Android

A Note about sepolicy in Android Oreo. First thing first SELinux documents: SELinux for Android 8.0 What is SELinux? What is SEAndroid? SELinux Policy Concepts and Overview Android sepolicy files Policy path: /system/sepolicy BOARD_SEPOLICY_DIR (device/$VENDOR/$DEVICE/sepolicy/, device/$VENDOR/$DEVICE/common/sepolicy/) Policy Macros: system/sepolicy/public/te_macros system/sepolicy/public/global_macros system/sepolicy/public/ioctl_macros system/sepolicy/public/neverallow_macros system/sepolicy/private/mls_macros system/sepolicy/reqd_mask/mls_macros Security Context: file_contexts, labeling files infilesystem. property_contexts, labeling android system/vendor properties genfs_contexts, Pre-file labeling for /proc files, generic filesystem security contexts. seapp_contexts, used by zygote and installd via libselinux, mapping app UID andseinfofor /data/data directory hwservice_contexts, for hwservice manager to check vndservice_contestx, for vndservice manager to check service_contexts, for service manager to check Type Enforcement *.te Composing Policy for Android trebel Add domains for a service ...

A Note for SELinux and SEAndroid policy configuration. SEAndroid Security-Enhanced Linux in Android SELinux for Android 8 - Treble mode SEAndroid安全機制中的文件安全上下文關聯分析 - file_context SEAndroid安全機制中的進程安全上下文關聯分析 - process Android 8 Treble mode: Kernel early mount PRODUCT_FULL_TREBLE, PRODUCT_FULL_TREBLE_OVERRIDE, BOARD_SEPOLICY_DIRS Android 4.3 ~ 6 TE macro define: external/sepolicy/te_macros Android 8 TE macro define: system/sepolicy/te_macros ##################################### # domain_trans(olddomain, type, newdomain) # Allow a transition from olddomain to newdomain # upon executing a file labeled with type. # This only allows the transition; it does not # cause it to occur automatically - use domain_auto_trans # if that is what you want. # define(`domain_trans', ` # Old domain may exec the file and transition to the new domain. allow $1 $2:file { getattr open read execute }; allow $1 $3:process transition; # New domain is entered by executing the file. allow $3 $2:file { entrypoint open read execute getattr }; # New domain can send SIGCHLD to its caller. ifelse($1, `init', `', `allow $3 $1:process sigchld;') # Enable AT_SECURE, i.e. libc secure mode. dontaudit $1 $3:process noatsecure; # XXX dontaudit candidate but requires further study. allow $1 $3:process { siginh rlimitinh }; ') ##################################### # domain_auto_trans(olddomain, type, newdomain) # Automatically transition from olddomain to newdomain # upon executing a file labeled with type. # define(`domain_auto_trans', ` # Allow the necessary permissions. domain_trans($1,$2,$3) # Make the transition occur by default. type_transition $1 $2:process $3; ') ##################################### # tmpfs_domain(domain) # Define and allow access to a unique type for # this domain when creating tmpfs / shmem / ashmem files. define(`tmpfs_domain', ` type $1_tmpfs, file_type; type_transition $1 tmpfs:file $1_tmpfs; allow $1 $1_tmpfs:file { read write getattr }; allow $1 tmpfs:dir { getattr search }; ') ##################################### # init_daemon_domain(domain) # Set up a transition from init to the daemon domain # upon executing its binary. define(`init_daemon_domain', ` domain_auto_trans(init, $1_exec, $1) tmpfs_domain($1) ') apol - SELinux policy analysis tool sudo apt install setools-gui SELinux Configuring the SELinux Policy ...

I have a build environment with make4.1 and JDK8 for Android N/O, but JDK6 and make3.81 are required by Android KitKat. Here is a way to create a clean environment for Android KK. Create a new environment in current Ubuntu 16.04 install schroot and debootstrap sudo apt install schroot debootstrap if xenial no exist, update to latest version of debootstrap ls -l /usr/share/debootstrap/scripts/xenial Configure new environment edit /etc/schroot/schroot.conf [Build_KK] description=ubuntu16.04 Android_KK type=directory directory=/srv/chroot/Build_KK users=oopsmonk groups=oopsmonk root-groups=root profile=default Adding Mount points edit /etc/schroot/default/fstab ...

Study USB MTP Device and Host mode in Android M. Source Code Cross Reference: Android 6.0.1_r10 MTP Device Mode Enable device mode: Settings -> Developer options -> Select USB Configuration -> MTP UsbDeviceManager: Setting USB config to mtp device/lge/hammerhead/init.hammerhead.usb.rc : on property:sys.usb.config=mtp system/core/rootdir/init.usb.configfs.rc: on property:sys.usb.config=mtp && property:sys.usb.configfs=1 USB plug to PC: MtpReceiver: listen to android.hardware.usb.action.USB_STATE and bring up MtpService UsbDeviceManager: get uevent USB_STATE=CONFIGURED from kernel MtpService: create MtpDatabase MtpDatabase: create volume and storage path MtpService: starting MTP server in MTP mode ...

A study of adoptable storage in Android Marshmallow and Nougat. How to Setup a Private Disk (External USB Storage) Android adoptable storage allow APP install to external storage that can reserve more internal space for other APPs. Create Adoptable Storage Using Settings GUI Settings -> Storage & USB -> Portable storage -> Settings -> Format as internal Use sm (Storage Manager) Command Find disk id # sm list-disks disk:8,16 disk:8,0 Format as internal # sm partition disk:8,0 private # sm list-volumes all public:8,17 mounted 629C-FBAF emulated:8,2 unmounted null private mounted null emulated mounted null private:8,2 mounted 3f538e6e-e6a9-4163-ac1e-e4c6602b3c34 Now, it’s a private storage in system. ...

Android APIs for media playback: MediaPlayer and MediaCodec. MediaPlayer mediaPlayer.setDataSource(path); //fd or url mediaPlayer.setDisplay(SurfaceHolder sh); //SurfaceView or VideoView mediaPlayer.prepare(); // MediaPlayer.start(); // MediaCodec /* init use MediaExtractor to get mime data create decoder by mime type configure decoder by video format and surface view */ MediaExtractor mExtractor; MediaCodec mDecoder; mExtractor = new MediaExtractor(); mExtractor.setDataSource(filePath); MediaFormat format = mExtractor.getTrackFormat(track_index); String mime = format.getString(MediaFormat.KEY_MIME); if mime.startsWith("video/") mExtractor.selectTrack(track_index); mDecoder = MediaCodec.createDecoderByType(mime); mDecoder.configure(format, surface, null, 0 /* Decoder */); mDecoder.start(); /*run start decode video, fill / empty buffer */ MediaCodecExample ...

After update system from Ubuntu 14.04 to 16.04, I got some problems, when I was building Android source code. openjdk-7-jdk is gone Add PPA for OpenJDK7 sudo add-apt-repository ppa:openjdk-r/ppa sudo apt remove openjdk-* icedtea-* icedtea6-* sudo apt update && sudo apt install openjdk-7-jdk git ccache automake lzop bison gperf build-essential zip curl zlib1g-dev zlib1g-dev:i386 g++-multilib python-networkx libxml2-utils bzip2 libbz2-dev libbz2-1.0 libghc-bzlib-dev squashfs-tools pngcrush schedtool dpkg-dev liblz4-tool make optipng maven If you have other java version in system, make sure your java version is correct. ...