Hacking Android
"May I clarify the question... who knows foreign office secrets apart from
the foreign office?"
"Oh, that's easy, only the Kremlin."
- Yes Prime Minister S01E06 A Victory for Democracy
The problem with Android and selinux (the customised selinux of the Android Open Source Project) is that it is difficult to disable.
My Oukitel C8 runs Android 7.0 and kernel 3.18.35+ and my best hope it to re-compile init and the SELinux libraries and simply pretend that when called the operation was successful.
Beginning...
Prepare for downloading the source:
I decided that it would be best to install the required stuff in a docker
container. The container image I use is debian:buster
.
docker run -it --volume /root/android:/root --name androidbuild \
--hostname androidbuild debian:buster
Then install the required development packages. The android NDK has an binary of the arm LLVM clang cross compiler for compiling the actual android code, the NDK files are installed along with the rest of AOSP.
apt-get update
apt-get install bison g++-multilib git gperf libxml2-utils
apt-get install make zlib1g-dev:i386 zip
apt-get install curl python2.7
* zlib1g-dev:i386 did not work for me... I just deleted :i386...
From here the /root
directory is actually the directory mapped in the above
docker command... it could even be /home/ben/aosp
.
Install the repo tool:
cd ~
mkdir ~/bin
export PATH=~/bin:$PATH
curl https://storage.googleapis.com/git-repo-downloads/repo > ~/bin/repo
chmod a+x ~/bin/repo
# make python invoke python2.7
ln -s /usr/bin/python2.7 bin/python
Once the build tools are all installed get a 1.8 release of Java from Oracle or maybe the OpenJDK.
Special note for Alpine Linux: for some reason openjdk could not complete
its install process successfully, complaining of something like:
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00
To fix this I found that one can set a kernel parameter on the host:
echo 1 > /proc/sys/kernel/pax/softmode
or kernel.pax.softmode=1
in /etc/sysctl.conf
.
apt-get install openjdk-8-jdk-headless
AOSP Downloading Instructions | Sony Xperia Open Devices
Preparation Complete, Now Clone Repositories
Configure git for use in he container:
git config --global user.email "alfred@example.com"
git config --global user.name "Alfred Example"
This is going to hurt, the AOSP source code is very big :-(...
mkdir android
cd android
repo init -u https://android.googlesource.com/platform/manifest -b android-7.0.0_r34
repo sync
Of course the last argument can be changed depending on your requirements. It happens that my Oukitel C8 is running Nougat 7.0.0 (well, the settings page says 7.0 so it has to be close). A full list is available:
Building init
Well, that took a while... as I said, lots of code. Now to setup our build
environment and make init
.
. build/envsetup.sh
lunch aosp_arm-eng
make libc
make libc++
make libinit_parser
make out/target/product/generic/root/init
This will compile init
for the 32bit ARM architecture. To see a list of
available lunch
options do not include the argument aosp_arm-eng
.
Check in the out/target/product/generic/root/
directory for the newly
build executable:
file out/target/product/generic/root/init
...: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV) ...
Building other utilities
It is likely you have adb
and fastboot
from the NDK or Android Studio
but the source is included with AOSP so they can be compiled...
make out/host/linux-x86/bin/adb
make out/host/linux-x86/bin/fastboot
Of course you can always just make the entire tree:
make
or faster with
make -j4
I simply want to try and disable selinux on my phone and so I didn't want to compile 90GiB of code...
When compiling the process stopped at Jack with "unbound variable USER" quite odd, I set the environment variable and re-ran make.
Install the custom init
on the Oukitel C8
init
is included in the boot.img
file in the CPIO archive, details on
how to extract and create a CPIO archive for the C8 are available on the
C8 page.
https://stackoverflow.com/questions/13139394/building-a-particular-module-in-the-android-source-code