Class layout mappings does not work on view callbacks if the view is put in a fragment

[RichardHoOoOo]

Hi @StevenArzt , I think L249 causes a problem that the callbacks declared in a user-defined view are not included in the call graph if the view is put in a fragment's xml layout. https://github.com/secure-software-engineering/FlowDroid/blob/c9509e23784362e3a0ffecfa3f6fcafabb36d77f/soot-infoflow-android/src/soot/jimple/infoflow/android/callbacks/DefaultCallbackAnalyzer.java#L249

Finding call sites like setContentView or inflate depends on rmIterator = Scene.v().getReachableMethods().listener(). The reachableMethods contains something when collecting callbacks in default mode, but it contains nothing when running incremental callback analysis. Since fragments are usually analyzed incrementally, its layout mappings cannot be extracted.

For example, if I declared a customized MyWebView that extends WebView and I override the onPause() callback. When I put MyWebView in a fragment's layout xml file, onPause is not connected to the fragment's dummy main method.

It seems removing L249 can fix the problem. Can you confirm if I am correct?

[RichardHoOoOo]

Similarly, it seems reachableChangedListener = Scene.v().getReachableMethods().listener(); should be added before L125.

https://github.com/secure-software-engineering/FlowDroid/blob/c9509e23784362e3a0ffecfa3f6fcafabb36d77f/soot-infoflow-android/src/soot/jimple/infoflow/android/callbacks/DefaultCallbackAnalyzer.java#L125

Otherwise, new reachable methods are not returned by the listener. For example, fragment's lifecycles, although appearing in the call graph, are not returned by the listener. As a result, callbacks like onClick registered in fragment's lifecycles are not included in the call graph.