Permission issue with PION WebRTC under GOMOBILE Android >= 11 (SDK 30) - EDIT: SOLVED BY https://github.com/golang/go/pull/61089 #2640
Comments
|
same problem. but after did some research, it's a golang issue. to fix it, maybe we need modify golang source code and build a new binary to build our aar. |
|
Yes, you might be right. I was just "knocking on the bush". However, even there is a patch, this seems to introduce a circular reference, if I get that right. Other than that I don't know where to patch these files on my local machine |
|
ok...just clone golang source code, modify files as mentioned on this, fix the |
|
Did you already try that? Did it work? |
No, But worth to try. I removed webrtc communication from my application temporarily. after other work finished i will try it. |
|
OK, I'm on it right now. GOLANG compilation ok. Patching now. Will report |
|
Stuck. It started well. Initial compilation on Ubuntu 20.04 fine. Then I patched the code. I have the feeling that the patch of this file can be omitted at all https://go-review.googlesource.com/c/go/+/507415/5/src/syscall/netlink_linux.go, but for now I just dropped the permission error check. Additional compilation fine. I replaced the two binaries found in /usr/local/go/bin by the newly generated in ./goroot/bin. Basically Now when I run my gomobile command I'm getting a new error. Seems, I'm missing some architectures support now. EDIT: Seems it was a version mismatch. I initially patched master, but my previous binary installation was 1.21.5. I then checked out 1.21.5 and made the changes again. This time my gomobile command went through, but at runtime the same problem appeared: Permission issue, panic. Either this patch doesn't change anything or there are still other places to change or I'm unable to make use of the changed version somehow (not sure, how go dependencies are bound, but I could imagine I would have to change some dependencies in my go.mod too in order to use the patched stuff) |
|
Update. I believe I will have to build the packages net and sys instead of the compiler itself... |
|
sorry. after some testing. i had modified GO_ROOT/libexec/src/net/interface_linux.go, in this way we don't need compile go or gomobile, but result is same, still got |
|
OK, the error comes from |
|
Happy new year to you.
I'm not that confident to find the problem in the compiler itself. I have changed the signature of the panic in expecting to see that "blabla" instead of "netlinkrib" to no avail. I more believe to find the root of the problem somewhere in these modules, which are bound to my project implicitly: |
|
is |
|
Can you post your changed interface_linux.go please? |
|
Confused. Where is |
|
basically, |
i just reset the code when i found it's not working as excepted. but it's same with this, to resolve build issue, change: os.IsPermission(err) to if e, ok := err.(Errno); !ok && !e.Is(oserror.ErrPermission) {
return nil, err
}as |
|
I really have doubts that this is the right place for the change. I can't see any reaction of the code other than that permission error, regardless of how I change the things. |
I agree, /usr/local/go is the path for Ubuntu, but there is no libexec. One thing is maybe wrong on my side. I cloned the sources to ~/home/goroot. I applied the changes in that dir and ran from src/all.bash. The results are two binaries in ~/home/goroot/bin: go and gofmt. I just copied those two bins to /usr/local/go/bin. Should I apply the changes in /usr/local/go instead? |
|
No, not working either... (base) ubuntu@simulator:/usr/local/go/src$ ./all.bash |
|
I'm going to drop this. I'm not the go expert, it is just a means to reach some target, don't like that either. Thanks for your efforts |
|
@neilyoung fixed android 11 netlink issue by modify transport package and created a PR. |
|
You fixed it for pion by replacing |
|
@neilyoung i don't know if tcp listen will works, but if you are using UDP, just change func createMulticastDNS(n transport.Net, mDNSMode MulticastDNSMode, mDNSName string, log logging.LeveledLogger) (*mdns.Conn, MulticastDNSMode, error) {
if mDNSMode == MulticastDNSModeDisabled {
return nil, mDNSMode, nil
}
// addr, mdnsErr := n.ResolveUDPAddr("udp4", mdns.DefaultAddress)
// if mdnsErr != nil {
// return nil, mDNSMode, mdnsErr
// }
l, mdnsErr := net.Listen("unixgram", mdns.DefaultAddress)
// l, mdnsErr := n.ListenUDP("udp4", addr)
if mdnsErr != nil {
// If ICE fails to start MulticastDNS server just warn the user and continue
log.Errorf("Failed to enable mDNS, continuing in mDNS disabled mode: (%s)", mdnsErr)
return nil, MulticastDNSModeDisabled, nil
}
switch mDNSMode {
case MulticastDNSModeQueryOnly:
conn, err := mdns.Server(ipv4.NewPacketConn(l.(net.PacketConn)), &mdns.Config{})
return conn, mDNSMode, err
case MulticastDNSModeQueryAndGather:
conn, err := mdns.Server(ipv4.NewPacketConn(l.(net.PacketConn)), &mdns.Config{
LocalNames: []string{mDNSName},
})
return conn, mDNSMode, err
default:
return nil, mDNSMode, nil
}
} |
|
Thanks for your patience, very much appreciated. I need to listen to a UnixSocket. BTW: This link doesn't work for me github.com/pion/ice/v2@v2.3.11/mdns.go, could you please double check? |
sorry, that's my local path, the package is |
|
Not a problem. What I can't currently see is this:
Say, I would be able to have a local copy of the PION webrtc which is patched with your PRs. How could I make LifeKit server SDK use this version instead of the web based versions? Would that be only a matter of replacing some dependencies in my go.mod? This is my current go.mod (which doesn't work with Android 11+ devices): As said, I'm an absolute GO newbie. I suppose I would have to replace at least this |
|
append to your replace github.com/pion/transport/v2 => /local/path/to/transport/v2
replace github.com/pion/transport/v3 => /local/path/to/transport/v3
replace github.com/pion/ice/v2 => /local/path/to/ice/v2
replace github.com/pion/ice/v3 => /local/path/to/ice/v3
or you just modify package which go get downloaded. i test my code with that way, it's simple, but not elegant. |
I suppose those would be overwritten with each |
not really, you can append replace code or find transport and ice package in your local and modify source code directly. |
Thanks. Learning something. BTW: The initial compiler change is off the table, right? I mean the |
|
@neilyoung Okay, I didn't use gomobile, I implemented it through cgo + ndk. I aslo encountered a network error in android > 11, but this method can solve it. I posted it for everyone. |
|
@itpan8067 And have you been using PION WebRTC? I m not sure if GOMOBILE is to blame, but for sure PION and this patch is not working at least not even with the simplest sample code mentioned in the beginning of this thread |
I do use pion webrtc. and my import is as follows: compile into a dynamic library and reference .so/.h by Android NDK。 |
|
Would be awesome if you could try your module with this code instead: https://github.com/pion/webrtc/blob/master/examples/custom-logger/main.go This example did not work here after the mentioned compiler patch. TIA |
|
In the meantime I will try to return to the mentioned compiler patch and make the transport patch at least obsolote. |
|
@itpan8067 thanks, my friend. your method can fix half of our problems. once it's merged, i'll happy to use it. |
|
@suutaku Agreed so far. But from may WebRTC knowledge mDNS is just an obfuscation of local private web addresses not not let them appear in the ICE negotiations. WebRTC before worked w/o this so it is just higher level privacy bullshit. Disabling it one way or the other you already mentioned shouldn't break everything. I'm still trying to apply this patch and see if this works somehow. |
|
@suutaku One think I could imagine to break w/o MDNS is if you are trying to communicate with Firefox in a local environment only. Firefox by default only delivers MDSN addresses by default. If these are the only candidates and the GO side cannot cope with this due to the hack, the connection might not be properly established. But AFAIK all browsers have away to disable local address obfuscation by some flag |
I simply wrote a demo, hope it will be helpful to you. https://github.com/itpan8067/customloggerdemo |
|
@itpan8067 Thank you very much. Meanwhile I can confirm your claim here
The reason why it works now and not a couple of days ago - unclear. But I must have made some mistakes. At least now it is no longer necessary to patch PION At least this makes the problem easier to handle. I have a contact to @wlynxg, will inform him. BTW: Why aren't u using GOMOBILE? It seems to be easier to use instead of messing with JNI and NDK, IMHO. |
|
One thing remains. I see a bunch of these traces on Android in proximity to ICE negotiation. But it works seemingly |
neilyoung
changed the title
|
this bcs UPD not bind but android not returned any error message, just warning logs, so GO side didn't know what happened and continue use a broken mDNS service. but in your network environment, that's fine. |
|
You mean the errors I see? |
yes. it's come from ListenUDP, if you disabled mDNS, it's gone. |
|
OK, but despite the fact, that MDNS will not work: Can you confirm, that just applying the compiler PR now seems to be sufficient to overcome the "permission" issue. And that - except for MDNS - there need to be no patch required for |
|
if compiler PR patched, we don't need changes for ice and transport. |
|
Where do you see the MDNS problem? In the GO module for outgoing MDNS candidates or for incoming candidates? Looks like for incoming, right? |
|
Something like oncandidate callback not called. Tomorrow i will put more details with my office network environment. |
What is this app supposed to do? I was running it on my OnePlus. Nothing happened so far. Just this as trace. Pressed START and SEND, not sure what shall happen. At least I see the same traces I saw w.r.t the avc denied issue |
https://github.com/itpan8067/customloggerdemo This project will write logs to the phone's SD card. There is a rtc.log file under the root directory of the SD card。 |
offer side (Android): W/Thread-7(28264): type=1400 audit(0.0:784367): avc: denied { bind } for scontext=u:r:untrusted_app_27:s0:c104,c257,c512,c768 tcontext=u:r:untrusted_app_27:s0:c104,c257,c512,c768 tclass=netlink_route_socket permissive=0 app=com..
I/GoLog (28264): interface: dummy0 up|broadcast|running
I/GoLog (28264): interface: rmnet_ims00 up|running
E/GoLog (28264): time="2024-01-05T05:42:19Z" level=info msg="ListenUDP udp4 224.0.0.0:5353"
I/GoLog (28264): doDialTCPProto
E/GoLog (28264): time="2024-01-05T05:42:19Z" level=info msg="ListenUDP udp 192.168.11.172:0"
E/GoLog (28264): time="2024-01-05T05:42:19Z" level=info msg="ListenUDP udp [2408:8568:ff10:5d00:17a7:4fe2:d03e:1b8b]:0"
5
E/GoLog (28264): time="2024-01-05T05:42:19Z" level=info msg="ListenUDP udp4 :0"
E/GoLog (28264): time="2024-01-05T05:42:19Z" level=info msg="write PR"
8
E/GoLog (28264): time="2024-01-05T05:42:19Z" level=info msg="write a signal info"
E/GoLog (28264): time="2024-01-05T05:42:30Z" level=info msg="handle a signal info"Answer side (Chrome): 2
time="2024-01-05T13:42:30+08:00" level=info msg="handle a signal info"
time="2024-01-05T13:42:30+08:00" level=warning msg="candidate:2391061201 1 udp 2130706431 192.168.11.172 58903 typ host"
time="2024-01-05T13:42:30+08:00" level=info msg="handle a signal info"
time="2024-01-05T13:42:30+08:00" level=info msg="write a signal info"
time="2024-01-05T13:42:30+08:00" level=warning msg="candidate:3123749963 1 udp 2130706431 2408:8568:ff10:5d00:17a7:4fe2:d03e:1b8b 40170 typ host"
time="2024-01-05T13:42:30+08:00" level=info msg="handle a signal info"
time="2024-01-05T13:42:30+08:00" level=warning msg="candidate:2089005254 1 udp 1694498815 171.221.144.24 31629 typ srflx raddr 0.0.0.0 rport 50750"
time="2024-01-05T13:42:30+08:00" level=info msg="handle a signal info"
time="2024-01-05T13:42:30+08:00" level=warning msg="candidate:2089005254 1 udp 1694498815 171.221.144.24 29580 typ srflx raddr 0.0.0.0 rport 60344"
time="2024-01-05T13:42:30+08:00" level=info msg="handle a signal info"
time="2024-01-05T13:42:30+08:00" level=warning msg="candidate:2089005254 1 udp 1694498815 171.221.144.24 28684 typ srflx raddr 0.0.0.0 rport 49371"
time="2024-01-05T13:42:30+08:00" level=info msg="handle a signal info"
time="2024-01-05T13:42:30+08:00" level=warning msg="candidate:2089005254 1 udp 1694498815 171.221.144.24 31884 typ srflx raddr 0.0.0.0 rport 33885"
time="2024-01-05T13:42:30+08:00" level=info msg="handle a signal info"
2
time="2024-01-05T13:42:30+08:00" level=info msg="write a signal info"
time="2024-01-05T13:42:30+08:00" level=warning msg="candidate:2089005254 1 udp 1694498815 171.221.144.24 32269 typ srflx raddr 0.0.0.0 rport 34987"
3
time="2024-01-05T13:42:30+08:00" level=info msg="write a signal info"
time="2024-01-05T13:43:00+08:00" level=info msg="read signaling info error failed to read JSON message: failed to read: use of closed network connection"connection can not create until timeout. this only happed on my office and the network be like: graph TD
router --> sub_router_1
router --> sub_router_2
sub_router_1 --> android
sub_router_2 --> chrome
BTW, change Chrome as offer side, Android as answer side, everything will be OK. |
This multicast address is nonsense IMHO... Both parties exchange host candidates in the local network, that should work from the paper.
Strange too...
How does that come? Do you have a log of the SDP/ICE back and forth? EDIT: The port of the offering local candidate looks ugly... Never seen 0 here... |
|
This was fixed by pion/transport@3ba6182 |
|
for the v4 version, first need call |
Your environment.
What did you do?
I did choose https://github.com/pion/webrtc/tree/master/examples/custom-logger
Took the code from
main.goand used it to build an *.AAR to import that into my Android app.Mainwas exportedAndroid called
Mainand this is what I got:What did you expect?
I think there should be no permission issue. This permission thing btw is only affecting Android devices with Android > 10 (as documented in the Android SDK). I don't know who has to work around, I would just like to raise this problem (and of course get a solution on a longer run, if possible)
What happened?
Permission issue as shown above, likely because of the new restrictions introduced by Android SDK 30. More details in discussions:
#2636 Permission issue with PION WebRTC under GOMOBILE Android >= 11
https://github.com/[pion/webrtc](https://github.com/pion/webrtc)|pion/webrtcpion/webrtc | 13. Dez. | Hinzugefügt von GitHub
The text was updated successfully, but these errors were encountered: