ChangesInAOSP12Unfinished
Nov 15, 2021Technology
aosp修改要点
TBD, 因为这里还没有完全理出来。
这里记录开启转码支持所需要更改的文件列表
build/target/board/generic_x86_64/BoardConfig.mk, 在文件的尾部添加关于ABI架构支持的列表:
# Native Bridge ABI List
NB_ABI_LIST_32_BIT := armeabi-v7a armeabi
NB_ABI_LIST_64_BIT := arm64-v8a
TARGET_CPU_ABI_LIST_64_BIT ?= $(TARGET_CPU_ABI) $(TARGET_CPU_ABI2)
TARGET_CPU_ABI_LIST_32_BIT ?= $(TARGET_2ND_CPU_ABI) $(TARGET_2ND_CPU_ABI2)
TARGET_CPU_ABI_LIST := \
$(TARGET_CPU_ABI_LIST_64_BIT) \
$(TARGET_CPU_ABI_LIST_32_BIT) \
$(NB_ABI_LIST_64_BIT) \
$(NB_ABI_LIST_32_BIT)
TARGET_CPU_ABI_LIST_32_BIT += $(NB_ABI_LIST_32_BIT)
TARGET_CPU_ABI_LIST_64_BIT += $(NB_ABI_LIST_64_BIT)
build/target/board/generic_x86_64/device.mk, 文件结尾处添加关于nativebridge的编译(这里关于属性的配置似乎无法生效,所以后面会在libart.mk中配置属性):
# Added houdini
$(call inherit-product-if-exists, vendor/google/chromeos-x86/target/houdini.mk)
$(call inherit-product-if-exists, vendor/google/chromeos-x86/target/native_bridge_arm_on_x86.mk)
PRODUCT_SYSTEM_DEFAULT_PROPERTIES += persist.sys.nativebridge=1
# Get native bridge settings
$(call inherit-product-if-exists,device/generic/common/nativebridge/nativebridge.mk)
# NativeBridge
PRODUCT_PACKAGES += libhoudini houdini
PRODUCT_PROPERTY_OVERRIDES += ro.dalvik.vm.isa.arm=x86 ro.enable.native.bridge.exec=1
PRODUCT_DEFAULT_PROPERTY_OVERRIDES += ro.dalvik.vm.isa.arm=x86 ro.enable.native.bridge.exec=1
PRODUCT_PACKAGES += houdini64
PRODUCT_PROPERTY_OVERRIDES += ro.dalvik.vm.isa.arm64=x86_64 ro.enable.native.bridge.exec64=1
PRODUCT_DEFAULT_PROPERTY_OVERRIDES += ro.dalvik.vm.isa.arm64=x86_64 ro.enable.native.bridge.exec64=1
PRODUCT_DEFAULT_PROPERTY_OVERRIDES += ro.dalvik.vm.native.bridge=libhoudini.so
build/target/product/AndroidProducts.mk中加入关于编译时lunch的选项:
COMMON_LUNCH_CHOICES := \
.......
sdk_phone_x86_64-userdebug \
build/target/product/runtime_libart.mk中注释掉ro.dalvik.vm.native.bridge=0的默认设置,加入关于ro.dalvik.vm.isa.arm及其他几个参数配置
#PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
# ro.dalvik.vm.native.bridge=0
PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
ro.dalvik.vm.isa.arm=x86 \
ro.enable.native.bridge.exec=1 \
ro.dalvik.vm.isa.arm64=x86_64 \
ro.enable.native.bridge.exec64=1 \
build/target/product/sdk_phone_x86.mk及build/target/product/sdk_phone_x86_64.mk中添加所需要拷贝的静态库的定义:
#PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST
# PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST := \
#
PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST := \
system/bin/houdini \
system/bin/houdini64 \
system/etc/binfmt_misc/arm64_dyn \
.......
device/generic/x86_64/BoardConfig.mk 中添加以下规则:
PRC_COMPATIBILITY_PACKAGE := true
BUILD_ARM_FOR_X86 := true
-include vendor/google/chromeos-x86/board/native_bridge_arm_on_x86.mk
device/generic/x86_64/mini_x86_64.mk中添加关于nativebridge的编译:
$(call inherit-product-if-exists,device/generic/common/nativebridge/nativebridge.mk)
frameworks/base/core/java/com/android/internal/content/NativeLibraryHelper.java区别:
7,88d86
< final String pkgName;
< final String apkDir;
99,110d96
< public static String getApkDirFromCodePath(String codePath) {
< if (codePath == null ||
< codePath.startsWith("/system/") ||
< codePath.startsWith("/system_ext/") ||
< codePath.startsWith("/product/") ||
< codePath.startsWith("/vendor/") ||
< codePath.startsWith("/oem/")) {
< return null;
< }
< return codePath;
< }
<
113c99
< lite.debuggable, lite.packageName, getApkDirFromCodePath(lite.codePath));
---
> lite.debuggable);
117c103
< boolean extractNativeLibs, boolean debuggable, String pkgName, String apkdir) throws IOException {
---
> boolean extractNativeLibs, boolean debuggable) throws IOException {
134c120
< return new Handle(apkPaths, apkHandles, multiArch, extractNativeLibs, debuggable, pkgName, apkdir);
---
> return new Handle(apkPaths, apkHandles, multiArch, extractNativeLibs, debuggable);
146c132
< lite.extractNativeLibs, lite.debuggable, lite.packageName, getApkDirFromCodePath(lite.codePath));
---
> lite.extractNativeLibs, lite.debuggable);
150c136
< boolean extractNativeLibs, boolean debuggable, String pkgName, String apkdir) {
---
> boolean extractNativeLibs, boolean debuggable) {
156,157d141
< this.pkgName = pkgName;
< this.apkDir = apkdir;
232,234c216
< final int res = nativeFindSupportedAbiReplace(apkHandle, supportedAbis,
< handle.debuggable, handle.pkgName, handle.apkDir);
<
---
> final int res = nativeFindSupportedAbi(apkHandle, supportedAbis, handle.debuggable);
256,257c238,239
< private native static int nativeFindSupportedAbiReplace(long handle, String[] supportedAbis,
< boolean debuggable, String pkgName, String apkdir);
---
> private native static int nativeFindSupportedAbi(long handle, String[] supportedAbis,
> boolean debuggable);
frameworks/base/core/jni/Android.bp中添加编译规则:
15d14
< "-D_PRC_COMPATIBILITY_PACKAGE_",
71d69
< "abipicker/ABIPicker.cpp",
frameworks/base/core/jni/com_android_internal_content_NativeLibraryHelper.cpp中添加:
42,45d41
< #ifdef _PRC_COMPATIBILITY_PACKAGE_
< #include "abipicker/ABIPicker.h"
< #endif
<
60,64d55
< #ifdef _PRC_COMPATIBILITY_PACKAGE_
< #define X86ABI "x86"
< #define X8664ABI "x86_64"
< #endif
<
517,524c508,509
< com_android_internal_content_NativeLibraryHelper_findSupportedAbi_replace(
< JNIEnv *env,
< jclass clazz,
< jlong apkHandle,
< jobjectArray javaCpuAbisToSearch,
< jboolean debuggable,
< jstring apkPkgName,
< jstring apkDir)
---
> com_android_internal_content_NativeLibraryHelper_findSupportedAbi(JNIEnv *env, jclass clazz,
> jlong apkHandle, jobjectArray javaCpuAbisToSearch, jboolean debuggable)
526,612c511
< #ifdef _PRC_COMPATIBILITY_PACKAGE_
<
< int abiType = findSupportedAbi(env, apkHandle, javaCpuAbisToSearch, debuggable);
< if (apkDir == NULL) {
< return (jint)abiType;
< }
<
< char abiFlag[256] = {'\0'};
< ScopedUtfChars apkdir(env, apkDir);
< size_t apkdir_size = apkdir.size();
< const int numAbis = env->GetArrayLength(javaCpuAbisToSearch);
< Vector<ScopedUtfChars*> supportedAbis;
<
< assert(apkdir_size < 256 - 15);
< if (strlcpy(abiFlag, apkdir.c_str(), 256) != apkdir.size()) {
< return (jint)abiType;
< }
<
< int abiIndex = 0;
< abiFlag[apkdir_size] = '/';
< abiFlag[apkdir_size + 1] = '.';
< for (abiIndex = 0; abiIndex < numAbis; abiIndex++) {
< ScopedUtfChars* abiName = new ScopedUtfChars(env,
< (jstring)env->GetObjectArrayElement(javaCpuAbisToSearch, abiIndex));
< supportedAbis.push_back(abiName);
< if (abiName == NULL || abiName->c_str() == NULL || abiName->size() <= 0) {
< break;
< }
< if ((strlcpy(abiFlag + apkdir_size + 2, abiName->c_str(), 256 - apkdir_size - 2)
< == abiName->size()) && (access(abiFlag, F_OK) == 0)) {
< abiType = abiIndex;
< break;
< }
< }
<
< if (abiIndex < numAbis) {
< for (int j = 0; j < abiIndex; ++j) {
< if (supportedAbis[j] != NULL) {
< delete supportedAbis[j];
< }
< }
< return (jint)abiType;
< }
<
< do {
< if (abiType < 0 || abiType >= numAbis) {
< break;
< }
<
< if (0 != strcmp(supportedAbis[abiType]->c_str(), X86ABI) &&
< 0 != strcmp(supportedAbis[abiType]->c_str(), X8664ABI)) {
< break;
< }
<
< ScopedUtfChars name(env, apkPkgName);
< if (NULL == name.c_str()) {
< break;
< }
<
< if (isInOEMWhiteList(name.c_str())) {
< break;
< }
<
< ABIPicker picker(name.c_str(),supportedAbis);
< if (!picker.buildNativeLibList((void*)apkHandle)) {
< break;
< }
<
< abiType = picker.pickupRightABI(abiType);
< if (abiType >= 0 && abiType < numAbis &&
< (strlcpy(abiFlag + apkdir_size + 2, supportedAbis[abiType]->c_str(),
< 256 - apkdir_size - 2) == supportedAbis[abiType]->size())) {
< int flagFp = creat(abiFlag, 0644);
< if (flagFp != -1) {
< close(flagFp);
< }
< }
<
< } while(0);
<
< for (int i = 0; i < numAbis; ++i) {
< delete supportedAbis[i];
< }
< return (jint)abiType;
< #else
< return (jint)findSupportedAbi(env, apkHandle, javaCpuAbisToSearch, debuggable);
< #endif
---
> return (jint) findSupportedAbi(env, apkHandle, javaCpuAbisToSearch, debuggable);
703,705c602,604
< {"nativeFindSupportedAbiReplace",
< "(J[Ljava/lang/String;ZLjava/lang/String;Ljava/lang/String;)I",
< (void *)com_android_internal_content_NativeLibraryHelper_findSupportedAbi_replace},
---
> {"nativeFindSupportedAbi",
> "(J[Ljava/lang/String;Z)I",
> (void *)com_android_internal_content_NativeLibraryHelper_findSupportedAbi},
frameworks/base/services/core/java/com/android/server/pm/parsing/pkg/AndroidPackageUtils.java添加:
139,141c139
< pkg.isDebuggable(),
< pkg.getPackageName(),
< NativeLibraryHelper.Handle.getApkDirFromCodePath(pkg.getCodePath())
---
> pkg.isDebuggable()
system/linkerconfig/contents/namespace/systemdefault.cc添加关于空间权限:
build/system/linkerconfig/contents/namespace/systemdefault.cc origin/system/linkerconfig/contents/namespace/systemdefault.cc
67,70d66
< "/system/lib/arm",
< "/system/lib/arm/nb",
< "/system/lib64/arm64",
< "/system/lib64/arm64/nb",
20220225 added:
需加入abipicker的支持:
scp -r ./frameworks/base/core/jni/abipicker/ remote_folder
上传/vendor目录下的相关内容:
scp -r vendor/google/ root@192.168.xx.xxx:/root/Code/redroid_11/vendor/
如果是redroid的编译,而对应需要修改redroid文件的定义:
# vim device/redroid/redroid_x86_64/device.mk
PRODUCT_PACKAGES += \
vulkan.intel \
# Added houdini
$(call inherit-product-if-exists, vendor/google/chromeos-x86/target/houdini.mk)
$(call inherit-product-if-exists, vendor/google/chromeos-x86/target/native_bridge_arm_on_x86.mk)
PRODUCT_SYSTEM_DEFAULT_PROPERTIES += persist.sys.nativebridge=1
# Get native bridge settings
$(call inherit-product-if-exists,device/generic/common/nativebridge/nativebridge.mk)
# NativeBridge
PRODUCT_PACKAGES += libhoudini houdini
PRODUCT_PROPERTY_OVERRIDES += ro.dalvik.vm.isa.arm=x86 ro.enable.native.bridge.exec=1
PRODUCT_DEFAULT_PROPERTY_OVERRIDES += ro.dalvik.vm.isa.arm=x86 ro.enable.native.bridge.exec=1
PRODUCT_PACKAGES += houdini64
PRODUCT_PROPERTY_OVERRIDES += ro.dalvik.vm.isa.arm64=x86_64 ro.enable.native.bridge.exec64=1
PRODUCT_DEFAULT_PROPERTY_OVERRIDES += ro.dalvik.vm.isa.arm64=x86_64 ro.enable.native.bridge.exec64=1
PRODUCT_DEFAULT_PROPERTY_OVERRIDES += ro.dalvik.vm.native.bridge=libhoudini.so
# vim device/TARGET_CPU_ABI := x86_64
TARGET_ARCH := x86_64
TARGET_ARCH_VARIANT := x86_64
TARGET_2ND_CPU_ABI := x86
TARGET_2ND_ARCH := x86
TARGET_2ND_ARCH_VARIANT := x86_64
include build/make/target/board/BoardConfigGsiCommon.mk
TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE := ext4
BOARD_VENDORIMAGE_PARTITION_RESERVED_SIZE := 16777216
BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE := 16777216
BOARD_MESA3D_USES_MESON_BUILD := true
BOARD_MESA3D_GALLIUM_DRIVERS := virgl radeonsi i915 iris crocus
BOARD_MESA3D_VULKAN_DRIVERS := virtio-experimental amd intel
DEVICE_MANIFEST_FILE += device/redroid/manifest.xml
PRC_COMPATIBILITY_PACKAGE := true
BUILD_ARM_FOR_X86 := true
-include vendor/google/chromeos-x86/board/native_bridge_arm_on_x86.mk
# Native Bridge ABI List
NB_ABI_LIST_32_BIT := armeabi-v7a armeabi
NB_ABI_LIST_64_BIT := arm64-v8a
TARGET_CPU_ABI_LIST_64_BIT ?= $(TARGET_CPU_ABI) $(TARGET_CPU_ABI2)
TARGET_CPU_ABI_LIST_32_BIT ?= $(TARGET_2ND_CPU_ABI) $(TARGET_2ND_CPU_ABI2)
TARGET_CPU_ABI_LIST := \
$(TARGET_CPU_ABI_LIST_64_BIT) \
$(TARGET_CPU_ABI_LIST_32_BIT) \
$(NB_ABI_LIST_64_BIT) \
$(NB_ABI_LIST_32_BIT)
TARGET_CPU_ABI_LIST_32_BIT += $(NB_ABI_LIST_32_BIT)
TARGET_CPU_ABI_LIST_64_BIT += $(NB_ABI_LIST_64_BIT)
基准操作系统为ubuntu-20.04.3-live-server-amd64.iso, 不可以安装为desktop版本的iso。
确保系统更新到最新:
$ sudo apt-get update -y && sudo apt-get upgrade -y
安装必要的包(这里需要严格按照顺序来安装,否则会出现多安装包的情况导致gdm被安装后sddm无法正常工作):
$ sudo apt-get install -y sddm unzip autoconf automake libtool pkg-config build-essential x11proto-dev xserver-xorg-dev libxcb-util-dev libxcb-icccm4-dev libxcb-image0-dev libxcb-shm0-dev libxcb-randr0-dev vim cmake cmake-extras extra-cmake-modules libpam-dev libxcb-xkb-dev qt5-default libqt5qml5 qt5-qmltooling-plugins qtdeclarative5-dev xutils-dev
$ sudo apt-get install openbox --no-install-recommends --no-install-suggests
$ sudo apt-get install -y xinit
将multi-seat-2004.tar.gz上传到机器上,解压:
$ tar xzvf multi-seat-2004.tar.gz
$ ls
multi-seat sddm
$ cd multi-seat/
$ ls
sddm_config sddm-nested-multiseat udev_config xf86-video-nested xorg_config
注意在20.04的系统中,不需要编译sddm-nested-multiseat,因为编译的过程中会引入gdm3,后期我们用直接拷贝二进制文件的方式安装sddm-nested-multiseat。
编译xf86-video-nested包:
$ cd xf86-video-nested
$ ./autogen.sh && ./configure --prefix=/usr && make -j2 && sudo make install
安装sddm-nested:
$ cd sddm
$ ./install.sh
更新sddm登陆免密配置文件:
$ cd sddm_config
$ sudo cp * /etc/pam.d
更新xorg定义文件:
$ cd xorg_config
$ sudo mkdir -p /etc/X11/xorg.conf.d
$ sudo cp xorg.conf.d/20-intel.conf /etc/X11/xorg.conf.d
$ sudo cp seat* /etc/X11
$ sudo cp /bin/sed /usr/bin/sed
配置USB口与seat的映射关系(从已有的例子进行修改):
$ cd udev_config
$ vim 70-seat.rules
修改完毕后:
$ sudo cp 70-seat.rules /etc/udev/rules.d/70-seat.rules
开启multi-seat:
$ sudo vim /etc/default/grub
.....
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash startseat=true"
GRUB_CMDLINE_LINUX="startseat=true"
....
$ sudo update-grub2
建立两个用于登陆的用户:
$ sudo useradd -m seat1
$ sudo useradd -m seat2
$ sudo passwd seat1
$ sudo passwd seat2
配置sddm为两个用户的自动登陆([AutoLogin]内只保留如下所示部分):
# cat /etc/sddm.conf | more
[Autologin]
# Whether sddm should automatically log back into sessions when they exit
# Whether sddm should automatically log back into sessions when they exit
Relogin=false,false
SeatName=seat1,seat2
#Session=awesome,awesome
Session=xfce,xfce
User=seat1,seat2
....
此时重启后可以看到,双屏方案在登陆前自动进入到图形界面并已经实现分屏.
基准操作系统为ubuntu-18.04.6-live-server-amd64.iso, 不可以安装为desktop版本的iso。
确保系统更新到最新:
$ sudo apt-get update -y && sudo apt-get upgrade -y
安装必要的包:
$ sudo apt-get install -y sddm xfce4 unzip autoconf automake libtool pkg-config build-essential x11proto-dev xserver-xorg-dev libxcb-util-dev libxcb-icccm4-dev libxcb-image0-dev libxcb-shm0-dev libxcb-randr0-dev vim cmake cmake-extras extra-cmake-modules libpam-dev libxcb-xkb-dev qt5-default libqt5qml5 qt5-qmltooling-plugins qtdeclarative5-dev qttools5-dev xutils-dev
将multi-seat.tar.gz上传到机器上,解压:
$ tar xzvf multi-seat.tar.gz
$ cd multi-seat/
$ ls
sddm-nested-multiseat xf86-video-nested sddm_config
编译xf86-video-nested包:
$ cd xf86-video-nested
$ ./autogen.sh && ./configure --prefix=/usr && make -j2 && sudo make install
编译sddm-nested-multiseat包, 生成并更新配置文件:
$ cd sddm-nested-multiseat
$ mkdir build && cd build
$ cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release -Wno-dev .. && make -j2 && sudo make install
$ sudo install -v -dm755 -o sddm -g sddm /var/lib/sddm
$ sddm --example-config > sddm.example.conf
$ sudo cp -v sddm.example.conf /etc/sddm.conf
更新sddm登陆免密配置文件:
$ cd sddm_config
$ sudo cp * /etc/pam.d
更新xorg定义文件:
$ cd xorg_config
$ sudo mkdir -p /etc/X11/xorg.conf.d
$ sudo cp xorg.conf.d/20-intel.conf /etc/X11/xorg.conf.d
$ sudo cp seat* /etc/X11
$ sudo cp /bin/sed /usr/bin/sed
配置USB口与seat的映射关系(从已有的例子进行修改):
$ cd udev_config
$ vim 70-seat.rules
修改完毕后:
$ sudo cp 70-seat.rules /etc/udev/rules.d/70-seat.rules
开启multi-seat:
$ sudo vim /etc/default/grub
.....
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash startseat=true"
GRUB_CMDLINE_LINUX="startseat=true"
....
$ sudo update-grub2
建立两个用于登陆的用户:
$ sudo useradd -m seat1
$ sudo useradd -m seat2
$ sudo passwd seat1
$ sudo passwd seat2
配置sddm为两个用户的自动登陆([AutoLogin]内只保留如下所示部分):
# cat /etc/sddm.conf | more
[Autologin]
# Whether sddm should automatically log back into sessions when they exit
# Whether sddm should automatically log back into sessions when they exit
Relogin=false,false
SeatName=seat1,seat2
#Session=awesome,awesome
Session=xfce,xfce
User=seat1,seat2
....
此时重启后可以看到,双屏方案在登陆前自动进入到图形界面并已经实现分屏.
SEAndroid是在Android系统中基于SELinux推出的强制访问控制模型,来完善自主访问模型中只要取得root权限就可以为所欲为的情况。
SELinux是一种基于域-类型(domain-type)模型的强制访问控制(MAC)安全系统,其原则是任何进程想在SELinux系统中干任何事,都必须先在安全策略的配置文件中赋予权限。凡是没有在安全策略中配置的权限,进程就没有该项操作的权限。在SELinux出现之前,Linux的安全模型是DAC(DiscretionaryAccess Control),译为自主访问控制。其核心思想是进程理论上所拥有的权限与运行它的用户权限相同。比如,以root用户启动shell,那么shell就有root用户的权限,在Linux系统上能干任何事。这种管理显然比较松散。在SELinux中,如果需要访问资源,系统会先进行DAC检查,不通过则访问失败,然后再进行MAC权限检查。
app分类:
SELinux(或SEAndroid)将app划分为主要三种类型(根据user不同,也有其他的domain类型):
1.untrusted_app 第三方app,没有Android平台签名,没有system权限
2.platform_app 有android平台签名,没有system权限
3.system_app 有android平台签名和system权限
4.untrusted_app_25 第三方app,没有Android平台签名,没有system权限,其定义如下This file defines the rules for untrusted apps running with targetSdkVersion <= 25.
从上面划分,权限等级,理论上:untrusted_app < platform_app < system_app按照这个进行排序
/home/ctctest/AndroidSources/aosp11_r48/system/sepolicy/prebuilts/api/30.0/private
Line 182, 183
Line 198, comment the proc_version
Changes to /home/ctctest/AndroidSources/aosp11_r48/system/sepolicy/prebuilts/api/30.0/private/coredomain.te
Line187, Line 113,
The same as in android9.0 Line43
The same as in Pie Line 987
The same as in Pie Appended in last
Line 28, line 38
Line 28, 45
Line 161
Line 66
Line 235
Line 472, Line 438
Line 468 Line 490 Line 531 Line 970~LIne973, Line 980 Line 1348
Line 150
Line 21
Line 175, 181
Line 55
Append last
Line 258, 259
Append last
Line 47~50
Line 22, 23
Append last