symbol_inject: add linkerSigned flag in codesign of Mach-O binaries.
With linkerSigned flag, codesign will still be valid after stripping. Bug: 251222821 Test: build aapt2 and both non-stripped and stripped version work. Change-Id: Ic3a2b9fcaf30eb306fed7db6568f6699cc640cde
This commit is contained in:
parent
e127b4d060
commit
e79fe01c59
1 changed files with 79 additions and 2 deletions
|
@ -16,9 +16,12 @@ package symbol_inject
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"debug/macho"
|
"debug/macho"
|
||||||
|
"encoding/binary"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
"path/filepath"
|
||||||
"sort"
|
"sort"
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
@ -98,6 +101,80 @@ func dumpMachoSymbols(r io.ReaderAt) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func CodeSignMachoFile(path string) error {
|
func CodeSignMachoFile(path string) error {
|
||||||
cmd := exec.Command("/usr/bin/codesign", "--force", "-s", "-", path)
|
filename := filepath.Base(path)
|
||||||
return cmd.Run()
|
cmd := exec.Command("/usr/bin/codesign", "--force", "-s", "-", "-i", filename, path)
|
||||||
|
if err := cmd.Run(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return modifyCodeSignFlags(path)
|
||||||
|
}
|
||||||
|
|
||||||
|
const LC_CODE_SIGNATURE = 0x1d
|
||||||
|
const CSSLOT_CODEDIRECTORY = 0
|
||||||
|
|
||||||
|
// To make codesign not invalidated by stripping, modify codesign flags to 0x20002
|
||||||
|
// (adhoc | linkerSigned).
|
||||||
|
func modifyCodeSignFlags(path string) error {
|
||||||
|
f, err := os.OpenFile(path, os.O_RDWR, 0)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
|
||||||
|
// Step 1: find code signature section.
|
||||||
|
machoFile, err := macho.NewFile(f)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
var codeSignSectionOffset uint32 = 0
|
||||||
|
var codeSignSectionSize uint32 = 0
|
||||||
|
for _, l := range machoFile.Loads {
|
||||||
|
data := l.Raw()
|
||||||
|
cmd := machoFile.ByteOrder.Uint32(data)
|
||||||
|
if cmd == LC_CODE_SIGNATURE {
|
||||||
|
codeSignSectionOffset = machoFile.ByteOrder.Uint32(data[8:])
|
||||||
|
codeSignSectionSize = machoFile.ByteOrder.Uint32(data[12:])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if codeSignSectionOffset == 0 {
|
||||||
|
return fmt.Errorf("code signature section not found")
|
||||||
|
}
|
||||||
|
|
||||||
|
data := make([]byte, codeSignSectionSize)
|
||||||
|
_, err = f.ReadAt(data, int64(codeSignSectionOffset))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Step 2: get flags offset.
|
||||||
|
blobCount := binary.BigEndian.Uint32(data[8:])
|
||||||
|
off := 12
|
||||||
|
var codeDirectoryOff uint32 = 0
|
||||||
|
for blobCount > 0 {
|
||||||
|
blobType := binary.BigEndian.Uint32(data[off:])
|
||||||
|
if blobType == CSSLOT_CODEDIRECTORY {
|
||||||
|
codeDirectoryOff = binary.BigEndian.Uint32(data[off+4:])
|
||||||
|
break
|
||||||
|
}
|
||||||
|
blobCount--
|
||||||
|
off += 8
|
||||||
|
}
|
||||||
|
if codeDirectoryOff == 0 {
|
||||||
|
return fmt.Errorf("no code directory in code signature section")
|
||||||
|
}
|
||||||
|
flagsOff := codeSignSectionOffset + codeDirectoryOff + 12
|
||||||
|
|
||||||
|
// Step 3: modify flags.
|
||||||
|
flagsData := make([]byte, 4)
|
||||||
|
_, err = f.ReadAt(flagsData, int64(flagsOff))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
oldFlags := binary.BigEndian.Uint32(flagsData)
|
||||||
|
if oldFlags != 0x2 {
|
||||||
|
return fmt.Errorf("unexpected flags in code signature section: 0x%x", oldFlags)
|
||||||
|
}
|
||||||
|
binary.BigEndian.PutUint32(flagsData, 0x20002)
|
||||||
|
_, err = f.WriteAt(flagsData, int64(flagsOff))
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue