dlopened by "/vendor/lib64/egl/libGLES_mali.so" is not accessible for the namespace "sphal"

[moikeygraham]

Hi, thanks for a great module - I have been searching for something similar for some time!

I am trying to load my own Frida gadget from here: https://github.com/hzzheyang/strongR-frida-android

I am specifying it inside the new injected_libaries feature. However I think I am running into issues with some Android security & protection of usage of platform libraries. When attempting to inject the arm64 strongR frida gadget, I am met with the error msg:

dlopened by "/vendor/lib64/egl/libGLES_mali.so" is not accessible for the namespace "sphal"

I looked into attempting to add the gadget .so to public.libaries.txt but have had no success.

[lico-n]

Hey,

I just tried using the strongR frida gadget and it works fine from my side.

Could you please provide more details on your setup?

Is this an issue only occuring with the strongR version or does it also happen with the normal/bundled frida gadget? Which frida version are you using? Where did you place the strong gadget file? (please also try to place it in the re.zyg.fri directory`) Where did you see this error message? Which android version/vendor are you using?

[moikeygraham]

Is this an issue only occuring with the strongR version or does it also happen with the normal/bundled frida gadget?

This only seems to happen with the strongR frida gadget -- your bundled gadget works fine (but the app I am trying to circumvent uses libpairipcore.so -- so it is detected).

Which frida version are you using?

Latest at time of attempting, which was 16.1.3

Where did you place the strong gadget file? (please also try to place it in the re.zyg.fri directory`)

/data/local/tmp initially. I will try inside re.zyg.fri

Where did you see this error message?

Using adb logcat | grep ZygiskFrida

Which android version/vendor are you using?

Android 9.1. Device is a huawei honor 9 lite (LLD-L31) (EMUI)

Here are logs from ZygiskFrida:

08-15 16:19:51.055 6173 6173 I ZygiskFrida: App detected: [REDACTED] 08-15 16:19:51.099 6173 6206 I ZygiskFrida: Wait for process to complete init 08-15 16:19:51.381 6173 6206 I ZygiskFrida: Process init completed 08-15 16:19:51.381 6173 6206 I ZygiskFrida: Injecting /data/local/tmp/re.zyg.fri/hluda-gadget-16.0.1-android-arm64.so 08-15 16:19:51.485 6173 6206 E ZygiskFrida: Failed to inject /data/local/tmp/re.zyg.fri/hluda-gadget-16.0.1-android-arm64.so : dlopen failed: library "/data/local/tmp/re.zyg.fri/hluda-gadget-16.0.1-android-arm64.so" needed or dlopened by "/vendor/lib64/egl/libGLES_mali.so" is not accessible for the namespace "sphal"

[lico-n]

That's a bit confusing if the normal frida gadget version works fine. Just looking at the patches strongR is applying, I don't really see how they could lead to these issues.

Could you please try the attached version below? I have build a version that bundles the strongR version of the gadget (only arm/arm64 working). Remove the injected_libraries version and see if the strongR version works if they are setup by the module itself as bundled gadget with its permissions.

If this works, then there is an error somewhere when you setup the permissions for the gadget. Otherwise I would have to look in more details in how the normal and strongR version differs in code/build process.

ZygiskFrida-v1.3.0-zygisk-release.zip

[moikeygraham]

@lico-n I installed the attached version and everything is working correctly:

08-15 19:00:21.143 8247 8247 I ZygiskFrida: App detected: [REDACTED] 08-15 19:00:21.149 8247 8254 I ZygiskFrida: Wait for process to complete init 08-15 19:00:21.368 8247 8254 I ZygiskFrida: Process init completed 08-15 19:00:21.368 8247 8254 I ZygiskFrida: Waiting for configured start up delay 30000ms 08-15 19:00:41.369 8247 8254 I ZygiskFrida: Injecting libs in 10 seconds 08-15 19:00:42.369 8247 8254 I ZygiskFrida: Injecting libs in 9 seconds 08-15 19:00:43.370 8247 8254 I ZygiskFrida: Injecting libs in 8 seconds 08-15 19:00:44.371 8247 8254 I ZygiskFrida: Injecting libs in 7 seconds 08-15 19:00:45.372 8247 8254 I ZygiskFrida: Injecting libs in 6 seconds 08-15 19:00:46.372 8247 8254 I ZygiskFrida: Injecting libs in 5 seconds 08-15 19:00:47.373 8247 8254 I ZygiskFrida: Injecting libs in 4 seconds 08-15 19:00:48.373 8247 8254 I ZygiskFrida: Injecting libs in 3 seconds 08-15 19:00:49.374 8247 8254 I ZygiskFrida: Injecting libs in 2 seconds 08-15 19:00:50.374 8247 8254 I ZygiskFrida: Injecting libs in 1 seconds 08-15 19:00:51.375 8247 8254 I ZygiskFrida: Injecting /data/local/tmp/re.zyg.fri/libgadget.so 08-15 19:01:37.620 8247 8254 I ZygiskFrida: Injected /data/local/tmp/re.zyg.fri/libgadget.so

Very strange... not sure what I messed up... but thank you for your assistance! 👍

[lico-n]

No problem. Maybe as reference if you still want to figure things out for future versions, you can just take a look on how the module sets up the files.

Here I am setting the file permissions for the gadget. https://github.com/lico-n/ZygiskFrida/blob/ee136d4fd19d70b972cbc45d03ba6d85052a6d01/template/magisk_module/customize.sh#L76

Here is the definition of set_perm_recursive. https://github.com/topjohnwu/Magisk/blob/f86c66c99d165bee015c575057c02c7779170508/scripts/util_functions.sh#L568-L583

It consists of chown, chmod commands and setting the selinux context to u:object_r:system_file:s0 via chcon.

Reinstalling ZygiskFrida (without uninstalling), acts like an update even using the same version. This would setup all file permissions within the re.zyg.fri directory too.