Disable XOM (eXecute Only Memory) | gradle/cmake
152 views
Skip to first unread message
Amol Jindal
Aug 19, 2020, 2:04:56 AM8/19/20
to android-ndk
Hi,
How can we disable the XOM security feature introduced with API 29?
The documentation provides ways to disable this via `make` command, but how can we disable it via gradle/cmake?
Ryan Prichard
Aug 19, 2020, 2:30:28 AM8/19/20
to android-ndk
--
You received this message because you are subscribed to the Google Groups "android-ndk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-ndk...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-ndk/7c1324ea-6dab-458f-a393-c2ed1f5dfdaao%40googlegroups.com.
John Dallman
Aug 19, 2020, 6:13:33 AM8/19/20
to andro...@googlegroups.com
A supplementary question:
https://source.android.com/devices/tech/debug/execute-only-memory says:
> You can manually verify binaries using readelf and checking the segment flags.
I'm failing to figure out just how to do that. If I use "readelf --segments myLib.so", my segment zero contains .hash .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .plt .text .rodata .eh_frame_hdr .eh_frame .note.android.ident and is marked R E which I presume means Read and Execute. That's fair enough, but when I look at the sections, the only two executable ones are:
> You can manually verify binaries using readelf and checking the segment flags.
I'm failing to figure out just how to do that. If I use "readelf --segments myLib.so", my segment zero contains .hash .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .plt .text .rodata .eh_frame_hdr .eh_frame .note.android.ident and is marked R E which I presume means Read and Execute. That's fair enough, but when I look at the sections, the only two executable ones are:
[ 9] .plt PROGBITS 0000000000116620 00116620
0000000000000530 0000000000000010 AX 0 0 16
[10] .text PROGBITS 0000000000116b50 00116b50
0000000002d9114c 0000000000000000 AX 0 0 4
0000000000000530 0000000000000010 AX 0 0 16
[10] .text PROGBITS 0000000000116b50 00116b50
0000000002d9114c 0000000000000000 AX 0 0 4
Those are both Allocate and eXecute, but I'm not seeing how I can tell if they're readable? The sections output doesn't seem to have a flag for that.
Thanks,
John
--
Amol Jindal
Aug 19, 2020, 6:37:31 AM8/19/20
to android-ndk
Thanks Ryan.
I am aware of that previous post, but there is no solution mentioned in that post. We are facing a crash because of XOM on some devices (while it works on other devices). So we want to disable it.
I am aware of that previous post, but there is no solution mentioned in that post. We are facing a crash because of XOM on some devices (while it works on other devices). So we want to disable it.
On Tuesday, August 18, 2020 at 11:30:28 PM UTC-7, Ryan Prichard wrote:
On Tue, Aug 18, 2020 at 11:04 PM 'Amol Jindal' via android-ndk <andro...@googlegroups.com> wrote:
Hi,--How can we disable the XOM security feature introduced with API 29?The documentation provides ways to disable this via `make` command, but how can we disable it via gradle/cmake?
You received this message because you are subscribed to the Google Groups "android-ndk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to andro...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages