android ndk:都是-fPIC和-pie相互排斥的? [英] android ndk: are -fPIC and -pie mututally exclusive?
问题描述
我使用Android r10e NDK为Android构建Unison(一种文件同步可执行文件),但这不是真正的Android问题。
$ b
Android> 5.0 (SDK 21)要求可执行文件与位置无关。因此,在编译时,我
将-pie传递给arm-linux-androideabi-gcc,它可以工作:
%hardening- check ./unison
./unison:
位置独立可执行文件:是
...
$ b
Android> 6.0(SDK 21)仍然要求可执行文件是位置无关的,
但也需要构建无需文本重定位的可执行文件。因此,在编译时,我
将-fPIC传递给arm-linux-androideabi-gcc,并且它看起来会生成
a二进制文件,而不会进行文本重定位:
%arm-linux-androideabi-readelf -a ./unison |& grep TEXTREL
(不显示输出)
问题是,我只能满足一个要求一次。如果我一起使用-pie和
-fPIC,则生成的可执行文件与位置无关(yay!),但
也有文本重定位(boo!):
%强化检查./unison
./unison:
位置独立可执行文件:是
...
%arm-linux-androideabi-readelf -a ./unison |& grep TEXTREL
0x00000016(TEXTREL)0x0
0x0000001e(FLAGS)TEXTREL BIND_NOW
...和Android 6.0设备拒绝运行它:
%adb push unison / data / local / tmp
%adb shell'/ data / local / tmp / unison -version'
警告:linker:/ data / local / tmp / unison有文本重定位。这浪费了内存并阻止了安全强化。请修复。
无法连接EXECUTABLE:无法保护/ data / local / tmp / unison段:Permission denied
让这些旗子一起工作需要什么特别酱?或者,
或者,我错过了什么? PIC和PIE是相互排斥的吗?
谢谢!
编辑
我手动通过与OPAM回购相同的流程来构建Unison for Android。即:
$ b
-
构建ocaml交叉编译器。
-
取消Unison来源。
-
应用补丁程序:
--- pty.c〜2010-04-15 19:29:31.000000000 +0200
+++ pty.c 2013-01-16 19:28:56.258812188 +0100
@@ -10,7 +10,7 @@
extern void uerror(char * cmdname,value arg)Noreturn;
// openpty
- #if defined(__ linux)
+#if defined(__ linux)&& !defined(__ ANDROID__)
#include< pty.h>
#define HAS_OPENPTY 1
#endif
--- Makefile.OCaml〜2013-01-16 19:27:10.686807807 +0100
+++ Makefile.OCaml 2013-01 -16 19:29:46.814814286 +0100
@@ -136,7 +136,9 @@
#openpty在libutil库中
ifneq($(OSARCH),solaris)
ifneq($(OSARCH),osx)
- CLIBS + = - cclib -lutil
+ ifneq($(OSCOMP),android)
+ CLIBS + = - cclib -lutil
+ endif
endif
endif
buildexecutable ::
- 使用以下方式构建:
%make \
UISTYLE = text \
OCAMLOPT = arm-linux-androideabi-ocamlopt -verbose -ccopt'-fPIC -pie'\
OSCOMP = android
上面的过程构建了一个PIE可执行文件,它在Android 5上运行良好,但在Android 6上运行失败,因为它具有文本重定位。删除上面的-pie会生成一个没有文本重定位的二进制文件,但不是PIE可执行文件,因此它不会在Android 5或6上运行。 / div>
com / questions / 39957435 / text-relocations-though-fpic>文本重定位 - 尽管-fPIC?
将是正确的答案。简而言之,在仔细检查所有C代码设置后,不要忘记汇编代码问题。
I'm building Unison (a file synchronization executable) for Android using the Android r10e NDK, but this isn't really an Android question.
Android > 5.0 (SDK 21) requires executables to be position-independent. So I pass -pie to arm-linux-androideabi-gcc while compiling, which works:
% hardening-check ./unison
./unison:
Position Independent Executable: yes
...
This works fine on Android 5.0 devices.
Android > 6.0 (SDK 21) still requires executables to be position-independent, but also requires executables to be built without text relocations. So I pass -fPIC to arm-linux-androideabi-gcc while compiling, and it appears to build a binary without text relocations:
% arm-linux-androideabi-readelf -a ./unison |& grep TEXTREL
(no output is shown)
The problem is, I can only satisfy one requirement at a time. If I use -pie and -fPIC together, the resulting executable is position-independent (yay!), but also has text relocations (boo!):
% hardening-check ./unison
./unison:
Position Independent Executable: yes
...
% arm-linux-androideabi-readelf -a ./unison |& grep TEXTREL
0x00000016 (TEXTREL) 0x0
0x0000001e (FLAGS) TEXTREL BIND_NOW
...and Android 6.0 devices refuse to run it:
% adb push unison /data/local/tmp
% adb shell '/data/local/tmp/unison -version'
WARNING: linker: /data/local/tmp/unison has text relocations. This is wasting memory and prevents security hardening. Please fix.
CANNOT LINK EXECUTABLE: can't protect segments for "/data/local/tmp/unison": Permission denied
What's the special sauce needed to get these flags to work together? Or, alternatively, what am I missing? Are PIC and PIE mutually exclusive?
Thanks!
Edit:
I am manually walking through the same process that the OPAM repo goes through to build Unison for Android. Namely:
Build the ocaml cross compilers.
Pull down the Unison source.
Apply a patch:
--- pty.c~ 2010-04-15 19:29:31.000000000 +0200 +++ pty.c 2013-01-16 19:28:56.258812188 +0100 @@ -10,7 +10,7 @@ extern void uerror (char * cmdname, value arg) Noreturn; // openpty -#if defined(__linux) +#if defined(__linux) && !defined(__ANDROID__) #include <pty.h> #define HAS_OPENPTY 1 #endif --- Makefile.OCaml~ 2013-01-16 19:27:10.686807807 +0100 +++ Makefile.OCaml 2013-01-16 19:29:46.814814286 +0100 @@ -136,7 +136,9 @@ # openpty is in the libutil library ifneq ($(OSARCH),solaris) ifneq ($(OSARCH),osx) - CLIBS+=-cclib -lutil + ifneq ($(OSCOMP),android) + CLIBS+=-cclib -lutil + endif endif endif buildexecutable::
Build with:
% make \ UISTYLE=text \ OCAMLOPT="arm-linux-androideabi-ocamlopt -verbose -ccopt '-fPIC -pie'" \ OSCOMP=android
The above process builds a PIE executable that runs fine on Android 5, but fails on Android 6 because it has text relocations. Removing "-pie" above build a binary without text relocations, but is not a PIE executable so it won't run on Android 5 or 6.
Just to add that for some people seeing this question, thinking it matches their problem perfectly,
text relocations despite -fPIC?
will be the correct answer. In short, after double checking all your "C" code settings, don't forget assembly code problems.
这篇关于android ndk:都是-fPIC和-pie相互排斥的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!