Debuggerd now outputs the offset of libc.so on the device as a separate item.

Change-Id: I350c9ddb496a76d1ee897ae84893bf0e86abd45c
This commit is contained in:
Hristo Bojinov 2010-08-27 14:00:57 -07:00
parent fa5a26885c
commit c031a3b006
1 changed files with 69 additions and 0 deletions

View File

@ -40,6 +40,7 @@
#include <private/android_filesystem_config.h>
#include <byteswap.h>
#include "utility.h"
#ifdef WITH_VFP
@ -354,6 +355,73 @@ void dump_crash_banner(int tfd, unsigned pid, unsigned tid, int sig)
if(sig) dump_fault_addr(tfd, tid, sig);
}
/* After randomization (ASLR), stack contents that point to randomized
* code become uninterpretable (e.g. can't be resolved to line numbers).
* Here, we bundle enough information so that stack analysis on the
* server side can still be performed. This means we are leaking some
* information about the device (its randomization base). We have to make
* sure an attacker has no way of intercepting the tombstone.
*/
typedef struct {
int32_t mmap_addr;
char tag[4]; /* 'P', 'R', 'E', ' ' */
} prelink_info_t __attribute__((packed));
static inline void set_prelink(long *prelink_addr,
prelink_info_t *info)
{
// We will assume the binary is little-endian, and test the
// host endianness here.
unsigned long test_endianness = 0xFF;
if (sizeof(prelink_info_t) == 8 && prelink_addr) {
if (*(unsigned char *)&test_endianness)
*prelink_addr = info->mmap_addr;
else
*prelink_addr = bswap_32(info->mmap_addr);
}
}
static int check_prelinked(const char *fname,
long *prelink_addr)
{
*prelink_addr = 0;
if (sizeof(prelink_info_t) != 8) return 0;
int fd = open(fname, O_RDONLY);
if (fd < 0) return 0;
off_t end = lseek(fd, 0, SEEK_END);
int nr = sizeof(prelink_info_t);
off_t sz = lseek(fd, -nr, SEEK_CUR);
if ((long)(end - sz) != (long)nr) return 0;
if (sz == (off_t)-1) return 0;
prelink_info_t info;
int num_read = read(fd, &info, nr);
if (num_read < 0) return 0;
if (num_read != sizeof(info)) return 0;
int prelinked = 0;
if (!strncmp(info.tag, "PRE ", 4)) {
set_prelink(prelink_addr, &info);
prelinked = 1;
}
if (close(fd) < 0) return 0;
return prelinked;
}
void dump_randomization_base(int tfd, bool at_fault) {
bool only_in_tombstone = !at_fault;
long prelink_addr;
check_prelinked("/system/lib/libc.so", &prelink_addr);
_LOG(tfd, only_in_tombstone,
"\nlibc base address: %08x\n", prelink_addr);
}
/* End of ASLR-related logic. */
static void parse_elf_info(mapinfo *milist, pid_t pid)
{
mapinfo *mi;
@ -439,6 +507,7 @@ void dump_crash_report(int tfd, unsigned pid, unsigned tid, bool at_fault)
dump_pc_and_lr(tfd, tid, milist, stack_depth, at_fault);
}
dump_randomization_base(tfd, at_fault);
dump_stack_and_code(tfd, tid, milist, stack_depth, sp_list, at_fault);
while(milist) {