Skip to content

Commit c40ead0

Browse files
fgweifgwei
committed
add stateful case
1 parent be1cd26 commit c40ead0

File tree

50 files changed

+283
-23
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

50 files changed

+283
-23
lines changed

.idea/gradle.xml

+1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.idea/modules.xml

+1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

apks/IccHandling/icc_stateful.apk

150 KB
Binary file not shown.

icc_dynregister1/src/main/java/org/arguslab/icc_dynregister1/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
* source -> imei -> MainActivity's intent -> MyReciver's intent -> imei -> sink
2121
* @number_of_leaks 2
2222
* @challenges The analysis must be able to resolve dynamically registered component, implicit
23-
* ICC calls and handle data flow via different components.
23+
* ICC calls and handle data flow across different components.
2424
*/
2525
public class MainActivity extends Activity {
2626

icc_dynregister2/src/main/java/org/arguslab/icc_dynregister2/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
* source -> imei -> MainActivity's intent -> MyReciver's intent -> imei -> sink
2121
* @number_of_leaks 2
2222
* @challenges The analysis must be able to handle string manipulation, resolve dynamically
23-
* registered component, implicit ICC calls and handle data flow via different
23+
* registered component, implicit ICC calls and handle data flow across different
2424
* components.
2525
*/
2626
public class MainActivity extends Activity {

icc_explicit1/src/main/java/org/arguslab/icc_explicit1/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
* @dataflow source -> imei -> MainActivity's intent -> FooActivity's intent -> imei -> sink
1818
* @number_of_leaks 1
1919
* @challenges The analysis must be able to resolve explicit ICC calls and handle data flow
20-
* via different components.
20+
* across different components.
2121
*/
2222
public class MainActivity extends Activity {
2323

icc_explicit_nosrc_nosink/src/main/java/org/arguslab/icc_explicit_nosrc_nosink/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
* @dataflow v -> MainActivity's intent -> FooActivity's intent -> v
1515
* @number_of_leaks 0
1616
* @challenges The analysis must be able to resolve explicit ICC calls and handle data flow
17-
* via different components.
17+
* across different components.
1818
*/
1919
public class MainActivity extends Activity {
2020

icc_explicit_nosrc_sink/src/main/java/org/arguslab/icc_explicit_nosrc_sink/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
* @dataflow v -> MainActivity's intent -> FooActivity's intent -> v -> sink
1515
* @number_of_leaks 0
1616
* @challenges The analysis must be able to resolve explicit ICC calls and handle data flow
17-
* via different components.
17+
* across different components.
1818
*/
1919
public class MainActivity extends Activity {
2020

icc_explicit_src_nosink/src/main/java/org/arguslab/icc_explicit_src_nosink/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
* @dataflow source -> imei -> MainActivity's intent -> FooActivity's intent -> imei
1818
* @number_of_leaks 0
1919
* @challenges The analysis must be able to resolve explicit ICC calls and handle data flow
20-
* via different components.
20+
* across different components.
2121
*/
2222
public class MainActivity extends Activity {
2323

icc_explicit_src_sink/src/main/java/org/arguslab/icc_explicit_src_sink/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
* @dataflow source -> imei -> MainActivity's intent -> FooActivity's intent -> imei -> sink
1818
* @number_of_leaks 1
1919
* @challenges The analysis must be able to resolve explicit ICC calls and handle data flow
20-
* via different components.
20+
* across different components.
2121
*/
2222
public class MainActivity extends Activity {
2323

icc_implicit_action/src/main/java/org/arguslab/icc_implicit_action/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
* source -> imei -> MainActivity's intent -> FooActivity's intent -> imei -> sink
1919
* @number_of_leaks 2
2020
* @challenges The analysis must be able to resolve implicit (Action) ICC calls and handle data flow
21-
* via different components.
21+
* across different components.
2222
*/
2323
public class MainActivity extends Activity {
2424

icc_implicit_category/src/main/java/org/arguslab/icc_implicit_category/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
* source -> imei -> MainActivity's intent -> FooActivity's intent -> imei -> sink
1919
* @number_of_leaks 2
2020
* @challenges The analysis must be able to resolve implicit (Categories) ICC calls and handle data flow
21-
* via different components.
21+
* across different components.
2222
*/
2323
public class MainActivity extends Activity {
2424

icc_implicit_data1/src/main/java/org/arguslab/icc_implicit_data1/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
* source -> imei -> MainActivity's intent -> FooActivity's intent -> imei -> sink
2020
* @number_of_leaks 2
2121
* @challenges The analysis must be able to resolve implicit (Data) ICC calls and handle data flow
22-
* via different components.
22+
* across different components.
2323
*/
2424
public class MainActivity extends Activity {
2525

icc_implicit_data2/src/main/java/org/arguslab/icc_implicit_data2/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
* source -> imei -> MainActivity's intent -> FooActivity's intent -> imei -> sink
1919
* @number_of_leaks 2
2020
* @challenges The analysis must be able to resolve implicit (MType) ICC calls and handle data flow
21-
* via different components.
21+
* across different components.
2222
*/
2323
public class MainActivity extends Activity {
2424

icc_implicit_mix1/src/main/java/org/arguslab/icc_implicit_mix1/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
* source -> imei -> MainActivity's intent -> FooActivity's intent -> HookActivity's intent -> sink
2222
* @number_of_leaks 3
2323
* @challenges The analysis must be able to resolve implicit (Data&MType) ICC calls and handle data flow
24-
* via different components.
24+
* across different components.
2525
*/
2626
public class MainActivity extends Activity {
2727

icc_implicit_mix2/src/main/java/org/arguslab/icc_implicit_mix2/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
* source -> imei -> MainActivity's intent -> FooActivity's intent -> imei -> sink
2020
* @number_of_leaks 2
2121
* @challenges The analysis must be able to resolve implicit (Mix all) ICC calls and handle data flow
22-
* via different components.
22+
* across different components.
2323
*/
2424
public class MainActivity extends Activity {
2525

icc_implicit_nosrc_nosink/src/main/java/org/arguslab/icc_implicit_nosrc_nosink/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
* v -> MainActivity's intent -> FooActivity's intent -> v
1717
* @number_of_leaks 0
1818
* @challenges The analysis must be able to resolve implicit (Action) ICC calls and handle data flow
19-
* via different components.
19+
* across different components.
2020
*/
2121
public class MainActivity extends Activity {
2222

icc_implicit_nosrc_sink/src/main/java/org/arguslab/icc_implicit_nosrc_sink/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
* @dataflow v -> MainActivity's intent -> _
1616
* @number_of_leaks 0
1717
* @challenges The analysis must be able to resolve implicit (Action) ICC calls and handle data flow
18-
* via different components.
18+
* across different components.
1919
*/
2020
public class MainActivity extends Activity {
2121

icc_implicit_src_nosink/src/main/java/org/arguslab/icc_implicit_src_nosink/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
* @dataflow source -> imei -> MainActivity's intent -> sink (implicit ICC)
1919
* @number_of_leaks 1
2020
* @challenges The analysis must be able to resolve implicit (Action) ICC calls and handle data flow
21-
* via different components.
21+
* across different components.
2222
*/
2323
public class MainActivity extends Activity {
2424

icc_implicit_src_sink/src/main/java/org/arguslab/icc_implicit_src_sink/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
* source -> imei -> MainActivity's intent -> FooActivity's intent -> imei -> sink
1919
* @number_of_leaks 2
2020
* @challenges The analysis must be able to resolve implicit (Action) ICC calls and handle data flow
21-
* via different components.
21+
* across different components.
2222
*/
2323
public class MainActivity extends Activity {
2424

icc_intentservice/src/main/java/org/arguslab/icc_intentservice/MainActivity.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
* @dataflow source -> imei -> MainActivity's intent -> MyIntentService's onHandleIntent() -> imei -> sink
1818
* @number_of_leaks 1
1919
* @challenges The analysis must be able to resolve IntentService and handle data flow
20-
* via different components.
20+
* across different components.
2121
*/
2222
public class MainActivity extends Activity {
2323

icc_rpc_comprehensive/src/main/java/org/arguslab/icc_rpc_comprehensive/FooActivity.java

+13
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,19 @@
99
import android.util.Log;
1010
import android.view.View;
1111

12+
/**
13+
* @testcase_name ICC_RPC_Comprehensive
14+
* @author Fengguo Wei & Sankardas Roy
15+
* @author_mail [email protected] & [email protected]
16+
*
17+
* @description FooActivity start a stateful ICC with BarActivity and waiting for the result and leak it.
18+
* The sensitive data is obtained by BarActivity from component RemoteService via RPC call.
19+
* BarActivity then return the sensitive data to FooActivity.
20+
* @dataflow source -> imei -> RemoteService.getData() -> BarActivity's imei2 -> BarActivity's Intent i3 -> BarActivity.setResult(i3) -> FooActivity.onActivityResult(data) -> imei3 -> leak
21+
* @number_of_leaks 1
22+
* @challenges The analysis must be able to resolve AIDL, stateful ICC and handle data flow
23+
* across different components.
24+
*/
1225
public class FooActivity extends Activity {
1326
@Override
1427
protected void onCreate(Bundle savedInstanceState) {

icc_stateful/.gitignore

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
/build

icc_stateful/build.gradle

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
apply plugin: 'com.android.application'
2+
3+
android {
4+
compileSdkVersion 25
5+
buildToolsVersion "25.0.1"
6+
7+
defaultConfig {
8+
applicationId "org.arguslab.icc_stateful"
9+
minSdkVersion 25
10+
targetSdkVersion 25
11+
versionCode 1
12+
versionName "1.0"
13+
14+
testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
15+
16+
}
17+
buildTypes {
18+
release {
19+
minifyEnabled false
20+
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
21+
}
22+
}
23+
}
24+
25+
dependencies {
26+
compile fileTree(dir: 'libs', include: ['*.jar'])
27+
androidTestCompile('com.android.support.test.espresso:espresso-core:2.2.2', {
28+
exclude group: 'com.android.support', module: 'support-annotations'
29+
})
30+
compile 'com.android.support.constraint:constraint-layout:1.0.0-beta4'
31+
testCompile 'junit:junit:4.12'
32+
}

icc_stateful/proguard-rules.pro

+25
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
# Add project specific ProGuard rules here.
2+
# By default, the flags in this file are appended to flags specified
3+
# in /Users/fgwei/Library/Android/sdk/tools/proguard/proguard-android.txt
4+
# You can edit the include path and order by changing the proguardFiles
5+
# directive in build.gradle.
6+
#
7+
# For more details, see
8+
# http://developer.android.com/guide/developing/tools/proguard.html
9+
10+
# Add any project specific keep options here:
11+
12+
# If your project uses WebView with JS, uncomment the following
13+
# and specify the fully qualified class name to the JavaScript interface
14+
# class:
15+
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
16+
# public *;
17+
#}
18+
19+
# Uncomment this to preserve the line number information for
20+
# debugging stack traces.
21+
#-keepattributes SourceFile,LineNumberTable
22+
23+
# If you keep the line number information, uncomment this to
24+
# hide the original source file name.
25+
#-renamesourcefileattribute SourceFile

icc_stateful/src/androidTest/java/org/arguslab/icc_stateful/ExampleInstrumentedTest.java

+26
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
package org.arguslab.icc_stateful;
2+
3+
import android.content.Context;
4+
import android.support.test.InstrumentationRegistry;
5+
import android.support.test.runner.AndroidJUnit4;
6+
7+
import org.junit.Test;
8+
import org.junit.runner.RunWith;
9+
10+
import static org.junit.Assert.*;
11+
12+
/**
13+
* Instrumentation test, which will execute on an Android device.
14+
*
15+
* @see <a href="http://d.android.com/tools/testing">Testing documentation</a>
16+
*/
17+
@RunWith(AndroidJUnit4.class)
18+
public class ExampleInstrumentedTest {
19+
@Test
20+
public void useAppContext() throws Exception {
21+
// Context of the app under test.
22+
Context appContext = InstrumentationRegistry.getTargetContext();
23+
24+
assertEquals("org.arguslab.icc_stateful", appContext.getPackageName());
25+
}
26+
}

icc_stateful/src/main/AndroidManifest.xml

+24
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
3+
package="org.arguslab.icc_stateful">
4+
5+
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
6+
7+
<application
8+
android:allowBackup="true"
9+
android:icon="@mipmap/ic_launcher"
10+
android:label="@string/app_name"
11+
android:roundIcon="@mipmap/ic_launcher_round"
12+
android:supportsRtl="true"
13+
android:theme="@style/AppTheme">
14+
<activity android:name=".MainActivity">
15+
<intent-filter>
16+
<action android:name="android.intent.action.MAIN" />
17+
18+
<category android:name="android.intent.category.LAUNCHER" />
19+
</intent-filter>
20+
</activity>
21+
<activity android:name=".FooActivity"></activity>
22+
</application>
23+
24+
</manifest>

icc_stateful/src/main/java/org/arguslab/icc_stateful/FooActivity.java

+21
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
package org.arguslab.icc_stateful;
2+
3+
import android.app.Activity;
4+
import android.content.Intent;
5+
import android.os.Bundle;
6+
import android.telephony.TelephonyManager;
7+
8+
public class FooActivity extends Activity {
9+
10+
@Override
11+
protected void onCreate(Bundle savedInstanceState) {
12+
super.onCreate(savedInstanceState);
13+
setContentView(R.layout.activity_foo);
14+
TelephonyManager tel = (TelephonyManager) getSystemService(TELEPHONY_SERVICE);
15+
String imei = tel.getDeviceId(); // source
16+
Intent i2 = getIntent();
17+
i2.putExtra("data", imei);
18+
setResult(RESULT_OK, i2);
19+
finish();
20+
}
21+
}

icc_stateful/src/main/java/org/arguslab/icc_stateful/MainActivity.java

+48
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
package org.arguslab.icc_stateful;
2+
3+
import android.Manifest;
4+
import android.app.Activity;
5+
import android.content.Intent;
6+
import android.content.pm.PackageManager;
7+
import android.os.Bundle;
8+
import android.util.Log;
9+
10+
/**
11+
* @testcase_name RPC_Stateful
12+
* @author Fengguo Wei
13+
* @author_mail [email protected]
14+
*
15+
* @description MainActivity start FooActivity and waiting for the result and leak it.
16+
* FooActivity obtains sensitive data and return to MainActivity.
17+
* @dataflow source -> imei -> i2 -> FooActivity.setResult(i2) -> MainActivity.onActivityResult(data) -> imei3 -> sink
18+
* @number_of_leaks 1
19+
* @challenges The analysis must be able to resolve stateful ICC call and handle data flow
20+
* across different components.
21+
*/
22+
public class MainActivity extends Activity {
23+
24+
@Override
25+
protected void onCreate(Bundle savedInstanceState) {
26+
super.onCreate(savedInstanceState);
27+
setContentView(R.layout.activity_main);
28+
if(checkSelfPermission(Manifest.permission.READ_PHONE_STATE) != PackageManager.PERMISSION_GRANTED) {
29+
requestPermissions(new String[]{Manifest.permission.READ_PHONE_STATE}, 1);
30+
}
31+
}
32+
@Override
33+
public void onRequestPermissionsResult(int requestCode, String[] permissions, int[] grantResults) {
34+
switch (requestCode) {
35+
case 1: {
36+
Intent i1 = new Intent();
37+
i1.setClass(getApplicationContext(), FooActivity.class);
38+
startActivityForResult(i1, 1);
39+
return;
40+
}
41+
}
42+
}
43+
@Override
44+
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
45+
String imei3 = "" + data.getStringExtra("data");
46+
Log.d("imei", imei3); // sink
47+
}
48+
}

icc_stateful/src/main/res/layout/activity_foo.xml

+9
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<android.support.constraint.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"
3+
xmlns:app="http://schemas.android.com/apk/res-auto"
4+
xmlns:tools="http://schemas.android.com/tools"
5+
android:layout_width="match_parent"
6+
android:layout_height="match_parent"
7+
tools:context="org.arguslab.icc_stateful.FooActivity">
8+
9+
</android.support.constraint.ConstraintLayout>

0 commit comments

Comments
 (0)