Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Developing system apps without AOSP

Erik Hellman
April 28, 2023
Programming
2
510

Developing system apps without AOSP

If you work with Android development long enough, there is a high chance that you eventually will be developing system applications for a custom Android device. This is quite different from doing regular apps we publish on Google Play Store, and used to require that you have the entire AOSP source code checked out in order to work with it.

However, with some understanding of how Android internals work and how to use some undocumented features of the regular build tools, we can actually develop system apps without the whole mess that comes with AOSP.

In this session you'll learn how to use system and signature level permissions, how to efficiently call system APIs, and how to test all of this on a regular Android emulator. Hopefully this will make the daily life easier for all the Android developers working on system applications.

Erik Hellman

April 28, 2023
Tweet

More Decks by Erik Hellman

See All by Erik Hellman
Wireless protocols for the next generation IoT devices
erikhellman
2
40
Working with Custom Android Devices and AOSP build system
erikhellman
2
270
Working with custom Android devices
erikhellman
2
310
State of BLE on Android in 2023
erikhellman
3
750
State of BLE on Android in 2022
erikhellman
1
1.1k
The technical solutions behind Öppna Skolplattformen
erikhellman
0
190
Bluetooth Low Energy for Modern Android Development
erikhellman
1
900
Introduction to Flutter
erikhellman
0
210
Introduction to Kotlin/JS for frontend development
erikhellman
1
420

Other Decks in Programming

See All in Programming
[Do iOS '24] Ship your app on a Friday...and enjoy your weekend!
polpielladev
0
110
エンジニアとして関わる要件と仕様(公開用)
murabayashi
0
300
Webの技術スタックで マルチプラットフォームアプリ開発を可能にするElixirDesktopの紹介
thehaigo
2
1k
TypeScriptでライブラリとの依存を限定的にする方法
tutinoko
3
690
Jakarta EE meets AI
ivargrimstad
0
220
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
1
100
.NET のための通信フレームワーク MagicOnion 入門 / Introduction to MagicOnion
mayuki
1
1.7k
OnlineTestConf: Test Automation Friend or Foe
maaretp
0
120
Outline View in SwiftUI
1024jp
1
330
TypeScript Graph でコードレビューの心理的障壁を乗り越える
ysk8hori
2
1.1k
Tauriでネイティブアプリを作りたい
tsucchinoko
0
370
アジャイルを支えるテストアーキテクチャ設計/Test Architecting for Agile
goyoki
9
3.3k

Featured

See All Featured
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Building Applications with DynamoDB
mza
90
6.1k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
Agile that works and the tools we love
rasmusluckow
327
21k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
Adopting Sorbet at Scale
ufuk
73
9.1k
The Language of Interfaces
destraynor
154
24k
Site-Speed That Sticks
csswizardry
0
28
Git: the NoSQL Database
bkeepers
PRO
427
64k
Faster Mobile Websites
deanohume
305
30k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k

Transcript

  1. Developing system apps without AOSP Erik Helman

  2. None

  3. Custom Android Devices

  4. Android Developer Boards

  5. System Apps vs Regular Apps • Hidden & System APIs

    • Signature & Permissions • Pre-installed

  6. Why? • No AOSP modifications • Developer Tooling • macOS

    and Windows

  7. Using an emulator

  8. Using an emulator

  9. Using an emulator

  10. Using a physical device (Pixel) $ adb shell getprop ro.treble.enabled

    true

  11. Download a Generic System Image

  12. Prepare the GSI $ unzip aosp_arm64-img-10018685.zip $ simg2img system.img system_raw.img

    $ gzip -c system_raw.img > system_raw.gz $ adb push system_raw.gz /storage/emulated/0/Download/

  13. Flash a GSI using DSU $ adb shell am start-activity

    \ -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \ -a android.os.image.action.START_INSTALL \ -d file:///storage/emulated/0/Download/system_raw.gz \ --el KEY_SYSTEM_SIZE $(du -b system_raw.img|cut -f1) \ --el KEY_USERDATA_SIZE <size-of-system_raw.img>

  14. Generic System Images documentation developer.android.com/topic/generic-system-image

  15. Permission protectionLevel

  16. Converting AOSP test certificates to Android keystore $ openssl pkcs8

    -inform DER -nocrypt -in platform.pk8 -out platform-signing.key $ openssl pkcs12 -export -in platform.x509.pem -inkey platform.key \ -name platform -out platform-signing.pem -password pass:password $ openssl pkcs12 -export -in platform.x509.pem -inkey platform-signing.key \ -name platform -out platform-signing.pem -password pass:password $ keytool -importkeystore -destkeystore platform-signing.keystore \ -deststorepass password -srckeystore platform.pem -srcstoretype PKCS12 -srcstorepass password

