[File] support for Android ELF notes

Christos Zoulas christos at zoulas.com
Sat Nov 2 18:35:56 UTC 2024 

Thanks added.

> On Nov 2, 2024, at 1:51 PM, enh <enh at google.com> wrote:
> 
> i added support for decoding the Android ELF note to toybox file(1)
> some time ago, and it's pretty useful for any doing Android
> development: you can see what version of Android the binary requires,
> and -- for binaries built by the NDK rather than as part of the OS
> itself -- what version of the NDK was used.
> 
> i knocked up a quick patch in
> https://gist.github.com/enh/d7538e32aca8b68ed3541dd803594b9d (which
> i'll also paste below, but that'll doubtless lose the tabs thanks to
> gmail) but i'm assuming that it's not okay to just interpret strings
> directly as strings, and further than you already have helper
> functions i should use for that (rather than write my own)?
> 
> please point me at something i can copy & paste my way into trouble from :-)
> 
> diff --git a/src/readelf.c b/src/readelf.c
> index a79906f5..6fd877ec 100644
> --- a/src/readelf.c
> +++ b/src/readelf.c
> @@ -686,6 +686,27 @@ do_os_note(struct magic_set *ms, unsigned char
> *nbuf, uint32_t type,
>  return -1;
>  return 1;
>  }
> +
> + if (NAMEEQUALS(name, "Android") && type == 1 && descsz >= 4) {
> 
> (oh, this was the other question i had --- do you want me to #define
> the single-use NT_ANDROID_TYPE_IDENT constant for the `1` here, or do
> you prefer the literal?)

I did (I should rename all of them with their proper elf names). I also added MEMTAG.

> 
> +   uint32_t api_level;
> +   *flags |= FLAGS_DID_OS_NOTE;
> +   memcpy(&api_level, &nbuf[doff], sizeof(api_level));
> +   api_level = elf_getu32(swap, api_level);
> +   if (file_printf(ms, ", for Android %d", api_level) == -1)
> +     return -1;
> +   /*
> +   * NDK r14 and later also include details of the NDK that
> +   * built the binary. OS binaries (or binaries built by older
> +   * NDKs) don't have this. The NDK release and build number
> +   * are both 64-byte strings.
> +   */
> +   if (descsz >= 4+64+64) {
> +     if (file_printf(ms, ", built by NDK %.64s (%.64s)",
> 
> (this is the bit where i'm assuming you might want more checking than
> just `%.64s`?)

File's printf will take care of things (make unprintable characters printable etc).


> 
> +         &nbuf[doff+4], &nbuf[doff+4+64]) == -1)
> +       return -1;
> +   }
> + }
> +
>  return 0;
> }
> --

Thanks,

christos

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <https://mailman.astron.com/pipermail/file/attachments/20241102/fe8a5c52/attachment.asc>

More information about the File mailing list