Adding PR_open to an extension's filtered_sysnums break PRoot in certain cases
61 views
Skip to first unread message
Corbin Champion
Oct 20, 2015, 6:05:32 PM10/20/15
to PRoot
The link2symlink extension was originally made to get around some early versions of android not allowing hardlinks to be created. It worked fine for quite a while. But, using this extension caused gnuroot and octave issues on newer version of android (> 5.0), but those version of android allowed hard links, a nexus 5 running marshmallow (6.0), the latest version of android, shows that hard links are not being allowed again. So, I need to spend time to actually debug the what was going wrong with the link2symlink extension, so it can be used again. I am a stumped and am reaching out for help. This is what I have found so far.
static FilteredSysnum filtered_sysnums[] = {
{ PR_link, FILTER_SYSEXIT },
{ PR_linkat, FILTER_SYSEXIT },
{ PR_unlink, FILTER_SYSEXIT },
{ PR_unlinkat, FILTER_SYSEXIT },
{ PR_fstat, FILTER_SYSEXIT },
{ PR_fstat64, FILTER_SYSEXIT },
{ PR_fstatat64, FILTER_SYSEXIT },
{ PR_lstat, FILTER_SYSEXIT },
{ PR_lstat64, FILTER_SYSEXIT },
{ PR_newfstatat, FILTER_SYSEXIT },
{ PR_stat, FILTER_SYSEXIT },
{ PR_stat64, FILTER_SYSEXIT },
{ PR_rename, FILTER_SYSEXIT },
{ PR_renameat, FILTER_SYSEXIT },
{ PR_open, FILTER_SYSEXIT },
{ PR_openat, FILTER_SYSEXIT },
FILTERED_SYSNUM_END,
};
And it works in almost all cases, but on certain devices (some of the nexus devices) running newer version's of Android (> 5.0), listening to the open system call is mucking something up, as I get an error like Inconsistency detected by ld.so, when trying to open /bin/bash, or other things.
If I get rid of this line:
{ PR_open, FILTER_SYSEXIT },
Everything is happy, except me, because I wanted to do something based on that system call.
I know PRoot isn't getting much support, from me or anyone, lately, but I am wondering if anyone has any ideas about this one.
Here is a gutted version of link2symlink that is sufficient for showing the problem:
#include "extension/extension.h"
/**
* Handler for this @extension. It is triggered each time an @event
* occurred. See ExtensionEvent for the meaning of @data1 and @data2.
*/
int link2symlink_callback(Extension *extension, ExtensionEvent event,
intptr_t data1 UNUSED, intptr_t data2 UNUSED)
{
switch (event) {
case INITIALIZATION: {
/* List of syscalls handled by this extensions. */
static FilteredSysnum filtered_sysnums[] = {
{ PR_link, FILTER_SYSEXIT },
{ PR_linkat, FILTER_SYSEXIT },
{ PR_unlink, FILTER_SYSEXIT },
{ PR_unlinkat, FILTER_SYSEXIT },
{ PR_fstat, FILTER_SYSEXIT },
{ PR_fstat64, FILTER_SYSEXIT },
{ PR_fstatat64, FILTER_SYSEXIT },
{ PR_lstat, FILTER_SYSEXIT },
{ PR_lstat64, FILTER_SYSEXIT },
{ PR_newfstatat, FILTER_SYSEXIT },
{ PR_stat, FILTER_SYSEXIT },
{ PR_stat64, FILTER_SYSEXIT },
{ PR_rename, FILTER_SYSEXIT },
{ PR_renameat, FILTER_SYSEXIT },
{ PR_openat, FILTER_SYSEXIT },
{ PR_open, FILTER_SYSEXIT },
FILTERED_SYSNUM_END,
};
extension->filtered_sysnums = filtered_sysnums;
return 0;
}
case SYSCALL_ENTER_END: {
return 0;
}
case SYSCALL_EXIT_END: {
return 0;
}
case TRANSLATED_PATH: {
return 0;
}
default:
return 0;
}
}
Here is a -v 5 log:
proot info: binding = /data/data/com.gnuroot.debian/support:/support
proot info: binding = /storage/emulated/0:/sdcard
proot info: binding = /storage/emulated/0/GNURoot/debian:/.proot.noexec
proot info: binding = /storage/emulated/0/GNURoot/home:/home
proot info: binding = /storage/emulated/0/GNURoot/intents:/intents
proot info: binding = /:/host-rootfs
proot info: binding = /proc/2516/mounts:/etc/mtab
proot info: binding = /mnt
proot info: binding = /data
proot info: binding = /proc
proot info: binding = /dev
proot info: binding = /sys
proot info: binding = /data/data/com.gnuroot.debian/debian:/
proot info: pid 2516: translate("/" + "/bin/bash")
proot info: pid 2516: -> "/data/data/com.gnuroot.debian/debian/bin/bash"
proot info: pid 2516: translate("/" + "/bin/bash")
proot info: pid 2516: -> "/data/data/com.gnuroot.debian/debian/bin/bash"
proot info: exe = /bin/bash
proot info: argv = /bin/bash
proot info: initial cwd = /
proot info: verbose level = 5
proot info: pid 2516: access to "/dev/pts/1" (fd 0) won't be translated until closed
proot info: pid 2516: access to "/storage/emulated/legacy/log.txt" (fd 1) won't be translated until closed
proot info: pid 2516: access to "/storage/emulated/legacy/log.txt" (fd 2) won't be translated until closed
proot info: pid 2516: access to "/proc/2516/fd" (fd 3) won't be translated until closed
proot info: pid 2516: access to "/sys/kernel/debug/tracing/trace_marker" (fd 4) won't be translated until closed
proot info: pid 2516: access to "/system/framework/framework-res.apk" (fd 5) won't be translated until closed
proot info: pid 2516: access to "/system/framework/core-libart.jar" (fd 6) won't be translated until closed
proot info: pid 2516: access to "/dev/__properties__" (fd 9) won't be translated until closed
proot info: pid 2516: access to "/dev/alarm" (fd 11) won't be translated until closed
proot info: pid 2516: access to "/data/app/com.gnuroot.debian-1/base.apk" (fd 16) won't be translated until closed
proot info: pid 2516: access to "/dev/kgsl-3d0" (fd 24) won't be translated until closed
proot info: pid 2516: access to "/dev/ion" (fd 29) won't be translated until closed
proot info: pid 2516: access to "/dev/ion" (fd 30) won't be translated until closed
proot info: pid 2516: access to "/dev/pts/1" (fd 32) won't be translated until closed
proot info: pid 2516: access to "/data/data/com.gnuroot.debian/support/xsupport.tar.gz" (fd 33) won't be translated until closed
proot info: pid 2517: sysenter start: prctl(0x26, 0x1, 0x0, 0x0, 0x0, 0xe3) = 0x26 [0xbe85a580, 0]
proot info: pid 2517: sysenter end: prctl(0x26, 0x1, 0x0, 0x0, 0x0, 0xe3) = 0x26 [0xbe85a580, 0]
proot info: pid 2517: sysexit start: prctl(0x0, 0x1, 0x0, 0x0, 0x0, 0xe3) = 0x0 [0xbe85a580, 0]
proot info: pid 2517: sysexit end: prctl(0x0, 0x1, 0x0, 0x0, 0x0, 0xe3) = 0x0 [0xbe85a580, 0]
proot info: pid 2517: sysenter start: prctl(0x16, 0x2, 0xbe85a598, 0x0, 0x0, 0xe3) = 0x16 [0xbe85a580, 0]
proot info: pid 2517: sysenter end: prctl(0x16, 0x2, 0xbe85a598, 0x0, 0x0, 0xe3) = 0x16 [0xbe85a580, 0]
proot info: pid 2517: sysexit start: prctl(0x0, 0x2, 0xbe85a598, 0x0, 0x0, 0xe3) = 0x0 [0xbe85a580, 0]
proot info: pid 2517: sysexit end: prctl(0x0, 0x2, 0xbe85a598, 0x0, 0x0, 0xe3) = 0x0 [0xbe85a580, 0]
proot info: ptrace acceleration (seccomp mode 2) enabled
proot info: pid 2517: sysenter start: execve(0x401c30, 0xbe85a834, 0xbe85a83c, 0xf, 0xbe85a834, 0xbe85a83c) = 0x401c30 [0xbe85a594, 0]
proot info: pid 2517: translate("/" + "/bin/bash")
proot info: pid 2517: -> "/data/data/com.gnuroot.debian/debian/bin/bash"
proot info: pid 2517: translate("/" + "/lib/ld-linux-armhf.so.3")
proot info: pid 2517: -> "/data/data/com.gnuroot.debian/debian/lib/arm-linux-gnueabihf/ld-2.19.so"
proot info: loader: /data/data/com.gnuroot.debian/support/prooted-2516-erTAhf
proot info: pid 2517: sysenter end: execve(0xbe85a55a, 0xbe85a834, 0xbe85a83c, 0xf, 0xbe85a834, 0xbe85a83c) = 0xbe85a55a [0xbe85a55a, 0]
proot info: pid 2517: sysexit start: restart_syscall(0x0, 0xbef92ae6, 0x0, 0x0, 0x0, 0x0) = 0x0 [0xbef929c0, 0]
proot info: pid 2517: sysexit end: restart_syscall(0xbef928f8, 0xbef92ae6, 0x0, 0x0, 0x0, 0x0) = 0xbef928f8 [0xbef928f8, 0]
proot info: pid 2517: sysenter start: open(0xbef9299c, 0x0, 0x0, 0x1, 0x0, 0x0) = 0xbef9299c [0xbef928dc, 0]
proot info: pid 2517: translate("/" + "/bin/bash")
proot info: pid 2517: -> "/data/data/com.gnuroot.debian/debian/bin/bash"
proot info: pid 2517: sysenter end: open(0xbef928ae, 0x0, 0x0, 0x1, 0x0, 0x0) = 0xbef928ae [0xbef928ae, 0]
proot info: pid 2517: sysexit start: open(0x3, 0x0, 0x0, 0x1, 0x0, 0x0) = 0x3 [0xbef928ae, 0]
proot info: pid 2517: sysexit end: open(0x3, 0x0, 0x0, 0x1, 0x0, 0x0) = 0x3 [0xbef928dc, 0]
proot info: pid 2517: sysenter start: open(0xbef929a6, 0x0, 0x0, 0x0, 0xffffffff, 0x0) = 0xbef929a6 [0xbef928dc, 0]
proot info: pid 2517: translate("/" + "/lib/ld-linux-armhf.so.3")
proot info: pid 2517: -> "/data/data/com.gnuroot.debian/debian/lib/arm-linux-gnueabihf/ld-2.19.so"
proot info: pid 2517: sysenter end: open(0xbef92894, 0x0, 0x0, 0x0, 0xffffffff, 0x0) = 0xbef92894 [0xbef92894, 0]
proot info: pid 2517: sysexit start: open(0x3, 0x0, 0x0, 0x0, 0xffffffff, 0x0) = 0x3 [0xbef92894, 0]
proot info: pid 2517: sysexit end: open(0x3, 0x0, 0x0, 0x0, 0xffffffff, 0x0) = 0x3 [0xbef928dc, 0]
proot info: pid 2517: sysenter start: brk(0x0, 0xbef92ad2, 0x1f027d90, 0x0, 0x183bc, 0x9) = 0x0 [0xbef926a0, 0]
proot info: pid 2517: sysenter end: mmap2(0x0, 0x1001000, 0x3, 0x22, 0xffffffff, 0x0) = 0x0 [0xbef926a0, 0]
proot info: pid 2517: sysexit start: mmap2(0xb5fd1000, 0x1001000, 0x3, 0x22, 0xffffffff, 0x0) = 0xb5fd1000 [0xbef926a0, 0]
proot info: pid 2517: sysexit end: brk(0xb5fd2000, 0xbef92ad2, 0x1f027d90, 0x0, 0x183bc, 0x9) = 0xb5fd2000 [0xbef926a0, 0]
proot info: pid 2517: sysenter start: brk(0x0, 0xbef92ae0, 0x8, 0x0, 0xb5fd2000, 0x0) = 0x0 [0xbef92690, 0]
proot info: pid 2517: sysenter end: void(0x0, 0xbef92ae0, 0x8, 0x0, 0xb5fd2000, 0x0) = 0x0 [0xbef92690, 0]
