Fixed
Status Update
No update yet.
Comments
en...@google.com
logcat output including dmesg? selinux violations would show up there.
en...@google.com
(and you can rule out another variable by copying the system toybox binary and using that in the app.)
nn...@google.com
Can you please attach the file "toybox_sdm" to this bug?
d4...@gmail.com
> (and you can rule out another variable by copying the system toybox binary and using that in the app.)
Sorry for not trying this before. The system toybox xargs works in my app.
```
toybox 0.7.2-7c10702a60a4-android
runCommand(Command(commands=[echo '/data/user/0/eu.thedarken.sdm/files' | /data/user/0/eu.thedarken.sdm/files/toybox_sdm xargs stat]))
Input : echo '/data/user/0/eu.thedarken.sdm/files' | /data/user/0/eu.thedarken.sdm/files/toybox_sdm xargs stat
Output: File: `/data/user/0/eu.thedarken.sdm/files'
(...)
runCommand(...): Command.Result(exitcode=0)
```
I've attached my toybox to this ticket. It's built using musl libc with the config you can find here:
https://github.com/d4rken/toybox/tree/sdmaid
Because the same binary build for x86 works on the emulator, I've attached that too.
Logcat here, but nothing out of the ordinary:
https://gist.github.com/d4rken/b66f5a7a3fa3135ccf90543628dca512
How do I get the dmesg output? There is no root for Pixel@O yet:
```
» adb root dmesg
» adb shell dmesg
dmesg: /dev/kmsg: Permission denied
```
Sorry for not trying this before. The system toybox xargs works in my app.
```
toybox 0.7.2-7c10702a60a4-android
runCommand(Command(commands=[echo '/data/user/0/eu.thedarken.sdm/files' | /data/user/0/eu.thedarken.sdm/files/toybox_sdm xargs stat]))
Input : echo '/data/user/0/eu.thedarken.sdm/files' | /data/user/0/eu.thedarken.sdm/files/toybox_sdm xargs stat
Output: File: `/data/user/0/eu.thedarken.sdm/files'
(...)
runCommand(...): Command.Result(exitcode=0)
```
I've attached my toybox to this ticket. It's built using musl libc with the config you can find here:
Because the same binary build for x86 works on the emulator, I've attached that too.
Logcat here, but nothing out of the ordinary:
How do I get the dmesg output? There is no root for Pixel@O yet:
```
» adb root dmesg
» adb shell dmesg
dmesg: /dev/kmsg: Permission denied
```
nn...@google.com
Please run "adb bugreport" to get the dmesg output. It would be helpful to attach the output of adb bugreport to this bug, although please be sure to scrub the bugreport of any sensitive information before uploading.
d4...@gmail.com
> please be sure to scrub the bugreport of any sensitive information before uploading
Easier said than done as this is not a test device :). I trimmed all but the dmesg section away and trimmed the dmesg log to when my app launches and when I closed it again. The entries can be found by grepping for "Bad system call".
I did not see any SELinux output related to the xargs call.
If you need more sections out of that file let me know then I'll get you those too (after checking for sensitive info).
Easier said than done as this is not a test device :). I trimmed all but the dmesg section away and trimmed the dmesg log to when my app launches and when I closed it again. The entries can be found by grepping for "Bad system call".
I did not see any SELinux output related to the xargs call.
If you need more sections out of that file let me know then I'll get you those too (after checking for sensitive info).
en...@google.com
if it was seccomp you'd be dying with SIGSYS, not getting ENOSYS back from a system call.
i've attached a static strace binary.
i've attached a static strace binary.
d4...@gmail.com
I can't see any attachments. Actually I can't see any at all, neither my own (permission issue?).
Can you mail me the strace binary or upload it somewhere?
Can you mail me the strace binary or upload it somewhere?
