Custom Anbox installation files & patches, including patched Android OS image file.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Pekka Helenius f5036604b4 Be more specific about managers 4 years ago
anbox_files Be more specific about managers 4 years ago
androidOS_files Add anbox-image-custom PKGBUILD file 4 years ago
LICENSE Initial commit 4 years ago
README.md Re-factor README 4 years ago
installation-steps.md Update modprobe cmd 4 years ago

README.md

Anbox installation

This repository contains recommended Anbox configuration to run the program as securely as possible.

Many users misconfigure Anbox to run in privileged mode which permits real root access for Android system processes to a Linux system. Configuration in this repository contains proper settings to run Anbox in unprivileged mode, thus better protecting your Linux system from possibly malicious Android processes.

Additionally, this repository provides feature-patched Android OS image file patches for Anbox, and several other improvements. See and get available Android images on https://fjordtek.com/public/applications/anbox/images/.

PKGBUILD file is Arch Linux specific file. Otherwise, you can use rest of the files on any Linux distribution.

Anbox installation

Anbox installation steps are roughly described in Installation Steps.

Anbox files

Subdirectory anbox_files. Many files have originally been provided by anbox-git AUR package. However, small changes have been made.

Changes and additions

# anbox-bridge.network (systemd-networkd file)

  • Added [Network] entry ConfigureWithoutCarrier=yes

  • Added IPv4 broadcast address 192.168.250.255 into [Address] section

  • Removed IPMasquerade=yes entry from [Address] section. Depending on your network topology, you may want to keep this option. I don't need or use it.

# anbox-container-manager.service (Systemd service file)

  • Changed [Service] entry ExecStart=... from
ExecStart=/usr/bin/anbox container-manager --daemon --privileged --data-path=/var/lib/anbox

to

ExecStart=/usr/bin/anbox container-manager --daemon --data-path=/var/lib/anbox
  • Multiple security-related additions

  • Added [Unit] entries

Wants=lxc.service
After=lxc.service

# anbox-session-manager.service (Systemd service file)

  • Added [Service] entry Environment=ANBOX_FORCE_SERVER_SIDE_DECORATION=true

# subuid & subgid

LXC container user and group mapping files /etc/subuid and /etc/subgid for Android OS container.

# anbox-session-manager (shell script)

Simple wrapper script to be added into desktop startup program configuration. This is a simple work around script. If anbox-session-manager Systemd service is launched before X11 session, launching the X11 session fails for unknown reasons. This script ensures that X11 session is launched before anbox-session-manager Systemd service.

Place into /usr/local/bin/ folder and set as executable (chmod +x <file/path>).


Patch files

Patch file Description
patch_audio01_timing.patch, patch_audio02_pass-messenger.patch GitHub: Anbox PR #1034 - Implement audio timing
patch_bytesize-to-bytesizelong.patch GitHub: Anbox PR #1480 - rpc: use ByteSizeLong from protobuf
patch_cm-helpmenu-unhidden.patch Unhide container-manager options in Anbox executable help menu
patch_cm-privileged-warn.patch Add not recommended note into --privileged parameter description
patch_python3.patch GitHub: Anbox issue - Python 2 is EOL: comment by karuboniru
patch_remove-unknown-opt.patch Remove unknown compilation time G++ option
patch_window-restored.patch Some Android applications such as NewPipe require SDL_WINDOWEVENT_RESTORED handling so that application window contents are correctly rendered after minimize/maximize operations.
patch_window-icons.patch Set SDL window icon property for each application window by using application specific PNG icons. Adds value for _NET_WM_ICON property in X11 environment (xprop command).

Android OS files

Subdirectory androidOS_files. Contains Android OS image file build instructions and additional patches. You find patched Android image along with additional information and possible other images on https://fjordtek.com/public/applications/anbox/images/.

Compiled Android image source code is purely based on Android Open Source Project codebase.

On Arch Linux, you can use anbox-image AUR package. If you want to use the patched image, use either provided anbox-image-custom PKGBUILD or simply directly copy the patched Android image file into /var/lib/anbox/ as android.img.

Patch files

Provided patch files are applied to the patched Android OS image file android_7.1.1_r13_patched.img (direct link). The patch files are as follows:

Patch file Description
patch_audio01_timing.patch, patch_audio02_pass-messenger.patch As above
patch_gallery2_no-activity-checks.patch Remove video & audio pause functionality from default Android OS system application com.android.gallery3d as the pause functionality does not fit into Linux desktop environment when running multiple Android applications simultaneously.
patch_initcgroups.patch Remove unnecessary cgroups and related mount points from containerized Android OS system. Remove cpusets. Both options generate unnecessary Linux main system kernel dmesg output and both options fail.