ndk-gdb fails in adb shell run-as for ndk samples

[AlexEzh]

Hi,

When running NDK samples on the device I get error message from ndk-
gdb:

run-as: <package> has corrupt installation

The same happens for all NDK samples. The same samples work fine in
the emulator. Is there any work around?

Thank you

/Alex

[alan]

Is the device running 2.2? ndk-gdb only works on 2.2 devices

[AlexEzh]

Yes. Android version 2.2. HTC Desire.

[Ratamovic]

Hi all,

I've got the same problem with my HTC Desire. Have you found a
solution?
Thanks in advance.

[Ratamovic]

Just a few more details. I can't get rid of that error. I tried to
create a basic Hello world Android app through eclipse. Nothing is
modified except the debuggable attribute which is added to the
manifest. I am with Android 2.2, the last version of the NDK r4b with
the last version of Eclipse Helios and the last ADT plugin 0.9.7.

When I run the following
$ /home/ratamovic/Tools/Android-SDK/tools/adb shell run-as com.test ls
run-as: Package 'com.test' has corrupt installation

I get the result you've already seen...
Could it be related to non-root access (my phone is not rooted)?

[Ratamovic]

I found the following in the run-as code:

/* check that the data directory path is valid */
if (check_data_path(info.dataDir, info.uid) < 0) {
panic("Package '%s' has corrupt installation\n", pkgname);
return 1;
}

And the code of check_data_path and check_directory_ownership:

/* This function is used to check the data directory path for safety.
* We check that every sub-directory is owned by the 'system' user
* and exists and is not a symlink. We also check that the full
directory
* path is properly owned by the user ID.
*
* Return 0 on success, -1 on error.
*/
int
check_data_path(const char* dataPath, uid_t uid)
{
int nn;

/* the path should be absolute */
if (dataPath[0] != '/') {
errno = EINVAL;
return -1;
}

/* look for all sub-paths, we do that by finding
* directory separators in the input path and
* checking each sub-path independently
*/
for (nn = 1; dataPath[nn] != '\0'; nn++)
{
char subpath[PATH_MAX];

/* skip non-separator characters */
if (dataPath[nn] != '/')
continue;

/* handle trailing separator case */
if (dataPath[nn+1] == '\0') {
break;
}

/* found a separator, check that dataPath is not too long. */
if (nn >= (int)(sizeof subpath)) {
errno = EINVAL;
return -1;
}

/* reject any '..' subpath */
if (nn >= 3 &&
dataPath[nn-3] == '/' &&
dataPath[nn-2] == '.' &&
dataPath[nn-1] == '.') {
errno = EINVAL;
return -1;
}

/* copy to 'subpath', then check ownership */
memcpy(subpath, dataPath, nn);
subpath[nn] = '\0';

if (check_directory_ownership(subpath, AID_SYSTEM) < 0)
return -1;
}

/* All sub-paths were checked, now verify that the full data
* directory is owned by the application uid
*/
if (check_directory_ownership(dataPath, uid) < 0)
return -1;

/* all clear */
return 0;
}

/* Check that a given directory:
* - exists
* - is owned by a given uid/gid
* - is a real directory, not a symlink
* - isn't readable or writable by others
*
* Return 0 on success, or -1 on error.
* errno is set to EINVAL in case of failed check.
*/
static int
check_directory_ownership(const char* path, uid_t uid)
{
int ret;
struct stat st;

do {
ret = lstat(path, &st);
} while (ret < 0 && errno == EINTR);

if (ret < 0)
return -1;

/* must be a real directory, not a symlink */
if (!S_ISDIR(st.st_mode))
goto BAD;

/* must be owned by specific uid/gid */
if (st.st_uid != uid || st.st_gid != uid)
goto BAD;

/* must not be readable or writable by others */
if ((st.st_mode & (S_IROTH|S_IWOTH)) != 0)
goto BAD;

/* everything ok */
return 0;

BAD:
errno = EINVAL;
return -1;
}



When I extract system info, I obtain this:
Package [com.test] (469ddc60):

userId=10024 gids=[3002, 3001, 1006, 3003, 1007, 1015]

sharedUser=null

pkg=Package{4668fae8 com.test}

codePath=/data/app/com.test-2.apk

resourcePath=/data/app/com.test-2.apk

dataDir=/data/data/com.test

targetSdk=8

supportsScreens=[medium, large, small, resizeable, anyDensity]

timeStamp=1282493767000

signatures=PackageSignatures{466ac6f0 [466dbb48]}

permissionsFixed=true haveGids=true

pkgFlags=0x0 installStatus=1 enabled=0

grantedPermissions:

android.permission.WRITE_OWNER_DATA

... (I granted all permissions)


Here is an extract of my /data/data dir
drwxr-x--x app_24 app_24 2010-08-22 18:10 com.test

...


