-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Bootloop with November 16 security patches #129
Comments
https://github.com/rovo89/XposedBridge/wiki/Bugs Generally, I think it is an known issue, which is caused by the November security patches. You can find some details here aosp-mirror/platform_frameworks_base@186af6a. Sadly there is no solution at the moment, unless you know how to build a rom and revert this commit. Wait, x86 xposed? I think you are saying ARM, otherwise you cannot boot with xposed. |
Jeah.. sorry. Version 86 ARM.. Read 200+ posts on xda. Didnt saw one who pointed Out the November patch. Do somebody know? Can i Just Flash a oder Version of oos (OnePlus) over it and Flash xposed & superSU again? |
I actually didn't know about this issue either, I don't think anyone brought it up on GitHub before. Someone mentioned the security patches, but I thought this was just a very limited issue. Logs would definitely help as I don't have the official ROM installed at the moment. |
@aviraxp Did you/someone already verify that the issue is caused by that commit? |
Not quite sure, but I know that this ROM version contains November security patches, and this commit in the patches, as you see, introduces a whitelist, which does not consider /data/app an open path that zygote is allowed to open, and thus cause the bootloop. It is already confirmed by many people on XDA discussion thread. Someone has already tried to bypass it by always return true for the bool IsWhiteListed, and it seems works, though has some issues. |
Yes, makes sense. Not sure if |
Actually, even to disable this feature would be more work as the check is done before Zygote forks... |
Thanks for your insights, symlinks may make sense, or I think bind-mount is another method?Besides, I have noticed that this commit is merged into Nougat several days ago, so I guess the way of Closed on nougat is longer... |
Bind mounts require that the target file already exists. |
Yes, creating an empty file in advance is fine. Or maybe topjohnwu's magisk works, as it supports creating non-exist files. I will try to play with the possibility these days. |
Nothing of that would be suitable for the official Xposed version though, so I need to find an alternative solution anyway... |
That security update affected the D2VZW CM13 Nightly beginning with the 11 November release. I was able to install the Xposed installer and restart as normal but, after installing a module (any module), then activating that module, that is when the the restart hangs on the CM splash screen (blue guy at the center). Framework for the ARM 86 installed fine without any errors. Just wanted title let you know... |
I think that is:
Coz http://pastebin.com/1e6XNpU6 Also check: https://review.cyanogenmod.org/#/c/170575/ |
@HanabishiRecca Nah, It is upstream AOSP commit that causes this. According to the guy that brought up this commit, he will add more paths to whitelist in the future, but surely not /data/app, which most Xposed modules are in. |
@aviraxp, I mean this is possible solution for Xposed. |
@HanabishiRecca I literally just tried that and it doesn't work - seems like explicit reference to each APK is required. But I'm now trying another approach - I'll just make the whitelist judgement function return true, i.e. whitelist everything. I'll let you know what happens after the build. |
@HanabishiRecca Ah, sorry... Anyway, recompiling rom is needed, which is far from a common user's knowledge. I am going to fully revert this commit in my own rom. |
@aviraxp How? As you probably saw I posted in the XDA Xposed discussion thread, plain |
@AndyCGYan Maybe it is because CM added some lines to whitelist. You can manually check it. |
This would be hacky as hell, but how about making symlink from /data/data/de.robv.android.xposed.installer/files/load.apk to /system/framework/XposedBridge_load.jar upon installation, since every .jar files in /system/framework is allowed? |
That would require modifying /system. This is prevented by read-only partitions and SELinux and would not work on systemless. |
Ugh. |
2nd test complete and successful - device booted with all Xposed modules enabled! For ROM builders: manually edit frameworks/base/core/jni/fd_utils-inl.h, find the method IsWhitelisted() and make it return "true" all the time, so that it whitelists everything. Save, commit, build. This should be easier than trying to revert all future whitelist-related changes (I'm a git beginner so no good at that). EDIT: Arter's description (in #200 above) is more precise and detailed. I'll leave it here nonetheless. |
@AndyCGYan , @arter97 's this commit would be better, arter97/android_frameworks_base@35724b0, as it detects XposedBridge, so it would be more secure for users who doesn't use Xposed. |
@aviraxp Thanks for the heads up, didn't know he also made it available. I'll just pick that in later builds. |
Here's another idea: Maybe Xposed could avoid keeping those files open at all. I assume that this field keeps the file alive: https://android.googlesource.com/platform/libcore/+/android-6.0.1_r74/dalvik/src/main/java/dalvik/system/DexPathList.java#419 |
Yes, i think we can hook and close "zipFile" after "findNativeLibrary" and "findResource" calls and set "initialized" field to false, both methods call "maybeInit();", so i guess we can't expect in which order they will be executed. Unfortunately i can't test it, i don't have a device that runs this sec patch. |
@shakalaca Thanks! It works for me. |
Thanks to Master @shakalaca . |
This is to work around a new security feature introduced by Google in the November 16 patches. It would abort the runtime if files are open that are not whitelisted. To avoid this, we close the files ourselves and reopen them after Zygote has forked. The mechanism is the same that Google has introduced, with a few modifications to fit Xposed's needs. This requires also a change on the native side. Fixes #129.
This is to work around a new security feature introduced by Google in the November 16 patches. It would abort the runtime if files are open that are not whitelisted. To avoid this, we close the files ourselves and reopen them after Zygote has forked. The mechanism is the same that Google has introduced, with a few modifications to fit Xposed's needs. This requires also a change on the native side. Fixes rovo89#129.
This is to work around a new security feature introduced by Google in the November 16 patches. It would abort the runtime if files are open that are not whitelisted. To avoid this, we close the files ourselves and reopen them after Zygote has forked. The mechanism is the same that Google has introduced, with a few modifications to fit Xposed's needs. This requires also a change on the Java side. Fixes rovo89/XposedBridge#129.
@rovo89 |
No, the leak was only present in the test build. It's fixed in the official v87. |
This is to work around a new security feature introduced by Google in the November 16 patches. It would abort the runtime if files are open that are not whitelisted. To avoid this, we close the files ourselves and reopen them after Zygote has forked. The mechanism is the same that Google has introduced, with a few modifications to fit Xposed's needs. This requires also a change on the native side. Fixes rovo89#129.
I'm using Xposed part frequently to write to a created subdir in /data/system/. |
@fda77 Ok, but do you open that file in |
@rovo89: Yes, in initZygote() a service is started which writes eg log file. This file is not closed (but flushed sometimes). Reopen&close for every single line seems for me not very fast |
I agree that reopening a log file for every line you want to write is not good for performance. But doesn't SELinux get in your way when you try to open the file in Zygote or write to it in app processes? It's very strict about such things. And the more important question is: Did the changes by Google break this part of your modules? |
@rovo89, I just wanted to let you know that I had noticed the following line when I had flashed the v87 ARM Framework file: "Zip does not contain SELinux file_contexts file in its root." But, it is active within the installer app and I haven't noticed anything really out of the ordinary (so far). |
Also @rovo89 , did you notice this? zygote: Allow device to append extra whitelisted |
@ibuprophen1 The CM devs specifically said that they would not add Xposed to that. It's strictly for devices that don't support the feature at all without it. |
@josephcsible Add XPosed to what? |
@ibuprophen1 To clarify, you're not the first one who brought up that commit. It's already been discussed and turned out to be useless to Xposed. |
@josephcsible, Thank you for the clarification. |
Not sure, as i hav not yet a ROM with the changes. Nexus 7 is discontinued and latest image by Google is of August 2016 |
@rovo89 ..... i didnt read all of this, so is the fix available ...... I cant get the xposed installer ...... you know the problem her better than me > <..... All i know is after installing the zip my device stucks at "samsung logo"...... all i can do to get the it to boot normally n get me to home screen is uninstall the installed zip. Please let me know when the fix is available |
@mino178, did you ever read the xda forum? Xposed DOES NOT work with samsung firmware. P.S. Samsung firmware is very restricted, if you wanna freedom - just don't buy samsung. |
That's not entirely true @hanabishi. I have xposed running successfully on my Samsung Galaxy S4 and S3 devices. |
@jswinde, Touchwiz ROM + Official Xposed? I don't think so. |
@HanabishiRecca ..... I did read that.... they said S5 note 4 etc r supported... in fact I came here from that page...... this Stuck at Samsung logo is only happenin to device that hv Nov security patch......S4 n s3 r working OK .... even rovo89 said this is cuz of Nov patch .... :'( all I want r the awesome tweaks from xposed |
On s4 n s3 v hv firmware from the Samsung Web, rooted by CF-Auto Root.......n then xposed installed thanks to xda ..... v also hv CWM recovery |
@mino178 Please don't use this issue for discussions! (Go to XDA instead!) >200 People get emails for every post you do here! In addition to that, if you use XPosed v87, it's not about this issue. And I think a Samsung ROM won't have the November 2016 security patches, so there can't be this problem. |
Hi, I've asked on xda as mentioned above, but haven't received a reply. Basically I'm just curious as to know how the testing is going, just a general update. I'm not asking for a release date, just an update. Thanks |
@hallodare, just subscribe to the main Xposed announcement thread on XDA so you'll be notified any time Rovo89 posts new discoveries, progress, and builds. |
I have |
One plus X on 6.0.1 with OOS 3.1.4 [Oxygen OS3 v2.78 SU.zip]( <-maybe problem?) & x86 xposed
Can install and run Xposed but when i want to start a single module i stuck in bootloop.
Tried with diffrent modules like youtube background player, Amplyfy, Gravitybox & More
Also tested v84 - same case.
always flashing uninstaller and reflashing..
i try to make logcats? on wednesday - wish me luck Stay tuned =D
The text was updated successfully, but these errors were encountered: