[Question] dlopen in preServerSpecialize

[CCint3]

Device: Redmi Note 9 4G(lime) Android version: Android 12 Magisk version name: 25.2 Magisk version code:25200

In the Zygisk module, preServerSpecialize is used to hook the system_server process.

When I use dlopen in preServerSpecialize to try to load frida's gadget.so, it is successfully loaded into memory and executed.

But when preServerSpecialize returns, something unexpected happens, causing system_server to crash.

Then I observed this log in logcat:

04-07 15:07:04.149   529   529 W auditd  : type=1401 audit(0.0:806): op=security_bounded_transition seresult=denied oldcontext=u:r:zygote:s0 newcontext=u:r:system_server_startup:s0
04-07 15:07:04.154  1802  1802 E SELinux : selinux_android_setcontext:  Error setting context for system server: Operation not permitted
04-07 15:07:04.154  1802  1802 F zygote64: jni_internal.cc:748] JNI FatalError called: (system_server) frameworks/base/core/jni/com_android_internal_os_Zygote.cpp:1786: selinux_android_setcontext(1000, 1, "(null)", "(null)") failed

Seems to be caused by calling selinux_android_setcontext inside the SpecializeCommon function.

  if (selinux_android_setcontext(uid, is_system_server, se_info_ptr, nice_name_ptr) == -1) {
    fail_fn(CREATE_ERROR("selinux_android_setcontext(%d, %d, \"%s\", \"%s\") failed",
                         uid, is_system_server, se_info_ptr, nice_name_ptr));
  }

I try to understand the SpecializeCommon function of system_server . It flows fine and the correct setcontext is indeed selinux_android_setcontext(1000, 1, "(null)", "(null)").

I guess it might be because of type=1401 audit(0.0:806): op=security_bounded_transition seresult=denied oldcontext=u:r:zygote:s0 newcontext=u:r:system_server_startup:s0.

But it's not clear to me what the root cause of this problem is.

Not sure if it's appropriate to ask this question here, thanks for taking care.

[MagiskBot]

Invalid bug report, automatically closed. Please report issues using the latest debug Magisk build (version code: 26001).