修改系統代碼如下
xiabo@VM-DEV:~/android-q/system/core/rootdir$ git diff
diff --git a/init/property_service.cpp b/init/property_service.cpp
index f2c7462..ef8e800 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -742,6 +742,23 @@ static void load_override_properties() {
}
}
+static int check_rlim_action() {
+ struct rlimit rl;
+ std::string value = android::base::GetProperty("persist.debug.trace", "");
+
+ if(value == "1") {
+ rl.rlim_cur = RLIM_INFINITY;
+ rl.rlim_max = RLIM_INFINITY;
+ if (setrlimit(RLIMIT_CORE, &rl) < 0) {
+ PLOG(ERROR) << "could not enable core file generation";
+ } else {
+ PLOG(INFO) << "setrlimit success";
+ }
+ }
+ PLOG(INFO) << "setrlimit persist.debug.trace " << value;
+ return 0;
+}
+
/* When booting an encrypted system, /data is not mounted when the
* property service is started, so any properties stored there are
* not loaded. Vold triggers init to load these properties once it
@@ -767,6 +784,7 @@ void load_persist_props(void) {
}
persistent_properties_loaded = true;
property_set("ro.persistent_properties.ready", "true");
+ check_rlim_action();
}
// If the ro.product.[brand|device|manufacturer|model|name] properties have not been explicitly
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 893998c..1605a2f 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -848,3 +848,8 @@ on property:ro.debuggable=1
service flash_recovery /system/bin/install-recovery.sh
class main
oneshot
+
+# corefile limit
+on property:persist.debug.trace=1
+ mkdir /data/core 0777 root root
+ write /proc/sys/kernel/core_pattern "/data/core/%E.%p.%e"
diff --git a/runtime/native/dalvik_system_ZygoteHooks.cc b/runtime/native/dalvik_system_ZygoteHooks.cc
index de28c28..706c0c9 100644
--- a/runtime/native/dalvik_system_ZygoteHooks.cc
+++ b/runtime/native/dalvik_system_ZygoteHooks.cc
@@ -44,6 +44,8 @@
#include "thread_list.h"
#include "trace.h"
+#include <sys/prctl.h>
+
#include <sys/resource.h>
namespace art {
@@ -235,6 +237,22 @@ static uint32_t EnableDebugFeatures(uint32_t runtime_flags) {
runtime_flags &= ~DEBUG_GENERATE_DEBUG_INFO;
}
+
+ rlimit rl;
+ rl.rlim_cur = 0;
+ char prop_value[1024];
+ prop_value[0] = '1';
+ // property_get("persist.debug.trace", prop_value, "0");
+ if (prop_value[0] == '1') {
+ LOG(INFO) << "setting RLIM to infinity for process " << getpid();
+ rl.rlim_cur = RLIM_INFINITY;
+ } else {
+ rl.rlim_cur = 0;
+ }
+ rl.rlim_max = RLIM_INFINITY;
+ if (setrlimit(RLIMIT_CORE, &rl) == -1) {
+ LOG(ERROR) << "setrlimit(RLIMIT_CORE) failed for pid " << getpid();
+ }
return runtime_flags;
}
重新編譯系統後,刷入boot.img與system.img
通過設置屬性
setprop persist.debug.trace 1
來打開coredump
通過kill -6 pid 觸發coredump,成功後會在/data/core/ 目錄下生成相應的coredump文件,將文件導入ida後開始分析