Feature: add support for Android R

Author: WaterlooBridge

whale/src/android/android_build.h

@@ -21,6 +21,7 @@
 #define ANDROID_O_MR1                   27
 #define ANDROID_P                       28
 #define ANDROID_Q                       29
+#define ANDROID_R                       30
 
 static inline int32_t GetAndroidApiLevel() {
     char prop_value[PROP_VALUE_MAX];

whale/src/android/art/art_runtime.cc

@@ -54,7 +54,13 @@ bool ArtRuntime::OnLoad(JavaVM *vm, JNIEnv *env, jclass java_class) {
     }
     api_level_ = GetAndroidApiLevel();
     PreLoadRequiredStuff(env);
-    const char *art_path = api_level_ >= ANDROID_Q ? kLibArtPath_Q : kLibArtPath;
+    const char *art_path;
+    if (api_level_ >= ANDROID_R)
+        art_path = kLibArtPath_R;
+    else if (api_level_ >= ANDROID_Q)
+        art_path = kLibArtPath_Q;
+    else
+        art_path = kLibArtPath;
     art_elf_image_ = WDynamicLibOpen(art_path);
     if (art_elf_image_ == nullptr) {
         LOG(ERROR) << "Unable to read data from libart.so.";
@@ -72,6 +78,7 @@ bool ArtRuntime::OnLoad(JavaVM *vm, JNIEnv *env, jclass java_class) {
     u4 expected_access_flags = kAccPrivate | kAccStatic | kAccNative;
     if (api_level_ >= ANDROID_Q)
             expected_access_flags |= kAccPublicApi;
+    hookEncodeArtMethod();
     jmethodID reserved0 = env->GetStaticMethodID(java_class, kMethodReserved0, "()V");
     jmethodID reserved1 = env->GetStaticMethodID(java_class, kMethodReserved1, "()V");
 
@@ -511,5 +518,19 @@ void ArtRuntime::FixBugN() {
     is_hooked = true;
 }
 
+jmethodID OnInvokeEncodeMethodId(void *thiz, void *method) {
+    return reinterpret_cast<jmethodID>(method);
+}
+
+void ArtRuntime::hookEncodeArtMethod() {
+    void *symbol = nullptr;
+    symbol = WDynamicLibSymbol(art_elf_image_,
+                               "_ZN3art3jni12JniIdManager14EncodeMethodIdEPNS_9ArtMethodE");
+    if (symbol) {
+        WInlineHookFunction(symbol, reinterpret_cast<void *>(OnInvokeEncodeMethodId),
+                            nullptr);
+    }
+}
+
 }  // namespace art
 }  // namespace whale

whale/src/android/art/art_runtime.h

@@ -18,12 +18,14 @@ static constexpr const char *kAndroidLibDir = "/system/lib64/";
 static constexpr const char *kLibNativeBridgePath = "/system/lib64/libnativebridge.so";
 static constexpr const char *kLibArtPath = "/system/lib64/libart.so";
 static constexpr const char *kLibArtPath_Q = "/apex/com.android.runtime/lib64/libart.so";
+static constexpr const char *kLibArtPath_R = "/apex/com.android.art/lib64/libart.so";
 static constexpr const char *kLibAocPath = "/system/lib64/libaoc.so";
 static constexpr const char *kLibHoudiniArtPath = "/system/lib64/arm64/libart.so";
 #else
 static constexpr const char *kAndroidLibDir = "/system/lib/";
 static constexpr const char *kLibArtPath = "/system/lib/libart.so";
 static constexpr const char *kLibArtPath_Q = "/apex/com.android.runtime/lib/libart.so";
+static constexpr const char *kLibArtPath_R = "/apex/com.android.art/lib/libart.so";
 static constexpr const char *kLibAocPath = "/system/lib/libaoc.so";
 static constexpr const char *kLibHoudiniArtPath = "/system/lib/arm/libart.so";
 #endif
@@ -129,6 +131,8 @@ class ArtRuntime final {
 
     void FixBugN();
 
+    void hookEncodeArtMethod();
+
  private:
     JavaVM *vm_;
     jclass java_class_;

whale/src/android/art/art_symbol_resolver.cc

@@ -106,7 +106,7 @@ bool ArtSymbolResolver::Resolve(void *elf_image, s4 api_level) {
         FIND_SYMBOL(kArt_Object_CloneWithSize, symbols_.Object_CloneWithSize, false);
     }
     if (symbols_.Object_Clone == nullptr) {
-        FIND_SYMBOL(kArt_Object_CloneWithClass, symbols_.Object_CloneWithClass, true);
+        FIND_SYMBOL(kArt_Object_CloneWithClass, symbols_.Object_CloneWithClass, false);
     }
     FIND_SYMBOL(kArt_DecodeJObject, symbols_.Thread_DecodeJObject, true);
     FIND_SYMBOL(kArt_JniEnvExt_NewLocalRef, symbols_.JniEnvExt_NewLocalRef, true);

whale/src/dbi/hook_common.cc

@@ -36,7 +36,7 @@ void InterceptSysCallHook::StartHook() {
     bool stop_foreach = false;
 #if defined(linux)
     ForeachMemoryRange(
-            [&](uintptr_t begin, uintptr_t end, char *perm, char *mapname) -> bool {
+            [&](uintptr_t begin, uintptr_t end, uintptr_t offset, char *perm, char *mapname) -> bool {
                 if (strstr(perm, "x") && strstr(perm, "r")) {
                     if (callback_(mapname, &stop_foreach)) {
                         FindSysCalls(begin, end);

whale/src/platform/linux/process_map.cc

@@ -11,7 +11,7 @@ std::unique_ptr<MemoryRange> FindFileMemoryRange(const char *name) {
     std::unique_ptr<MemoryRange> range(new MemoryRange);
     range->base_ = UINTPTR_MAX;
     ForeachMemoryRange(
-            [&](uintptr_t begin, uintptr_t end, char *perm, char *mapname) -> bool {
+            [&](uintptr_t begin, uintptr_t end, uintptr_t offset, char *perm, char *mapname) -> bool {
                 if (strstr(mapname, name)) {
                     if (range->path_ == nullptr) {
                         range->path_ = strdup(mapname);
@@ -31,23 +31,27 @@ std::unique_ptr<MemoryRange> FindFileMemoryRange(const char *name) {
 std::unique_ptr<MemoryRange> FindExecuteMemoryRange(const char *name) {
     std::unique_ptr<MemoryRange> range(new MemoryRange);
     ForeachMemoryRange(
-            [&](uintptr_t begin, uintptr_t end, char *perm, char *mapname) -> bool {
+            [&](uintptr_t begin, uintptr_t end, uintptr_t offset, char *perm, char *mapname) -> bool {
                 if (strncmp(mapname, "/system/fake-libs/", 18) == 0) {
                     return true;
                 }
-                if (strstr(mapname, name) && strstr(perm, "x") && strstr(perm, "r")) {
-                    range->path_ = strdup(mapname);
-                    range->base_ = begin;
-                    range->end_ = end;
-                    return false;
+                if (strstr(mapname, name)) {
+                    //find the correct base address
+                    if (offset == 0) {
+                        range->path_ = strdup(mapname);
+                        range->base_ = begin;
+                        range->end_ = end;
+                    }
+                    if (strstr(perm, "x"))
+                        return false;
                 }
                 return true;
             });
     return range;
 }
 
 void
-ForeachMemoryRange(std::function<bool(uintptr_t, uintptr_t, char *, char *)> callback) {
+ForeachMemoryRange(std::function<bool(uintptr_t, uintptr_t, uintptr_t offset, char *, char *)> callback) {
     FILE *f;
     if ((f = fopen("/proc/self/maps", "r"))) {
         char buf[PATH_MAX], perm[12] = {'\0'}, dev[12] = {'\0'}, mapname[PATH_MAX] = {'\0'};
@@ -58,7 +62,7 @@ ForeachMemoryRange(std::function<bool(uintptr_t, uintptr_t, char *, char *)> cal
                 break;
             sscanf(buf, "%lx-%lx %s %lx %s %ld %s", &begin, &end, perm,
                    &foo, dev, &inode, mapname);
-            if (!callback(begin - foo, end - foo, perm, mapname)) {
+            if (!callback(begin, end, foo, perm, mapname)) {
                 break;
             }
         }
@@ -69,7 +73,7 @@ ForeachMemoryRange(std::function<bool(uintptr_t, uintptr_t, char *, char *)> cal
 bool IsFileInMemory(const char *name) {
     bool found = false;
     ForeachMemoryRange(
-            [&](uintptr_t begin, uintptr_t end, char *perm, char *mapname) -> bool {
+            [&](uintptr_t begin, uintptr_t end, uintptr_t offset, char *perm, char *mapname) -> bool {
                 if (strstr(mapname, name)) {
                     found = true;
                     return false;

whale/src/platform/linux/process_map.h

@@ -37,7 +37,7 @@ std::unique_ptr<MemoryRange> FindExecuteMemoryRange(const char *name);
 
 std::unique_ptr<MemoryRange> FindFileMemoryRange(const char *name);
 
-void ForeachMemoryRange(std::function<bool(uintptr_t, uintptr_t, char *, char *)> callback);
+void ForeachMemoryRange(std::function<bool(uintptr_t, uintptr_t, uintptr_t, char *, char *)> callback);
 
 }  // namespace whale