在進行android O的相容性驗證中,我們發現有應用force close,檢視log會有W + E load segments are not allowed。
08-10 15:37:30.616 3148 3148 W linker : "/data/app/com.sxiaoao.fatpebble.clayjam.OPPO-Zwf5LGb1adpUq7SRfo8wvw==/lib/arm/libDexHelperUtil.so": W + E load segments are not allowed
08-10 15:37:30.629 3148 3148 W linker : "/data/data/com.sxiaoao.fatpebble.clayjam.OPPO/.seccache/libDexHelper.so": W + E load segments are not allowed
08-10 15:37:30.646 3148 3148 F libc : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 3148 (le.clayjam.OPPO)
08-10 15:37:30.739 3175 3175 I crash_dump32: obtaining output fd from tombstoned
08-10 15:37:30.702 3175 3175 W crash_dump32: type=1400 audit(0.0:6583): avc: denied { search } for name="com.sxiaoao.fatpebble.clayjam.OPPO" dev="dm-0" ino=278577 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
08-10 15:37:30.740 1290 1290 I /system/bin/tombstoned: received crash request for pid 3148
08-10 15:37:30.702 3175 3175 W crash_dump32: type=1400 audit(0.0:6584): avc: denied { search } for name="com.sxiaoao.fatpebble.clayjam.OPPO" dev="dm-0" ino=278577 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
08-10 15:37:30.739 3175 3175 I crash_dump32: obtaining output fd from tombstoned
08-10 15:37:30.740 1290 1290 I /system/bin/tombstoned: received crash request for pid 3148
08-10 15:37:30.743 3175 3175 I crash_dump32: performing dump of process 3148 (target tid = 3148)
08-10 15:37:30.743 3175 3175 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
08-10 15:37:30.743 3175 3175 F DEBUG : Build fingerprint: 'Android/msm8998/msm8998:8.0.0/OPR1.170623.011/lnxbui08040516:userdebug/test-keys'
08-10 15:37:30.743 3175 3175 F DEBUG : Revision: '0'
08-10 15:37:30.743 3175 3175 F DEBUG : ABI: 'arm'
08-10 15:37:30.743 3175 3175 F DEBUG : pid: 3148, tid: 3148, name: le.clayjam.OPPO >>> com.sxiaoao.fatpebble.clayjam.OPPO <<<
08-10 15:37:30.743 3175 3175 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
08-10 15:37:30.743 3175 3175 F DEBUG : Cause: null pointer dereference
08-10 15:37:30.743 3175 3175 F DEBUG : r0 00000006 r1 00004001 r2 00000000 r3 00000000
08-10 15:37:30.743 3175 3175 F DEBUG : r4 00000000 r5 0000287e r6 edbfec50 r7 dbc7f800
08-10 15:37:30.743 3175 3175 F DEBUG : r8 ffc582a8 r9 00000099 sl eaa7615c fp ead31230
08-10 15:37:30.744 3175 3175 F DEBUG : ip 00000000 sp ffc58180 lr cedb084f pc cedb0850 cpsr 000d0030
08-10 15:37:30.744 3175 3175 F DEBUG :
08-10 15:37:30.744 3175 3175 F DEBUG : backtrace:
08-10 15:37:30.744 3175 3175 F DEBUG : #00 pc 00027850 /data/data/com.sxiaoao.fatpebble.clayjam.OPPO/.seccache/libDexHelper.so (offset 0x8000)
08-10 15:37:30.744 3175 3175 F DEBUG : #01 pc 0002784d /data/data/com.sxiaoao.fatpebble.clayjam.OPPO/.seccache/libDexHelper.so (offset 0x8000)
08-10 15:37:31.632 3175 3175 W crash_dump32: type=1400 audit(0.0:6589): avc: denied { search } for name="com.sxiaoao.fatpebble.clayjam.OPPO" dev="dm-0" ino=278577 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
08-10 15:37:31.882 1290 1290 E /system/bin/tombstoned: Tombstone written to: /data/tombstones//tombstone_06
結合源碼其實很容易分析,
In the bionic/linker/linker_phdr.cpp,
boolElfReader::LoadSegments() {
int prot =PFLAGS_TO_PROT(phdr->p_flags);
if ((prot& (PROT_EXEC | PROT_WRITE)) == (PROT_EXEC | PROT_WRITE)) {
// W + EPT_LOAD segments are not allowed in O.
if(get_application_target_sdk_version() >= __ANDROID_API_O__) {
DL_ERR_AND_LOG("\"%s\": W + E load segments are not allowed",name_.c_str());
return false;
}
DL_WARN("\"%s\": W + E load segments are notallowed", name_.c_str());
add_dlwarning(name_.c_str(), "W+E load segments");
}
So the flag in the so file segment should be not be W + E,or W + E PT_LOAD segments are not allowed in O
More details should refer the format information of so (ELFformat)