  17. Using the platform key for signing signingConfigs { debug {

    keyAlias 'platform' keyPassword 'password' storeFile rootProject.file('platform-signing.keystore') storePassword 'password' } }

  18. Installing from Android Studio

  19. Installing on the /system/app or / system/priv-app partition $ adb

    root $ adb disable-verity $ adb reboot # Wait for device to reboot... $ adb root $ adb remount $ adb shell mkdir /system/app/YourSystemApp $ adb push YourSystemApp.apk /system/app/YourSystemApp $ adb reboot # Not usually needed Remember to bump versionCode!

  20. Calling System APIs

  21. Permissions frameworks/base/core/res/AndroidManifest.xml <!-- @SystemApi Allows an application to inject user

    events (keys, touch, trackball) into the event stream and deliver them to ANY window. Without this permission, you can only deliver events to windows in your own process. <p>Not for use by third-party applications. @hide --> <permission android:name="android.permission.INJECT_EVENTS" android:protectionLevel="signature" />

  22. Inject input events (InputManager.java)

  23. Calling hidden APIs Refelctions (Slow!) private val injectMethod: Method =

    InputEvent::class.java .getMethod("injectInputEvent", InputEvent::class.java, Int::class.java) fun InputManager.injectEvent(inputEvent: InputEvent) { injectMethod.invoke(this, inputEvent, 0) }

  24. Calling hidden APIs Add an interface

  25. Calling hidden APIs Add an interface package android.hardware.input; import android.view.InputEvent;

    public interface InputManager { public boolean injectInputEvent(InputEvent event, int mode); }

  26. Calling hidden APIs Extract framework.jar & android.jar 1. Copy files

    from device or emulator 2. Convert from DEX to Java classes (DexTools) 3. Package into a new android.jar file 4. Replace android.jar in your SDK

  27. Calling hidden APIs Build a custom SDK $ mkdir ~/my-android-git

    $ cd ~/my-android-git $ repo init -u https://android.googlesource.com/platform/manifest \ -b master -g all,-notdefault,tools $ repo sync -j8 # Edit AOSP! $ . build/envsetup.sh $ lunch sdk-eng $ m

  28. Android Code Search cs.android.com

  29. Interesting @SystemAPI permissions <!-- Allows uhid write access for creating

    virtual input devices @hide --> <permission android:name="android.permission.VIRTUAL_INPUT_DEVICE" android:protectionLevel="signature" /> <!-- Allows injecting the external camera to replace the internal camera. @hide --> <permission android:name="android.permission.CAMERA_INJECT_EXTERNAL_CAMERA" android:protectionLevel="signature" /> <!-- @SystemApi @TestApi @hide Allows an application to embed other activities --> <permission android:name="android.permission.ACTIVITY_EMBEDDING" android:protectionLevel="signature|privileged" />

  30. Interesting @SystemAPI permissions <!-- @SystemApi @hide Allows an application to

    start activities from background --> <permission android:name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" android:protectionLevel="signature|privileged|vendorPrivileged|oem|verifier|role" /> <!-- Allows an application to start foreground services from the background at any time. <em>This permission is not for use by third-party applications</em>, with the only exception being if the app is the default SMS app. Otherwise, it's only usable by privileged apps, app verifier app, and apps with any of the EMERGENCY or SYSTEM GALLERY roles. --> <permission android:name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" android:protectionLevel="signature|privileged|vendorPrivileged|oem|verifier|role"/>

  31. Interesting @SystemAPI permissions <!-- @SystemApi @hide Allows an application to

    create windows using the type {@link android.view.WindowManager.LayoutParams#TYPE_APPLICATION_OVERLAY}, shown on top of all other apps. Allows an application to use {@link android.view.WindowManager.LayoutsParams#setSystemApplicationOverlay(boolean)} to create overlays that will stay visible, even if another window is requesting overlays to be hidden through {@link android.view.Window#setHideOverlayWindows(boolean)}. <p>Not for use by third-party applications. --> <permission android:name="android.permission.SYSTEM_APPLICATION_OVERLAY" android:protectionLevel="signature|recents|role|installer"/>

  32. Summary • How much System APIs do you need to

    use? • Reflection? • Custom interface • Custom Engineering SDK • Bookmark system AndroidManifest.xml • Navigating cs.andorid.com