Fincer
/
anbox-install
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Custom Anbox installation files & patches, including patched Android OS image file.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11 Commits
1 Branch
304 MiB
Tree: 4565d1a4c1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4565d1a4c1'
${ noResults }
anbox-install/README.md

122 lines
6.0 KiB
Raw Normal View History

Add installation steps doc
4 years ago
Initial commit
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Add installation steps doc
4 years ago
Initial commit
4 years ago
Move android.img outside the repository; Update README
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Add wrapper script
4 years ago
Move android.img outside the repository; Update README
4 years ago
Add wrapper script
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Move android.img outside the repository; Update README
4 years ago
Initial commit
4 years ago
Move android.img outside the repository; Update README
4 years ago
Initial commit
4 years ago
Move android.img outside the repository; Update README
4 years ago
Initial commit
4 years ago
Move android.img outside the repository; Update README
4 years ago
Initial commit
4 years ago
Move android.img outside the repository; Update README
4 years ago
Initial commit
4 years ago
Move android.img outside the repository; Update README
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Move android.img outside the repository; Update README
4 years ago
Initial commit
4 years ago
 
  1. # Anbox installation

  2. 

  3. This repository contains recommended Anbox configuration to run the program as securely as possible.
  4. 

  5. Many users misconfigure Anbox to run in privileged mode which permits real root access for Android system processes to a Linux system. Configuration in this repository contains proper settings to run Anbox in _unprivileged mode_, thus better protecting your Linux system from possibly malicious Android processes.
  6. 

  7. Additionally, this repository provides feature-patched Android OS image file for Anbox, and several other improvements.
  8. 

  9. `PKGBUILD` file is Arch Linux specific file. Otherwise, you can use rest of the files on any Linux distribution.
  10. 

  11. ## Anbox installation

  12. 

  13. Anbox installation steps are roughly described in [Installation Steps](installation-steps.md).
  14. 

  15. ## Anbox files

  16. 

  17. Subdirectory [anbox_files](anbox_files). Many files have originally been provided by [anbox-git AUR package](https://aur.archlinux.org/packages/anbox-git/). However, small changes have been made.
  18. 

  19. ### Changes and additions

  20. 

  21. #### # [anbox-bridge.network](anbox_files/anbox-bridge.network) (systemd-networkd file)

  22. 

  23. - Added `[Network]` entry `ConfigureWithoutCarrier=yes`
  24. 

  25. - Added IPv4 broadcast address `192.168.250.255` into `[Address]` section
  26. 

  27. - Removed `IPMasquerade=yes` entry from `[Address]` section. Depending on your network topology, you may want to keep this option. I don't need or use it.
  28. 

  29. #### # [anbox-container-manager.service](anbox_files/anbox-container-manager.service) (Systemd service file)

  30. 

  31. - Changed `[Service]` entry `ExecStart=...` from
  32. 

  33. ```
  34. ExecStart=/usr/bin/anbox container-manager --daemon --privileged --data-path=/var/lib/anbox
  35. ```
  36. 

  37. to
  38. 

  39. ```
  40. ExecStart=/usr/bin/anbox container-manager --daemon --data-path=/var/lib/anbox
  41. ```
  42. 

  43. - Multiple security-related additions
  44. 

  45. - Added `[Unit]` entries
  46. 

  47. ```
  48. Wants=lxc.service
  49. After=lxc.service
  50. ```
  51. 

  52. #### # [anbox-session-manager.service](anbox_files/anbox-session-manager.service) (Systemd service file)

  53. 

  54. - Added `[Service]` entry `Environment=ANBOX_FORCE_SERVER_SIDE_DECORATION=true`
  55. 

  56. #### # [subuid](anbox_files/subuid) & [subgid](anbox_files/subgid)

  57. 

  58. LXC container user and group mapping files `/etc/subuid` and `/etc/subgid` for Android OS container.
  59. 

  60. #### # anbox-session-manager (shell script)

  61. 

  62. Simple wrapper script to be added into desktop startup program configuration. This is a simple work around script. If `anbox-session-manager` Systemd service is launched _before_ X11 session, launching the X11 session fails for unknown reasons. This script ensures that X11 session is launched _before_ `anbox-session-manager` Systemd service.
  63. 

  64. Place into `/usr/local/bin/` folder and set as executable (`chmod +x <file/path>`).
  65. 

  66. ----------
  67. 

  68. #### Patch files

  69. 

  70. - [patch_audio01_timing.patch](anbox_files/patch_audio01_timing.patch) & [patch_audio02_pass-messenger.patch](anbox_files/patch_audio02_pass-messenger.patch)
  71. 

  72.   - Details: [GitHub: Anbox PR #1034 - Implement audio timing](https://github.com/anbox/anbox/pull/1034)
  73. 

  74. - [patch_bytesize-to-bytesizelong.patch](anbox_files/patch_bytesize-to-bytesizelong.patch)
  75. 

  76.   - Details: [GitHub: Anbox PR #1480 - rpc: use ByteSizeLong from protobuf](https://github.com/anbox/anbox/pull/1480)
  77. 

  78. - [patch_cm-helpmenu-unhidden.patch](anbox_files/patch_cm-helpmenu-unhidden.patch)
  79. 

  80.   - Details: personal patch to unhide `container-manager` options in Anbox executable help menu
  81. 

  82. - [patch_cm-privileged-warn.patch](anbox_files/patch_cm-privileged-warn.patch)
  83. 

  84.   - Details: personal patch to add `not recommended` note into `--privileged` parameter description
  85. 

  86. - [patch_python3.patch](anbox_files/patch_python3.patch)
  87. 

  88.   - Details: [GitHub: Anbox issue - Python 2 is EOL: comment by karuboniru](https://github.com/anbox/anbox/issues/1478#issuecomment-638055086)
  89. 

  90. - [patch_remove-unknown-opt.patch](anbox_files/patch_remove-unknown-opt.patch)
  91. 

  92.   - Details: personal patch to remove unknown compilation time G++ option
  93. 

  94. - [patch_window-restored.patch](anbox_files/patch_window-restored.patch)
  95. 

  96.   - Details: Some Android applications such as [NewPipe](https://github.com/TeamNewPipe/NewPipe) require `SDL_WINDOWEVENT_RESTORED` handling so that application window contents are correctly rendered after minimize/maximize operations.
  97. 

  98. ## Android OS files

  99. 

  100. Subdirectory [androidOS_files](androidOS_files). Contains Android OS image file build instructions and additional patches. You find patched Android image along with additional information and possible other images on [https://fjordtek.com/public/applications/anbox/images/](https://fjordtek.com/public/applications/anbox/images/).
  101. 

  102. Compiled Android image source code is purely based on [Android Open Source Project codebase](https://android.googlesource.com/).
  103. 

  104. On Arch Linux, you can use [anbox-image AUR package](https://aur.archlinux.org/packages/anbox-image/). If you want to use the patched image, use either provided [anbox-image-custom PKGBUILD](androidOS_files/anbox-image-custom/PKGBUILD) or simply directly copy the patched Android image file into `/var/lib/anbox/` as `android.img`.
  105. 

  106. ### Patch files

  107. 

  108. Provided patch files are applied to the patched Android OS image file `android_7.1.1_r13_patched.img` ([direct link](https://fjordtek.com/public/applications/anbox/images/android_7.1.1_r13_patched.img)). The patch files are as follows:
  109. 

  110. - [patch_audio01_timing.patch](androidOS_files/patch_audio01_timing.patch) & [patch_audio02_pass-messenger.patch](androidOS_files/patch_audio02_pass-messenger.patch)
  111. 

  112.   - Details: as above
  113. 

  114. - [patch_gallery2_no-activity-checks.patch](androidOS_files/patch_gallery2_no-activity-checks.patch)
  115. 

  116.   - Details: remove video & audio pause functionality from default Android OS system application `com.android.gallery3d` as the pause functionality does not fit into Linux desktop environment when running multiple Android applications simultaneosly.
  117. 

  118. - [patch_initcgroups.patch](androidOS_files/patch_initcgroups.patch)
  119. 

  120.   - Remove unnecessary cgroups and related mount points from containerized Android OS system. Remove cpusets.
  121. 

  122.     - Both options generate unnecessary Linux main system kernel `dmesg` output and both options fail.