Refactor dex2oat wrapper to solve long-standing issues #515
+309
−157
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Manual library path injection via LD_LIBRARY_PATH has become unreliable due to symbol mismatches in core libraries (e.g., libc++) between the system and APEX partitions. Recent updates to liblog and libbase (in Android 16) have resulted in missing symbols like `__hash_memory` or `fmt` when the ART APEX binaries are forced to load system-partition shims. This commit switches the wrapper to execute the runtime APEX linker directly (/apex/com.android.runtime/bin/linker64). By passing the dex2oat binary to the linker via /proc/self/fd/, the linker can properly initialize internal namespaces and resolve dependencies from the correct APEX and bootstrap locations. Changes: - Replace fexecve(stock_fd) with execve(apex_linker). - Remove manual LD_LIBRARY_PATH construction. - Update sepolicy to allow dex2oat to execute the system linker.
Owner
Author
|
@sekaiacg, @mineketchup, @grandpajive |
In Release builds, libc uses SIMD (NEON) instructions. To achieve high throughput, the __memcpy_a53 routine reads memory in 16-byte or 32-byte chunks (using LDRD or VLD1). We also enble debug logs to track potential issues.
|
https://github.com/JingMatrix/LSPosed/actions/runs/21269130798 debug version: release version: problem not solved. |
It seems that the PLT return value could be wrong on certain devices for the debug build.
Owner
Author
|
It turns out that PLT hooks didn't return correctly the key_value_store size: The decimal value 2019913825 is 0x78657041 in hexadecimal. |
1 task
Owner
Author
|
@sekaiacg Please test again the latest CI build, and send me logs even if the problem is solved. |
1 task
The problem is solved. |
$ logcat | grep dex2oat
01-23 14:21:20.749 2011 2011 V installd: Running /apex/com.android.art/bin/dex2oat64 in=base.apk out=/data/app/~~h1R84tIbCL74sMv4xcoztw==/com.bit747.clipboardfilter-HsN2LnTTMA7kLldQN7er6w==/oat/arm64/base.odex
01-23 14:21:20.758 14825 14825 D LSPosedDex2Oat: dex2oat.cpp:94#int main(int, char **): dex2oat wrapper ppid=2011
01-23 14:21:20.761 14825 14825 D LSPosedDex2Oat: dex2oat.cpp:123#int main(int, char **): sock: ia4edfivi4yoltlj7hv233sxxe28ifsx 6
01-23 14:21:20.761 14825 14825 D LSPosedDex2Oat: dex2oat.cpp:153#int main(int, char **): Executing via linker: /apex/com.android.runtime/bin/linker64 /proc/self/fd/6
01-23 14:21:20.833 14825 14825 I 6 : dex2oat took 55.206ms (48.430ms cpu) (threads: 6) arena alloc=0B (0B) java alloc=96KB (98512B) native alloc=2335KB (2391408B) free=504KB (516752B)$ strings /data/app/~~h1R84tIbCL74sMv4xcoztw==/com.bit747.clipboardfilter-HsN2LnTTMA7kLldQN7er6w==/oat/arm64/base.odex
/proc/self/fd/6 --zip-fd=8 --zip-location=base.apk --oat-fd=9 --oat-location=/data/app/~~h1R84tIbCL74sMv4xcoztw==/com.bit747.clipboardfilter-HsN2LnTTMA7kLldQN7er6w==/oat/arm64/base.odex --input-vdex-fd=-1 --output-vdex-fd=10 --profile-file-fd=12 --swap-fd=11 --classpath-dir=/data/app/~~h1R84tIbCL74sMv4xcoztw==/com.bit747.clipboardfilter-HsN2LnTTMA7kLldQN7er6w== --class-loader-context=PCL[]{} --compact-dex-level=none --instruction-set=arm64 --instruction-set-features=default --instruction-set-variant=kryo300 --compiler-filter=speed-profile --compilation-reason=install --cpu-set=0,1,2,3,4,5,6,7 --max-image-block-size=524288 --resolve-startup-const-strings=true --generate-mini-debug-info --runtime-arg -Xtarget-sdk-version:30 --runtime-arg -Xhidden-api-policy:enabled -j6 --runtime-arg -Xms64m --runtime-arg -Xmx512m --inline-max-code-units=0oathook is not working, it appears in the release version: --inline-max-code-units=0 |
Owner
Author
|
Please upload your |
odex: base_odex.zip |
We should also patch the cmdline path. Hence, it is better to work through all the store.
Owner
Author
|
@sekaiacg Please test the latest CI build again. |
This was
linked to
issues
Jan 23, 2026
1 task
JingMatrix
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Manual library path injection via LD_LIBRARY_PATH has become unreliable due to symbol mismatches in core libraries (e.g., libc++) between the system and APEX partitions. Recent updates to liblog and libbase (in Android 16) have resulted in missing symbols like
__hash_memoryorfmtwhen the ART APEX binaries are forced to load system-partition shims.This commit switches the wrapper to execute the runtime APEX linker directly (/apex/com.android.runtime/bin/linker64). By passing the dex2oat binary to the linker via /proc/self/fd/, the linker can properly initialize internal namespaces and resolve dependencies from the correct APEX and bootstrap locations.
Changes: