The details about adding taint

[yyt00...@gmail.com]

Taintdroid 4.3 source code 

In dalvik.system.Taint.cpp,there are many functions for adding taint like this.

static void Dalvik_dalvik_system_Taint_addTaintByteArray(const u4* args,

    JValue* pResult)

{

    ArrayObject *arr = (ArrayObject *) args[0];

    u4 tag = args[1];

    if (arr) {

arr->taint.tag |= tag;

    }

    RETURN_VOID();

}

static void Dalvik_dalvik_system_Taint_addTaintInt(const u4* args,

    JValue* pResult)

{

    u4 val     = args[0];

    u4 tag     = args[1];  /* the tag to add */

    u4* rtaint = (u4*) &args[2];  /* pointer to return taint tag */

    u4 vtaint  = args[3];  /* the existing taint tag on val */

    *rtaint = (vtaint | tag);

    RETURN_INT(val);

}

I have 2 questions about it.

1,Why can it do forced type conversion ? from byte[] to ArrayObject?   //ArrayObject *arr = (ArrayObject *) args[0];

2,How to return a value with taint tag by pResult?    //RETURN_INT(val);

Thanks in advance！