x/mobile: seccomp filters os.Stat and print/println/panic on amd64 Android O #24403
Comments
Depending on the fix, this might be 1.10.1 material. |
The |
Change https://golang.org/cl/100877 mentions this issue: |
Change https://golang.org/cl/100878 mentions this issue: |
The Android O seccomp policy disallows the access syscall on amd64, see https://android.googlesource.com/platform/bionic/+/android-4.2.2_r1.2/libc/SYSCALLS.TXT Use the faccessat syscall with AT_FDCWD instead to achieve the same behavior. Updates #24403 Change-Id: I9db847c1c0f33987a3479b3f96e721fb9588cde2 Reviewed-on: https://go-review.googlesource.com/100877 Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Change https://golang.org/cl/102975 mentions this issue: |
Change https://golang.org/cl/102976 mentions this issue: |
Change https://golang.org/cl/102995 mentions this issue: |
Change https://golang.org/cl/103195 mentions this issue: |
…call on linux/amd64 The Android O seccomp policy disallows the access syscall on amd64, see https://android.googlesource.com/platform/bionic/+/android-4.2.2_r1.2/libc/SYSCALLS.TXT Use the faccessat syscall with AT_FDCWD instead to achieve the same behavior. Updates #24403 Change-Id: I9db847c1c0f33987a3479b3f96e721fb9588cde2 Reviewed-on: https://go-review.googlesource.com/100877 Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-on: https://go-review.googlesource.com/102995 Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
…ll to implement Stat on linux/amd64 The Android O seccomp policy disallows the stat syscall on amd64, see https://android.googlesource.com/platform/bionic/+/android-4.2.2_r1.2/libc/SYSCALLS.TXT Use the fstatat syscall with AT_FDCWD and zero flags instead to achieve the same behavior. Fixes #24403 Change-Id: I36fc9ec9bc938cd8e9de30f66c0eb9d2e24debf6 Reviewed-on: https://go-review.googlesource.com/100878 Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Elias Naur <elias.naur@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-on: https://go-review.googlesource.com/102976 Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version
)?go version devel +672729ebbd Thu Mar 15 04:18:11 2018 +0000 linux/amd64
Does this issue reproduce with the latest release?
Yes.
What did you do?
Unpack seccomp.zip, start a 64 bit Android O emulator and then
(the -target argument is to make sure the amd64 version is executed)
You may need to run
go get -u golang.org/x/mobile/cmd/...
and thengomobile init
first.The "osstat" app crashes with the following:
It seems to me the "stat" syscall is blocked and have to be replaced (with fstatat?)
The "println" app crashes with:
The same crash happens if a panic() is being printed or if print() is called. It seems the "access" syscall is blocked and have to be replaced (by faccessat?).
The complete list of allowed syscalls is at https://android.googlesource.com/platform/bionic/+/android-4.2.2_r1.2/libc/SYSCALLS.TXT.
I checked both tests on android/386, android/arm and android/arm64 and they run without problems.
Related to #20409.
CC @aclements
The text was updated successfully, but these errors were encountered: