<div dir="ltr"><div><div>FYI (but I think you CCed yourself on the issue ticket right?)<br><br></div>Copying the system toybox into my app makes it work.<br>So it seems to be related to how the system toybox is build (NDK toolchain?) and my toybox is build (musl libc).<br><br></div>~Matthias<br></div><div class="gmail_extra"><br><div class="gmail_quote">2017-04-15 13:52 GMT+02:00 darken <span dir="ltr"><<a href="mailto:darken@darken.eu" target="_blank">darken@darken.eu</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Created an issue ticket for this on the Android O tracker:<br><a href="https://issuetracker.google.com/issues/37369410" target="_blank">https://issuetracker.google.<wbr>com/issues/37369410</a><br></div><div><span class=""><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>You could try disabling seccomp in Zygote:</div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><a href="https://android.googlesource.com/platform/frameworks/base/+/o-preview/core/java/com/android/internal/os/ZygoteInit.java#696" target="_blank">https://android.googlesource.c<wbr>om/platform/frameworks/base/+/<wbr>o-preview/core/java/com/androi<wbr>d/internal/os/ZygoteInit.java#<wbr>696</a></blockquote><div><br></div></span><div>I would have to compile my own Pixel Android O ROM for that though right?<br><br></div><div>~Matthias <br></div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2017-04-15 0:02 GMT+02:00 Steve Muckle <span dir="ltr"><<a href="mailto:smuckle@google.com" target="_blank">smuckle@google.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div class="gmail_quote">Hi Matthias,</div><div class="gmail_quote"><br></div><div class="gmail_quote"><span>On Thu, Apr 13, 2017 at 2:13 PM, darken <span dir="ltr"><<a href="mailto:darken@darken.eu" target="_blank">darken@darken.eu</a>></span> wrot<wbr>e:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="auto"><div>I'm not sure how to use strace, how do I get a strace binary into the Android O image?<br></div><div dir="ltr"><br>Can't reproduce it on the X86 Android O emulator image.<br>But can reproduce it on my Pixel running Android O.<br></div></div><div>Tried the latest toybox build too but it's not the build, and when running it as shell user (adb) it works:<br></div><div class="gmail_extra"><div dir="ltr"><br>> sailfish:/data/local/tmp $ ./toybox_new find '/data/local/tmp' -maxdepth 0 -print0 | ./toybox_new xargs -0 echo<br>> /data/local/tmp<br>> sailfish:/data/local/tmp $ ./toybox_old find '/data/local/tmp' -maxdepth 0 -print0 | ./toybox_old xargs -0 echo<br>> /data/local/tmp<br>> sailfish:/data/local/tmp $ ./toybox_new --version<br>> toybox 0.7.3-37-g04940678c81a<br>> sailfish:/data/local/tmp $ ./toybox_old --version<br>> toybox 0.7.2-37-g109a28b8a749<br><br></div><div>So it works as shell user, but not as app user.<br>But it also works if the app runs the native toybox from /system.<br>Is this some kind of SELinux issue? <br>Preventing xargs from forking processes or something like that?<br><br></div>Why would it work on the emulator though...<br></div></div></blockquote><div><br></div></span><div>This sounds like it may be seccomp, a Linux kernel facility for restricting the set of system calls a process may make. It is enforced at the zygote level so would affect attempts from apps but presumably not the shell. It is configured with the list of system calls in bionic (SYSCALLS.TXT) as well as a whitelist (SECCOMP_WHITELIST.TXT):</div><div><br></div><div><a href="https://android.googlesource.com/platform/bionic/+/o-preview/libc/" target="_blank">https://android.googlesource.c<wbr>om/platform/bionic/+/o-preview<wbr>/libc/</a><br></div><div><br></div><div>These lists are architecture specific. This is where seccomp was enforced at the zygote level:</div><div><br></div><div><a href="https://android.googlesource.com/platform/system/core/+/c4af05f8a3d67b9a4288a2b37c7fc16755497f6b" target="_blank">https://android.googlesource.c<wbr>om/platform/system/core/+/c4af<wbr>05f8a3d67b9a4288a2b37c7fc16755<wbr>497f6b</a></div><div><br></div><div>You could try disabling seccomp in Zygote:</div><div><a href="https://android.googlesource.com/platform/frameworks/base/+/o-preview/core/java/com/android/internal/os/ZygoteInit.java#696" target="_blank">https://android.googlesource.c<wbr>om/platform/frameworks/base/+/<wbr>o-preview/core/java/com/androi<wbr>d/internal/os/ZygoteInit.java#<wbr>696</a><br></div><div><br></div><div>cheers,</div><div>Steve</div><div><br></div><div><br></div></div></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>