am trying flowdroid.

In soot, I usually filter out libraries methods (suppose I know the package names of the libraries) in the SceneTransformer phase

PackManager.v().getPack("wjpp").add(new Transform("wjpp.setEntries", new SceneTransformer() {
        protected void internalTransform(String phaseName, Map<String, String> options) {
                 List<SootMethod> entryPoints = new ArrayList<SootMethod>();
                 // Only put methods in application classes into entryPoints, libraries are filtered out by matching package names
                 Scene.v().setEntryPoints(entryPoints);
        }
}));

May I ask how to specify the entryPoints in flowdroid in order to remove methods in libraries? It seems I can't find any related settings in InfoflowAndroidConfiguration. Do you have a working example that I can use as a starting point? Thanks in advance!

[StevenArzt]

The entry points of an app are derived from the components declared in the app's manifest and from the Android lifecycle. Do you want to exclude components (e.g., services) from third-party libraries, or do you want to exclude all library classes from your Soot scene?

[RichardHoOoOo]

I guess I am doing the later one as I am not interested in what are called by the methods in third-party libraries.

[StevenArzt]

You can simply extend SootConfigForAndroid (inherit from the class and set it using SetupApplication.setSootConfig) and set your library classes on the Soot exclusion list. We already do this for java.* and similar packages.

[RichardHoOoOo]

I see, thanks for your help!