re.frida.helper: unable to execute idmap2: Permission denied

[naroga]

Hi. I'm running an app with frida-gadget injected into it.

It runs, starts listening, until I try to access frida from my pc. I get Failed to enumerate processes: unable to start helper.

When running adb logcat | grep frida I get a detailed log with the following entries:

07-16 12:54:17.684  6144  6144 D AndroidRuntime: Calling main entry re.frida.Helper
07-16 12:54:17.699  6144  6144 W re.frida.helper: unable to execute idmap2: Permission denied
07-16 12:54:17.709  6144  6144 I re.frida.helper: System.exit called, status: 1
07-16 12:54:18.172  6181  6181 D re.frida.helper: Time zone APEX ICU file found: /apex/com.android.tzdata/etc/icu/icu_tzdata.dat
07-16 12:54:18.172  6181  6181 D re.frida.helper: I18n APEX ICU file found: /apex/com.android.i18n/etc/icu/icudt66l.dat
07-16 12:54:18.186  6181  6181 W re.frida.helper: JNI RegisterNativeMethods: attempt to register 0 native methods for android.media.AudioAttributes
07-16 12:54:18.193  6181  6181 D AndroidRuntime: Calling main entry re.frida.Helper
07-16 12:54:18.207  6181  6181 W re.frida.helper: unable to execute idmap2: Permission denied
07-16 12:54:18.218  6181  6181 I re.frida.helper: System.exit called, status: 1
07-16 12:54:18.639  6221  6221 W re.frida.helper: type=1400 audit(0.0:3647): avc: denied { read } for name="u:object_r:device_config_runtime_native_boot_prop:s0" dev="tmpfs" ino=2179 scontext=u:r:shell:s0 tcontext=u:object_r:device_config_runtime_native_boot_prop:s0 tclass=file permissive=0
07-16 12:54:18.639  6221  6221 I chatty  : uid=2000(shell) re.frida.helper identical 2 lines
07-16 12:54:18.639  6221  6221 W re.frida.helper: type=1400 audit(0.0:3650): avc: denied { read } for name="u:object_r:device_config_runtime_native_boot_prop:s0" dev="tmpfs" ino=2179 scontext=u:r:shell:s0 tcontext=u:object_r:device_config_runtime_native_boot_prop:s0 tclass=file permissive=0
07-16 12:54:18.700  6221  6221 D re.frida.helper: Time zone APEX ICU file found: /apex/com.android.tzdata/etc/icu/icu_tzdata.dat
07-16 12:54:18.700  6221  6221 D re.frida.helper: I18n APEX ICU file found: /apex/com.android.i18n/etc/icu/icudt66l.dat
07-16 12:54:18.713  6221  6221 W re.frida.helper: JNI RegisterNativeMethods: attempt to register 0 native methods for android.media.AudioAttributes
07-16 12:54:18.720  6221  6221 D AndroidRuntime: Calling main entry re.frida.Helper
07-16 12:54:18.734  6221  6221 W re.frida.helper: unable to execute idmap2: Permission denied
07-16 12:54:18.744  6221  6221 I re.frida.helper: System.exit called, status: 1
07-16 12:58:04.939  7555  7555 W re.frida.helper: type=1400 audit(0.0:3654): avc: denied { read } for name="u:object_r:device_config_runtime_native_boot_prop:s0" dev="tmpfs" ino=2179 scontext=u:r:shell:s0 tcontext=u:object_r:device_config_runtime_native_boot_prop:s0 tclass=file permissive=0
07-16 12:58:04.939  7555  7555 I chatty  : uid=2000(shell) re.frida.helper identical 2 lines
07-16 12:58:04.939  7555  7555 W re.frida.helper: type=1400 audit(0.0:3657): avc: denied { read } for name="u:object_r:device_config_runtime_native_boot_prop:s0" dev="tmpfs" ino=2179 scontext=u:r:shell:s0 tcontext=u:object_r:device_config_runtime_native_boot_prop:s0 tclass=file permissive=0
07-16 12:58:05.002  7555  7555 D re.frida.helper: Time zone APEX ICU file found: /apex/com.android.tzdata/etc/icu/icu_tzdata.dat
07-16 12:58:05.002  7555  7555 D re.frida.helper: I18n APEX ICU file found: /apex/com.android.i18n/etc/icu/icudt66l.dat
07-16 12:58:05.016  7555  7555 W re.frida.helper: JNI RegisterNativeMethods: attempt to register 0 native methods for android.media.AudioAttributes
07-16 12:58:05.023  7555  7555 D AndroidRuntime: Calling main entry re.frida.Helper
07-16 12:58:05.037  7555  7555 W re.frida.helper: unable to execute idmap2: Permission denied
07-16 12:58:05.047  7555  7555 I re.frida.helper: System.exit called, status: 1
07-16 13:00:52.855  8643  8643 W re.frida.helper: type=1400 audit(0.0:3662): avc: denied { read } for name="u:object_r:device_config_runtime_native_boot_prop:s0" dev="tmpfs" ino=2179 scontext=u:r:shell:s0 tcontext=u:object_r:device_config_runtime_native_boot_prop:s0 tclass=file permissive=0
07-16 13:00:52.855  8643  8643 I chatty  : uid=2000(shell) re.frida.helper identical 2 lines
07-16 13:00:52.855  8643  8643 W re.frida.helper: type=1400 audit(0.0:3665): avc: denied { read } for name="u:object_r:device_config_runtime_native_boot_prop:s0" dev="tmpfs" ino=2179 scontext=u:r:shell:s0 tcontext=u:object_r:device_config_runtime_native_boot_prop:s0 tclass=file permissive=0
07-16 13:00:52.915  8643  8643 D re.frida.helper: Time zone APEX ICU file found: /apex/com.android.tzdata/etc/icu/icu_tzdata.dat
07-16 13:00:52.915  8643  8643 D re.frida.helper: I18n APEX ICU file found: /apex/com.android.i18n/etc/icu/icudt66l.dat
07-16 13:00:52.929  8643  8643 W re.frida.helper: JNI RegisterNativeMethods: attempt to register 0 native methods for android.media.AudioAttributes
07-16 13:00:52.935  8643  8643 D AndroidRuntime: Calling main entry re.frida.Helper
07-16 13:00:52.949  8643  8643 W re.frida.helper: unable to execute idmap2: Permission denied
07-16 13:00:52.959  8643  8643 I re.frida.helper: System.exit called, status: 1

[oleavr]

This means it's failing to connect to the remote gadget, and is falling back to the non-rooted code-path. That code-path is still experimental and doesn't work on a lot of devices, such as yours. (Which Android OS version and device type is this on?)

Anyway, the solution you want here is to update the gadget so it has the same major version as the local version of Frida – ideally both should be on the latest. (15.0.8).

[iMro0t]

Hi I am facing exact same issue.

frida 15.0.8
frida-gadget 15.0.8

I read this nice article and exited to try it out but now i am stuck at this.

[oleavr]

Fixed in 15.0.9 – in the sense that we're now fault-tolerant and start ignoring the non-rooted code-path if we fail to start the helper. Since I haven't heard back from anyone able to reproduce this, I will close this for now – hopefully someday somebody able to reproduce this can help fix it. Until then, things are at least in overall better shape than they were in Frida 14, which is what matters – that we suck a little bit less with every new release 😄

[ImangazalievM]

Hi @oleavr. I reproduced this bug with the latest Frida version (15.1.6). Could you help me, please?

[SHA-wn]

Was anybody able to solve this issue?
I too, am stuck with the same problem.

[danielsitnik]

I have this problem too with 15.1.7.
Samsung Galaxy Tab S6, Android 12, not rooted.

[aloebera]

Same issue here.
@oleavr

Mobile Specs

[ro.product.cpu.abi]: [arm64-v8a]
[ro.product.model]: [SM-A715F]
[ro.product.brand]: [samsung]
[ro.product.device]: [a71]
ro.build.version.release]: [13]
[ro.build.version.sdk]: [33]

Error

06-23 00:52:07.771  9264  9264 D AndroidRuntime: Calling main entry re.frida.Helper
06-23 00:52:07.855  9264  9264 W re.frida.helper: unable to execute idmap2: Permission denied
06-23 00:53:30.014  9358  9358 I re.frida.helper: Using CollectorTypeCC GC.
06-23 00:53:30.116  9358  9358 D re.frida.helper: Time zone APEX ICU file found: /apex/com.android.tzdata/etc/icu/icu_tzdata.dat
06-23 00:53:30.116  9358  9358 D re.frida.helper: I18n APEX ICU file found: /apex/com.android.i18n/etc/icu/icudt70l.dat
06-23 00:53:30.122  9358  9358 W ziparchive: Unable to open '/data/local/tmp/frida-helper-591195977d1b45b2877d9cd684ff958e.dm': No such file or directory

Frida: 16.0.19
Gadget: 16.0.19

[braedinski]

I came across this issue just now. With my frida-gadget.config set to "interaction": "listen", I had no issues, it was only when I switched to "interaction": "script" that I saw the same error message you guys are seeing.

I was able to fix it by enabling the "Files" permission for the app containing my frida-gadget and loading my script from the /sdcard directory instead of /data/local/tmp.

10-03 08:52:54.656 32273 32273 I re.frida.helper: Using CollectorTypeCC GC.
10-03 08:52:54.766 32273 32273 D re.frida.helper: Time zone APEX ICU file found: /apex/com.android.tzdata/etc/icu/icu_tzdata.dat
10-03 08:52:54.766 32273 32273 D re.frida.helper: I18n APEX ICU file found: /apex/com.android.i18n/etc/icu/icudt70l.dat
10-03 08:52:54.775 32273 32273 W ziparchive: Unable to open '/data/local/tmp/frida-helper-da8dad18a5a7497c807736cc43991a2e.dm': No such file or directory
10-03 08:52:54.795 32273 32273 D AndroidRuntime: Calling main entry re.frida.Helper
10-03 08:52:54.828 32273 32273 W re.frida.helper: unable to execute idmap2: Permission denied

[ro.product.cpu.abi]: [arm64-v8a]
[ro.product.system.manufacturer]: [samsung]
[ro.product.system.model]: [SM-A546E]
[ro.product.system.name]: [a54xnsxx]
[ro.product.build.version.release]: [13]
[ro.product.build.version.sdk]: [33

$ frida --version
16.1.4