# DroidGen: Data-Driven Policy Generation for Android

GenDroid is a tools for the automatic inference of policies using a data-driven approach: requires a training set of good and bad applications. It makes call to a constraint solver to generate a policy under which a maximum of malware is excluded and a maximum of benign applications is allowed. The policy can then be used to filter-out new applications which do not belong to the training set.

The policy generation process is composed of several phases which are described below.

## Application Abstraction

The first step towards policy generation is the extraction of application specifications (abstractions). A specification is a summary of the usage of different permissions in various contexts within an app. For illustration, we consider as a running example the audio recording app Recorder.apk which is included in the package. We call DroidGen as follows:

python2.7  DroidGen.py -f examples/apps/Recorder.apk -m -r recorder.spec
Option -f is for specifying the target APK file (app). Option -m indicates that we are using the API-to-permission map. Finally, option -r is responsible for for inferring the specification and storing it in the file recorder.spec which looks like:
    //----------------------------------------------------------
//----------------------- Recorder.apk
//----------------------------------------------------------
EVICHECK ACTIVITY METHOD : RECORD_AUDIO WRITE_EXTERNAL_STORAGE
EVICHECK ONCREATE METHOD :
EVICHECK ONCLICK HANDLER : RECORD_AUDIO WRITE_EXTERNAL_STORAGE

The specification simply says that the permissions RECORD_AUDIO and WRITE_EXTERNAL_STORAGE are used in a click handler and in an activity.

## Policy Generation

As mentioned previously, to infer a policy we require a training set of benign and malware applications. The goal is to find a policy under which a maximum of malware is excluded and a maximum of benign applications is allowed. We use the SMT solver Z3 as back-end to solve the optimisation problem. For this, DroidGen takes as input two files containing a batch of specifications, one for benign apps and the other one for malware. The package includes two example batch files, namely spec_perm_train.ben and spec_perm_train.mal for benign and malware respectively. Each file contains specifications of 1000 apps. They were generated by running DroidGen with the specification extraction option -r (previously seen) on a set of malware and benign apps. To generate a policy, We call DroidGen as follows:
python2.7  DroidGen.py -s examples/specs/train/spec_perm_train -p policy_perm.pol -z3
Option -p specifies the file where the policy is stored. As its name indicates, option -z3 instructs DroidGen to use Z3 as a solver.

## Policy Testing

We also provide two testing sets (benign and malware) as batch files, namely spec_perm_test.ben and spec_perm_test.mal. If we want to test the generated policy on the set of malware, we use the command below with option -ts for testing:

python2.7 DroidGen.py -s examples/specs/test/spec_perm_test.mal -p policy_perm.pol -z3 -ts