From 598a9c06c325db6d41cc840dedcb8ba34564c79f Mon Sep 17 00:00:00 2001
From: agnostic-apollo <agnosticapollo@gmail.com>
Date: Tue, 29 Aug 2023 08:43:25 +0500
Subject: [PATCH] Fixed: Ensure `am.apk` is not writable before loading it to
 prevent `SIGABRT` on Android `>= 14`

Closes termux/termux-packages#16255
---
 am-libexec-packaged | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/am-libexec-packaged b/am-libexec-packaged
index a88daa1..9798f79 100755
--- a/am-libexec-packaged
+++ b/am-libexec-packaged
@@ -1,6 +1,25 @@
 #!/data/data/com.termux/files/usr/bin/sh
 
 AM_APK_PATH="@TERMUX_PREFIX@/libexec/termux-am/am.apk"
+
+# If apk file is writable and current effective user is not root (0),
+# system (1000) and shell (2000), then remove write bit from apk
+# permissions for current used for Android >= 14 since it will trigger
+# the `SecurityException: Writable dex file '/path/to/am.apk' is not allowed.`
+# exception in logcat by SystemClassLoader and cause a SIGABRT for the
+# app_process.
+# - https://github.com/termux/termux-packages/issues/16255
+# - https://developer.android.com/about/versions/14/behavior-changes-14#safer-dynamic-code-loading
+# - https://cs.android.com/android/_/android/platform/art/+/03ac3eb0fc36be97f301ac60e85e1bb7ca52fa12
+# - https://cs.android.com/android/_/android/platform/art/+/d3a8a9e960d533f39b6bafc785599eae838a6351
+# - https://cs.android.com/android/_/android/platform/art/+/03ac3eb0fc36be97f301ac60e85e1bb7ca52fa12:runtime/native/dalvik_system_DexFile.cc;l=335
+if [ -w "$AM_APK_PATH" ]; then
+    user="$(id -u)"
+    if [ "$user" != "0" ] && [ "$user" != "1000" ] && [ "$user" != "2000" ]; then
+        chmod 0400 "$AM_APK_PATH" || exit $?
+    fi
+fi
+
 export CLASSPATH="$AM_APK_PATH"
 unset LD_LIBRARY_PATH LD_PRELOAD
 exec /system/bin/app_process -Xnoimage-dex2oat / com.termux.termuxam.Am "$@"