TaintDroid 2.3 Build

This page describes how to build TaintDroid 2.3 for the emulator.

Disclaimer: Use the TaintDroid and TaintDroid Runner research prototypes at your own risk!

TaintDroid and TaintDroid Runner are research prototypes and are provided "as is" without warranty or support of any kind, whether expressed or implied. The creators of TaintDroid and TaintDroid Runner make no guarantee and hold no responsibility for any damage, injury, loss of property, loss of data, loss of any and all resources, or any negative influence what-so-ever that may result from any and all use of TaintDroid and TaintDroid Runner and associated materials. This includes but is not limited to the downloadable software and documentation available from this website. Negative consequences of your usage of TaintDroid and TaintDroid Runner and any associated materials are solely your problem and your responsibility.

Limitations of the Emulator Version

Even though the same code is used for the TaintDroid 2.3 Emulator version there are some differences to the version for Nexus S and Nexus One:
  • Taint tags currently get lost in the emulated environment if op code OP_WIGET_WIDE is used (which is mapped dvmQuasiAtomicRead64FieldTaint).

Prerequisites

In order to build TaintDroid you should have a computer configured to build Android as described in source.android.com.

Build on Ubuntu 11.10 x64

In order to build on Ubuntu 11.10 x64 it is necessary to adjust some make files before starting the build (with make):
  • frameworks/base/libs/utils/Android.mk
    Change: LOCAL_CFLAGS += -DLIBUTILS_NATIVE=1 $(TOOL_CFLAGS)
    To: LOCAL_CFLAGS += -DLIBUTILS_NATIVE=1 $(TOOL_CFLAGS) -fpermissive
  • build/core/combo/HOST_linux-x86.mk
    Change: HOST_GLOBAL_CFLAGS += -D_FORTIFY_SOURCE=0
    To: HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0

Step 1: Get the Android Source Code

Download the Android 2.3 source code.


% mkdir ~/tdroid-2.3
% cd ~/tdroid-2.3
% repo init -u https://android.googlesource.com/platform/manifest -b android-2.3.4_r1
% repo sync
... wait


To build Android 2.3 the Java 6 JDK needs to be installed.

% sudo add-apt-repository "deb http://archive.canonical.com/ lucid partner"
% sudo add-apt-repository "deb-src http://archive.canonical.com/ubuntu lucid partner"
% sudo apt-get update
% sudo apt-get install sun-java6-jdk

Ensure that your build is running fine.

% . ./build/envsetup.sh
% lunch 1
% make -j4
... wait
% emulator
... ensure the build works

Step 2: Get the TaintDroid Source Code

Download the TaintDroid 2.3 local_manifest.xml and place it in ~/tdroid-2.3/.repo or copy and paste the following content into .repo/local_manifest.xml.

<manifest>
  <remote name="github" fetch="git://github.com" />
  <remove-project name="platform/dalvik"/>
  <project path="dalvik" remote="github" name="dbaeumges/android_platform_dalvik" revision="taintdroid-2.3_emulator" />
  <remove-project name="platform/libcore"/>
  <project path="libcore" remote="github" name="TaintDroid/android_platform_libcore" revision="taintdroid-2.3.4_r1" />
  <remove-project name="platform/frameworks/base"/>
  <project path="frameworks/base" remote="github" name="TaintDroid/android_platform_frameworks_base" revision="taintdroid-2.3.4_r1" />
  <remove-project name="platform/system/vold"/>
  <project path="system/vold" remote="github" name="TaintDroid/android_platform_system_vold" revision="taintdroid-2.3.4_r1" />
</manifest>


Next, pull the source code.

% cd ~/tdroid-2.3
% repo sync
% cd dalvik
% git branch --track tdroid-2.3 github/taintdroid-2.3_emulator
% git checkout tdroid-2.3
% git pull # (just to be safe)
% cd ..
% cd libcore
% git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1
% git checkout tdroid-2.3
% git pull # (just to be safe)
% cd ..
% cd frameworks/base
% git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1
% git checkout tdroid-2.3
% git pull # (just to be safe)
% cd ../..
% cd system/vold
% git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1
% git checkout tdroid-2.3
% git pull # (just to be safe)

Step 3: Build Kernel with xattr SDcard Support

Get Kernel

% cd ~/tdroid-2.3
% git clone http://android.googlesource.com/kernel/goldfish.git
% cd goldfish
% git branch --track android-goldfish-2.6.29 origin/android-goldfish-2.6.29
% git checkout android-goldfish-2.6.29

% git pull # (just to be safe)
% ... wait

Patch Kernel

The patch file can be downloaded here and be applied.

% cd ~/tdroid-2.3/goldfish
% patch -p1 < ~/yaffs_xattr.patch

Build Kernel

% cd ~/tdroid-2.3
% . build/envsetup.sh
% lunch 1
% cd goldfish
% export ARCH=arm
% export SUBARCH=arm
% export CROSS_COMPILE=arm-eabi-
% make goldfish_defconfig
% make oldconfig
% make menuconfig
% ... make sure that YAFFS and EXT2 with XATTR and SECURITY options are supported (refer to verify YAFFS and EXT2 support).
% make -j4 # -j# determines the number of threads used for the build
% cp arch/arm/boot/zImage ~/ # for later use

Verify YAFFS and EXT2 Support

After calling make menuconfig a .config file can be found in the common directory.
Search for the following entries:
...
#
# File systems
#
CONFIG_EXT2_FS=y
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT2_FS_XIP=y
...
CONFIG_YAFFS_FS=y
CONFIG_YAFFS_YAFFS1=y
CONFIG_YAFFS_XATTR=y
CONFIG_YAFFS_SECURITY=y
# CONFIG_YAFFS_9BYTE_TAGS is not set
# CONFIG_YAFFS_DOES_ECC is not set
CONFIG_YAFFS_YAFFS2=y
CONFIG_YAFFS_AUTO_YAFFS2=y
# CONFIG_YAFFS_DISABLE_LAZY_LOAD is not set
# CONFIG_YAFFS_DISABLE_WIDE_TNODES is not set
# CONFIG_YAFFS_ALWAYS_CHECK_CHUNK_ERASED is not set
CONFIG_YAFFS_SHORT_NAMES_IN_RAM=y
...

Step 4: Build TaintDroid

First, we need to create a buildspec.mk file and define some variables so that TaintDroid will build properly. 

% cd ~/tdroid-2.3
% edit/create buildspec.mk
# Enable core taint tracking logic (always add this)
WITH_TAINT_TRACKING := true

# Enable taint tracking for ODEX files (always add this)
WITH_TAINT_ODEX := true

# Enable taint tracking in the "fast" (aka ASM) interpreter (recommended)
WITH_TAINT_FAST := true

# Enable addition output for tracking JNI usage (not recommended)
#TAINT_JNI_LOG := true

Now TaintDroid can be built.

% . ./build/envsetup.sh
% lunch 1
% make clean
% make -j4

Optional: Step 5: Prepare SD Card

You might like to use an SD card in your emulator system.
In your build environment do the following:

% mksdcard 1024M sdcard.img
% sudo mke2fs sdcard.img

Step 6: Use TaintDroid

Now TaintDroid can be started in the emulator.

% emulator -kernel ~/zImage -image ~/tdroid-2.3/out/target/product/generic/system.img -ramdisk ~/tdroid-2.3/out/target/product/generic/ramdisk.img -sdcard sdcard.img

During startup change the execution mode.

% adb shell setprop dalvik.vm.execution-mode int:portable

Comments