[Bug]: Termux app doesn't open when it's installed as a system app.

[MdHusainhfz]

Problem description

I installed Termux app as a system app in /system/app/Termux/Termux.apk and after rebooting, the app isn't opening, it closes every time showing notification 'Termux Crash Report'.

Copied Crash Report below

##Report Info

User Action: crash report
Sender: TermuxActivity
Report Timestamp: 2021-12-02 19:33:24 UTC

##Crash Details

Crash Thread: Thread[Thread-3,5,main]
Crash Timestamp: 2021-12-02 19:33:18 UTC

Crash Message:

dlopen failed: library "libtermux-bootstrap.so" not found

##Stacktrace

java.lang.UnsatisfiedLinkError: dlopen failed: library "libtermux-bootstrap.so" not found
	at java.lang.Runtime.loadLibrary0(Runtime.java:1087)
	at java.lang.Runtime.loadLibrary0(Runtime.java:1008)
	at java.lang.System.loadLibrary(System.java:1664)
	at com.termux.app.TermuxInstaller.loadZipBytes(TermuxInstaller.java:285)
	at com.termux.app.TermuxInstaller$1.run(TermuxInstaller.java:117)

##Termux App Info

APP_NAME: Termux
PACKAGE_NAME: com.termux
VERSION_NAME: 0.117
VERSION_CODE: 117
TARGET_SDK: 28
IS_DEBUG_BUILD: false
APK_RELEASE: F-Droid
SIGNING_CERTIFICATE_SHA256_DIGEST: 228FB2CFE90831C1499EC3CCAF61E96E8E1CE70766B9474672CE427334D41C42

###Device Info

##Software

OS_VERSION: 3.18.140-ge398035aa645
SDK_INT: 30
RELEASE: 11
ID: RQ3A.211001.001
DISPLAY: lineage_a7y17lte-userdebug 11 RQ3A.211001.001 10037124
INCREMENTAL: 10037124
SECURITY_PATCH: 2021-11-05
IS_DEBUGGABLE: 0
IS_TREBLE_ENABLED: false
TYPE: user
TAGS: release-keys

##Hardware

MANUFACTURER: samsung
BRAND: samsung
MODEL: SM-A720F
PRODUCT: lineage_a7y17lte
BOARD: universal7880
HARDWARE: samsungexynos7880
DEVICE: a7y17lte
SUPPORTED_ABIS: arm64-v8a, armeabi-v7a, armeabi

Steps to reproduce the behavior.

Install Termux as a system app, and open Termux app.

What is the expected behavior?

Run Termux app normally.

System information

• Termux application version: 0.117
• Android OS version: 11 (LineageOS 18.1)
• Device model: Galaxy A7 (2017)

[Grimler91]

Yes, that won't work. Termux needs to be installed to /data/data/com.termux/files/usr

[agnostic-apollo]

You would need to extract/overlay termux native libs in the apk at /system/app/Termux/lib with proper ownership/permissions as done in /data/app/com.termux*/lib if installed as user app.

[MdHusainhfz]

You would need to extract/overlay termux native libs in the apk at /system/app/Termux/lib with proper ownership/permissions as done in /data/app/com.termux*/lib if installed as user app.

Hmm, right. (I forgot that)
But there are another issue, see screenshot

[agnostic-apollo]

Check or post android logcat. Run adb shell logcat -d > logcat.txt on pc after error shows. Look for avc denial entries. If posting best remove any private info you see.

[MdHusainhfz]

Check or post android logcat. Run adb shell logcat -d > logcat.txt on pc after error shows. Look for avc denial entries. If posting best remove any private info you see.

12-03 15:23:16.989 6220 6302 I Termux:TermuxInstaller: Moving prefix staging to prefix directory.
12-03 15:23:16.990 6220 6302 I Termux:TermuxInstaller: Bootstrap packages installed successfully.
12-03 15:23:16.992 6220 6220 W Termux:SharedProperties: Not loading properties since file is null

12-03 15:23:17.029 6472 6472 W com.termux: type=1400 audit(0.0:186): avc: denied { execute_no_trans } for path="/data/data/com.termux/files/usr/bin/login" dev="mmcblk0p25" ino=393156 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:privapp_data_file:s0:c512,c768 tclass=file permissive=0 app=com.termux

12-03 15:23:17.029 6472 6472 W com.termux: type=1300 audit(0.0:186): arch=c00000b7 syscall=221 success=no exit=-13 a0=77682851d0 a1=774823e110 a2=77b823fd60 a3=20 items=0 ppid=6220 auid=4294967295 uid=10178 gid=10178 euid=10178 suid=10178 fsuid=10178 egid=10178 sgid=10178 fsgid=10178 tty=pts0 ses=4294967295 exe="/system/bin/app_process64" subj=u:r:priv_app:s0:c512,c768 key=(null) app=com.termux
12-03 15:23:17.029 2632 2632 W auditd : type=1327 audit(0.0:186): proctitle="com.termux"
12-03 15:23:17.029 2632 2632 W auditd : type=1320 audit(0.0:186):
12-03 15:23:17.048 6220 6220 D CompatibilityChangeReporter: Compat change id reported: 147798919; UID 10178; state: DISABLED
12-03 15:23:17.060 2774 2829 E BufferQueueProducer: com.termux/com.termux.app.TermuxActivity#1 disconnect: not connected (req=1)
12-03 15:23:17.060 6220 6262 W libEGL : EGLNativeWindowType 0x78b82366d0 disconnect failed
12-03 15:23:17.113 6220 6220 W Termux:SharedProperties: Not loading properties since file is null
12-03 15:23:17.135 0 0 E I[3: swapper/3: 0] mif: LNK RX: fc eb 17 00 | 13 00 0d 00 07 06 03 74 63 63 00 74 0c c8 00 07 ff ff ff ff

12-03 15:23:23.779 6220 6220 W com.termux: type=1400 audit(0.0:188): avc: denied { ioctl } for path="socket:[42028]" dev="sockfs" ino=42028 ioctlcmd=5414 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:system_server:s0 tclass=unix_stream_socket permissive=0 app=com.termux

[agnostic-apollo]

It android 10 (targetSdkVersion > 28) W^X restrictions do not allow privapp_data_file to be executed even if you don't sign with platform key, like done in #2189. Only exemptions are added for app_data_file in private/untrusted_app_{25|27}.te and not privapp_data_file. So installing termux as system app won't be possible on android 10+, unless you patch the selinux policy with magiskpolicy/supolicy.

[MdHusainhfz]

It seems android 10 (targetSdkVersion > 28) W^X restrictions do not allow privapp_data_file to be executed even if you don't sign with platform key, like done in #2189. Only exemptions are added for app_data_file in private/untrusted_app_{25|27}.te and not privapp_data_file. So installing termux as system app won't be possible on android 10+, unless you patch the selinux policy with magiskpolicy/supolicy.

How to add apps in selinux whitelist?, any documentation, plz help

[agnostic-apollo]

I haven't tested the following since I currently don't have nor have access to a physical android 10 device but...

Following should work to bypass W^X restrictions on android 10+. You will have to run following on every boot before termux login shell is started. You can run commands from failsafe session since it executes /system/bin/sh.

W com.termux: type=1400 audit(0.0:186): avc: denied { execute_no_trans } for path="/data/data/com.termux/files/usr/bin/login" dev="mmcblk0p25" ino=393156 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:privapp_data_file:s0:c512,c768 tclass=file permissive=0

If termux is installed as a system app but not signed with platform key and is assigned the priv_app domain. (your case)

su -c 'supolicy --live "allow priv_app privapp_data_file file execute_no_trans"'

W com.termux: type=1400 audit(0.0:24064): avc: denied { execute_no_trans } for path="/data/data/com.termux/files/usr/bin/login" dev="vdc" ino=123444 scontext=u:r:untrusted_app:s0:c135,c256,c512,c768 tcontext=u:object_r:app_data_file:s0:c135,c256,c512,c768 tclass=file permissive=0

If termux uses targetSdkVersion > 28 and is installed as a normal user app and is assigned the untrusted_app domain or if termux uses targetSdkVersion 29 and running on android >= 30 and is assigned untrusted_app_29 domain.

su -c 'supolicy --live "allow untrusted_app_29 app_data_file file execute_no_trans" "allow untrusted_app app_data_file file execute_no_trans"'

In future android version, even more untrusted_app_* domains may be created like for example untrusted_app_31, which then will also need to be patched. Currently, only untrusted_app_25, untrusted_app_27, untrusted_app_29 and untrusted_app exist in android 12.

W/com.termux: type=1400 audit(0.0:1245): avc: denied { execute } for name="login" dev="dm-8" ino=644006 scontext=u:r:system_app:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=file permissive=0

If termux is installed as a system app and is signed with platform key and uses sharedUserId=com.android.system and is assigned the system_app domain, like in termux/termux-app#2189. We also need to allow execute permission for below in addition to execute_no_trans since its not allowed, like it is for untrusted_app and priv_app domains.

su -c 'supolicy --live "allow system_app system_app_data_file file execute" "allow system_app system_app_data_file file execute_no_trans"'

If termux is installed as a system app and is signed with platform key but does not use sharedUserId=com.android.system and is assigned the platform_app domain.

su -c 'supolicy --live "allow platform_app app_data_file file execute" "allow platform_app app_data_file file execute_no_trans"'

• https://github.com/topjohnwu/Magisk/blob/master/docs/tools.md#magiskpolicy
• https://su.chainfire.eu/#selinux-policies-supolicy
• 4.4.1.3. SELinux Specific Permissions (libgen)

Note that if you patch the selinux policy, exemptions will be granted to all apps for the domain and not just termux, so use at your own risk!

[dpnkrmaurya]

Same problem.
Device: Micromax Bharat 5 pro

[agnostic-apollo]

su -c 'supolicy --live "allow untrusted_app_29 app_data_file file execute_no_trans" "allow untrusted_app app_data_file file execute_no_trans"'

This is confirmed to be working on android 11 if termux uses targetSdkVersion 29 or 30.