build taintdroid2.3 for emulator

TaintDroid 2.3

Search this site

 

Navigation

• Home
• TaintDroid 2.3 Build
• TaintDroid Runner
• TaintDroid Tester
• Hide the Emulator
• Files
• Sitemap

External Links

• appanalysis.org
• Mobile Sandbox

TaintDroid 2.3 Build

This page describes how to build TaintDroid 2.3 for the emulator.

Disclaimer: Use the TaintDroid research prototypes at your own risk!

TaintDroid is a research prototype and is provided "as is" without warranty or support of any kind, whether expressed or implied. The creators ofTaintDroid make no guarantee and hold no responsibility for any damage, injury,  loss of property, loss of data, loss of any and all resources, or any  negative influence what-so-ever that may result from any and all use ofTaintDroid and associated materials. This includes but is not limited to the  downloadable software and documentation available from this website.  Negative consequences of your usage ofTaintDroid and any associated materials are solely your problem and your responsibility.

Contents

1. 1 Limitations of the Emulator Version
2. 2 Prerequisites
   1. 2.1 Build on Ubuntu 11.10 x64
3. 3 Step 1: Get the Android Source Code
4. 4 Step 2: Get the TaintDroid Source Code
5. 5 Step 3: Build Kernel with xattr SDcard Support
   1. 5.1 Get Kernel
   2. 5.2 Patch Kernel
   3. 5.3 Build Kernel
   4. 5.4 Verify YAFFS and EXT2 Support
6. 6 Step 4: Build TaintDroid
7. 7 Optional: Step 5: Prepare SD Card
8. 8 Step 6: Use TaintDroid

Limitations of the Emulator Version

Even though the same code is used for the TaintDroid 2.3 Emulator version there are some differences to the version for Nexus S and Nexus One:

• Taint tags currently get lost in the emulated environment if op code OP_WIGET_WIDE is used (which is mapped dvmQuasiAtomicRead64FieldTaint).

Prerequisites

In order to build TaintDroid you should have a computer configured to build Android as described insource.android.com.

Build on Ubuntu 11.10 x64

In order to build on Ubuntu 11.10 x64 it is necessary to adjust some make files before starting the build (withmake):

• frameworks/base/libs/utils/Android.mk
  Change: LOCAL_CFLAGS += -DLIBUTILS_NATIVE=1 $(TOOL_CFLAGS)
  To: LOCAL_CFLAGS += -DLIBUTILS_NATIVE=1 $(TOOL_CFLAGS) -fpermissive

• build/core/combo/HOST_linux-x86.mk
  Change: HOST_GLOBAL_CFLAGS += -D_FORTIFY_SOURCE=0
  To: HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0

Step 1: Get the Android Source Code

Download the Android 2.3 source code.

% mkdir ~/tdroid-2.3
% cd ~/tdroid-2.3
% repo init -u https://android.googlesource.com/platform/manifest-b android-2.3.4_r1
% repo sync
... wait



To build Android 2.3 the Java 6 JDK needs to be installed.

% sudo add-apt-repository "deb http://archive.canonical.com/ lucid partner"
% sudo add-apt-repository "deb-src http://archive.canonical.com/ubuntu lucid partner"
% sudo apt-get update
% sudo apt-get install sun-java6-jdk

Ensure that your build is running fine.

% . ./build/envsetup.sh
% lunch 1
% make -j4
... wait
% emulator
... ensure the build works

Step 2: Get the TaintDroid Source Code

Download the TaintDroid 2.3 local_manifest.xml and place it in~/tdroid-2.3/.repo or copy and paste the following content into .repo/local_manifest.xml.

<manifest>
  <remote  name="github" fetch="git://github.com" />
  <remove-project name="platform/dalvik"/>
  <project path="dalvik" remote="github" name="dbaeumges/android_platform_dalvik" revision="taintdroid-2.3_emulator" />
  <remove-project name="platform/libcore"/>
  <project path="libcore" remote="github" name="TaintDroid/android_platform_libcore" revision="taintdroid-2.3.4_r1" />
  <remove-project name="platform/frameworks/base"/>
  <project path="frameworks/base" remote="github" name="TaintDroid/android_platform_frameworks_base" revision="taintdroid-2.3.4_r1" />
  <remove-project name="platform/system/vold"/>
  <project path="system/vold" remote="github" name="TaintDroid/android_platform_system_vold" revision="taintdroid-2.3.4_r1" />
</manifest>

Next, pull the source code.

% cd ~/tdroid-2.3
% repo sync
% cd dalvik
% git branch --track tdroid-2.3 github/taintdroid-2.3_emulator
% git checkout tdroid-2.3
% git pull # (just to be safe)
% cd ..
% cd libcore
% git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1
% git checkout tdroid-2.3
% git pull # (just to be safe)
% cd ..
% cd frameworks/base
% git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1
% git checkout tdroid-2.3
% git pull # (just to be safe)
% cd ../..
% cd system/vold
% git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1
% git checkout tdroid-2.3
% git pull # (just to be safe)


Step 3: Build Kernel with xattr SDcard Support

Get Kernel

% cd ~/tdroid-2.3
% git clone http://android.googlesource.com/kernel/goldfish.git
% cd goldfish
% git branch --track android-goldfish-2.6.29 origin/android-goldfish-2.6.29
% git checkout android-goldfish-2.6.29
% git pull # (just to be safe)
% ... wait

Patch Kernel

The patch file can be downloaded here and be applied.

% cd ~/tdroid-2.3/goldfish
% patch -p1 < ~/yaffs_xattr.patch

Build Kernel

% cd ~/tdroid-2.3
% . build/envsetup.sh
% lunch 1
% cd goldfish
% export ARCH=arm
% export SUBARCH=arm
% export CROSS_COMPILE=arm-eabi-
% make goldfish_defconfig
% make oldconfig
% make menuconfig
% ... make sure that YAFFS and EXT2 with XATTR and SECURITY options are supported (refer to verify YAFFS and EXT2 support).
% make -j4 # -j# determines the number of threads used for the build
% cp arch/arm/boot/zImage ~/ # for later use

Verify YAFFS and EXT2 Support

After calling make menuconfig a.config file can be found in the common directory.
Search for the following entries:

...
#
# File systems
#
CONFIG_EXT2_FS=y
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT2_FS_XIP=y
...
CONFIG_YAFFS_FS=y
CONFIG_YAFFS_YAFFS1=y
CONFIG_YAFFS_XATTR=y
CONFIG_YAFFS_SECURITY=y
# CONFIG_YAFFS_9BYTE_TAGS is not set
# CONFIG_YAFFS_DOES_ECC is not set
CONFIG_YAFFS_YAFFS2=y
CONFIG_YAFFS_AUTO_YAFFS2=y
# CONFIG_YAFFS_DISABLE_LAZY_LOAD is not set
# CONFIG_YAFFS_DISABLE_WIDE_TNODES is not set
# CONFIG_YAFFS_ALWAYS_CHECK_CHUNK_ERASED is not set
CONFIG_YAFFS_SHORT_NAMES_IN_RAM=y
...

Step 4: Build TaintDroid

First, we need to create a buildspec.mk file and define some  variables so that TaintDroid will build properly.

% cd ~/tdroid-2.3
% edit/create buildspec.mk
# Enable core taint tracking logic (always add this)
WITH_TAINT_TRACKING := true

# Enable taint tracking for ODEX files (always add this)
WITH_TAINT_ODEX := true

# Enable taint tracking in the "fast" (aka ASM) interpreter (recommended)
WITH_TAINT_FAST := true

# Enable addition output for tracking JNI usage (not recommended)
#TAINT_JNI_LOG := true

Now TaintDroid can be built.

% . ./build/envsetup.sh
% lunch 1
% make clean
% make -j4

Optional: Step 5: Prepare SD Card

You might like to use an SD card in your emulator system.
In your build environment do the following:

% mksdcard 1024M sdcard.img
% sudo mke2fs sdcard.img

Step 6: Use TaintDroid

Now TaintDroid can be started in the emulator.

% emulator -kernel ~/zImage -image ~/tdroid-2.3/out/target/product/generic/system.img -ramdisk ~/tdroid-2.3/out/target/product/generic/ramdisk.img -sdcard sdcard.img

During startup change the execution mode.

% adb shell setprop dalvik.vm.execution-mode int:portable