fix: failed to find libc++ symbols in dex2oat bug

ThePedroo · ThePedroo · commit 71a9dc37cf54 · 2026-02-08T18:43:38.000-03:00
This commit fixes the issue where the system linker couldn't find some
symbols by resetting the priority of the paths the linker should find,
to force it to find the latest/correct libraries.
diff --git a/.gitmodules b/.gitmodules
@@ -15,4 +15,7 @@
 	url = https://github.com/tukaani-project/xz-embedded
 [submodule "apache/commons-lang"]
 	path = apache/commons-lang
-	url = https://github.com/apache/commons-lang
+	url = https://github.com/apache/commons-lang
+[submodule "external/lsplt"]
+	path = external/lsplt
+	url = https://github.com/PerformanC/LSPlt.git
diff --git a/dex2oat/src/main/cpp/CMakeLists.txt b/dex2oat/src/main/cpp/CMakeLists.txt
@@ -4,8 +4,11 @@ project(dex2oat)
 add_executable(dex2oat dex2oat.c)
 add_library(oat_hook SHARED oat_hook.c)
 
+OPTION(LSPLT_BUILD_SHARED OFF)
+add_subdirectory(${EXTERNAL_ROOT}/lsplt/lsplt/src/main/jni external)
+
 target_link_libraries(dex2oat log)
-target_link_libraries(oat_hook log)
+target_link_libraries(oat_hook log lsplt_static)
 
 if (DEFINED DEBUG_SYMBOLS_PATH)
     message(STATUS "Debug symbols will be placed at ${DEBUG_SYMBOLS_PATH}")
diff --git a/dex2oat/src/main/cpp/dex2oat.c b/dex2oat/src/main/cpp/dex2oat.c
@@ -28,6 +28,11 @@
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <unistd.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <limits.h>
+#include <dlfcn.h>
 
 #include "logging.h"
 
@@ -39,7 +44,8 @@
 
 #define ID_VEC(is64, is_debug) (((is64) << 1) | (is_debug))
 
-const char kSockName[] = "5291374ceda0aef7c5d86cd2a4f6a3ac\0";
+const char sock_name[] = "5291374ceda0aef7c5d86cd2a4f6a3ac\0";
+const char *linker_path = LP_SELECT("/apex/com.android.runtime/bin/linker", "/apex/com.android.runtime/bin/linker64");
 
 static ssize_t xrecvmsg(int sockfd, struct msghdr *msg, int flags) {
     int rec = recvmsg(sockfd, msg, flags);
@@ -77,6 +83,7 @@ static int recv_fd(int sockfd) {
 
     int result;
     memcpy(&result, data, sizeof(int));
+
     return result;
 }
 
@@ -118,13 +125,7 @@ static void write_string(int fd, const char *str, size_t len) {
 
 int main(int argc, char **argv) {
     LOGD("dex2oat wrapper ppid=%d, uid=%d", getppid(), getuid());
-
-    if (getenv("LD_LIBRARY_PATH") == NULL) {
-        char const *libenv = LP_SELECT(
-            "LD_LIBRARY_PATH=/apex/com.android.art/lib:/apex/com.android.os.statsd/lib",
-            "LD_LIBRARY_PATH=/apex/com.android.art/lib64:/apex/com.android.os.statsd/lib64");
-        putenv((char *)libenv);
-    }
+    unsetenv("LD_LIBRARY_PATH");
 
     int sock_fd = socket(AF_UNIX, SOCK_STREAM, 0);
     if (sock_fd < 0) {
@@ -137,7 +138,7 @@ int main(int argc, char **argv) {
         .sun_family = AF_UNIX,
         .sun_path = { 0 },
     };
-    strlcpy(sock.sun_path + 1, kSockName, sizeof(sock.sun_path) - 1);
+    strlcpy(sock.sun_path + 1, sock_name, sizeof(sock.sun_path) - 1);
 
     size_t len = sizeof(sa_family_t) + strlen(sock.sun_path + 1) + 1;
     sock_fd = socket(AF_UNIX, SOCK_STREAM, 0);
@@ -158,8 +159,11 @@ int main(int argc, char **argv) {
 
         return 1;
     }
+    
+    char stock_fd_path[64];
+    snprintf(stock_fd_path, sizeof(stock_fd_path), "/proc/%d/fd/%d", getpid(), stock_fd);
 
-    LOGI("stock dex2oat fd: %d", stock_fd);
+    LOGI("stock dex2oat fd: %d (%s)", stock_fd, stock_fd_path);
 
     close(sock_fd);
 
@@ -187,9 +191,14 @@ int main(int argc, char **argv) {
         if (is_in_denylist) {
             LOGD("App is in denylist, exiting");
 
-            fexecve(stock_fd, (char **)argv, environ);
+            char *new_argv[argc + 2];
+            memset(new_argv, 0, sizeof(new_argv));
 
-            LOGE("fexecve failed");
+            new_argv[0] = stock_fd_path;
+            memcpy(&new_argv[1], &argv[1], sizeof(char *) * argc);
+
+            execve(linker_path, new_argv, environ);
+            LOGE("execve failed");
 
             close(stock_fd);
 
@@ -229,11 +238,16 @@ int main(int argc, char **argv) {
     snprintf(liboat_fd_path, sizeof(liboat_fd_path), "/proc/%d/fd/%d", getpid(), hooker_fd);
 
     setenv("LD_PRELOAD", liboat_fd_path, 1);
-    LOGD("Set env LD_PRELOAD=%s", liboat_fd_path);
 
-    fexecve(stock_fd, (char **)argv, environ);
+    char *new_argv[argc + 3];
+    memset(new_argv, 0, sizeof(new_argv));
+
+    new_argv[0] = stock_fd_path;
+    memcpy(&new_argv[1], &argv[1], sizeof(char *) * argc);
+
+    execve(linker_path, new_argv, environ);
 
-    PLOGE("fexecve failed");
+    PLOGE("execve failed");
 
     close(stock_fd);
 
diff --git a/dex2oat/src/main/cpp/oat_hook.c b/dex2oat/src/main/cpp/oat_hook.c
@@ -1,5 +1,9 @@
 #include <stdlib.h>
+#include <string.h>
 #include <dlfcn.h>
+#include <unistd.h>
+
+#include <lsplt.h>
 
 #include "logging.h"
 
@@ -28,9 +32,50 @@ void _ZN3art15CompilerOptionsC1Ev(void *self) {
     if (member != (void *)-1) continue;
 
     *(void **)((void *)self + i) = 0;
-    
+
     return;
   }
   
   LOGE("Failed to find member with value -1 in CompilerOptions");
+}
+
+__attribute__((constructor))
+static void oat_hook_init(void) {
+   struct lsplt_map_info *maps = lsplt_scan_maps("self");
+   if (!maps) {
+    LOGE("Failed to scan maps");
+
+    return;
+   }
+   
+   dev_t dev = 0;
+   ino_t inode = 0;
+   
+   for (size_t i = 0; i < maps->length; i++) {
+     struct lsplt_map_entry *map = &maps->maps[i];
+     if (!map->path || !strstr(map->path, "bin/dex2oat")) continue;
+     
+     dev = map->dev;
+     inode = map->inode;
+     
+     LOGD("Found target: %s (dev: %ju, inode: %ju)", map->path, (uintmax_t)dev, (uintmax_t)inode);
+     
+     break;
+   }
+   
+   if (!dev || !inode) {
+     LOGE("Failed to find dex2oat memory map");
+
+     lsplt_free_maps(maps);
+
+     return;
+   }
+   
+   lsplt_register_hook(dev, inode, "_ZN3art15CompilerOptionsC1Ev", _ZN3art15CompilerOptionsC1Ev, NULL);
+   
+   if (!lsplt_commit_hook()) {
+     LOGE("Failed to commit hook");
+   }
+   
+   LOGD("Hook registered successfully");
 }
diff --git a/external/lsplt b/external/lsplt
@@ -0,0 +1 @@
+Subproject commit cab51dd0c6faced924cfcce69b72aea300678bb8
diff --git a/magisk-loader/magisk_module/sepolicy.rule b/magisk-loader/magisk_module/sepolicy.rule
@@ -1,4 +1,5 @@
 allow dex2oat dex2oat_exec file execute_no_trans
+allow dex2oat system_linker_exec file execute_no_trans
 
 allow shell shell dir write
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`allow dex2oat dex2oat_exec file execute_no_trans`
	`2`	`+allow dex2oat system_linker_exec file execute_no_trans`
`2`	`3`
`3`	`4`	`allow shell shell dir write`
`4`	`5`