Login/Register
What path to put executable to run on Android 29?
Asked Answered
Solved androidexecutableandroid-security
D

1

5

My Android app includes a set of executables that are extracted to app directory (/data/data/%package%/) on the first run. It worked just fine if targeted to Android 28 (targetSdkVersion). Since November 2, 2020 it not allowed in Google Play and all the apps must target to 29. So it stopped working with permission exception.

What directory should executables be put to now?

PS. Some similar apps have the same issue.

Deland answered 11/11, 2020 at 12:54 Comment(2)
I wonder what permission that would be. Even on 29 you can copy any file to that directory without any permission.Cerium
@Cerium execute permissionDeland
S
9

https://developer.android.com/about/versions/10/behavior-changes-10#execute-permission

When targeting API 29 (Android 10 / Q) or above, it is not possible anymore to have execute permission for files stored within the app's home directory (data), which is exactly what you are describing (/data/data/%package%/).

This Android 10 modification was introduced in commit: https://android-review.googlesource.com/c/platform/system/sepolicy/+/804149 and was then confirmed officially by Google here: https://issuetracker.google.com/issues/128554619

This significant change is being discussed by various projects, in termux/termux-app#1072 for instance. One recommended and (hopefully) future-proof way is to extract program binaries into the application's native lib directory (with android:extractNativeLibs=true), where files can still be executed but are stored read-only for improved security.

Here are examples showing how to handle this change, in Termux with commit f6c3b6f in the android-10 branch or in this other project showing how to run the Erlang runtime on Android by exctrating all the files from a .zip archive into the jniLibs/"abi" subdirectory ("abi" being arm64-v8a for 64-bit ARM, armeabi-v7a for 32-bit ARM, etc.) with the imposed lib___.so filename format expected by the Android platform. Executable files can simply be moved in the right project folder manually, the important part is to use the lib___.so format for the filenames.

In the Android Manifest file, setting the attribute android:extractNativeLibs="true" will get these lib___.so files extracted at installation time in the right native lib directory, with support for execute permission. Symlinks can finally be created if needed in the usual app directory to use the regular executable names, instead of the harder-to-manipulate lib___.so versions.

Thanks, Jérôme

Saundra answered 11/11, 2020 at 18:33 Comment(3)
I can confirm it's working. However another significant drawback of such approach (except the need to create symlinks) is that apk is essentially zip file and compression rate is worse than 7zip for instance (if archieved into raw file and extracted programmatically). In some edge cases it can make apk file size exceeding 150mb which can be a problem. Any suggestions appreciated.Deland
follow-up #64948402Deland
another follow-up #65012441Deland

© 2022 - 2024 — McMap. All rights reserved.