一个安全补丁不再维护造成的case升级的fail问题
问题分析
测试命令:
run cts -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.CorruptApkTests#testSafeInstallOfCorruptAPK_b71360999 -a arm64-v8a
fail host log:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
02-25 11:16:13 W/AndroidNativeDevice: InstallException ( cause: ShellCommandUnresponsiveException) when attempting install /tmp/corruptapk1230584624101881124.apk on device 7ac4c90e 02-25 11:16:13 I/AndroidNativeDevice: Attempting recovery on 7ac4c90e 02-25 11:16:13 I/WaitDeviceRecovery: Pausing for 5000 for 7ac4c90e to recover 02-25 11:16:18 I/AndroidNativeDeviceStateMonitor: Device 7ac4c90e is already ONLINE 02-25 11:16:18 I/AndroidNativeDeviceStateMonitor: Waiting 30000 ms for device 7ac4c90e shell to be responsive 02-25 11:16:18 I/AndroidNativeDeviceStateMonitor: Device 7ac4c90e is already ONLINE 02-25 11:16:18 I/AndroidNativeDeviceStateMonitor: Waiting 239999 ms for device 7ac4c90e boot complete 02-25 11:16:18 I/DeviceStateMonitor: Waiting 239945 ms for device 7ac4c90e package manager 02-25 11:16:19 I/AndroidNativeDeviceStateMonitor: Waiting 238695 ms for device 7ac4c90e external store 02-25 11:16:20 I/AndroidNativeDeviceStateMonitor: Device 7ac4c90e is already ONLINE 02-25 11:16:20 I/AndroidNativeDevice: root is required for encryption 02-25 11:16:20 I/AndroidNativeDevice: adb is already running as root on 7ac4c90e 02-25 11:16:20 I/TestDevice: Attempting to disable keyguard on 7ac4c90e using input keyevent 82 02-25 11:16:20 I/AndroidNativeDevice: Recovery successful for 7ac4c90e |
这种一般有两种情况: 1.adb异常 2.测试过程中手机异常重启
再看device log:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
02-24 20:12:11.451 19176 19297 W ResourceType: No package identifier when getting name for resource number 0x00000000 02-24 20:12:11.453 19176 19297 W ResourceType: ResStringPool_header header size 0x0001 is too small. 02-24 20:12:11.453 19176 19297 F ResourceType: Bad string block: malformed block dimensions 02-24 20:12:11.458 19176 19297 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 19297 (PackageInstalle) 02-24 20:12:11.459 18902 18902 W : debuggerd: handling request: pid=19176 uid=1000 gid=1000 tid=19297 02-24 20:12:11.460 18902 18902 I MIUINDBG_HOOK: hook hook_sigtimedwait 02-24 20:12:11.610 22839 22839 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 02-24 20:12:11.611 22839 22839 F DEBUG : Build fingerprint: 'Xiaomi/hydrogen/hydrogen:7.0/NRD90M/9.2.14:user/release-keys' 02-24 20:12:11.611 22839 22839 F DEBUG : Revision: '0' 02-24 20:12:11.611 22839 22839 F DEBUG : ABI: 'arm64' 02-24 20:12:11.611 22839 22839 F DEBUG : pid: 19176, tid: 19297, name: PackageInstalle >>> system_server <<< 02-24 20:12:11.611 22839 22839 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- 02-24 20:12:11.626 22839 22839 F DEBUG : Abort message: 'Bad string block: malformed block dimensions' 02-24 20:12:11.626 22839 22839 F DEBUG : x0 0000000000000000 x1 0000000000004b61 x2 0000000000000006 x3 0000000000000008 02-24 20:12:11.626 22839 22839 F DEBUG : x4 203a70616d646900 x5 0000000000000000 x6 0000007f9a0ad000 x7 0000000000000000 02-24 20:12:11.627 22839 22839 F DEBUG : x8 0000000000000083 x9 ffffffffffffffdf x10 0000000000000000 x11 0000000000000001 02-24 20:12:11.627 22839 22839 F DEBUG : x12 ffffffffffffffff x13 0000000000000000 x14 0000000000000000 x15 001b09f143bf2dc1 02-24 20:12:11.627 22839 22839 F DEBUG : x16 0000007f9680bed8 x17 0000007f967b94d0 x18 0000000000000000 x19 0000007f7c1054f8 02-24 20:12:11.627 22839 22839 F DEBUG : x20 0000000000000006 x21 0000007f7c105450 x22 0000000000000002 x23 0000000000000000 02-24 20:12:11.627 22839 22839 F DEBUG : x24 0000007f7b3dc918 x25 0000007f7b3dc900 x26 bd013719673bf5f7 x27 00000000ffffffed 02-24 20:12:11.627 22839 22839 F DEBUG : x28 000000000000007f x29 0000007f7c103f10 x30 0000007f967b6960 02-24 20:12:11.627 22839 22839 F DEBUG : sp 0000007f7c103ef0 pc 0000007f967b94d8 pstate 0000000060000000 02-24 20:12:12.155 22839 22839 F DEBUG : 02-24 20:12:12.155 22839 22839 F DEBUG : backtrace: 02-24 20:12:12.155 22839 22839 F DEBUG : #00 pc 000000000006b4d8 /system/lib64/[libc.so](http://libc.so/) (tgkill+8) 02-24 20:12:12.155 22839 22839 F DEBUG : #01 pc 000000000006895c /system/lib64/[libc.so](http://libc.so/) (pthread_kill+64) 02-24 20:12:12.155 22839 22839 F DEBUG : #02 pc 0000000000023ea8 /system/lib64/[libc.so](http://libc.so/) (raise+24) 02-24 20:12:12.155 22839 22839 F DEBUG : #03 pc 000000000001c92c /system/lib64/[libc.so](http://libc.so/) (abort+52) 02-24 20:12:12.155 22839 22839 F DEBUG : #04 pc 0000000000010d60 /system/lib64/[libcutils.so](http://libcutils.so/) (__android_log_assert+232) 02-24 20:12:12.155 22839 22839 F DEBUG : #05 pc 000000000001eea0 /system/lib64/[libandroidfw.so](http://libandroidfw.so/) (_ZN7android13ResStringPool5setToEPKvmb+848) 02-24 20:12:12.155 22839 22839 F DEBUG : #06 pc 00000000000259e8 /system/lib64/[libandroidfw.so](http://libandroidfw.so/)(_ZN7android8ResTable12parsePackageEPKNS_16ResTable_packageEPKNS0_6HeaderEbb+628) 02-24 20:12:12.155 22839 22839 F DEBUG : #07 pc 0000000000024b00 /system/lib64/[libandroidfw.so](http://libandroidfw.so/)(_ZN7android8ResTable11addInternalEPKvmS2_mbibb+708) 02-24 20:12:12.155 22839 22839 F DEBUG : #08 pc 0000000000024fdc /system/lib64/[libandroidfw.so](http://libandroidfw.so/)(_ZN7android8ResTable3addEPNS_5AssetES2_ibbb+228) 02-24 20:12:12.155 22839 22839 F DEBUG : #09 pc 000000000001788c /system/lib64/[libandroidfw.so](http://libandroidfw.so/)(_ZNK7android12AssetManager20appendPathToResTableERKNS0_10asset_pathEb+660) 02-24 20:12:12.155 22839 22839 F DEBUG : #10 pc 00000000000174bc /system/lib64/[libandroidfw.so](http://libandroidfw.so/)(_ZN7android12AssetManager12addAssetPathERKNS_7String8EPibb+644) 02-24 20:12:12.155 22839 22839 F DEBUG : #11 pc 00000000000f5728 /system/lib64/[libandroid_runtime.so](http://libandroid_runtime.so/) 02-24 20:12:12.155 22839 22839 F DEBUG : #12 pc 0000000001cf5544 /system/framework/arm64/boot-framework.oat (offset 0x196e000) (android.content.res.AssetManager.addAssetPathNative+160) 02-24 20:12:12.155 22839 22839 F DEBUG : #13 pc 0000000001cf5400 /system/framework/arm64/boot-framework.oat (offset 0x196e000) (android.content.res.AssetManager.addAssetPathInternal+92) 02-24 20:12:12.155 22839 22839 F DEBUG : #14 pc 0000000001cf7ab8 /system/framework/arm64/boot-framework.oat (offset 0x196e000) (android.content.res.AssetManager.addAssetPath+52) 02-24 20:12:12.156 22839 22839 F DEBUG : #15 pc 0000000001cce910 /system/framework/arm64/boot-framework.oat (offset 0x196e000) ([android.content.pm](http://android.content.pm/).PackageParser.parseApkLite+332) 02-24 20:12:12.156 22839 22839 F DEBUG : #16 pc 00000000017fc974 /system/framework/oat/arm64/services.odex (offset 0xf4d000) |
那么,system_server重启了导致case中断
失败原因
这个很明显发生了NE,且又能复现,这个就非常方便了,直接抓coredump看一下
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
#0 tgkill () at bionic/libc/arch-arm64/syscalls/tgkill.S:9 #1 0x0000007f7fb0b960 in pthread_kill (t=<optimized out>, sig=6) at bionic/libc/bionic/pthread_kill.cpp:45 #2 0x0000007f7fac6eac in raise (sig=2625) at bionic/libc/bionic/raise.cpp:34 #3 0x0000007f7fabf930 in abort () at bionic/libc/bionic/abort.cpp:47 #4 0x0000007f80ff4d64 in __android_log_assert (cond=<optimized out>, tag=0x7f7df5ef7c "ResourceType", fmt=<optimized out>) at system/core/liblog/logger_write.c:489 #5 0x0000007f7df48ea4 in android::ResStringPool::setTo (this=0x7f702f8358, data=0x7f4d0bf1a4, size=164480, copyData=false) at frameworks/base/libs/androidfw/ResourceTypes.cpp:478 #6 0x0000007f7df4f9ec in android::ResTable::parsePackage (this=0x7f703a3400, pkg=0x7f4d0bf084, header=0x7f62f7d860, appAsLib=<optimized out>, isSystemAsset=false) at frameworks/base/libs/androidfw/ResourceTypes.cpp:6269 #7 0x0000007f7df4eb04 in android::ResTable::addInternal (this=<optimized out>, data=<optimized out>, dataSize=<optimized out>, idmapData=<optimized out>, idmapDataSize=<optimized out>, appAsLib=<optimized out>, cookie=<optimized out>, copyData=<optimized out>, isSystemAsset=<optimized out>) at frameworks/base/libs/androidfw/ResourceTypes.cpp:3932 #8 0x0000007f7df4efe0 in android::ResTable::add (this=0x7f703a3400, asset=0x7f62ab2400, idmapAsset=<optimized out>, cookie=5, copyData=false, appAsLib=false, isSystemAsset=false) at frameworks/base/libs/androidfw/ResourceTypes.cpp:3773 #9 0x0000007f7df41890 in android::AssetManager::appendPathToResTable (this=0x7f62f15700, ap=..., appAsLib=<optimized out>) at frameworks/base/libs/androidfw/AssetManager.cpp:670 #10 0x0000007f7df414c0 in android::AssetManager::addAssetPath (this=<optimized out>, this@entry=0x7f62f15700, path=..., cookie=<optimized out>, cookie@entry=0x7f6369794c, appAsLib=<optimized out>, appAsLib@entry=false, isSystemAsset=<optimized out>, isSystemAsset@entry=false) at frameworks/base/libs/androidfw/AssetManager.cpp:223 #11 0x0000007f7f7c172c in android::android_content_AssetManager_addAssetPath (env=0x7f70250900, clazz=<optimized out>, path=0x7f63697938, appAsLib=0 '\000') at frameworks/base/core/jni/android_util_AssetManager.cpp:550 ---Type <return> to continue, or q <return> to quit--- #12 0x0000000073e00548 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) |
注意#4,#5两帧,这是发生重启的原因
|
1 2 3 4 5 6 7 |
pc = 0x7f7df48ea4 in android::ResStringPool::setTo (frameworks/base/libs/androidfw/ResourceTypes.cpp:478); saved pc = 0x7f7df4f9ec called by frame at 0x7f636976a0, caller of frame at 0x7f63697490 source language c++. Arglist at 0x7f63697490, args: this=0x7f702f8358, data=0x7f4d0bf1a4, size=164480, copyData=false Locals at 0x7f63697490, Previous frame's sp is 0x7f636974c0 Saved registers: x19 at 0x7f636974a8, x20 at 0x7f636974a0, x21 at 0x7f63697498, x22 at 0x7f63697490, x29 at 0x7f636974b0, x30 at 0x7f636974b8 |
第5帧对应
status_t ResStringPool::setTo(const void* data, size_t size, bool copyData)
然后查找这里的安全补丁,果然最近进了一个安全补丁,但因为B3不维护了,导致的case fail
后续
对于不维护安全补丁的机型,如何测CTS,感觉后续可以再商量下;这个看的没什么意义;