d4...@gmail.com
```
Input : echo 'echo test' | /data/user/0/eu.thedarken.sdm/files/static-strace /data/user/0/eu.thedarken.sdm/files/toybox_sdm xargs
Error : execve("/data/user/0/eu.thedarken.sdm/files/toybox_sdm", ["/data/user/0/eu.thedarken.sdm/fi"..., "xargs"], [/* 13 vars */]) = 0
Error : /data/user/0/eu.thedarken.sdm/files/static-strace: [ Process PID=27909 runs in 32 bit mode. ]
Error : set_tls(0x51420, 0x31190, 0x311e4, 0xffe50fec, 0x38) = 0
Error : set_tid_address(0x51380) = 27909
Error : getuid32() = 10409
Error : geteuid32() = 10409
Error : umask(000) = 077
Error : umask(077) = 000
Error : getuid32() = 10409
Error : geteuid32() = 10409
Error : brk(NULL) = 0x518000
Error : brk(0x519000) = 0x519000
Error : umask(000) = 077
Error : umask(077) = 000
Error : readv(0, [{iov_base="", iov_len=0}, {iov_base="echo test\n", iov_len=1024}], 2) = 10
Error : readv(0, [{iov_base="", iov_len=0}, {iov_base="", iov_len=1024}], 2) = 0
Error : fork( <unfinished ...>
Error : --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x228a4, si_syscall=__NR_fork, si_arch=AUDIT_ARCH_ARM} ---
Error : <... fork resumed>) = ?
Error : +++ killed by SIGSYS +++
Error : Bad system call
```
Input : echo 'echo test' | /data/user/0/eu.thedarken.sdm/files/static-strace /data/user/0/eu.thedarken.sdm/files/toybox_sdm xargs
Error : execve("/data/user/0/eu.thedarken.sdm/files/toybox_sdm", ["/data/user/0/eu.thedarken.sdm/fi"..., "xargs"], [/* 13 vars */]) = 0
Error : /data/user/0/eu.thedarken.sdm/files/static-strace: [ Process PID=27909 runs in 32 bit mode. ]
Error : set_tls(0x51420, 0x31190, 0x311e4, 0xffe50fec, 0x38) = 0
Error : set_tid_address(0x51380) = 27909
Error : getuid32() = 10409
Error : geteuid32() = 10409
Error : umask(000) = 077
Error : umask(077) = 000
Error : getuid32() = 10409
Error : geteuid32() = 10409
Error : brk(NULL) = 0x518000
Error : brk(0x519000) = 0x519000
Error : umask(000) = 077
Error : umask(077) = 000
Error : readv(0, [{iov_base="", iov_len=0}, {iov_base="echo test\n", iov_len=1024}], 2) = 10
Error : readv(0, [{iov_base="", iov_len=0}, {iov_base="", iov_len=1024}], 2) = 0
Error : fork( <unfinished ...>
Error : --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x228a4, si_syscall=__NR_fork, si_arch=AUDIT_ARCH_ARM} ---
Error : <... fork resumed>) = ?
Error : +++ killed by SIGSYS +++
Error : Bad system call
```
en...@google.com
fork seems to have been added to the seccomp whitelist as part of http://b/35217603 .
d4...@gmail.com
👍
Can't view the bugfix commit, but basically fixed with next release (Preview 2)?
Can't view the bugfix commit, but basically fixed with next release (Preview 2)?
en...@google.com
any build after OPR1.170226.001 will have the fix.
Description
Stock Pixel 128GB running OPP1.170223.012
Steps to reproduce:
Have an app provide it's own toybox binary.
Call `/data/user/0/some.app.pkg/files/toybox xargs --help` from within the app.
Prior to Android O this would just work.
Now `xargs` returns exitcode 159 and "Bad system call"
App can't run it's own xargs:
```
Input : echo '/data/user/0/eu.thedarken.sdm/files' | /data/user/0/eu.thedarken.sdm/files/toybox_sdm xargs stat
Error : Bad system call
```
App can run system xargs:
```
Input : echo '/data/user/0/eu.thedarken.sdm/files' | /system/bin/toybox xargs stat
Output: File: `/data/user/0/eu.thedarken.sdm/files'
(...)
```
ADB shell can run app xargs:
```
sailfish:/data/local/tmp $ ./toybox_sdm find '/data/local/tmp' -maxdepth 0 -print0 | ./toybox_sdm xargs -0 echo
/data/local/tmp
```
Some more logs here:
*
*
The app can call the native toybox xargs from `/system/bin/xargs` without issue, and I can also copy "toybox_sdm" to `/data/local/tmp` and run xargs from there without issue (via adb shell).
This is has also been observed on a Nexus5X@AndroidO, but it can't be reproduced on the Android O emulator image.
I suspect this might be something selinux related or as suggested on the toybox mailing list, seccomp related. Something might be blocking xargs from forking processes?
I would expect this to work like on Nougat and I would also have expected that the emulator shows the same behavior.
I hope this is a bug and not intentional as apps providing their own binary is a common tactic to make sure apps work reliably on all devices. Suddenly changing this has the potential to break apps which make heavy use of self provided binaries in unforseen ways.