Anbox

提供: ArchWiki
2023年3月3日 (金) 16:58時点におけるKusanaginoturugi (トーク | 投稿記録)による版 (→‎anbox-modules-dkms のインストール: リンクを修正)
ナビゲーションに移動 検索に移動

関連記事

Anbox は GNU/Linux ディストリビューションで Android を実行するための コンテナベース のソフトウェアです。

前提条件

anbox スタイルのパッケージを使うには、'binder' と 'ashmem' という名前の 2 つのカーネルモジュールが必要です。

これらは Arch Linux のデフォルトカーネル (linux) では有効になっていません。よって、これらのモジュールを同梱したカーネルをインストールするか、カーネルを(リ)ビルドするか、dkms を使ってカーネルモジュールを別個にインストールする必要があります。 詳しくは以下をご覧ください。

また、別のカーネルを使うようにブートローダを設定する必要があるかもしれません。ブートローダの wiki ページで、新しいカーネルで起動する方法を参照してください。別のカーネル(バージョン)で起動することは、Linux システムを再起動しなければならない数少ない機会の一つです。Anbox を起動する前に、モジュールを含むカーネルで起動する必要があります。

モジュールのインストール方法

互換性のあるカーネルを入手するために、以下のオプションがあります。

Linux-Zen を使用する

linux-zen カーネルには、必要なモジュールがそのまま入っています。

anbox-modules-dkms のインストール

現在、dkms モジュールはバージョン 5.15 までのカーネルで動作するよう更新されています。なお、KProbes を使用することは、セキュリティに影響を与える可能性があり、このソフトウェアに関連する特定のリスクに注意する必要があります、 セキュリティを参照してください。

anbox 関連のプロジェクトを使いたい場合、anbox-modules-dkmsAUR は活発にメンテナンスされているフォークであり、最新のカーネルで動作します。

anbox-modules-dkmsAUR パッケージは binder と ashmem の両方を カーネルモジュール としてインストールします。

以下のコマンドを root で実行し、binder と ashmem を有効にしてください。


$ modprobe binder_linux devices=binder,hwbinder,vndbinder,anbox-binder,anbox-hwbinder,anbox-vndbinder
$ modprobe ashmem_linux

モジュールをロードした後、バインダーをマウントする必要がある場合もあります:

$ mkdir -p /dev/binderfs
$ mount -t binder binder /dev/binderfs
セキュリティ

In an LWN news post, Jonathan Corbet noted that kallsyms_lookup_name() was to be unexported. See https://lwn.net/Articles/813350/

"One of the basic rules of kernel-module development is that modules can only access symbols (functions and data structures) that have been explicitly exported. Even then, many symbols are restricted so that only modules with a GPL-compatible license can access them."

This caused anbox-modules to no longer build, as this was an out-of-tree user of kallsyms_lookup_name()

Therefore, to use anbox related software with kernel modules, there is a maintained fork of anbox-modules by C. Hoff which explains the issue, with anbox in mind:

On kernel 5.7 and later, kallsyms_lookup_name() can no longer be called from a kernel module for reasons described here: https://lwn.net/Articles/813350/ As binder really needs to use kallsysms_lookup_name() to access some kernel functions that otherwise wouldn't be accessible, KProbes are used on later kernels to get the address of kallsysms_lookup_name(). The function is afterwards used just as before. This is a very dirty hack though and the much better solution would be if all the functions that are currently resolved with kallsysms_lookup_name() would get an EXPORT_SYMBOL() annotation to make them directly accessible to kernel modules.

See also, https://github.com/anbox/anbox-modules/pull/76.

Building a kernel

The necessary modules are included in the source code of most regular kernels, but need to be activated in the kernel config file. After that you need to (re)build the kernel, see カーネル#コンパイル.

Add or modify the following options in the kernel config file:

CONFIG_ASHMEM=y
CONFIG_ANDROID=y
CONFIG_ANDROID_BINDER_IPC=y
CONFIG_ANDROID_BINDERFS=y
CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder"
CONFIG_SW_SYNC=y
CONFIG_UHID=m

With your new kernel, you will need to append the following to your boot arguments:

binder.devices=binder,hwbinder,vndbinder,anbox-binder,anbox-hwbinder,anbox-vndbinder

When setting compilation options, you have 2 options available: binder and binderfs. Instructions for both are provided below:

Using binder

The modules can either be compiled into the kernel (y), into modules (m), or not at all (n). Also, not all combinations in the configuration are possible, and some options will require other options.

The configuration options below will compile ashmem and binder into the kernel, while the last option specifies that there will be three devices created in the /dev/ directory, when the binder module is loaded.