proot info: pid 2517: sysexit start: void(0xffffffda, 0xbef92ae0, 0x8, 0x0, 0xb5fd2000, 0x0) = 0xffffffda [0xbef92690, 0]
proot info: pid 2517: sysexit end: brk(0xb5fd2000, 0xbef92ae0, 0x8, 0x0, 0xb5fd2000, 0x0) = 0xb5fd2000 [0xbef92690, 0]
Inconsistency detected by ld.so: rtld.c: 1306: dl_main: Assertion `_rtld_local._dl_rtld_map.l_libname->next == ((void *)0)' failed!
proot info: pid 2517: exited with status 127
Sergii Pylypenko
Oct 20, 2015, 6:19:47 PM10/20/15
to proo...@googlegroups.com
Please remind me how are you using hardlinks in your system image. You cannot create hardlinks to SD card to move stuff out of internal storage.
--
---
You received this message because you are subscribed to the Google Groups "PRoot" group.
To unsubscribe from this group and stop receiving emails from it, send an email to proot_me+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Corbin Champion
Oct 20, 2015, 6:33:56 PM10/20/15
to PRoot
>Please remind me how are you using hardlinks in your system image. You cannot create hardlinks to SD card to move stuff out of internal storage.
The GNURoot system image is on internal storage. When I used to have an option for putting it on sdcard, the extension which did such only moved normal files, not links fifos, etc, to the sdcard.
Thanks,
Corbin
cdc
Oct 21, 2015, 3:23:19 AM10/21/15
to Corbin Champion, PRoot
A couple of comments:
- did you try without seccomp? (env PROOT_NO_SECCOMP=1)
- did you try using the "next" branch? (it contains a change regarding heap emulation)
- if this could help, I think this bug might be reproducible on
"standard" ARM Linux distros since the dynamic linker is from
[e]GlibC (instead of BioniC as it's usually the case on Android):
> Inconsistency detected by ld.so: rtld.c: 1306: dl_main: Assertion
> `_rtld_local._dl_rtld_map.l_libname->next == ((void *)0)' failed!
Regards,
Cédric.
- did you try without seccomp? (env PROOT_NO_SECCOMP=1)
- did you try using the "next" branch? (it contains a change regarding heap emulation)
- if this could help, I think this bug might be reproducible on
"standard" ARM Linux distros since the dynamic linker is from
[e]GlibC (instead of BioniC as it's usually the case on Android):
> Inconsistency detected by ld.so: rtld.c: 1306: dl_main: Assertion
> `_rtld_local._dl_rtld_map.l_libname->next == ((void *)0)' failed!
Cédric.
Corbin Champion
Oct 21, 2015, 4:48:56 PM10/21/15
to PRoot, corb...@gmail.com, pr...@6dof.xyz
> did you try without seccomp? (env PROOT_NO_SECCOMP=1)
Yes. It didn't change the behavior.
> did you try using the "next" branch? (it contains a change regarding heap emulation)
No. I will do that as soon as I can. Hopefully today or tomorrow.
I wasn't able to reproduce it running qemu, but since it only happens on certain devices and only if those devices are using a certain ROMs, I may have to match the kernel version, hardware properties, etc. Rebuilding PRoot and pushing it to the device is not too bad in this case.
Thanks for the ideas! I will update again soon.
