Fincer
/
anbox-install
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Custom Anbox installation files & patches, including patched Android OS image file.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
304 MiB
Tree: 7575186755
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7575186755'
${ noResults }
anbox-install/README.md

118 lines
5.2 KiB
Raw Normal View History

Initial commit
4 years ago
Initial commit
4 years ago
Initial commit
4 years ago
Add wrapper script
4 years ago
Initial commit
4 years ago
 
  1. # Anbox install files

  2. 

  3. This repository contains recommended Anbox configuration to run the program as securely as possible.
  4. 

  5. Many users misconfigure Anbox to run in privileged mode which permits real root access for Android system processes to a Linux system. Configuration in this repository contains proper settings to run Anbox in _unprivileged mode_, thus better protecting your Linux system from possibly malicious Android processes.
  6. 

  7. `PKGBUILD` file is Arch Linux specific file. Otherwise, you can use rest of the files on any Linux distribution.
  8. 

  9. ## Anbox files

  10. 

  11. Many files have originally been provided by [anbox-git AUR package](https://aur.archlinux.org/packages/anbox-git/). However, small changes have been made.
  12. 

  13. ### Changes and additions

  14. 

  15. #### [anbox-bridge.network](anbox_files/anbox-bridge.network) (systemd-networkd file)

  16. 

  17. - Added `[Network]` entry `ConfigureWithoutCarrier=yes`
  18. 

  19. - Added IPv4 broadcast address `192.168.250.255` into `[Address]` section
  20. 

  21. - Removed `IPMasquerade=yes` entry from `[Address]` section. Depending on your network topology, you may want to keep this option. I don't need or use it.
  22. 

  23. #### [anbox-container-manager.service](anbox_files/anbox-container-manager.service) (Systemd service file)

  24. 

  25. - Changed `[Service]` entry `ExecStart=...` from
  26. 

  27. ```
  28. ExecStart=/usr/bin/anbox container-manager --daemon --privileged --data-path=/var/lib/anbox
  29. ```
  30. 

  31. to
  32. 

  33. ```
  34. ExecStart=/usr/bin/anbox container-manager --daemon --data-path=/var/lib/anbox
  35. ```
  36. 

  37. - Multiple security-related additions
  38. 

  39. - Added `[Unit]` entries
  40. 

  41. ```
  42. Wants=lxc.service
  43. After=lxc.service
  44. ```
  45. 

  46. #### [anbox-session-manager.service](anbox_files/anbox-session-manager.service) (Systemd service file)

  47. 

  48. - Added `[Service]` entry `Environment=ANBOX_FORCE_SERVER_SIDE_DECORATION=true`
  49. 

  50. #### [subuid](anbox_files/subuid) & [subgid](anbox_files/subgid)

  51. 

  52. LXC container user and group mapping files `/etc/subuid` and `/etc/subgid` for Android OS container.
  53. 

  54. #### anbox-session-manager (shell script)

  55. 

  56. Simple wrapper script to be added into desktop startup program configuration. This is a simple work around script. If `anbox-session-manager` Systemd service is launched _before_ X11 session, launching the X11 session fails for unknown reasons. This script ensures that X11 session is launched _before_ `anbox-session-manager` Systemd service.
  57. 

  58. Place into `/usr/local/bin/` folder.
  59. 

  60. #### Patch files

  61. 

  62. - [patch_audio01_timing.patch](anbox_files/patch_audio01_timing.patch) & [patch_audio02_pass-messenger.patch](anbox_files/patch_audio02_pass-messenger.patch)
  63. 

  64.   - Details: [GitHub: Anbox PR #1034 - Implement audio timing](https://github.com/anbox/anbox/pull/1034)
  65. 

  66. - [patch_bytesize-to-bytesizelong.patch](anbox_files/patch_bytesize-to-bytesizelong.patch)
  67. 

  68.   - Details: [GitHub: Anbox PR #1480 - rpc: use ByteSizeLong from protobuf](https://github.com/anbox/anbox/pull/1480)
  69. 

  70. - [patch_cm-helpmenu-unhidden.patch](anbox_files/patch_cm-helpmenu-unhidden.patch)
  71. 

  72.   - Details: personal patch to unhide `container-manager` options in Anbox executable help menu
  73. 

  74. - [patch_cm-privileged-warn.patch](anbox_files/patch_cm-privileged-warn.patch)
  75. 

  76.   - Details: personal patch to add `not recommended` note into `--privileged` parameter description
  77. 

  78. - [patch_python3.patch](anbox_files/patch_python3.patch)
  79. 

  80.   - Details: [GitHub: Anbox issue - Python 2 is EOL: comment by karuboniru](https://github.com/anbox/anbox/issues/1478#issuecomment-638055086)
  81. 

  82. - [patch_remove-unknown-opt.patch](anbox_files/patch_remove-unknown-opt.patch)
  83. 

  84.   - Details: personal patch to remove unknown compilation time G++ option
  85. 

  86. ## Android OS files

  87. 

  88. Contains Android OS image file with additional patches. Base Android version is `7.1.1_r13`. The compiled image source code is purely based on [Android Open Source Project codebase](https://android.googlesource.com/).
  89. 

  90. On Arch Linux, you can use [anbox-image AUR package](https://aur.archlinux.org/packages/anbox-image/) as reference to install this custom Android image. Or just simply copy the image into `/var/lib/anbox/`, overriding the original Android OS image file `android.img`.
  91. 

  92. ### Additional features:

  93. 

  94. - Server-side decoration support
  95. 

  96. - Audio timing fix for stream videos
  97. 

  98. - Default Gallery app no longer pauses video playback when changing focus to another Android application
  99. 

  100. - Avoid unnecessary Linux kernel warnings by removing unused Android-native features
  101. 

  102. ### Patch files

  103. 

  104. Compiled Android OS image file `android.img` with the following patches applied:
  105. 

  106. - [patch_audio01_timing.patch](androidOS_files/patch_audio01_timing.patch) & [patch_audio02_pass-messenger.patch](androidOS_files/patch_audio02_pass-messenger.patch)
  107. 

  108.   - Details: as above
  109. 

  110. - [patch_gallery2_no-activity-checks.patch](androidOS_files/patch_gallery2_no-activity-checks.patch)
  111. 

  112.   - Details: remove video & audio pause functionality from default Android OS system application `com.android.gallery3d` as the pause functionality does not fit into Linux desktop environment when running multiple Android applications simultaneosly.
  113. 

  114. - [patch_initcgroups.patch](androidOS_files/patch_initcgroups.patch)
  115. 

  116.   - Remove unnecessary cgroups and related mount points from containerized Android OS system. Remove cpusets.
  117. 

  118.     - Both options generate unnecessary Linux main system kernel `dmesg` output and both options fail.