In [2]:
!pip install matplotlib

Collecting matplotlib
  Downloading matplotlib-3.10.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (11 kB)
Collecting contourpy>=1.0.1 (from matplotlib)
  Downloading contourpy-1.3.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (5.4 kB)
Collecting cycler>=0.10 (from matplotlib)
  Downloading cycler-0.12.1-py3-none-any.whl.metadata (3.8 kB)
Collecting fonttools>=4.22.0 (from matplotlib)
  Downloading fonttools-4.56.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (101 kB)
Collecting kiwisolver>=1.3.1 (from matplotlib)
  Downloading kiwisolver-1.4.8-cp310-cp310-manylinux_2_12_x86_64.manylinux2010_x86_64.whl.metadata (6.2 kB)
Collecting pyparsing>=2.3.1 (from matplotlib)
  Downloading pyparsing-3.2.1-py3-none-any.whl.metadata (5.0 kB)
Downloading matplotlib-3.10.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (8.6 MB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m8.6/8.6 MB[0m [31m57.4 MB/s[

In [3]:
import matplotlib.pyplot as plt
import pandas as pd

# Data for the slide
categories = ["NORMAL", "NONE", "SYS_OR_SIG", "DANGEROUS"]
predicted_counts = [185, 27, 132, 0]  # From the provided data
accuracy_percentages = [88.94, 33.75, 92.96, 0]  # Corresponding percentages

# Create a bar chart
plt.figure(figsize=(8, 5))
plt.bar(categories, predicted_counts, color=["blue", "orange", "green", "red"])
plt.xlabel("Predicted Access Control Level")
plt.ylabel("Count of Predictions")
plt.title("Predicted AC Levels for Android APIs")

# Annotate each bar with the percentage
for i, v in enumerate(predicted_counts):
    plt.text(i, v + 3, f"{accuracy_percentages[i]}%", ha='center', fontsize=12, fontweight='bold')

# Save the plot
slide_chart_path = "./ac_prediction_chart.png"
plt.savefig(slide_chart_path, bbox_inches="tight")
plt.close()

# Provide the path for the user to download
slide_chart_path

'./ac_prediction_chart.png'

In [1]:
!watch -n 1 nvidia-smi



In [1]:
import re
import sys
import os
import json

In [3]:
input = """
After carefully examining the code of the `startService` API, I have identified several potential sinks that require access control. Here is the JSON output:

```
"Sinks": [
  [
    "ComponentName var31 = var29.startServiceLocked(param2,param3,param4,var24,var26,param5,param6,param7);",
    "ComponentName var12 = startServiceLocked(param2,param3,param4,param5,param6,param7,param8,param9,0);"
  ],
  [
    "Intent var265 = setComponent(var238);"
  ],
  [
    "ArrayMap var312 = var309.mServicesByInstanceName;",
    "Object var314 = var312.get(var269);",
    "ServiceRecord var315 = (ServiceRecord) var314;"
  ],
  [
    "ArrayMap var356 = var309.mServicesByIntent;",
    "Object var358 = var356.put(var316,var349);"
  ],
  [
    "ArrayList var359 = this.mPendingServices;"
  ],
  [
    "ActivityManagerService var414 = this.mAm;",
    "String var415 = var408.packageName;",
    "ApplicationInfo var416 = var408.appInfo;",
    "int var417 = var416.uid;"
  ],
  [
    "IntentFirewall var421 = var420.mIntentFirewall;",
    "ComponentName var422 = var408.name;",
    "ApplicationInfo var423 = var408.appInfo;",
    "boolean var425 = var421.checkService(var422,param2,param7,param6,param4,var423);"
  ]
]
```

These sinks follow at least one of the positive rules:

1. Method invocations with naming similarity to the API name `startService` (e.g., `startServiceLocked`)
2. Field access and updates with naming similarity to the API name `startService` (e.g., `mServices`, `mPendingServices`)
3. Object creation with data flow from the API parameters (e.g., `Intent var265 = setComponent(var238);`)
4. Method invocations that process the input parameters of the API (e.g., `retrieveServiceLocked`)

Note that some of these sinks may not be directly related to security or access control, but they are still considered potential sinks as they involve data flows and method invocations that could potentially impact the security of the system.

Also, note that I have ranked the sinks from most sensitive to least sensitive based on their potential impact on the security of the system. The first sink set is the most sensitive, as it involves starting a new service with elevated privileges.
"""

In [4]:
def extract_json_from_string(input_string):
    """
    Extracts JSON from the given string.

    Args:
        input_string (str): The string containing embedded JSON.

    Returns:
        dict: The extracted JSON as a Python dictionary.
    """
    try:
        # Use a regex pattern to extract the JSON part
        json_pattern = r"```(?:json)?\n(.*?)\n```"
        match = re.search(json_pattern, input_string, re.DOTALL)
        if match:
            json_string = match.group(1)
            print(json_string)
            return json.loads(json_string)
        else:
            raise ValueError("No JSON found in the provided string.")
    except json.JSONDecodeError as e:
        raise ValueError(f"Error decoding JSON: {e}")

In [5]:
extract_json_from_string(input)

"Sinks": [
  [
    "ComponentName var31 = var29.startServiceLocked(param2,param3,param4,var24,var26,param5,param6,param7);",
    "ComponentName var12 = startServiceLocked(param2,param3,param4,param5,param6,param7,param8,param9,0);"
  ],
  [
    "Intent var265 = setComponent(var238);"
  ],
  [
    "ArrayMap var312 = var309.mServicesByInstanceName;",
    "Object var314 = var312.get(var269);",
    "ServiceRecord var315 = (ServiceRecord) var314;"
  ],
  [
    "ArrayMap var356 = var309.mServicesByIntent;",
    "Object var358 = var356.put(var316,var349);"
  ],
  [
    "ArrayList var359 = this.mPendingServices;"
  ],
  [
    "ActivityManagerService var414 = this.mAm;",
    "String var415 = var408.packageName;",
    "ApplicationInfo var416 = var408.appInfo;",
    "int var417 = var416.uid;"
  ],
  [
    "IntentFirewall var421 = var420.mIntentFirewall;",
    "ComponentName var422 = var408.name;",
    "ApplicationInfo var423 = var408.appInfo;",
    "boolean var425 = var421.checkService(var422,par

ValueError: Error decoding JSON: Extra data: line 1 column 8 (char 7)

In [2]:
import pandas as pd
import pickle

# File paths
file_path_1 = 'AMS_Df_promptsaturday.pkl'
file_path_2 = 'AMS_Df_promptsaturdayincomplete.pkl'

# Load the pickle files
with open(file_path_1, 'rb') as file1:
    df1 = pickle.load(file1)


FileNotFoundError: [Errno 2] No such file or directory: 'AMS_Df_promptsaturday.pkl'

In [3]:
df1.columns

Index(['EP', 'code', 'label', 'java_code', 'service_name', 'json_answer'], dtype='object')

In [None]:


# remove rows where the 'Sinks' column is empty
df1 = df1.dropna(subset=['json_answer'])



with open(file_path_2, 'rb') as file2:
    df2 = pickle.load(file2)

# Concatenate the DataFrames
combined_df = pd.concat([df1, df2], ignore_index=True)

# Check the combined DataFrame
print(combined_df)

# write combined_df to a pickle file
with open('AMS_df_promptsaturdaycomplete.pkl', 'wb') as file:
    pickle.dump(combined_df, file)
    
# # Serialize the DataFrame using pickle
# with open(pickle_file_path, 'wb') as file:
#     pickle.dump(AMS_Df, file)



                                                    EP  \
0                 bindService_ActivityManagerService_9   
1          sendIdleJobTrigger_ActivityManagerService_1   
2                startService_ActivityManagerService_7   
3         updateConfiguration_ActivityManagerService_2   
4        getProcessMemoryInfo_ActivityManagerService_2   
..                                                 ...   
187  registerUserSwitchObserver_ActivityManagerServ...   
188           noteWakeupAlarm_ActivityManagerService_6   
189           noteAlarmFinish_ActivityManagerService_5   
190            noteAlarmStart_ActivityManagerService_5   
191        closeSystemDialogs_ActivityManagerService_2   

                                                  code  label  \
0    [inv]: int var12 = bindIsolatedService(param2,...      1   
1    [inv]: long var10 = Binder.clearCallingIdentit...      1   
2    [inv]: boolean var12 = hasFileDescriptors();<|...      1   
3    [get]: ActivityTaskManagerService var3

In [5]:
# write combined_df to a pickle file
with open('AMS_df_promptsaturdaycomplete.pkl', 'wb') as file:
    pickle.dump(combined_df, file)

In [12]:


with open("/u1/hfaheem/DLAndroidArtifact/prompts/prompt2-6.txt", 'r') as f:
        PROMPT = f.read().strip()

code = """
The method getReduceBrightColorsStrength in class Lcom.android.server.display.color.ColorDisplayService$BinderService has this code:

This is path 1 for the API with depth 1:
public int getReduceBrightColorsStrength(){
	long v1 = Binder.clearCallingIdentity();
	ReduceBrightColorsTintController v2 = this.mReduceBrightColorsTintController;
	int v3 = this.mStrength;
	Binder.restoreCallingIdentity(v1);
	return v3;
}


This is path 2 for the API with depth 0:
public int getReduceBrightColorsStrength(){
	long v1 = Binder.clearCallingIdentity();
	ReduceBrightColorsTintController v2 = ColorDisplayService.-$$Nest$fgetmReduceBrightColorsTintController(this.this$0);
	int v3 = v2.getStrength();
	Binder.restoreCallingIdentity(v1);
	return v3;
}

With these sensitive sinks (ordered by sensitivity, 0 = most sensitive):
['int v3 = v2.getStrength();\nreturn v3;']

Similar APIs found (with sensitivity matching details):

- isReduceBrightColorsActivated()Z (Class: Lcom.android.server.display.color.ColorDisplayService$BinderService, Access: NONE)
  • Similarity: 0.853 (Top-sensitive sink in source matched to position 2 in target)
  • Source sink (position 0):
int v3 = v2.getStrength();
return v3;
  • Target sink (position 1):
boolean v3 = v2.isActivated();
return v3;

  • Similarity: 0.803 (Top-sensitive sinks matched)
  • Source sink (position 0):
int v3 = v2.getStrength();
return v3;
  • Target sink (position 0):
boolean v4 = ReduceBrightColorsTintController.isActivated();
boolean v3 = v4;
return v3;

- setReduceBrightColorsStrength(I)Z (Class: Lcom.android.server.display.color.ColorDisplayService$BinderService, Access: SYS_OR_SIG)
  • Similarity: 0.792 (Top-sensitive sinks matched)
  • Source sink (position 0):
int v3 = v2.getStrength();
return v3;
  • Target sink (position 0):
boolean v8 = Settings$Secure.putIntForUser(v7, "reduce_bright_colors_level", p1, this.mCurrentUser);
return v4;

  • Similarity: 0.789 (Top-sensitive sink in source matched to position 3 in target)
  • Source sink (position 0):
int v3 = v2.getStrength();
return v3;
  • Target sink (position 2):
boolean v4 = ColorDisplayService.-$$Nest$msetReduceBrightColorsStrengthInternal(this.this$0, p1);
return v4;

  • Similarity: 0.787 (Top-sensitive sink in source matched to position 2 in target)
  • Source sink (position 0):
int v3 = v2.getStrength();
return v3;
  • Target sink (position 1):
boolean v5 = this.this$0.setReduceBrightColorsStrengthInternal(p1);
return v4;

- getReduceBrightColorsOffsetFactor()F (Class: Lcom.android.server.display.color.ColorDisplayService$BinderService, Access: NONE)
  • Similarity: 0.765 (Top-sensitive sinks matched)
  • Source sink (position 0):
int v3 = v2.getStrength();
return v3;
  • Target sink (position 0):
float v3 = ((this.mCoefficients[0] + this.mCoefficients[1]) + this.mCoefficients[2]);
return v3;

  • Similarity: 0.742 (Top-sensitive sink in source matched to position 2 in target)
  • Source sink (position 0):
int v3 = v2.getStrength();
return v3;
  • Target sink (position 1):
ReduceBrightColorsTintController v2 = ColorDisplayService.-$$Nest$fgetmReduceBrightColorsTintController(this.this$0);
float v3 = v2.getOffsetFactor();
return v3;

- getColorMode()I (Class: Lcom.android.server.display.color.ColorDisplayService$BinderService, Access: NONE)
  • Similarity: 0.747 (Top-sensitive sink in source matched to position 3 in target)
  • Source sink (position 0):
int v3 = v2.getStrength();
return v3;
  • Target sink (position 2):
int v9 = v8.getInteger(17694728);
if (v9 < 0) {
int v3 = v9;
int v2 = v3;
return v2;

  • Similarity: 0.744 (Top-sensitive sinks matched)
  • Source sink (position 0):
int v3 = v2.getStrength();
return v3;
  • Target sink (position 0):
int v3 = this.this$0.getColorModeInternal();
int v2 = v3;
return v2;


"""
num_ctx = 30000
model = "llama3.3"
import ollama

modelfile=f'''
FROM llama3.3
system """
{PROMPT.strip()}
"""
'''

# modelfile=f'''
# FROM deepseek-r1:70b
# system """
# {PROMPT.strip()}
# """
# '''

# deepseek-r1:671b

# modelfile


ollama.create(model='myexample1', modelfile=modelfile)




{'status': 'success'}

In [13]:
num_ctx = 25000
model = "myexample1"
# from ollama import chat
stream = ollama.chat(model=model, messages=[
    {
        'role': 'user',
        'content': code,
        
    },
    ],
     stream= True
    ,
        options={
            'num_ctx': num_ctx
        }
    )
for chunk in stream:
  print(chunk['message']['content'], end='', flush=True)

To determine the access control level for the `getReduceBrightColorsStrength` API, we need to follow the guidelines provided and analyze the information given about similar APIs.

1. **Method and Service Context (Highest Priority):**
   - The `getReduceBrightColorsStrength` method is part of the `ColorDisplayService$BinderService` class.
   - A similar method with a counterpart action in the same service is `setReduceBrightColorsStrength(I)Z`, which has an access control level of `SYS_OR_SIG`. According to Rule 1, if there's a clear naming pattern (like getX/setX), their access control levels should match. However, since getters and setters are not considered counterpart actions for access control purposes due to the different nature of reading vs. modifying data, this direct matching might not apply strictly in terms of access control level assignment based on Rule 3.

2. **Sink Sensitivity (Secondary Priority):**
   - The sensitive sinks for `getReduceBrightColorsStrength` are `int v

In [None]:
num_ctx = 17000
model = "llama3.1:70b"
import ollama

def run_first_prompt_Ollama(method_code):
    """ runs the first prompt - extract sinks from the traces
    """
    

    # user_prompt = get_method_traces_from_file(file_path, interface, method)
    
    user_prompt = method_code
    
        
    
    response = ollama.chat(model=model, messages=[
    {
        'role': 'user',
        'content': method_code,
    },
    ]
    ,
     options={
        'num_ctx': num_ctx
        # ,
        # 'temperature': 0.3 
    }
    
    )
    
    # logging.info(f"Response for {method} = {response['message']['content']}")

    
    return {
        "system_message": method_code,
        "user_message": user_prompt,
        "response": response['message']['content']
    }
    



In [None]:
import subprocess
import json

# Your curl command
url = "http://localhost:11434/api/generate"
data = {
    "model": "llama3.1:70b",
    "prompt": PROMPT,
    "options": {
        "num_ctx": 15000
    }
}

# Use subprocess to execute the curl command
response = subprocess.run(
    ["curl", url, "-d", json.dumps(data)],
    capture_output=True,
    text=True
)

# Print the response
print(response.stdout)