Corbin
Corbin Champion
Oct 21, 2015, 5:48:32 PM10/21/15
to PRoot, corb...@gmail.com, pr...@6dof.xyz
>> did you try using the "next" branch? (it contains a change regarding heap emulation)
>No. I will do that as soon as I can. Hopefully today or tomorrow.
At first this didn't work, but produced a different, bad, exit status (see at the end for a log of this). Then I realized that I still had PROOT_NO_SECCOMP=1 set. When I use the next branch, but without PROOT_NO_SECCOMP=1, then it does work. I went further and added back all the code that is normally in the link2symlink extension (not just the skeleton) and it continued to work and created symlinks instead of hard links as expected.
A few questions:
1) Are you surprised that I had to specifically not set PROOT_NO_SECCOMP for this to work with the next branch.
2) What testing, etc needs to be done before the changes in the next branch get merged into master and get a release label? I can do this (about time I give something more substantial back), but curious what the normal flow is? Is there some work that is only halfway implemented at this point in the next branch and needs to not be brought over to master?
Thanks!
Corbin
Here's the promised log:
proot info: binding = /data/data/com.gnuroot.debian/support:/support
proot info: binding = /storage/emulated/0:/sdcard
proot info: binding = /storage/emulated/0/GNURoot/debian:/.proot.noexec
proot info: binding = /storage/emulated/0/GNURoot/home:/home
proot info: binding = /storage/emulated/0/GNURoot/intents:/intents
proot info: binding = /:/host-rootfs
proot info: binding = /proc/27163/mounts:/etc/mtab
proot info: binding = /mnt
proot info: binding = /data
proot info: binding = /proc
proot info: binding = /dev
proot info: binding = /sys
proot info: binding = /data/data/com.gnuroot.debian/debian:/
proot info: vpid 1: translate("/" + "/bin/bash")
proot info: vpid 1: -> "/data/data/com.gnuroot.debian/debian/bin/bash"
proot info: vpid 1: translate("/" + "/bin/bash")
proot info: vpid 1: -> "/data/data/com.gnuroot.debian/debian/bin/bash"
proot info: exe = /bin/bash
proot info: argv = /bin/bash
proot info: initial cwd = /
proot info: verbose level = 5
proot info: pid 27163: access to "/dev/pts/1" (fd 0) won't be translated until closed
proot info: pid 27163: access to "/storage/emulated/legacy/log.txt" (fd 1) won't be translated until closed
proot info: pid 27163: access to "/storage/emulated/legacy/log.txt" (fd 2) won't be translated until closed
proot info: pid 27163: access to "/proc/27163/fd" (fd 3) won't be translated until closed
proot info: pid 27163: access to "/sys/kernel/debug/tracing/trace_marker" (fd 4) won't be translated until closed
proot info: pid 27163: access to "/system/framework/framework-res.apk" (fd 5) won't be translated until closed
proot info: pid 27163: access to "/system/framework/core-libart.jar" (fd 6) won't be translated until closed
proot info: pid 27163: access to "/dev/__properties__" (fd 9) won't be translated until closed
proot info: pid 27163: access to "/dev/alarm" (fd 11) won't be translated until closed
