Add support for symbolicating APK/ZIP-embedded libraries on Android

By default, modern Android build tools will store native libraries
uncompressed, and the [loader][1] will map them directly from the APK
(instead of the package manager extracting them on installation).

This commit adds support for symbolicating these embedded libraries.

To avoid parsing ZIP structures, the offset of the library within the
archive is determined via /proc/self/maps.

[1]: https://cs.android.com/search?q=open_library_in_zipfile&ss=android%2Fplatform%2Fsuperproject%2Fmain

Author: sudoBash418

src/symbolize/gimli.rs

@@ -187,7 +187,7 @@ impl<'data> Context<'data> {
 fn mmap(path: &Path) -> Option<Mmap> {
     let file = File::open(path).ok()?;
     let len = file.metadata().ok()?.len().try_into().ok()?;
-    unsafe { Mmap::map(&file, len) }
+    unsafe { Mmap::map(&file, len, 0) }
 }
 
 cfg_if::cfg_if! {
@@ -269,6 +269,8 @@ struct Cache {
 
 struct Library {
     name: OsString,
+    #[cfg(target_os = "android")]
+    zip_offset: Option<i64>,
     #[cfg(target_os = "aix")]
     /// On AIX, the library mmapped can be a member of a big-archive file.
     /// For example, with a big-archive named libfoo.a containing libbar.so,
@@ -295,17 +297,16 @@ struct LibrarySegment {
     len: usize,
 }
 
-#[cfg(target_os = "aix")]
 fn create_mapping(lib: &Library) -> Option<Mapping> {
-    let name = &lib.name;
-    let member_name = &lib.member_name;
-    Mapping::new(name.as_ref(), member_name)
-}
-
-#[cfg(not(target_os = "aix"))]
-fn create_mapping(lib: &Library) -> Option<Mapping> {
-    let name = &lib.name;
-    Mapping::new(name.as_ref())
+    cfg_if::cfg_if! {
+        if #[cfg(target_os = "aix")] {
+            Mapping::new(lib.name.as_ref(), &lib.member_name)
+        } else if #[cfg(target_os = "android")] {
+            Mapping::new_android(lib.name.as_ref(), lib.zip_offset)
+        } else {
+            Mapping::new(lib.name.as_ref())
+        }
+    }
 }
 
 // unsafe because this is required to be externally synchronized

src/symbolize/gimli/elf.rs

@@ -43,6 +43,45 @@ impl Mapping {
         })
     }
 
+    /// On Android, shared objects can be loaded directly from a
+    /// ZIP archive. For example, an app may load a library from
+    /// `/data/app/com.example/base.apk!/lib/x86_64/mylib.so`
+    ///
+    /// `zip_offset` should be page-aligned; the dynamic linker
+    /// requires this when it loads libraries.
+    #[cfg(target_os = "android")]
+    pub fn new_android(path: &Path, zip_offset: Option<i64>) -> Option<Mapping> {
+        fn map_embedded_library(path: &Path, zip_offset: i64) -> Option<Mapping> {
+            // get path of ZIP archive (delimited by `!/`)
+            let raw_path = path.as_os_str().as_bytes();
+            let zip_path = raw_path
+                .windows(2)
+                .enumerate()
+                .find(|(_, chunk)| chunk == b"!/")
+                .map(|(index, _)| Path::new(OsStr::from_bytes(raw_path.split_at(index).0)))?;
+
+            let file = fs::File::open(zip_path).ok()?;
+            let len: usize = file.metadata().ok()?.len().try_into().ok()?;
+
+            // NOTE: we map the remainder of the entire archive instead of just the library so we don't have to determine its length
+            // NOTE: mmap will fail if `zip_offset` is not page-aligned
+            let map = unsafe {
+                super::mmap::Mmap::map(&file, len - usize::try_from(zip_offset).ok()?, zip_offset)
+            }?;
+
+            Mapping::mk(map, |map, stash| {
+                Context::new(stash, Object::parse(&map)?, None, None)
+            })
+        }
+
+        // if ZIP offset is given, try mapping as a ZIP-embedded library
+        if let Some(zip_offset) = zip_offset {
+            map_embedded_library(path, zip_offset).or_else(|| Self::new(path))
+        } else {
+            Self::new(path)
+        }
+    }
+
     /// Load debuginfo from an external debug file.
     fn new_debug(original_path: &Path, path: PathBuf, crc: Option<u32>) -> Option<Mapping> {
         let map = super::mmap(&path)?;

src/symbolize/gimli/libs_dl_iterate_phdr.rs

@@ -9,12 +9,21 @@ use super::mystd::os::unix::prelude::*;
 use super::{Library, LibrarySegment, OsString, Vec};
 use core::slice;
 
+struct CallbackData {
+    ret: Vec<Library>,
+    #[cfg(target_os = "android")]
+    maps: Option<Vec<super::parse_running_mmaps::MapsEntry>>,
+}
 pub(super) fn native_libraries() -> Vec<Library> {
-    let mut ret = Vec::new();
+    let mut cb_data = CallbackData {
+        ret: Vec::new(),
+        #[cfg(target_os = "android")]
+        maps: super::parse_running_mmaps::parse_maps().ok(),
+    };
     unsafe {
-        libc::dl_iterate_phdr(Some(callback), core::ptr::addr_of_mut!(ret).cast());
+        libc::dl_iterate_phdr(Some(callback), core::ptr::addr_of_mut!(cb_data).cast());
     }
-    return ret;
+    cb_data.ret
 }
 
 fn infer_current_exe(base_addr: usize) -> OsString {
@@ -37,20 +46,24 @@ fn infer_current_exe(base_addr: usize) -> OsString {
 
 /// # Safety
 /// `info` must be a valid pointer.
-/// `vec` must be a valid pointer to `Vec<Library>`
+/// `data` must be a valid pointer to `CallbackData`.
 #[forbid(unsafe_op_in_unsafe_fn)]
 unsafe extern "C" fn callback(
     info: *mut libc::dl_phdr_info,
     _size: libc::size_t,
-    vec: *mut libc::c_void,
+    data: *mut libc::c_void,
 ) -> libc::c_int {
     // SAFETY: We are guaranteed these fields:
     let dlpi_addr = unsafe { (*info).dlpi_addr };
     let dlpi_name = unsafe { (*info).dlpi_name };
     let dlpi_phdr = unsafe { (*info).dlpi_phdr };
     let dlpi_phnum = unsafe { (*info).dlpi_phnum };
     // SAFETY: We assured this.
-    let libs = unsafe { &mut *vec.cast::<Vec<Library>>() };
+    let CallbackData {
+        ret: libs,
+        #[cfg(target_os = "android")]
+        maps,
+    } = unsafe { &mut *data.cast::<CallbackData>() };
     // most implementations give us the main program first
     let is_main = libs.is_empty();
     // we may be statically linked, which means we are main and mostly one big blob of code
@@ -73,6 +86,22 @@ unsafe extern "C" fn callback(
             OsStr::from_bytes(unsafe { CStr::from_ptr(dlpi_name) }.to_bytes()).to_owned()
         }
     };
+    #[cfg(target_os = "android")]
+    let zip_offset: Option<i64> = {
+        // only check for ZIP-embedded file if we have data from /proc/self/maps
+        maps.as_ref().and_then(|maps| {
+            // check if file is embedded within a ZIP archive by searching for `!/`
+            name.as_bytes()
+                .windows(2)
+                .find(|&chunk| chunk == b"!/")
+                .and_then(|_| {
+                    // find MapsEntry matching library's base address
+                    maps.iter()
+                        .find(|m| m.ip_matches(dlpi_addr as usize))
+                        .and_then(|m| m.offset().try_into().ok())
+                })
+        })
+    };
     let headers = if dlpi_phdr.is_null() || dlpi_phnum == 0 {
         &[]
     } else {
@@ -81,6 +110,8 @@ unsafe extern "C" fn callback(
     };
     libs.push(Library {
         name,
+        #[cfg(target_os = "android")]
+        zip_offset,
         segments: headers
             .iter()
             .map(|header| LibrarySegment {

src/symbolize/gimli/mmap_fake.rs

@@ -1,4 +1,4 @@
-use super::{mystd::io::Read, File};
+use super::{mystd::io::Read, mystd::io::Seek, mystd::io::SeekFrom, File};
 use alloc::vec::Vec;
 use core::ops::Deref;
 
@@ -7,10 +7,11 @@ pub struct Mmap {
 }
 
 impl Mmap {
-    pub unsafe fn map(mut file: &File, len: usize) -> Option<Mmap> {
+    pub unsafe fn map(mut file: &File, len: usize, offset: i64) -> Option<Mmap> {
         let mut mmap = Mmap {
             vec: Vec::with_capacity(len),
         };
+        file.seek(SeekFrom::Start(offset.try_into().ok()?));
         file.read_to_end(&mut mmap.vec).ok()?;
         Some(mmap)
     }

src/symbolize/gimli/mmap_unix.rs

@@ -15,14 +15,14 @@ pub struct Mmap {
 }
 
 impl Mmap {
-    pub unsafe fn map(file: &File, len: usize) -> Option<Mmap> {
+    pub unsafe fn map(file: &File, len: usize, offset: i64) -> Option<Mmap> {
         let ptr = mmap64(
             ptr::null_mut(),
             len,
             libc::PROT_READ,
             libc::MAP_PRIVATE,
             file.as_raw_fd(),
-            0,
+            offset.try_into().ok()?,
         );
         if ptr == libc::MAP_FAILED {
             return None;

src/symbolize/gimli/mmap_windows.rs

@@ -16,7 +16,10 @@ pub struct Mmap {
 }
 
 impl Mmap {
-    pub unsafe fn map(file: &File, len: usize) -> Option<Mmap> {
+    pub unsafe fn map(file: &File, len: usize, offset: i64) -> Option<Mmap> {
+        if offset.is_negative() {
+            return None;
+        }
         let file = file.try_clone().ok()?;
         let mapping = CreateFileMappingA(
             file.as_raw_handle(),
@@ -29,7 +32,13 @@ impl Mmap {
         if mapping.is_null() {
             return None;
         }
-        let ptr = MapViewOfFile(mapping, FILE_MAP_READ, 0, 0, len);
+        let ptr = MapViewOfFile(
+            mapping,
+            FILE_MAP_READ,
+            (offset >> 32) as u32,
+            offset as u32,
+            len,
+        );
         CloseHandle(mapping);
         if ptr.Value.is_null() {
             return None;

src/symbolize/gimli/parse_running_mmaps_unix.rs

@@ -76,6 +76,11 @@ impl MapsEntry {
     pub(super) fn ip_matches(&self, ip: usize) -> bool {
         self.address.0 <= ip && ip < self.address.1
     }
+
+    #[cfg(target_os = "android")]
+    pub(super) fn offset(&self) -> usize {
+        self.offset
+    }
 }
 
 impl FromStr for MapsEntry {