This page describes how to build TaintDroid 2.3 for the emulator.
Disclaimer: Use the TaintDroid research prototypes at your own risk!
TaintDroid is a research prototype and is provided "as is" without warranty or support of any kind, whether expressed or implied. The creators of
TaintDroid make no guarantee and hold no responsibility for any damage, injury, loss of property, loss of data, loss of any and all resources, or any negative influence what-so-ever that may result from any and all use of
TaintDroid and associated materials. This includes but is not limited to the downloadable software and documentation available from this website. Negative consequences of your usage of
TaintDroid and any associated materials are solely your problem and your responsibility.
Limitations of the Emulator Version
Even though the same code is used for the TaintDroid 2.3 Emulator version there are some differences to the version for Nexus S and Nexus One:
- Taint tags currently get lost in the emulated environment if op code OP_WIGET_WIDE is used (which is mapped dvmQuasiAtomicRead64FieldTaint).
Prerequisites
In order to build TaintDroid you should have a computer configured to build Android as described in
source.android.com.
Build on Ubuntu 11.10 x64
In order to build on Ubuntu 11.10 x64 it is necessary to adjust some make files before starting the build (with
make):
- frameworks/base/libs/utils/Android.mk
Change: LOCAL_CFLAGS += -DLIBUTILS_NATIVE=1 $(TOOL_CFLAGS)
To: LOCAL_CFLAGS += -DLIBUTILS_NATIVE=1 $(TOOL_CFLAGS) -fpermissive
- build/core/combo/HOST_linux-x86.mk
Change: HOST_GLOBAL_CFLAGS += -D_FORTIFY_SOURCE=0
To: HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0
Step 1: Get the Android Source Code
Download the Android 2.3 source code.
% mkdir ~/tdroid-2.3
% cd ~/tdroid-2.3
% repo init -u https://android.googlesource.com/platform/manifest -b android-2.3.4_r1
% repo sync
... wait
To build Android 2.3 the Java 6 JDK needs to be installed.
% sudo add-apt-repository "deb http://archive.canonical.com/ lucid partner"
% sudo add-apt-repository "deb-src http://archive.canonical.com/ubuntu lucid partner"
% sudo apt-get update
% sudo apt-get install sun-java6-jdk
Ensure that your build is running fine.
% . ./build/envsetup.sh
% lunch 1
% make -j4
... wait
% emulator
... ensure the build works
Step 2: Get the TaintDroid Source Code
Download the TaintDroid 2.3
local_manifest.xml and place it in
~/tdroid-2.3/.repo or copy and paste the following content into
.repo/local_manifest.xml.
<manifest>
<remote name="github" fetch="git://github.com" />
<remove-project name="platform/dalvik"/>
<project path="dalvik" remote="github" name="dbaeumges/android_platform_dalvik" revision="taintdroid-2.3_emulator" />
<remove-project name="platform/libcore"/>
<project path="libcore" remote="github" name="TaintDroid/android_platform_libcore" revision="taintdroid-2.3.4_r1" />
<remove-project name="platform/frameworks/base"/>
<project path="frameworks/base" remote="github" name="TaintDroid/android_platform_frameworks_base" revision="taintdroid-2.3.4_r1" />
<remove-project name="platform/system/vold"/>
<project path="system/vold" remote="github" name="TaintDroid/android_platform_system_vold" revision="taintdroid-2.3.4_r1" />
</manifest>
Next, pull the source code.
% cd ~/tdroid-2.3
% repo sync
% cd dalvik
% git branch --track tdroid-2.3 github/taintdroid-2.3_emulator
% git checkout tdroid-2.3
% git pull # (just to be safe)
% cd ..
% cd libcore
% git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1
% git checkout tdroid-2.3
% git pull # (just to be safe)
% cd ..
% cd frameworks/base
% git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1
% git checkout tdroid-2.3
% git pull # (just to be safe)
% cd ../..
% cd system/vold
% git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1
% git checkout tdroid-2.3
% git pull # (just to be safe)
Get Kernel
% cd ~/tdroid-2.3
%
git clone http://android.googlesource.com/kernel/goldfish.git
% cd
goldfish
% git branch --track android-goldfish-2.6.29 origin/android-goldfish-2.6.29
% git checkout android-goldfish-2.6.29
% git pull # (just to be safe)
% ... wait
Patch Kernel
The patch file can be downloaded
here and be applied.
% cd ~/tdroid-2.3/
goldfish
% patch -p1 < ~/yaffs_xattr.patch
Build Kernel
% cd ~/tdroid-2.3
% . build/envsetup.sh
% lunch 1
% cd goldfish
% export ARCH=arm
% export SUBARCH=arm
% export CROSS_COMPILE=arm-eabi-
% make goldfish_defconfig
% make oldconfig
% make menuconfig
% ... make sure that YAFFS and EXT2 with XATTR and SECURITY options are supported (refer to verify YAFFS and EXT2 support).
% make -j4 # -j# determines the number of threads used for the build
% cp arch/arm/boot/zImage ~/ # for later use
Verify YAFFS and EXT2 Support
After calling
make menuconfig a
.config file can be found in the common directory.
Search for the following entries:
...
#
# File systems
#
CONFIG_EXT2_FS=y
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT2_FS_XIP=y
...
CONFIG_YAFFS_FS=y
CONFIG_YAFFS_YAFFS1=y
CONFIG_YAFFS_XATTR=y
CONFIG_YAFFS_SECURITY=y
# CONFIG_YAFFS_9BYTE_TAGS is not set
# CONFIG_YAFFS_DOES_ECC is not set
CONFIG_YAFFS_YAFFS2=y
CONFIG_YAFFS_AUTO_YAFFS2=y
# CONFIG_YAFFS_DISABLE_LAZY_LOAD is not set
# CONFIG_YAFFS_DISABLE_WIDE_TNODES is not set
# CONFIG_YAFFS_ALWAYS_CHECK_CHUNK_ERASED is not set
CONFIG_YAFFS_SHORT_NAMES_IN_RAM=y
...
Step 4: Build TaintDroid
First, we need to create a
buildspec.mk file and define some variables so that TaintDroid will build properly.
% cd ~/tdroid-2.3
% edit/create buildspec.mk
# Enable core taint tracking logic (always add this)
WITH_TAINT_TRACKING := true
# Enable taint tracking for ODEX files (always add this)
WITH_TAINT_ODEX := true
# Enable taint tracking in the "fast" (aka ASM) interpreter (recommended)
WITH_TAINT_FAST := true
# Enable addition output for tracking JNI usage (not recommended)
#TAINT_JNI_LOG := true
Now TaintDroid can be built.
% . ./build/envsetup.sh
% lunch 1
% make clean
% make -j4
Optional: Step 5: Prepare SD Card
You might like to use an SD card in your emulator system.
In your build environment do the following:
% mksdcard 1024M sdcard.img
% sudo mke2fs sdcard.img
Step 6: Use TaintDroid
Now TaintDroid can be started in the emulator.
% emulator -kernel ~/zImage -image ~/tdroid-2.3/out/target/product/generic/system.img -ramdisk ~/tdroid-2.3/out/target/product/generic/ramdisk.img -sdcard sdcard.img
During startup change the execution mode.
% adb shell setprop dalvik.vm.execution-mode int:portable