CONFIG_ASHMEM=y
CONFIG_ANDROID=y
CONFIG_ANDROID_BINDER_IPC=y
CONFIG_ANDROID_BINDERFS=y
CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder"
CONFIG_SW_SYNC=y
CONFIG_UHID=m

When building a kernel from the AUR, one can update the configuration with the following steps:

  1. run makepkg --nobuild, which will download the sources, verify and extract them and run the prepare() function.
  2. edit the .config file (with the dot in the filename), which is located at the base of the kernel directory.
  3. at the end of the prepare() function was probably a command which regenerates the makefiles with information from the configuration, possibly make olddefconfig. Move that to the build() function, or execute it yourself.
  4. run makepkg --noextract, which will continue from the place where makepkg --nobuild stopped.
Using binderfs

Not everybody was happy with the binder module in Linux. To address the issues, binderfs was created. One has to choose between the old and the new way when compiling the kernel. With the options below, one will use binderfs instead.

With the kernel sources comes also a simple script to set configuration options. It will not do dependency checks, just like when editing the configuration by hand. When being in the same directory where the .config file lies, one can execute the following commands:

scripts/config --module  CONFIG_ASHMEM
scripts/config --enable  CONFIG_ANDROID
scripts/config --enable  CONFIG_ANDROID_BINDER_IPC
scripts/config --enable  CONFIG_ANDROID_BINDERFS
scripts/config --set-str CONFIG_ANDROID_BINDER_DEVICES ""

When building a kernel from the AUR, it is enough to insert these lines at the right place in the PKGBUILD, usually in prepare().

Loading the kernel modules

Load binder

When a kernel provides them as build-in, you do not need to manually load them. The linux-zen kernel is one of those and loading is not required. If the used kernel has them build as modules, they need to be explicitly loaded as Anbox does not load them on demand; starting an app will fail if they are not loaded.

To load them right now, use:

# modprobe -a binder-linux ashmem-linux

To automatically load them at boot, one can load them via the systemd-modules-load.service. To do so, create a file inside /etc/modules-load.d/, which contains the lines:

/etc/modules-load.d/anbox.conf
ashmem_linux
binder_linux

Mounting binderfs

If your kernel uses binderfs, there is one more step to do: Mounting a binder filesystem.

Firstly, you will need a mountpoint. By default, Anbox will look at /dev/binderfs. You can create that directory now, but it will be removed at boot time.

You can use systemd-tmpfiles to create this directory at boot time. For that, create a file in /etc/tmpfiles.d/ with the content:

/etc/tmpfiles.d/anbox.conf
d! /dev/binderfs 0755 root root

Secondly, you need to mount the binder filesystem. This can be done by

# mount -t binder none /dev/binderfs

To mount it always at boot, add a line in the fstab. Using the option nofail here will not greet you with a recovery shell when you are booting a kernel without binderfs support (such as the standard kernel).

/etc/fstab
none                         /dev/binderfs binder   nofail  0      0

インストール

Install an Android Image

ノート: The images are outdated (based on Android 7.1). For now there are no newer images available from upstream. See also Talk:Anbox#Anbox-Images outdated.

Install one of these images:

ヒント:
  • Generally, one needs Houdini to run ARM applications on a x86_64 computer.
  • If you want Google apps, OpenGApps is a good way to go.

Install Anbox

インストール the anbox-gitAUR package.

Afterwards, 起動/有効化 anbox-container-manager.service.

You have now all the required steps done to use Anbox! In the menu of your desktop environment, you should find several entries in the category Others, which can now be launched.

The first call will take longer. Behind the scenes, anbox session-manager will be launched. For testing purposes, you can also execute anbox session-manager manually in a terminal. That is very useful if anbox crashes and you want to report or fix the bug. Just launch it, and wait until it crashes (if ever).

There is also a systemd unit for users, which can be used to start the session-manager on bootup; 起動/有効化 the anbox-session-manager.service user unit. An advantage of this unit is that logs can be found in the event of a crash:

$ journalctl --user -b -u anbox-session-manager

Keep in mind though, that when it crashes and you start a new app, it will also start the session-manager, but it will be run independently from systemd.

Network

Via NetworkManager

If you are using NetworkManager you can use it to configure the networking. ​ Execute the following command to create the bridge connection: ​

$ nmcli con add type bridge ifname anbox0 -- connection.id anbox-net ipv4.method shared ipv4.addresses 192.168.250.1/24

  • ifname anbox0 specifies the bridge interface name, in this case anbox0. Do not change this as Anbox will only detect the bridge interface if it is named anbox0.
  • connection.id anbox-net specifies the name of the connection to be anbox-net when it appears in NetworkManager. You can change this if you wish.
  • ipv4.method shared instructs NetworkManager to create a NAT network and route outgoing packets according to the system routing rules. For that, the dnsmasq package is required. dnsmasq does not needs to be configured or be started as systemd service, it will be used behind the scenes by NetworkManager — if it is not available, this step will fail silently. You can leave this and the ipv4.addresses parameter out if you wish to attach the Anbox container directly to a specific network, see ネットワークブリッジ#NetworkManagerを使う. If you choose this option, you must also change the network configuration of the container in anbox-container-manager.service, see the next bullet point.
  • ipv4.addresses 192.168.250.1/24 specifies the default gateway and subnet of the NAT network. If you wish to change this (e.g. to 192.168.42.1/24) you must also indicate the new subnet to anbox in the anbox-container-manager.service using: --container-network-address=192.168.42.2/24 --container-network-gateway=192.168.42.1

NetworkManager will automatically setup the bridge every reboot so you only need to execute the command once. ​

Via systemd-networkd

​ The package anbox-gitAUR provides configuration files for systemd-networkd in /usr/lib/systemd/network/ to enable networking in anbox. ​ Therefore, you can 起動/有効化 systemd-networkd before starting anbox-container-manager.service. ​

Via anbox-bridge script

​ Alternatively you can use the anbox-bridge script used by the project. ​ You must execute anbox-bridge every time before starting anbox-container-manager.service in order to get network working in Anbox. The easiest solution for that is to create a drop-in file for the service. ​

/etc/systemd/system/anbox-container-manager.service.d/enable-anbox-bridge.conf
[Service]
ExecStartPre=/usr/bin/anbox-bridge start
ExecStopPost=/usr/bin/anbox-bridge stop

使用方法

anbox 内でネットワークを使えるようにするため anbox を起動する前に毎回 anbox-bridge を実行してください。

それから、デスクトップランチャーの Other カテゴリから android アプリケーションを実行できます。

adb を使ってデバッグしたい場合、android-tools をインストールしてください。

$ adb shell

Installing apps

Unless you picked an image with Houdini, Anbox does not have support for ARM applications. So apps must have a x86_64 architecture.

Through adb

To install /path/to/app.apk

$ adb install /path/to/app.apk

To get the list of installed applications

$ adb shell pm list packages

Note that output will be similar to package:app.name, where app.name is different from the one displayed in the Anbox container.

To uninstall app.name

$ adb uninstall app.name

If app.name is a system app

$ adb uninstall --user 0 app.name

Through apps stores

Apps can be easily installed through apps stores. In anbox-image-gappsAUR PlayStore is included.

Sensor data

Via dbus different sensors can be set. Documentation on that can be found at dbus.md.

Temperature data

That is the example from the author (PRs #1522 & #1540):

$ dbus-send --session --dest=org.anbox --print-reply /org/anbox org.freedesktop.DBus.Properties.Set string:org.anbox.Sensors string:Temperature variant:double:25.1

GPS data

(introduced by PR #1606)

GPS sensor data can also be manipulated.

If your PC has a WWAN card, you can use gpsd and the code from the PR to feed Anbox with GPS data. You do not need to have a SIM-Card for GPS.

Otherwise, you can also look at the PR to learn how to feed it fake data with the help of [1].

Root shell

With this script from the Anbox project one can get a root shell inside the Android container.

It is not part of the anbox-gitAUR package, and it also does not use adb.

Tips and tricks

Android developer options

Some extra steps need to be done besides unlocking them the same way you do on an android phone. When installing the android image, some modifications to products/anbox.xml are required:

  • <unavailable-feature name="android.hardware.usb.host" /> is the reason why they are not available.
  • <feature name="android.software.backup" /> will be needed too, to avoid a NullPointerException.

(reference: Github issue #444)

Getting debugging information

Obviously, it is helpful to have debugging symbols in the Anbox build. For that, when compiling Anbox, add options=('!strip') to the PKGBUILD, as by default they are removed. And, use either -DCMAKE_BUILD_TYPE=RelWithDebInfo or -DCMAKE_BUILD_TYPE=Debug in the cmake call.

But there is more to it! Anbox uses backward-cpp. If you do not delete the build files for Anbox, it will print pretty stack traces when crashing, which point out the places in the source code.

Also see the remarks in Install Anbox.

Troubleshooting

If you run into issues, take a look at the official Issue Tracker: [2]

Old CPUs

Anbox requires support for SSE 4.1/4.2 and SSSE 3, because Android wants that too. Some older CPUs do not provide that, so you probably cannot use Anbox, see: Anbox Github Issue 499.

Secure Boot error

If you get this error message:

modprobe: ERROR: could not insert 'ashmem_linux': Operation not permitted

Secure Boot is likely blocking the module. You can either disable Secure Boot or sign the ashmem module yourself.

More info can be found in the Anbox Github Docs.

See also