Fincer
/
anbox-install
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Custom Anbox installation files & patches, including patched Android OS image file.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
304 MiB
Tree: a8ebcfceef
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a8ebcfceef'
${ noResults }
anbox-install/README.md

128 lines
5.4 KiB
Raw Normal View History

Add installation steps doc
4 years ago
Initial commit
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Add installation steps doc
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Add wrapper script
4 years ago
Update README
4 years ago
Initial commit
4 years ago
Update README
4 years ago
Initial commit
4 years ago
 
  1. # Anbox installation

  2. 

  3. This repository contains recommended Anbox configuration to run the program as securely as possible.
  4. 

  5. Many users misconfigure Anbox to run in privileged mode which permits real root access for Android system processes to a Linux system. Configuration in this repository contains proper settings to run Anbox in _unprivileged mode_, thus better protecting your Linux system from possibly malicious Android processes.
  6. 

  7. Additionally, this repository provides feature-patched Android OS image file for Anbox, and several other improvements.
  8. 

  9. `PKGBUILD` file is Arch Linux specific file. Otherwise, you can use rest of the files on any Linux distribution.
  10. 

  11. ## Anbox installation

  12. 

  13. Anbox installation steps are roughly described in [Installation Steps](installation-steps.md).
  14. 

  15. ## Anbox files

  16. 

  17. Many files have originally been provided by [anbox-git AUR package](https://aur.archlinux.org/packages/anbox-git/). However, small changes have been made.
  18. 

  19. ### Changes and additions

  20. 

  21. #### # [anbox-bridge.network](anbox_files/anbox-bridge.network) (systemd-networkd file)

  22. 

  23. - Added `[Network]` entry `ConfigureWithoutCarrier=yes`
  24. 

  25. - Added IPv4 broadcast address `192.168.250.255` into `[Address]` section
  26. 

  27. - Removed `IPMasquerade=yes` entry from `[Address]` section. Depending on your network topology, you may want to keep this option. I don't need or use it.
  28. 

  29. #### # [anbox-container-manager.service](anbox_files/anbox-container-manager.service) (Systemd service file)

  30. 

  31. - Changed `[Service]` entry `ExecStart=...` from
  32. 

  33. ```
  34. ExecStart=/usr/bin/anbox container-manager --daemon --privileged --data-path=/var/lib/anbox
  35. ```
  36. 

  37. to
  38. 

  39. ```
  40. ExecStart=/usr/bin/anbox container-manager --daemon --data-path=/var/lib/anbox
  41. ```
  42. 

  43. - Multiple security-related additions
  44. 

  45. - Added `[Unit]` entries
  46. 

  47. ```
  48. Wants=lxc.service
  49. After=lxc.service
  50. ```
  51. 

  52. #### # [anbox-session-manager.service](anbox_files/anbox-session-manager.service) (Systemd service file)

  53. 

  54. - Added `[Service]` entry `Environment=ANBOX_FORCE_SERVER_SIDE_DECORATION=true`
  55. 

  56. #### # [subuid](anbox_files/subuid) & [subgid](anbox_files/subgid)

  57. 

  58. LXC container user and group mapping files `/etc/subuid` and `/etc/subgid` for Android OS container.
  59. 

  60. #### # anbox-session-manager (shell script)

  61. 

  62. Simple wrapper script to be added into desktop startup program configuration. This is a simple work around script. If `anbox-session-manager` Systemd service is launched _before_ X11 session, launching the X11 session fails for unknown reasons. This script ensures that X11 session is launched _before_ `anbox-session-manager` Systemd service.
  63. 

  64. Place into `/usr/local/bin/` folder.
  65. 

  66. ----------
  67. 

  68. #### Patch files

  69. 

  70. - [patch_audio01_timing.patch](anbox_files/patch_audio01_timing.patch) & [patch_audio02_pass-messenger.patch](anbox_files/patch_audio02_pass-messenger.patch)
  71. 

  72.   - Details: [GitHub: Anbox PR #1034 - Implement audio timing](https://github.com/anbox/anbox/pull/1034)
  73. 

  74. - [patch_bytesize-to-bytesizelong.patch](anbox_files/patch_bytesize-to-bytesizelong.patch)
  75. 

  76.   - Details: [GitHub: Anbox PR #1480 - rpc: use ByteSizeLong from protobuf](https://github.com/anbox/anbox/pull/1480)
  77. 

  78. - [patch_cm-helpmenu-unhidden.patch](anbox_files/patch_cm-helpmenu-unhidden.patch)
  79. 

  80.   - Details: personal patch to unhide `container-manager` options in Anbox executable help menu
  81. 

  82. - [patch_cm-privileged-warn.patch](anbox_files/patch_cm-privileged-warn.patch)
  83. 

  84.   - Details: personal patch to add `not recommended` note into `--privileged` parameter description
  85. 

  86. - [patch_python3.patch](anbox_files/patch_python3.patch)
  87. 

  88.   - Details: [GitHub: Anbox issue - Python 2 is EOL: comment by karuboniru](https://github.com/anbox/anbox/issues/1478#issuecomment-638055086)
  89. 

  90. - [patch_remove-unknown-opt.patch](anbox_files/patch_remove-unknown-opt.patch)
  91. 

  92.   - Details: personal patch to remove unknown compilation time G++ option
  93. 

  94. ## Android OS files

  95. 

  96. Contains Android OS image file with additional patches. Base Android version is `7.1.1_r13`. The compiled image source code is purely based on [Android Open Source Project codebase](https://android.googlesource.com/).
  97. 

  98. On Arch Linux, you can use [anbox-image AUR package](https://aur.archlinux.org/packages/anbox-image/) as reference to install this custom Android image. Or just simply copy the image into `/var/lib/anbox/`, overriding the original Android OS image file `android.img`.
  99. 

  100. ### Additional features:

  101. 

  102. - Server-side decoration support
  103. 

  104. - Audio timing fix for stream videos
  105. 

  106. - Default Gallery app no longer pauses video playback when changing focus to another Android application
  107. 

  108. - Avoid unnecessary Linux kernel warnings by removing unused Android-native features
  109. 

  110. ----------
  111. 

  112. ### Patch files

  113. 

  114. Compiled Android OS image file `android.img` with the following patches applied:
  115. 

  116. - [patch_audio01_timing.patch](androidOS_files/patch_audio01_timing.patch) & [patch_audio02_pass-messenger.patch](androidOS_files/patch_audio02_pass-messenger.patch)
  117. 

  118.   - Details: as above
  119. 

  120. - [patch_gallery2_no-activity-checks.patch](androidOS_files/patch_gallery2_no-activity-checks.patch)
  121. 

  122.   - Details: remove video & audio pause functionality from default Android OS system application `com.android.gallery3d` as the pause functionality does not fit into Linux desktop environment when running multiple Android applications simultaneosly.
  123. 

  124. - [patch_initcgroups.patch](androidOS_files/patch_initcgroups.patch)
  125. 

  126.   - Remove unnecessary cgroups and related mount points from containerized Android OS system. Remove cpusets.
  127. 

  128.     - Both options generate unnecessary Linux main system kernel `dmesg` output and both options fail.