fgwei
commented
8 years ago Types for a path for now just a simple mapping:
API_SOURCE || CALLBACK_SOURCE => API_SINK => MAL_INFORMATION_LEAK API_SOURCE || CALLBACK_SOURCE => ICC_SINK => VUL_INFORMATION_LEAK
ICC_SOURCE => API_SINK => VUL_CAPABILITY_LEAK ICC_SOURCE => ICC_SINK => VUL_CONFUSED_DEPUTY
STMT_SOURCE => API_SINK => VUL_CAPABILITY_LEAK STMT_SOURCE => ICC_SINK => VUL_CONFUSED_DEPUTY
Hello, I wanted to ask you something about the results obtained. In this example, I have a loss of simSerialNumber through a kind Log files. What I can not understand, it is written after the string "Types: maliciousness: information_theft". Please let me explain what I mean?
TaintPath: Source: <Descriptors: api_source: Landroid/telephony/TelephonyManager;.getSimSerialNumber:()Ljava/lang/String; > Sink: <Descriptors: api_sink: Landroid/util/Log;.d:(Ljava/lang/String;Ljava/lang/String;)I 1> Types: maliciousness:information_theft The path consists of the following edges ("->"). The nodes have the context information (p1 to pn means which parameter). The source is at the top : VirtualBody@(<init>,L0132d8)(<init>,L013b34) -> VirtualBody@(sendSMS,L015770)(access$11,L013f00) -> VirtualBody@(sendSMS,L015794)(access$11,L013f00) -> VirtualBody@(onReceive,L01379a)(env,L225) -> Call@(onReceive,L0137aa)(env,L225)p1 -> VirtualBody@(onCreate,L016206)(env,L165)