I can't see what's wrong. From Eclipse Android File Explorer view (if
that's the right place) it looks like the data dir is empty and no
right is given to others. Anyone has an idea?

So it looks like the

[David Turner]

The code also checks that /data and /data/data are owned by the system uid.

Can you display the output of:

adb shell ls -l /

adb shell ls -l /data

This is not related to non-root access. In Froyo, run-as should be able to work for debuggable apps (and only them). It's a setUID binary, which is why it is _extremely_ picky about the content of the filesystem.

--
You received this message because you are subscribed to the Google Groups "android-ndk" group.
To post to this group, send email to andro...@googlegroups.com.
To unsubscribe from this group, send email to android-ndk...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/android-ndk?hl=en.

[AlexEzh]

Here is the output:

~/android/ndk/samples/bitmap-plasma>adb shell ls -l /
drwxrwxrwt root root 2010-08-19 17:05 app-cache
dr-x------ root root 2010-08-19 17:04 config
drwxrwx--- system cache 2010-08-14 13:09 cache
lrwxrwxrwx root root 2010-08-19 17:04 sdcard -> /mnt/
sdcard
drwxr-xr-x root root 2010-08-19 17:04 acct
drwxrwxr-x root system 2010-08-19 17:04 mnt
lrwxrwxrwx root root 2010-08-19 17:04 d -> /sys/
kernel/debug
lrwxrwxrwx root root 2010-08-19 17:04 etc -> /system/
etc
drwxr-xr-x root root 2010-08-03 00:16 system
drwxr-xr-x root root 1969-12-31 16:00 sys
-rw-r--r-- root root 0 1969-12-31 16:00
shutdown.bravo.rc
drwxr-x--- root root 1969-12-31 16:00 sbin
dr-xr-xr-x root root 1969-12-31 16:00 proc
-rwxr-x--- root root 14720 1969-12-31 16:00 init.rc
-rwxr-x--- root root 1677 1969-12-31 16:00
init.goldfish.rc
-rwxr-x--- root root 3852 1969-12-31 16:00 init.bravo.rc
-rwxr-x--- root root 111948 1969-12-31 16:00 init
-rw-r--r-- root root 118 1969-12-31 16:00 default.prop
drwxrwx--x system system 2010-08-14 13:09 data
-rw-r--r-- root root 460 1969-12-31 16:00
bootcomplete.bravo.rc
drwx------ root root 2010-07-23 02:24 root
drwxr-xr-x root root 2010-08-19 17:05 dev
~/android/ndk/samples/bitmap-plasma>adb shell ls -l /data
opendir failed, Permission denied
~/android/ndk/samples/bitmap-plasma>

On Aug 22, 3:59 pm, David Turner <di...@android.com> wrote:
> The code also checks that /data and /data/data are owned by the system uid.
> Can you display the output of:
>
> adb shell ls -l /
> adb shell ls -l /data
>
> This is not related to non-root access. In Froyo, run-as should be able to
> work for debuggable apps (and only them). It's a setUID binary, which is why
> it is _extremely_ picky about the content of the filesystem.
>

> > android-ndk...@googlegroups.com<android-ndk%2Bunsu...@googlegroups.com>
> > .

[Ratamovic]

David, Alex, Thanks for your answers.

I get the same result
ratamovic@gaia:~/Desktop$ adb shell ls -l /data
opendir failed, Permission denied

ratamovic@gaia:~/Desktop$ adb shell ls -l /
drwxrwxrwt root root 2010-08-23 09:28 app-cache
dr-x------ root root 2010-08-23 09:27 config
drwxrwx--- system cache 2010-08-03 19:07 cache
lrwxrwxrwx root root 2010-08-23 09:27 sdcard -> /mnt/
sdcard
drwxr-xr-x root root 2010-08-23 09:27 acct
drwxrwxr-x root system 2010-08-23 09:27 mnt
lrwxrwxrwx root root 2010-08-23 09:27 d -> /sys/
kernel/debug
lrwxrwxrwx root root 2010-08-23 09:27 etc -> /system/
etc
drwxr-xr-x root root 2010-08-03 19:02 system
drwxr-xr-x root root 1970-01-01 01:00 sys
...
drwxrwx--x system system 2010-05-14 09:03 data


So that could be related to /data being not accessible :'/ ?

[AlexEzh]

I verified that the exact same host configuration works for Nexus
device. So it seems that something is broken in HTC Desire a way which
prevents native debugging.

> ...
>
> read more »

[Ratamovic]

That's somewhat annoying...
The HTC Desire is my only phone.

> ...
>
> plus de détails »

[EboMike]

This is not related to HTC, I have the same problem on a 2.2 Motorola
Droid. I should mention that it is semi-rooted, i.e. I can do "su" in
the adb shell, but I cannot do "adb root" (I get the "adbd cannot run
as root in production builds" message if I do so).

Any attempt to do something with adb run-as results in run-as: Package
'[package name]' has corrupt installation". I always write it off as a
problem with my phone not being rooted.

-Mike

[David Turner]

On Wed, Sep 8, 2010 at 5:23 AM, EboMike <ebo...@gmail.com> wrote:

This is not related to HTC, I have the same problem on a 2.2 Motorola
Droid. I should mention that it is semi-rooted, i.e. I can do "su" in
the adb shell, but I cannot do "adb root" (I get the "adbd cannot run
as root in production builds" message if I do so).

Any attempt to do something with adb run-as results in run-as: Package
'[package name]' has corrupt installation". I always write it off as a
problem with my phone not being rooted.

This has nothing to do with the phone not being rooted.

run-as is a setuid program, which means it's an ideal attack vector for hackers in the system.

As a consequence, it does a large amount of checks to ensure that it is called correctly, that

the userID you want to launch commands with corresponds to a debuggable application,

and that the paths that lead to your application's data directory (e.g. /data/data/<pkgname>/)

hasn't been hacked (e.g. by inserting weird symlinks or changing system permissions).

"corrupt installation" means that something is rotten in the path that leads to the package's

data directory. This can happen if you have rooted your phone and perform certain changes,

or if the system image contains unexpected changes.

My non-rooted Motorola Droid running 2.2 doesn't have this problem, so I'm surprised you're

seeing this right now. Did you run specific programs as root on it ?

 

-Mike

--
You received this message because you are subscribed to the Google Groups "android-ndk" group.
To post to this group, send email to andro...@googlegroups.com.

To unsubscribe from this group, send email to android-ndk...@googlegroups.com.

[EboMike]

On Sep 8, 3:25 am, David Turner <di...@android.com> wrote:

> This has nothing to do with the phone not being rooted.
>

> As a consequence, it does a large amount of checks to ensure that it is
> called correctly, that
> the userID you want to launch commands with corresponds to a debuggable
> application,
> and that the paths that lead to your application's data directory (e.g.
> /data/data/<pkgname>/)
> hasn't been hacked (e.g. by inserting weird symlinks or changing system
> permissions).
>
> "corrupt installation" means that something is rotten in the path that leads
> to the package's
> data directory. This can happen if you have rooted your phone and perform
> certain changes,
> or if the system image contains unexpected changes.

I'm not typically running anything as root, I only root my phone so I
can dig around in the data directories if need be. I'm also getting
this error with any debuggable app I have.

The path /should/ be correct (both "data" directories are 771 and
system:system, the app's data directory is 755 and owned by an "app_"
account). Since my phone is rooted, I could imagine that the "system
image contains unexpected changes" could be the problem. Due to
security concerns, I don't suppose there is a way to find out which
integrity check precisely is failing?

-Mike

> ...
>
> read more »

[AlexEzh]

I am seeing the same problem with stock HTC-Desire/Z "T-Mobile G2" (no
modifications to software). Is there any way to diagnose the problem?
Is there any phones other than Nexus which work?

Thank you

/Alex

On Sep 8, 3:25 am, David Turner <di...@android.com> wrote:

> ...
>
> read more »

[Wil Hadden]

This is a bit of an old topic but I thought it was worth replying about how I got this working as I kept finding this topic in google.

Firstly I am on a rooted Desire HD with ndk r5.

The first issue I had read about and that stung me was with the package name, seemingly it has to be at least 4 periods deep. So where I had com.a.b I had to recompile the java and ndk with com.a.b.c.

Then there was the permissions issue that gave the corrupt message. I ran ROM Manager from the market that has an option to fix permissions. It went a long way but left the /data/data directory wrong.

So doing that plus adb shell chmod o-r /data/data/* fixed the issue for me.

[Jack]

I root my Desire HD. But run adb shell chmod o-r /data/data/* has
error:
# chmod o-r /data/data/*
chmod o-r /data/data/*
Bad mode

Please help me.

[Wigou Lau]

you can use :

chmod 662 /data/data/*

2011/4/19 Jack <jack...@gmail.com>

[Wil Hadden]

Just in case anyone comes back here, chmod 662 does not work for me, but chmod 750 stops the corrupt installation issue. 

Trial and error may be necessary.

[zegzav]

I finally resolved this problem with a HTC Desire S (2.3.3).

For the directory /data/data, I had the access "777" and owner "root".

ls -l /data
 (...)
drwxrwxrwx root     root              2012-03-03 19:07 data

In root mode, I executed the following commands to change access & owner.

chmod 771 /data/data
chown system.system /data/data

ls -l /data
 (...)
drwxrwx--x system   system            2012-03-03 19:07 data

"run-as" works normally now.