lzw-723/ClashMetaForAndroid
1
0
Fork 0
mirror of https://github.com/MetaCubeX/ClashMetaForAndroid.git synced 2026-05-09 18:11:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix seccomp prevented call to disallowed arm system call 422 on 32bits Androids <= 10

Browse Source
This commit is contained in:
wwqgtxx
2026-02-21 17:51:52 +08:00
parent fb9ffa0b82
commit 5cd01b178a
6 changed files with 109 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
.github/patch/disable_pidfd_on_android.patch vendored Normal file
View File

@@ -0,0 +1,33 @@
From 7115c480196f4bdcbdae5e14ebaa4510540680e9 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Tue, 27 Jan 2026 09:52:22 -0800
Subject: [PATCH] [tailscale] os: disable pidfd on Android
Updates tailscale/tailscale#13452
Updates golang/go#70508
Updates tailscale/go#99
---
src/os/pidfd_linux.go | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/os/pidfd_linux.go b/src/os/pidfd_linux.go
index 796d8c018c7f2a..5cdbf1175e0db5 100644
--- a/src/os/pidfd_linux.go
+++ b/src/os/pidfd_linux.go
@@ -138,6 +138,16 @@ func (p *Process) pidfdSendSignal(s syscall.Signal) error {
// pidfdWorks returns whether we can use pidfd on this system.
func pidfdWorks() bool {
+ if runtime.GOOS == "android" {
+ // Tailscale-specific workaround since https://github.com/golang/go/pull/69543/commits/aad6b3b32c81795f86bc4a9e81aad94899daf520
+ // does not solve https://github.com/golang/go/issues/69065 for Android apps using Go libraries.
+ //
+ // See: https://github.com/tailscale/tailscale/issues/13452
+ //
+ // For now (2025-04-09), we'll just disable pidfd
+ // on all Android releases.
+ return false
+ }
return checkPidfdOnce() == nil
}

56
.github/patch/remove_64bits_syscall_on_32bit_linux.patch vendored Normal file
View File

@@ -0,0 +1,56 @@
Subject: [PATCH] remove 64bits syscall on 32bit linux
---
Index: src/runtime/os_linux32.go
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/src/runtime/os_linux32.go b/src/runtime/os_linux32.go
--- a/src/runtime/os_linux32.go (revision 030384681641464bf71ed16500075c458363510f)
+++ b/src/runtime/os_linux32.go (date 1771666707318)
@@ -21,14 +21,14 @@
//go:nosplit
func futex(addr unsafe.Pointer, op int32, val uint32, ts *timespec, addr2 unsafe.Pointer, val3 uint32) int32 {
- if !isFutexTime32bitOnly.Load() {
- ret := futex_time64(addr, op, val, ts, addr2, val3)
- // futex_time64 is only supported on Linux 5.0+
- if ret != -_ENOSYS {
- return ret
- }
- isFutexTime32bitOnly.Store(true)
- }
+ //if !isFutexTime32bitOnly.Load() {
+ // ret := futex_time64(addr, op, val, ts, addr2, val3)
+ // // futex_time64 is only supported on Linux 5.0+
+ // if ret != -_ENOSYS {
+ // return ret
+ // }
+ // isFutexTime32bitOnly.Store(true)
+ //}
// Downgrade ts.
var ts32 timespec32
var pts32 *timespec32
@@ -49,14 +49,14 @@
//go:nosplit
func timer_settime(timerid int32, flags int32, new, old *itimerspec) int32 {
- if !isSetTime32bitOnly.Load() {
- ret := timer_settime64(timerid, flags, new, old)
- // timer_settime64 is only supported on Linux 5.0+
- if ret != -_ENOSYS {
- return ret
- }
- isSetTime32bitOnly.Store(true)
- }
+ //if !isSetTime32bitOnly.Load() {
+ // ret := timer_settime64(timerid, flags, new, old)
+ // // timer_settime64 is only supported on Linux 5.0+
+ // if ret != -_ENOSYS {
+ // return ret
+ // }
+ // isSetTime32bitOnly.Store(true)
+ //}
var newts, oldts itimerspec32
var new32, old32 *itimerspec32

5
.github/workflows/build-debug.yaml vendored
View File

@@ -32,6 +32,11 @@ jobs:
go-version: "1.26" go-version: "1.26"
check-latest: true # Always check for the latest patch release check-latest: true # Always check for the latest patch release
- name: Apply Patches
run: |
cd $(go env GOROOT)
for p in $GITHUB_WORKSPACE/.github/patch/*.patch; do patch --verbose -p 1 < "$p"; done
- uses: actions/cache@v4 - uses: actions/cache@v4
with: with:
path: | path: |

5
.github/workflows/build-pre-release.yaml vendored
View File

@@ -30,6 +30,11 @@ jobs:
go-version: "1.26" go-version: "1.26"
check-latest: true # Always check for the latest patch release check-latest: true # Always check for the latest patch release
- name: Apply Patches
run: |
cd $(go env GOROOT)
for p in $GITHUB_WORKSPACE/.github/patch/*.patch; do patch --verbose -p 1 < "$p"; done
- uses: actions/cache@v4 - uses: actions/cache@v4
with: with:
path: | path: |

5
.github/workflows/build-release.yaml vendored
View File

@@ -34,6 +34,11 @@ jobs:
go-version: "1.26" go-version: "1.26"
check-latest: true # Always check for the latest patch release check-latest: true # Always check for the latest patch release
- name: Apply Patches
run: |
cd $(go env GOROOT)
for p in $GITHUB_WORKSPACE/.github/patch/*.patch; do patch --verbose -p 1 < "$p"; done
- uses: actions/cache@v4 - uses: actions/cache@v4
with: with:
path: | path: |

5
.github/workflows/update-dependencies.yaml vendored
View File

@@ -27,6 +27,11 @@ jobs:
go-version: "1.26" go-version: "1.26"
check-latest: true # Always check for the latest patch release check-latest: true # Always check for the latest patch release
- name: Apply Patches
run: |
cd $(go env GOROOT)
for p in $GITHUB_WORKSPACE/.github/patch/*.patch; do patch --verbose -p 1 < "$p"; done
- uses: actions/cache@v4 - uses: actions/cache@v4
with: with:
path: | path: |