How to flash framework.jar file onto device?

[jsmi.a...@gmail.com]

I am doing some static analysis on the Android framework and adding some instrumentation by byte-code rewriting using Soot. I built an instrumented framework.jar but I just can not figure out how to run it onto the phone. 

My setup:-- 

I am using a Google Nexus 6P device. I have downloaded and built android source code and was able to flash it on to the device.

Things I have tried--

0. I converted framework.jar into classes.dex and classes2.dex by running dx. 

1. I realise that the framework is packaged inside the boot.oat file. I pulled boot.oat from /system/framework/arm64/ on the device and ran oat2dex and then dex2oat to repackage boot.oat and put boot.oat back to /system/framework/arm64/ but it breaks the boot where zygote is unable to start the system_process due to some checksum related failure.

2. I replaced classes.dex and classes2.dex into the Android source tree at "out/target/product/angler/obj/JAVA_LIBRARIES/framework_intermediates", but when I try to build Android, the build process does not like these dex files and deletes them. 

*** Overlay change detected, clean shared intermediate files...

With so many Android.mk files and the recent transition into Jack and Jill, I find no up to date documentation of the build system to disable this without breaking other things.

To summarise my problem: 

Given a framework.jar, a fully built Android source tree functioning on Nexus 6P device, how do I just change framework.jar on the device?

Any help would be greatly appreciated.

Best,
Jia

[Glauco Junquera]

Maybe you also need to modify boot.art as it contains "oat_checksum" field in its header. This article can help https://www.blackhat.com/docs/asia-15/materials/asia-15-Sabanal-Hiding-Behind-ART-wp.pdf
Commands bellow works for me to test changes I make on frameworks.jar, but I generate the files to be pushed by compiling java code, not by byte-code rewriting.

adb remount
adb push out/target/product/xxxxx/system/framework/arm64/boot.art /system/framework/arm64/.
adb push out/target/product/xxxxx/system/framework/arm64/boot.oat /system/framework/arm64/.
adb push out/target/product/xxxxx/system/framework/framework.jar /system/framework/.
adb reboot


Best,
Glauco.

[Bin Chen]

On Thursday, 31 March 2016 10:50:53 UTC+11, jsmi.a...@gmail.com wrote:

I am doing some static analysis on the Android framework and adding some instrumentation by byte-code rewriting using Soot. I built an instrumented framework.jar but I just can not figure out how to run it onto the phone. 

My setup:-- 

I am using a Google Nexus 6P device. I have downloaded and built android source code and was able to flash it on to the device.

Things I have tried--

0. I converted framework.jar into classes.dex and classes2.dex by running dx. 

1. I realise that the framework is packaged inside the boot.oat file. I pulled boot.oat from /system/framework/arm64/ on the device and ran oat2dex and then dex2oat to repackage boot.oat and put boot.oat back to /system/framework/arm64/ but it breaks the boot where zygote is unable to start the system_process due to some checksum related failure.

2. I replaced classes.dex and classes2.dex into the Android source tree at "out/target/product/angler/obj/JAVA_LIBRARIES/framework_intermediates", but when I try to build Android, the build process does not like these dex files and deletes them. 

*** Overlay change detected, clean shared intermediate files...

With so many Android.mk files and the recent transition into Jack and Jill, I find no up to date documentation of the build system to disable this without breaking other things.

Which file did you actually changed? Chance are that you pushed the wrong file, or to the wrong location. 

You may find this script [1] helpful.

$ afind Intent.java
Android.mk  : /framework/base/Android.mk
Jar         : /system/framework/arm64/boot-framework.oat/.art

$ afind CameraService.java
Android.mk  : /framework/base/services/Android.mk
Jar         : /system/framework/oat/arm64/services.odex (dexopt is on)

$ afind TvRemoteProvider.java
Android.mk  : /framework/base/media/lib/tvremote/Android.mk
Jar         : /system/framework/com.android.media.tv.remoteprovider.jar

[1] https://github.com/pierrchen/ATool/blob/master/afind.rb