search

siis / ic3

IC3: Inter-Component Communication Analysis in Android
http://siis.cse.psu.edu/ic3/
Apache License 2.0
36 stars 21 forks source link

Instance of ICC missing from IC3's output - Epicc is able to catch it. #1

Open pbsf opened 9 years ago

pbsf commented 9 years ago

Consider a simple application with only one Activity (named MainActivity) declared in its AndroidManifest file. The code of the Activity is shown below:

public class MainActivity extends Activity {
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        BroadcastReceiver receiver = new BroadcastReceiver() {
           @Override
            public void onReceive(Context context, Intent intent) {
                Intent i = new Intent();
                context.startActivity(i);
            }
        };
    }
}

The intent that is being sent above is shown in Epicc's output, but not in IC3's output. The destination of this intent is irrelevant - regardless of its destination, Epicc shows in its output that an intent is sent in MainActivity$1.onReceive, but there is no related entry in IC3's output (even if the destination is statically resolvable).

The bug occurs when:

  1. The receiver of a method that sends an intent is a method parameter. AND
  2. The intent is sent within an anonymous class. (only one of them was not enough to reproduce the bug).
docteau commented 9 years ago

Thank you for the report. There is indeed a bug, but not exactly for the code shown in your report.

First, IC3 is right not to report anything for the code shown above. The receiver is never registered and thus onReceive() can never be reached.

However, even if you add registerReceiver(receiver, new IntentFilter()) at the end of onCreate(), then IC3 still won't show anything, which is not normal. In its call graph construction, when it is creating the dummyMain to simulate the application lifecycle, IC3 should detect the registerReceiver method and then generate the lifecycle for the receiver argument. The problem is that IC3 relies on the FlowDroid lifecycle generation, which does not support this yet.

Thus, we need to add this to FlowDroid and then pull the latest lifecycle creation procedure from FlowDroid into IC3.

pbsf commented 9 years ago

Thank you for the fast reply. I agree with you that a registerReceiver call is necessary.

ps: Epicc will still report that an Intent is sent in MainActivity$1.onReceive, even without a registerReceiver call, but this seems to be another issue.