「Anbox」の版間の差分
Kusanaginoturugi (トーク | 投稿記録) (→Prerequisite: 最新に差し替え) |
Kusanaginoturugi (トーク | 投稿記録) (→Building a kernel: リンクを修正) |
||
60行目: | 60行目: | ||
The necessary modules are included in the source code of most regular kernels, but need to be activated in the kernel config file. |
The necessary modules are included in the source code of most regular kernels, but need to be activated in the kernel config file. |
||
− | After that you need to (re)build the kernel, see [[ |
+ | After that you need to (re)build the kernel, see [[カーネル#コンパイル]]. |
Add or modify the following options in the kernel config file: |
Add or modify the following options in the kernel config file: |
2021年10月29日 (金) 18:16時点における版
関連記事
Anbox は GNU/Linux ディストリビューションで Android を実行するための コンテナベース のソフトウェアです。
Prerequisite
To use anbox-style packages you need two kernel modules named 'binder' and 'ashmem'.
They are not activated in Arch Linux's default kernel (linux), thus you need to either install a kernel which ships these modules or (re)build a kernel, or use dkms to install the kernel modules seperately. See below for further details.
You might also need to configure your bootloader to use a different kernel. Please refer to the wiki page of your bootloader how to boot with the new kernel. Booting into another kernel (version) is one of the few occasions when you have to reboot a Linux system. You should boot into the kernel that includes the modules before starting Anbox.
Module installation options
To get a compatible kernel, you have the following options:
Using Linux-Zen
The linux-zen kernel includes the necessary modules out of the box.
Installing anbox-modules-dkms
Currently, the dkms modules have been updated to work for kernels up to and including version 5.13. Please note, that using KProbes may have security implications and you should be aware of certain risks involved with this software, see Security.
If you wish to use anbox related projects, the linux-lts plus anbox-modules-dkmsAUR works up to kernel 5.13.
The anbox-modules-dkmsAUR package will install both binder & ashmem as kernel modules.
Run the following commands as root to activate binder and ashmem:
$ modprobe binder_linux devices=binder,hwbinder,vndbinder,anbox-binder,anbox-hwbinder,anbox-vndbinder $ modprobe ashmem_linux
After loading the modules, you may also need to mount binder:
$ mkdir -p /dev/binderfs $ mount -t binder binder /dev/binderfs
Security
In an LWN news post, Jonathan Corbet noted that kallsyms_lookup_name()
was to be unexported. See https://lwn.net/Articles/813350/
"One of the basic rules of kernel-module development is that modules can only access symbols (functions and data structures) that have been explicitly exported. Even then, many symbols are restricted so that only modules with a GPL-compatible license can access them."
This caused anbox-modules to no longer build, as this was an out-of-tree user of kallsyms_lookup_name()
Therefore, to use anbox related software with kernel modules, there is a maintained fork of anbox-modules by C. Hoff which explains the issue, with anbox in mind:
On kernel 5.7 and later, kallsyms_lookup_name() can no longer be called from a kernel module for reasons described here: https://lwn.net/Articles/813350/ As binder really needs to use kallsysms_lookup_name() to access some kernel functions that otherwise wouldn't be accessible, KProbes are used on later kernels to get the address of kallsysms_lookup_name(). The function is afterwards used just as before. This is a very dirty hack though and the much better solution would be if all the functions that are currently resolved with kallsysms_lookup_name() would get an EXPORT_SYMBOL() annotation to make them directly accessible to kernel modules.
See also, https://github.com/anbox/anbox-modules/pull/76.
Building a kernel
The necessary modules are included in the source code of most regular kernels, but need to be activated in the kernel config file. After that you need to (re)build the kernel, see カーネル#コンパイル.
Add or modify the following options in the kernel config file:
CONFIG_ASHMEM=y CONFIG_ANDROID=y CONFIG_ANDROID_BINDER_IPC=y CONFIG_ANDROID_BINDERFS=y CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder" CONFIG_SW_SYNC=y CONFIG_UHID=m
With your new kernel, you will need to append the following to your boot arguments:
binder.devices=binder,hwbinder,vndbinder,anbox-binder,anbox-hwbinder,anbox-vndbinder
When setting compilation options, you have 2 options available: binder and binderfs. Instructions for both are provided below:
Using binder
The modules can either be compiled into the kernel (y
), into modules (m
), or not at all (n
). Also, not all combinations in the configuration are possible, and some options will require other options.
The configuration options below will compile ashmem and binder into the kernel, while the last option specifies that there will be three devices created in the /dev/
directory, when the binder module is loaded.
CONFIG_ASHMEM=y CONFIG_ANDROID=y CONFIG_ANDROID_BINDER_IPC=y CONFIG_ANDROID_BINDERFS=y CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder" CONFIG_SW_SYNC=y CONFIG_UHID=m
When building a kernel from the AUR, one can update the configuration with the following steps:
- run
makepkg --nobuild
, which will download the sources, verify and extract them and run theprepare()
function. - edit the
.config
file (with the dot in the filename), which is located at the base of the kernel directory. - at the end of the
prepare()
function was probably a command which regenerates the makefiles with information from the configuration, possiblymake olddefconfig
. Move that to thebuild()
function, or execute it yourself. - run
makepkg --noextract
, which will continue from the place wheremakepkg --nobuild
stopped.
Using binderfs
Not everybody was happy with the binder module in Linux. To address the issues, binderfs was created. One has to choose between the old and the new way when compiling the kernel. With the options below, one will use binderfs instead.
With the kernel sources comes also a simple script to set configuration options. It will not do dependency checks, just like when editing the configuration by hand. When being in the same directory where the .config
file lies, one can execute the following commands:
scripts/config --module CONFIG_ASHMEM scripts/config --enable CONFIG_ANDROID scripts/config --enable CONFIG_ANDROID_BINDER_IPC scripts/config --enable CONFIG_ANDROID_BINDERFS scripts/config --set-str CONFIG_ANDROID_BINDER_DEVICES ""
When building a kernel from the AUR, it is enough to insert these lines at the right place in the PKGBUILD, usually in prepare()
.
Loading the kernel modules
Load binder
When a kernel provides them as build-in, you do not need to manually load them. The linux-zen kernel is one of those and loading is not required. If the used kernel has them build as modules, they need to be explicitly loaded as Anbox does not load them on demand; starting an app will fail if they are not loaded.
To load them right now, use:
# modprobe -a binder-linux ashmem-linux
To automatically load them at boot, one can load them via the systemd-modules-load.service
. To do so, create a file inside /etc/modules-load.d/
, which contains the lines:
/etc/modules-load.d/anbox.conf
ashmem_linux binder_linux
Mounting binderfs
If your kernel uses binderfs, there is one more step to do: Mounting a binder filesystem.
Firstly, you will need a mountpoint. By default, Anbox will look at /dev/binderfs
. You can create that directory now, but it will be removed at boot time.
You can use systemd-tmpfiles to create this directory at boot time. For that, create a file in /etc/tmpfiles.d/
with the content:
/etc/tmpfiles.d/anbox.conf
d! /dev/binderfs 0755 root root
Secondly, you need to mount the binder filesystem. This can be done by
# mount -t binder none /dev/binderfs
To mount it always at boot, add a line in the fstab. Using the option nofail
here will not greet you with a recovery shell when you are booting a kernel without binderfs support (such as the standard kernel).
/etc/fstab
none /dev/binderfs binder nofail 0 0
インストール
Install an Android Image
Install one of these images:
- anbox-imageAUR (official Anbox image)
- anbox-image-houdiniAUR (includes Houdini)
- anbox-image-houdini-rootedAUR (includes Houdini and SuperSU)
- anbox-image-gappsAUR (includes Houdini and OpenGApps)
- anbox-image-gapps-rootedAUR (includes Houdini, OpenGApps and SuperSU)
- You can find more images in the AUR, search for anbox-image.
Install Anbox
Install the anbox-gitAUR package.
Afterwards, start/enable anbox-container-manager.service
.
You have now all the required steps done to use Anbox! In the menu of your desktop environment, you should find several entries in the category Others, which can now be launched.
The first call will take longer. Behind the scenes, anbox session-manager
will be launched. For testing purposes, you can also execute anbox session-manager
manually in a terminal. That is very useful if anbox crashes and you want to report or fix the bug. Just launch it, and wait until it crashes (if ever).
There is also a systemd unit for users, which can be used to start the session-manager on bootup; start/enable the anbox-session-manager.service
user unit. An advantage of this unit is that logs can be found in the event of a crash:
$ journalctl --user -b -u anbox-session-manager
Keep in mind though, that when it crashes and you start a new app, it will also start the session-manager, but it will be run independently from systemd.
Network
Via NetworkManager
If you are using NetworkManager you can use it to configure the networking. Execute the following command to create the bridge connection:
$ nmcli con add type bridge ifname anbox0 -- connection.id anbox-net ipv4.method shared ipv4.addresses 192.168.250.1/24
ifname anbox0
specifies the bridge interface name, in this caseanbox0
. Do not change this as Anbox will only detect the bridge interface if it is namedanbox0
.connection.id anbox-net
specifies the name of the connection to beanbox-net
when it appears in NetworkManager. You can change this if you wish.ipv4.method shared
instructs NetworkManager to create a NAT network and route outgoing packets according to the system routing rules. For that, the dnsmasq package is required. dnsmasq does not needs to be configured or be started as systemd service, it will be used behind the scenes by NetworkManager — if it is not available, this step will fail silently. You can leave this and theipv4.addresses
parameter out if you wish to attach the Anbox container directly to a specific network, see Network bridge#With NetworkManager. If you choose this option, you must also change the network configuration of the container inanbox-container-manager.service
, see the next bullet point.ipv4.addresses 192.168.250.1/24
specifies the default gateway and subnet of the NAT network. If you wish to change this (e.g. to192.168.42.1/24
) you must also indicate the new subnet to anbox in theanbox-container-manager.service
using:--container-network-address=192.168.42.2/24 --container-network-gateway=192.168.42.1
NetworkManager will automatically setup the bridge every reboot so you only need to execute the command once.
Via systemd-networkd
The package anbox-gitAUR provides configuration files for systemd-networkd
in /usr/lib/systemd/network/
to enable networking in anbox.
Therefore, you can start/enable systemd-networkd
before starting anbox-container-manager.service
.
Via anbox-bridge script
Alternatively you can use the anbox-bridge script used by the project.
You must execute anbox-bridge
every time before starting anbox-container-manager.service
in order to get network working in Anbox. The easiest solution for that is to create a drop-in file for the service.
/etc/systemd/system/anbox-container-manager.service.d/enable-anbox-bridge.conf
[Service] ExecStartPre=/usr/bin/anbox-bridge start ExecStopPost=/usr/bin/anbox-bridge stop
使用方法
anbox 内でネットワークを使えるようにするため anbox
を起動する前に毎回 anbox-bridge
を実行してください。
それから、デスクトップランチャーの Other カテゴリから android アプリケーションを実行できます。
adb を使ってデバッグしたい場合、android-tools をインストールしてください。
$ adb shell
Installing apps
Unless you picked an image with Houdini, Anbox does not have support for ARM applications. So apps must have a x86_64 architecture.
Through adb
To install /path/to/app.apk
$ adb install /path/to/app.apk
To get the list of installed applications
$ adb shell pm list packages
Note that output will be similar to package:app.name
, where app.name
is different from the one displayed in the Anbox container.
To uninstall app.name
$ adb uninstall app.name
If app.name
is a system app
$ adb uninstall --user 0 app.name
Through apps stores
Apps can be easily installed through apps stores. In anbox-image-gappsAUR PlayStore is included.
Sensor data
Via dbus different sensors can be set. Documentation on that can be found at dbus.md.
Temperature data
That is the example from the author (PRs #1522 & #1540):
$ dbus-send --session --dest=org.anbox --print-reply /org/anbox org.freedesktop.DBus.Properties.Set string:org.anbox.Sensors string:Temperature variant:double:25.1
GPS data
(introduced by PR #1606)
GPS sensor data can also be manipulated.
If your PC has a WWAN card, you can use gpsd and the code from the PR to feed Anbox with GPS data. You do not need to have a SIM-Card for GPS.
Otherwise, you can also look at the PR to learn how to feed it fake data with the help of [1].
Root shell
With this script from the Anbox project one can get a root shell inside the Android container.
It is not part of the anbox-gitAUR package, and it also does not use adb.
Tips and tricks
Android developer options
Some extra steps need to be done besides unlocking them the same way you do on an android phone.
When installing the android image, some modifications to products/anbox.xml
are required:
<unavailable-feature name="android.hardware.usb.host" />
is the reason why they are not available.<feature name="android.software.backup" />
will be needed too, to avoid a NullPointerException.
(reference: Github issue #444)
Getting debugging information
Obviously, it is helpful to have debugging symbols in the Anbox build. For that, when compiling Anbox, add options=('!strip')
to the PKGBUILD, as by default they are removed. And, use either -DCMAKE_BUILD_TYPE=RelWithDebInfo
or -DCMAKE_BUILD_TYPE=Debug
in the cmake call.
But there is more to it! Anbox uses backward-cpp. If you do not delete the build files for Anbox, it will print pretty stack traces when crashing, which point out the places in the source code.
Also see the remarks in Install Anbox.
Troubleshooting
If you run into issues, take a look at the official Issue Tracker: [2]
Old CPUs
Anbox requires support for SSE 4.1/4.2 and SSSE 3, because Android wants that too. Some older CPUs do not provide that, so you probably cannot use Anbox, see: Anbox Github Issue 499.
Secure Boot error
If you get this error message:
modprobe: ERROR: could not insert 'ashmem_linux': Operation not permitted
Secure Boot is likely blocking the module. You can either disable Secure Boot or sign the ashmem module yourself.
More info can be found in the Anbox Github Docs.