GitLab

On Android Q, calling exec() on writable application files is a W^X violation and represents an unsafe application practice, because apps with vulnerabilities can be exploited to download code and execute it. We currently extract the Tor and obfsproxy binaries into our writeable app data dir, so we are affected by this policy change.

It should still be possible to package the binaries into the application's native libs directory and enable android:extractNativeLibs=true (is enabled by default), and then call exec() on the read-only /data/app artifacts. A similar approach is done with the wrap.sh functionality, documented at https://developer.android.com/ndk/guides/wrap-script#packaging_wrapsh .

Additionally, please be aware that executables executed via exec() are not managed according to the Android process lifecycle, and generally speaking, exec() is discouraged from Android applications. While not Android documentation, https://stackoverflow.com/questions/16179062/using-exec-with-ndk covers this in some detail. Relying on exec() may be problematic in future Android versions.

Fixing this, might make #1278 a lot easier.