I try to fork and then trace my child by calling ptrace(PTRACE_ATTACH, iChildPid, 0, 0) on Android: - and get success when working with a debug build - and get failure with a release build (Operation not permitted (1))
Where I'm wrong?
Asked
Active
Viewed 800 times
2 Answers
0
Okay :( This is an Android feature. If the application is not marked as debuggable (manifest: android:debuggable = false), PTRACE_ATTACH does not works in both directions (parent2child and child2parent). Only root can do this.
dd00
- 1
0
According to the source of Android framework, you indeed can enable ptrace-able by yourself in app release build. (Just dont forget to call this function before your fork child process and ptrace parent)
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
static void EnableDebugger() {
// To let a non-privileged gdbserver attach to this
// process, we must set our dumpable flag.
if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) {
ALOGE("prctl(PR_SET_DUMPABLE) failed");
}
// A non-privileged native debugger should be able to attach to the debuggable app, even if Yama
// is enabled (see kernel/Documentation/security/Yama.txt).
if (prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY, 0, 0, 0) == -1) {
// if Yama is off prctl(PR_SET_PTRACER) returns EINVAL - don't log in this
// case since it's expected behaviour.
if (errno != EINVAL) {
ALOGE("prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY) failed");
}
}
// Set the core dump size to zero unless wanted (see also coredump_setup in build/envsetup.sh).
if (!GetBoolProperty("persist.zygote.core_dump", false)) {
// Set the soft limit on core dump size to 0 without changing the hard limit.
rlimit rl;
if (getrlimit(RLIMIT_CORE, &rl) == -1) {
ALOGE("getrlimit(RLIMIT_CORE) failed");
} else {
rl.rlim_cur = 0;
if (setrlimit(RLIMIT_CORE, &rl) == -1) {
ALOGE("setrlimit(RLIMIT_CORE) failed");
}
}
}
}
SDJSK
- 1,292
- 17
- 24