proot info: pid 27163: access to "/data/app/com.gnuroot.debian-2/base.apk" (fd 20) won't be translated until closed
proot info: pid 27163: access to "/dev/kgsl-3d0" (fd 25) won't be translated until closed
proot info: pid 27163: access to "/dev/ion" (fd 30) won't be translated until closed
proot info: pid 27163: access to "/dev/ion" (fd 31) won't be translated until closed
proot info: pid 27163: access to "/data/data/com.gnuroot.debian/support/xsupport.tar.gz" (fd 32) won't be translated until closed
proot info: pid 27163: access to "/dev/pts/1" (fd 33) won't be translated until closed
proot info: vpid 1: sysenter start: execve(0x11b7c28, 0xbee5e820, 0xbee5e828, 0xf, 0xbee5e820, 0xbee5e828) = 0x11b7c28 [0xbee5e584, 0]
proot info: vpid 1: translate("/" + "/bin/bash")
proot info: vpid 1: -> "/data/data/com.gnuroot.debian/debian/bin/bash"
proot info: vpid 1: translate("/" + "/lib/ld-linux-armhf.so.3")
proot info: vpid 1: -> "/data/data/com.gnuroot.debian/debian/lib/arm-linux-gnueabihf/ld-2.19.so"
proot info: loader: /data/data/com.gnuroot.debian/support/prooted-27163-WPQM2f
proot info: vpid 1: sysenter end: execve(0xbee5e549, 0xbee5e820, 0xbee5e828, 0xf, 0xbee5e820, 0xbee5e828) = 0xbee5e549 [0xbee5e549, 0]
proot info: vpid 1: sysexit start: restart_syscall(0x0, 0xbe85aad2, 0x0, 0x0, 0x0, 0x0) = 0x0 [0xbe85a9b0, 0]
proot info: vpid 1: sysexit end: restart_syscall(0xbe85a8e4, 0xbe85aad2, 0x0, 0x0, 0x0, 0x0) = 0xbe85a8e4 [0xbe85a8e4, 0]
proot info: vpid 1: sysenter start: open(0xbe85a98c, 0x0, 0x0, 0x1, 0x0, 0x0) = 0xbe85a98c [0xbe85a8c8, 0]
proot info: vpid 1: translate("/" + "/bin/bash")
proot info: vpid 1: -> "/data/data/com.gnuroot.debian/debian/bin/bash"
proot info: vpid 1: sysenter end: open(0xbe85a89a, 0x0, 0x0, 0x1, 0x0, 0x0) = 0xbe85a89a [0xbe85a89a, 0]
proot info: vpid 1: sysexit start: open(0x3, 0x0, 0x0, 0x1, 0x0, 0x0) = 0x3 [0xbe85a89a, 0]
proot info: vpid 1: sysexit end: open(0x3, 0x0, 0x0, 0x1, 0x0, 0x0) = 0x3 [0xbe85a8c8, 0]
proot info: vpid 1: sysenter start: mmap2(0x10000, 0xa1000, 0x5, 0x12, 0x3, 0x0) = 0x10000 [0xbe85a8c8, 0]
proot info: vpid 1: sysenter end: mmap2(0x10000, 0xa1000, 0x5, 0x12, 0x3, 0x0) = 0x10000 [0xbe85a8c8, 0]
proot info: vpid 1: sysexit start: mmap2(0x10000, 0xa1000, 0x5, 0x12, 0x3, 0x0) = 0x10000 [0xbe85a8c8, 0]
proot info: vpid 1: sysexit end: mmap2(0x10000, 0xa1000, 0x5, 0x12, 0x3, 0x0) = 0x10000 [0xbe85a8c8, 0]
proot info: vpid 1: sysenter start: mmap2(0xc0000, 0x6000, 0x3, 0x12, 0x1, 0xa0) = 0xc0000 [0xbe85a8c8, 0]
proot info: vpid 1: sysenter end: mmap2(0xc0000, 0x6000, 0x3, 0x12, 0x1, 0xa0) = 0xc0000 [0xbe85a8c8, 0]
proot info: vpid 1: sysexit start: mmap2(0xfffffff3, 0x6000, 0x3, 0x12, 0x1, 0xa0) = 0xfffffff3 [0xbe85a8c8, 0]
proot info: vpid 1: sysexit end: mmap2(0xfffffff3, 0x6000, 0x3, 0x12, 0x1, 0xa0) = 0xfffffff3 [0xbe85a8c8, 0]
proot info: vpid 1: sysenter start: exit(0xb6, 0x6000, 0x3, 0xc0000, 0x1, 0xa0) = 0xb6 [0xbe85a8c8, 0]
proot info: vpid 1: sysenter end: exit(0xb6, 0x6000, 0x3, 0xc0000, 0x1, 0xa0) = 0xb6 [0xbe85a8c8, 0]
proot info: vpid 1: exited with status 182
Reply all
Reply to author
Forward
0 new messages