0

I have A problem with Loading SO Libraries Dynamically in android and in order for people to understand why I actually need to do this and maybe suggest different ways to do it I'm going to explain briefly the project. I'm working on a research project to test the benefits of code offloading the flow that I have been working on is as follows :

The user triggers a function that was predetermined to be time-consuming the process is intercepted using Xposed Hooks, The Apk of the App is sent to server then the on the server I run the method from the APK dynamically for android nougat or even oreo this won't cause any troubles as I thought but the main problem some of the apps I'm working on use non-NDK libs and this causes some problems because the system won't allow the me to load the libraries dynamically I'm required to add these libraries to my app and this doesn't work for me because I the server app is one app fit all it receives a method name apk and package name and some parameters and it should run the function with the parameters of and return the result regardless of the apk or function name so cutting to the problem directly

I need to be able to run this code without trouble the code :

 val classLoader = DexClassLoader("/storage/emulated/0/ApkDir/base.apk", applicationContext.codeCacheDir.absolutePath,
                       "/storage/emulated/0/ApkDir/lib/arm64/" , this.javaClass.classLoader

The problems that the code raises for android oreo and above

01-15 03:19:22.729 10712-10712/com.sablab.myapplication W/b.myapplication: type=1400 audit(0.0:11387): avc: denied { execute } for path="/storage/emulated/0/APKDir/libs/libpngt.so" dev="fuse" ino=79 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:fuse:s0 tclass=file permissive=0

and if not this I get

 Caused by: java.lang.UnsatisfiedLinkError: dlopen failed: couldn't map "/storage/emulated/0/APKDir/libs/libpngt.so" segment 1: Permission denied
khaled sabri
  • 13
  • 5
  • Dynamic loading of libraries is blocked because of SELinux policies enforced on the Android system running on your server. The first thing you can check is whether there's a way to switch server's Android system to [SELinux permissive mode](https://source.android.com/security/selinux/validate#switching_to_permissive). If you can connect to the `adb shell` of server's Android system, you can use `adb shell setenforce 0` command to do it. Run your app after switching to permissive mode, then you should be able to load the library by bypassing SELinux security. – Lakindu Jan 17 '21 at 14:23
  • `setenforce 0` is a temporary. If you reboot your server's Android system it will be again set to SELinux enforcing mode. For the long run, you can find if there's a way to set [kernel command-line parameters](https://source.android.com/security/selinux/implement#steps) of your server's Android system. If it is possible, you can set `androidboot.selinux=permissive` kernel command-line parameter to make your Android system SELinux permissive from the beginning of the system boot up. – Lakindu Jan 17 '21 at 14:40
  • Thank you very much this was very helpful, But I was wondering If I made the serverSide App a System app in the server would I be able to move libraries to the system/lib folder and would this help ? – khaled sabri Jan 18 '21 at 14:59
  • Yes, most probably. If your app's APK is in `/system/priv-app/` or `/system/app/`, it should be able to access libraries in `/system/lib` or `/system/lib64`. – Lakindu Jan 18 '21 at 18:59
  • Okay thanks a lot will try this and tell you what happened – khaled sabri Jan 19 '21 at 14:37
  • @Lakindu I tried adb shell setenforce 0 and the error message changed to this but still no progress avc: denied { write } for name="system@app@serverSide@apk.apk@classes.vdex" dev="dm-0" ino=7576 scontext=u:r:system_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file permissive=0 – khaled sabri Jan 19 '21 at 16:57

0 Answers0