Android R: fix bootloop

- use sandhook-native to hook linker
 - symbol fix

appveyor.yml

@@ -1,4 +1,4 @@
-version: '0.4.6.3 ({build})'
+version: '0.5.0.0 ({build})'
 
 environment:
   ANDROID_HOME: C:\android-sdk-windows

edxp-core/.gitignore

@@ -4,5 +4,6 @@
 /obj
 /release
 /template_override/module.prop
+/template_override/system
 /template_override/system_x86
 *.iml

edxp-core/build.gradle

@@ -4,7 +4,7 @@ import org.gradle.internal.os.OperatingSystem
 apply plugin: 'com.android.library'
 
 // Values set here will be overriden by AppVeyor, feel free to modify during development.
-def buildVersionName = 'v0.4.6.3'
+def buildVersionName = 'v0.5.0.0'
 def buildVersionCode = 233
 
 if (System.env.APPVEYOR_BUILD_VERSION != null) {

edxp-core/src/main/cpp/main/include/art/runtime/oat_file_manager.h

@@ -14,13 +14,10 @@ namespace art {
         // http://androidxref.com/9.0.0_r3/xref/art/runtime/oat_file_manager.cc#637
         static void DisableOnlyUseSystemOatFiles(void *handle, HookFunType hook_func) {
             const int api_level = GetAndroidApiLevel();
-            if (api_level == ANDROID_P) {
+            if (api_level >= ANDROID_P) {
                 HOOK_FUNC(SetOnlyUseSystemOatFiles,
-                          "_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEv");
+                          "_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEv", // 9 & 11
-            }
+                          "_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEbb"); // 10
-            if (api_level == ANDROID_Q) {
-                HOOK_FUNC(SetOnlyUseSystemOatFiles,
-                          "_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEbb");
             }
         };
 

edxp-core/src/main/cpp/main/include/config.h

@@ -29,20 +29,23 @@ namespace edxp {
 
     static constexpr auto kLibArtName = "libart.so";
     static constexpr auto kLibFwkName = "libandroid_runtime.so";
+    static constexpr auto kLibFwName = "libandroidfw.so";
     static constexpr auto kLibWhaleName = "libwhale.edxp.so";
     static constexpr auto kLibSandHookName = "libsandhook.edxp.so";
+    static constexpr auto kLibSandHookNativeName = "libsandhook-native.so";
 
-    static const auto kLibBasePath = std::string(LP_SELECT("/system/lib/", "/system/lib64/"));
+    static const auto kLibBasePath = std::string(
-    static const auto kLibRuntimeBasePath = std::string(
+            LP_SELECT("/system/lib/",
-            LP_SELECT("/apex/com.android.runtime/lib/", "/apex/com.android.runtime/lib64/"));
+                      "/system/lib64/"));
-
+    static const auto kLinkerPath = std::string(
-    static const auto kLibArtPath =
+            LP_SELECT("/apex/com.android.runtime/bin/linker",
-            (GetAndroidApiLevel() >= ANDROID_Q ? kLibRuntimeBasePath : kLibBasePath) + kLibArtName;
+                      "/apex/com.android.runtime/bin/linker64"));
 
+    static const auto kLibArtLegacyPath = kLibBasePath + kLibArtName;
     static const auto kLibWhalePath = kLibBasePath + kLibWhaleName;
     static const auto kLibSandHookPath = kLibBasePath + kLibSandHookName;
-    static const auto kLibFwPath = kLibBasePath + "libandroidfw.so";
+    static const auto kLibSandHookNativePath = kLibBasePath + kLibSandHookNativeName;
-    static const auto kLibDlPath = kLibBasePath + "libdl.so";
+    static const auto kLibFwPath = kLibBasePath + kLibFwName;
     static const auto kLibFwkPath = kLibBasePath + kLibFwkName;
 
     inline const char *const BoolToString(bool b) {

edxp-core/src/main/cpp/main/src/native_hook.cpp

@@ -21,18 +21,21 @@
 
 namespace edxp {
 
-    static bool installed = false;
+    static volatile bool installed = false;
-    static bool art_hooks_installed = false;
+    static volatile bool art_hooks_installed = false;
-    static bool fwk_hooks_installed = false;
+    static volatile bool fwk_hooks_installed = false;
     static HookFunType hook_func = nullptr;
 
     void InstallArtHooks(void *art_handle);
 
     void InstallFwkHooks(void *fwk_handle);
 
+    bool InstallLinkerHooks(const char *linker_path);
+
     CREATE_HOOK_STUB_ENTRIES(void *, mydlopen, const char *file_name, int flags,
+                             const void *ext_info,
                              const void *caller) {
-        void *handle = mydlopenBackup(file_name, flags, caller);
+        void *handle = mydlopenBackup(file_name, flags, ext_info, caller);
         if (file_name != nullptr && std::string(file_name).find(kLibArtName) != std::string::npos) {
             InstallArtHooks(handle);
         }
@@ -66,12 +69,10 @@ namespace edxp {
         }
         hook_func = reinterpret_cast<HookFunType>(hook_func_symbol);
 
-        if (api_level > ANDROID_P) {
+        if (api_level >= ANDROID_Q) {
-            ScopedDlHandle dl_handle(kLibDlPath.c_str());
+            InstallLinkerHooks(kLinkerPath.c_str());
-            void *handle = dl_handle.Get();
-            HOOK_FUNC(mydlopen, "__loader_dlopen");
         } else {
-            ScopedDlHandle art_handle(kLibArtPath.c_str());
+            ScopedDlHandle art_handle(kLibArtLegacyPath.c_str());
             InstallArtHooks(art_handle.Get());
         }
 
@@ -79,11 +80,39 @@ namespace edxp {
         InstallFwkHooks(fwk_handle.Get());
     }
 
+    bool InstallLinkerHooks(const char *linker_path) {
+        void *handle = dlopen(kLibSandHookNativePath.c_str(), RTLD_NOW);
+
+        if (!handle) {
+            LOGI("Failed to open libsandhook-native");
+            return false;
+        }
+
+        auto getSym = reinterpret_cast<void *(*)(const char *, const char *)>(dlsym(handle,
+                                                                                    "SandGetSym"));
+        if (!getSym) {
+            LOGI("SandGetSym is null");
+            return false;
+        }
+
+        auto dlopen_symbol = "__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv";
+        void *dlopen_addr = getSym(linker_path, dlopen_symbol);
+        if (dlopen_addr) {
+            hook_func(dlopen_addr, (void *) mydlopenReplace,
+                      (void **) &mydlopenBackup);
+            LOGI("dlopen hooked");
+            return true;
+        }
+
+        LOGI("dlopen_addr is null");
+        return false;
+    }
+
     void InstallArtHooks(void *art_handle) {
         if (art_hooks_installed) {
             return;
         }
-        if (ConfigManager::GetInstance() -> IsHiddenAPIBypassEnabled()) {
+        if (ConfigManager::GetInstance()->IsHiddenAPIBypassEnabled()) {
             art::hidden_api::DisableHiddenApi(art_handle, hook_func);
         }
         art::Runtime::Setup(art_handle, hook_func);

edxp-core/template_override/customize.sh

@@ -295,10 +295,12 @@ mv "${MODPATH}/system/framework/eddexmaker.jar" "${MODPATH}/system/framework/${J
 mv "${MODPATH}/system/framework/edconfig.jar" "${MODPATH}/system/framework/${JAR_EDCONFIG}"
 mv "${MODPATH}/system/lib/libriru_edxp.so" "${MODPATH}/system/lib/${LIB_RIRU_EDXP}"
 mv "${MODPATH}/system/lib/libwhale.edxp.so" "${MODPATH}/system/lib/${LIB_WHALE_EDXP}"
+mv "${MODPATH}/system/lib/libsandhook-native.so" "${MODPATH}/system/lib/libsandhook-native.so"
 
 if [[ "${IS64BIT}" == true ]]; then
     mv "${MODPATH}/system/lib64/libriru_edxp.so" "${MODPATH}/system/lib64/${LIB_RIRU_EDXP}"
     mv "${MODPATH}/system/lib64/libwhale.edxp.so" "${MODPATH}/system/lib64/${LIB_WHALE_EDXP}"
+    mv "${MODPATH}/system/lib64/libsandhook-native.so" "${MODPATH}/system/lib64/libsandhook-native.so"
 fi
 
 if [[ "${VARIANTS}" == "SandHook" ]]; then