Fincer
/
anbox-install
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Custom Anbox installation files & patches, including patched Android OS image file.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
304 MiB
 
 
 
Tree: a8ebcfceef
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a8ebcfceef'
${ noResults }
 ZIP  TAR.GZ
Pekka Helenius a8ebcfceef Add installation steps doc 4 years ago
anbox_files Add wrapper script 4 years ago
androidOS_files Initial commit 4 years ago
LICENSE Initial commit 4 years ago
README.md Add installation steps doc 4 years ago
installation-steps.md Add installation steps doc 4 years ago

README.md

Anbox installation

This repository contains recommended Anbox configuration to run the program as securely as possible.

Many users misconfigure Anbox to run in privileged mode which permits real root access for Android system processes to a Linux system. Configuration in this repository contains proper settings to run Anbox in unprivileged mode, thus better protecting your Linux system from possibly malicious Android processes.

Additionally, this repository provides feature-patched Android OS image file for Anbox, and several other improvements.

PKGBUILD file is Arch Linux specific file. Otherwise, you can use rest of the files on any Linux distribution.

Anbox installation

Anbox installation steps are roughly described in Installation Steps.

Anbox files

Many files have originally been provided by anbox-git AUR package. However, small changes have been made.

Changes and additions

# anbox-bridge.network (systemd-networkd file)

  • Added [Network] entry ConfigureWithoutCarrier=yes

  • Added IPv4 broadcast address 192.168.250.255 into [Address] section

  • Removed IPMasquerade=yes entry from [Address] section. Depending on your network topology, you may want to keep this option. I don't need or use it.

# anbox-container-manager.service (Systemd service file)

  • Changed [Service] entry ExecStart=... from
ExecStart=/usr/bin/anbox container-manager --daemon --privileged --data-path=/var/lib/anbox

to

ExecStart=/usr/bin/anbox container-manager --daemon --data-path=/var/lib/anbox

  • Multiple security-related additions

  • Added [Unit] entries

Wants=lxc.service
After=lxc.service

# anbox-session-manager.service (Systemd service file)

  • Added [Service] entry Environment=ANBOX_FORCE_SERVER_SIDE_DECORATION=true

# subuid & subgid

LXC container user and group mapping files /etc/subuid and /etc/subgid for Android OS container.

# anbox-session-manager (shell script)

Simple wrapper script to be added into desktop startup program configuration. This is a simple work around script. If anbox-session-manager Systemd service is launched before X11 session, launching the X11 session fails for unknown reasons. This script ensures that X11 session is launched before anbox-session-manager Systemd service.

Place into /usr/local/bin/ folder.

Patch files

Android OS files

Contains Android OS image file with additional patches. Base Android version is 7.1.1_r13. The compiled image source code is purely based on Android Open Source Project codebase.

On Arch Linux, you can use anbox-image AUR package as reference to install this custom Android image. Or just simply copy the image into /var/lib/anbox/, overriding the original Android OS image file android.img.

Additional features:

  • Server-side decoration support

  • Audio timing fix for stream videos

  • Default Gallery app no longer pauses video playback when changing focus to another Android application

  • Avoid unnecessary Linux kernel warnings by removing unused Android-native features

Patch files

Compiled Android OS image file android.img with the following patches applied: