Merge pull request #88 from ehids/support-android

New feature: #87 support Android 12+

Makefile

@@ -46,6 +46,11 @@ ifeq ($(DEBUG),1)
 DEBUG_PRINT := -DDEBUG_PRINT
 endif
 
+TARGET_TAG ?= linux
+ifeq ($(ANDROID),1)
+TARGET_TAG := android12
+endif
+
 EXTRA_CFLAGS ?= -O2 -mcpu=v1 \
 	$(DEBUG_PRINT)	\
 	-nostdinc \
@@ -299,8 +304,8 @@ assets: \
 .PHONY: build
 build: \
 	.checkver_$(CMD_GO)
-#
-	CGO_ENABLED=0 $(CMD_GO) build -ldflags "-w -s -X 'ecapture/cli/cmd.GitVersion=$(UNAME_M):$(VERSION)'" -o bin/ecapture .
+# -tags android TODO
+	CGO_ENABLED=0 $(CMD_GO) build -tags $(TARGET_TAG) -ldflags "-w -s -X 'ecapture/cli/cmd.GitVersion=$(UNAME_M):$(VERSION):[CORE]'" -o bin/ecapture .
 
 
 
@@ -310,7 +315,7 @@ build: \
 build_nocore: \
 	.checkver_$(CMD_GO)
 #
-	CGO_ENABLED=0 $(CMD_GO) build -ldflags "-w -s -X 'ecapture/cli/cmd.GitVersion=$(UNAME_M):$(VERSION):[NOCORE]' -X 'main.enableCORE=false'" -o bin/ecapture .
+	CGO_ENABLED=0 $(CMD_GO) build -tags $(TARGET_TAG) -ldflags "-w -s -X 'ecapture/cli/cmd.GitVersion=$(UNAME_M):$(VERSION):$(UNAME_R)' -X 'main.enableCORE=false'" -o bin/ecapture .
 
 
 .PHONY: ebpf_nocore

main.go

@@ -41,6 +41,8 @@ func main() {
 		}
 	}
 
+	// TODO check UPROBE
+
 	cli.Start()
 	return
 }

pkg/util/ebpf/btf.go → pkg/util/ebpf/bpf.go

@@ -1,55 +1,11 @@
 package ebpf
 
 import (
-	"bufio"
 	"fmt"
 	"golang.org/x/sys/unix"
 	"os"
 )
 
-const (
-	BOOT_CONFIG_PATH   = "/boot/config-%s"
-	CONFIG_BTF_TAGNAME = "CONFIG_DEBUG_INFO_BTF"
-)
-
-func IsEnableBTF() (bool, error) {
-	found, e := checkKernelBTF()
-	if e == nil && found {
-		return true, nil
-	}
-
-	i, e := getOSUnamer()
-	if e != nil {
-		return false, e
-	}
-	bootConf := fmt.Sprintf(BOOT_CONFIG_PATH, i.Release)
-
-	// Open file bootConf.
-	f, err := os.Open(bootConf)
-	if err != nil {
-		return false, err
-	}
-	defer f.Close()
-
-	var KernelConfig = make(map[string]string)
-	s := bufio.NewScanner(f)
-	if err := parse(s, KernelConfig); err != nil {
-		return false, err
-	}
-	bc, found := KernelConfig[CONFIG_BTF_TAGNAME]
-	if !found {
-		// 没有这个配置项
-		return false, nil
-	}
-
-	//如果有，在判断配置项的值
-	if bc != "y" {
-		// 没有开启
-		return false, nil
-	}
-	return true, nil
-}
-
 type UnameInfo struct {
 	SysName    string
 	Nodename   string
@@ -88,13 +44,13 @@ func charsToString(ca [65]byte) string {
 	return string(s[0:lens])
 }
 
-// from internal/btf/btf.go
+// from internal/btf/bpf.go
 // checkKernelBTF attempts to load the raw vmlinux BTF blob at
 // /sys/kernel/btf/vmlinux and falls back to scanning the file system
 // for vmlinux ELFs.
 
 func checkKernelBTF() (bool, error) {
-	_, err := os.Stat("/sys/kernel/btf/vmlinux")
+	_, err := os.Stat(SYS_KERNEL_BTF_VMLINUX)
 
 	// if exist ,return true
 	if err == nil {
@@ -111,17 +67,6 @@ func findVMLinux() (bool, error) {
 		return false, err
 	}
 	release := kv.Release
-	// use same list of locations as libbpf
-	// https://github.com/libbpf/libbpf/blob/9a3a42608dbe3731256a5682a125ac1e23bced8f/src/btf.c#L3114-L3122
-	locations := []string{
-		"/boot/vmlinux-%s",
-		"/lib/modules/%s/vmlinux-%[1]s",
-		"/lib/modules/%s/build/vmlinux",
-		"/usr/lib/modules/%s/kernel/vmlinux",
-		"/usr/lib/debug/boot/vmlinux-%s",
-		"/usr/lib/debug/boot/vmlinux-%s.debug",
-		"/usr/lib/debug/lib/modules/%s/vmlinux",
-	}
 
 	for _, loc := range locations {
 		_, err := os.Stat(fmt.Sprintf(loc, release))

pkg/util/ebpf/bpf_android12.go

@@ -0,0 +1,69 @@
+//go:build android12
+// +build android12
+
+package ebpf
+
+import (
+	"bufio"
+	"compress/gzip"
+	"fmt"
+	"os"
+)
+
+const (
+	BOOT_CONFIG_PATH             = "/proc/config.gz"
+	CONFIG_BTF_TAGNAME           = "CONFIG_DEBUG_INFO_BTF"
+	SYS_KERNEL_BTF_VMLINUX       = "/sys/kernel/btf/vmlinux"
+	CONFIG_ARCH_SUPPORTS_UPROBES = "CONFIG_ARCH_SUPPORTS_UPROBES"
+	CONFIG_UPROBES               = "CONFIG_UPROBES"
+)
+
+var (
+	// use same list of locations as libbpf
+	// https://android.googlesource.com/platform/external/libbpf/
+
+	locations = []string{
+		//"/sys/kernel/btf/vmlinux",
+	}
+)
+
+func IsEnableBTF() (bool, error) {
+	found, e := checkKernelBTF()
+	if e == nil && found {
+		return true, nil
+	}
+
+	bootConf := fmt.Sprintf(BOOT_CONFIG_PATH)
+
+	// Open file bootConf.
+	f, err := os.Open(bootConf)
+	if err != nil {
+		return false, err
+	}
+	defer f.Close()
+
+	// uncompress
+	reader, err := gzip.NewReader(f)
+	if err != nil {
+		return false, err
+	}
+	defer reader.Close()
+
+	var KernelConfig = make(map[string]string)
+	s := bufio.NewScanner(reader)
+	if err := parse(s, KernelConfig); err != nil {
+		return false, err
+	}
+	bc, found := KernelConfig[CONFIG_BTF_TAGNAME]
+	if !found {
+		// 没有这个配置项
+		return false, nil
+	}
+
+	//如果有，在判断配置项的值
+	if bc != "y" {
+		// 没有开启
+		return false, nil
+	}
+	return true, nil
+}

pkg/util/ebpf/bpf_linux.go

@@ -0,0 +1,71 @@
+//go:build !android12
+// +build !android12
+
+package ebpf
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+)
+
+const (
+	BOOT_CONFIG_PATH             = "/boot/config-%s"
+	CONFIG_BTF_TAGNAME           = "CONFIG_DEBUG_INFO_BTF"
+	SYS_KERNEL_BTF_VMLINUX       = "/sys/kernel/btf/vmlinux"
+	CONFIG_ARCH_SUPPORTS_UPROBES = "CONFIG_ARCH_SUPPORTS_UPROBES"
+	CONFIG_UPROBES               = "CONFIG_UPROBES"
+)
+
+var (
+	// use same list of locations as libbpf
+	// https://github.com/libbpf/libbpf/blob/9a3a42608dbe3731256a5682a125ac1e23bced8f/src/btf.c#L3114-L3122
+
+	locations = []string{
+		"/boot/vmlinux-%s",
+		"/lib/modules/%s/vmlinux-%[1]s",
+		"/lib/modules/%s/build/vmlinux",
+		"/usr/lib/modules/%s/kernel/vmlinux",
+		"/usr/lib/debug/boot/vmlinux-%s",
+		"/usr/lib/debug/boot/vmlinux-%s.debug",
+		"/usr/lib/debug/lib/modules/%s/vmlinux",
+	}
+)
+
+func IsEnableBTF() (bool, error) {
+	found, e := checkKernelBTF()
+	if e == nil && found {
+		return true, nil
+	}
+
+	i, e := getOSUnamer()
+	if e != nil {
+		return false, e
+	}
+	bootConf := fmt.Sprintf(BOOT_CONFIG_PATH, i.Release)
+
+	// Open file bootConf.
+	f, err := os.Open(bootConf)
+	if err != nil {
+		return false, err
+	}
+	defer f.Close()
+
+	var KernelConfig = make(map[string]string)
+	s := bufio.NewScanner(f)
+	if err := parse(s, KernelConfig); err != nil {
+		return false, err
+	}
+	bc, found := KernelConfig[CONFIG_BTF_TAGNAME]
+	if !found {
+		// 没有这个配置项
+		return false, nil
+	}
+
+	//如果有，在判断配置项的值
+	if bc != "y" {
+		// 没有开启
+		return false, nil
+	}
+	return true, nil
+}

user/common.go

@@ -24,19 +24,10 @@ func inet_ntop(ip uint32) string {
 }
 
 func GetDynLibDirs() []string {
-	dirs, err := ParseDynLibConf("/etc/ld.so.conf")
+	dirs, err := ParseDynLibConf(LD_LOAD_PATH)
 	if err != nil {
 		log.Println(err.Error())
-		/*
-		   1, the RPATH binary header (set at build-time) of the library causing the lookup (if any)
-		   2, the RPATH binary header (set at build-time) of the executable
-		   3, the LD_LIBRARY_PATH environment variable (set at run-time)
-		   4, the RUNPATH binary header (set at build-time) of the executable
-		   5, /etc/ld.so.cache
-		   6, base library directories (/lib and /usr/lib)
-		   ref: http://blog.tremily.us/posts/rpath/
-		*/
-		return []string{"/lib", "/usr/lib", "/usr/lib64", "/lib64"}
+		return default_so_paths
 	}
 	return append(dirs, "/lib64", "/usr/lib64")
 }

user/common_android12.go

@@ -0,0 +1,17 @@
+//go:build android12
+// +build android12
+
+package user
+
+const (
+	LD_LOAD_PATH = "/etc/ld.so.conf"
+)
+
+// https://source.android.com/devices/architecture/vndk/linker-namespace
+var (
+	default_so_paths = []string{
+		"/data/asan/system/lib64",
+		"/apex/com.android.conscrypt/lib64",
+		"/apex/com.android.runtime/lib64/bionic",
+	}
+)

user/common_linux.go

@@ -0,0 +1,26 @@
+//go:build !android12
+// +build !android12
+
+package user
+
+const (
+	LD_LOAD_PATH = "/etc/ld.so.conf"
+)
+
+/*
+   1, the RPATH binary header (set at build-time) of the library causing the lookup (if any)
+   2, the RPATH binary header (set at build-time) of the executable
+   3, the LD_LIBRARY_PATH environment variable (set at run-time)
+   4, the RUNPATH binary header (set at build-time) of the executable
+   5, /etc/ld.so.cache
+   6, base library directories (/lib and /usr/lib)
+   ref: http://blog.tremily.us/posts/rpath/
+*/
+var (
+	default_so_paths = []string{
+		"/lib",
+		"/usr/lib",
+		"/usr/lib64",
+		"/lib64",
+	}
+)