Plasma/Mobile/Porting: Difference between revisions
initial page |
revision 2 with more info added |
||
Line 74: | Line 74: | ||
==== Disable enforced PIE executables in bionic ==== | ==== Disable enforced PIE executables in bionic ==== | ||
Currently LXC userspace tools doesn't have executables compiled with PIE support, See [https://github.com/lxc/lxc-ci/issues/7 github issue] for more information, to workaround this, we patch bionic and disable the check which enforces only PIE executables. | |||
<pre class="patch">diff --git a/linker/linker.cpp b/linker/linker.cpp | |||
index 54867dc..55ca67a 100644 | |||
--- a/linker/linker.cpp | |||
+++ b/linker/linker.cpp | |||
@@ -2401,11 +2401,11 @@ static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW( | |||
si->dynamic = nullptr; | |||
si->ref_count = 1; | |||
- ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); | |||
- if (elf_hdr->e_type != ET_DYN) { | |||
- __libc_format_fd(2, "error: only position independent executables (PIE) are supported.\n"); | |||
- exit(EXIT_FAILURE); | |||
- } | |||
+ //ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); | |||
+ //if (elf_hdr->e_type != ET_DYN) { | |||
+ // __libc_format_fd(2, "error: only position independent executables (PIE) are supported.\n"); | |||
+ // exit(EXIT_FAILURE); | |||
+ //} | |||
// Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). | |||
parse_LD_LIBRARY_PATH(ldpath_env);</pre> | |||
This patch needs to be dropped when LXC have proper PIE support. | |||
==== Disable SELinux ==== | ==== Disable SELinux ==== | ||
SELinux and optionally audit as well needs to be disabled to run container on Android. For that edit BOARD_KERNEL_CMDLINE in the BoardConfig.mk file of device tree to pass androidboot.selinux=permissive and selinux=0. | |||
<pre class="makefile">BOARD_KERNEL_CMDLINE := console=tty0 androidboot.hardware=hammerhead user_debug=31 maxcpus=2 msm_watchdog_v2.enable=1 androidboot.bootdevice=msm_sdcc.1 androidboot.selinux=permissive</pre> | |||
==== Remove the nosuid,nodev option from the data partition ==== | ==== Remove the nosuid,nodev option from the data partition ==== | ||
Android by default mounts /data partition with nosuid,nodev options and this results in problem when using executables with suid in rootfs, given it is put inside /data partition. To fix this, we change fstab.devicename in devicetree to remoev nosuid and nodev option. | |||
<pre class="patch">diff --git a/fstab.hammerhead b/fstab.hammerhead | |||
index a582221..39455c1 100644 | |||
--- a/fstab.hammerhead | |||
+++ b/fstab.hammerhead | |||
@@ -4,7 +4,7 @@ | |||
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK | |||
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,barrier=1 wait | |||
-/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check,encryptable=/dev/block/platform/msm_sdcc.1/by-name/metadata | |||
+/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 noatime,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check,encryptable=/dev/block/platform/msm_sdcc.1/by-name/metadata | |||
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check | |||
/dev/block/platform/msm_sdcc.1/by-name/persist /persist ext4 nosuid,nodev,barrier=1,data=ordered,nodelalloc,nomblk_io_submit,errors=panic wait | |||
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337,context=u:object_r:firmware_file:s0 wait</pre> | |||
==== Apply bionic patch to shift TLS slots ==== | ==== Apply bionic patch to shift TLS slots ==== | ||
TLS slots used by the bionic conflicts with the libc/hybris, this results in OpenGL and/or Qt based applications crashing, to fix this Ubuntu Touch and Mer uses [https://code-review.phablet.ubuntu.com/#/c/4/ patch] to not cause conflicts between libc and bionic. Apply this patch to bionic. If linked patch doesn't cleanly apply to your bionic checkout, required changes are simple enough to apply manually. | |||
==== Fix Permission for backlight brightness file ==== | ==== Fix Permission for backlight brightness file ==== | ||
By default brightness sysfs file permission doesn't allow other user to change brightness, this results in kwin failing to turn backlight on and off. To fix that in init.devicename.rc change the permission as shown below: | |||
<pre class="patch">diff --git a/init.hammerhead.rc b/init.hammerhead.rc | |||
index a08d015..e34c563 100644 | |||
--- a/init.hammerhead.rc | |||
+++ b/init.hammerhead.rc | |||
@@ -138,7 +138,7 @@ on boot | |||
chown system system /sys/class/leds/green/on_off_ms | |||
chown system system /sys/class/leds/blue/on_off_ms | |||
chown system system /sys/class/leds/red/rgb_start | |||
- chmod 664 /sys/class/leds/lcd-backlight/brightness | |||
+ chmod 666 /sys/class/leds/lcd-backlight/brightness | |||
on post-fs-data | |||
write /sys/kernel/boot_adsp/boot 1</pre> | |||
== For devices which don't require Android binary blobs == | == For devices which don't require Android binary blobs == | ||
* Normal Linux system with kernel and drivers supporting Wayland | * Normal Linux system with kernel and drivers supporting Wayland | ||
* KWin/Wayland and Plasma Mobile packages | * KWin/Wayland and Plasma Mobile packages |
Revision as of 06:41, 31 December 2016
Current Architecture of Plasma Mobile
For ARM devices which requires Android binary blobs
- Kernel, either provided by vendor or thirdparty with config options enabled to support LXC containers
- AOSP/LineageOS base, built with core_tiny target, just base items
- LXC container with Neon/Ubuntu rootfs containing KWin/Wayland and Plasma Mobile
Kernel
Kernel needs to support the various config options, you can use lxc-checkconfig script provided by lxc userspace tools to check if all required features are enabled, for example:
% CONFIG=arch/arm64/configs/bullhead_defconfig lxc-checkconfig --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: missing Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled [..]
Below is the list of the config options,
CONFIG_CGROUP_DEVICE=y CONFIG_CPUSETS=y CONFIG_CGROUP_MEM_RES_CTLR=y CONFIG_CGROUP_PERF=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y CONFIG_USER_NS=y CONFIG_PID_NS=y CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
AOSP/LineageOS base
AOSP/LineageOS base should have all non-required things removed and some changes in base to accomodate needs of libhybris and container containing Linux system. Below is list of various changes,
Export PATH and LD_LIBRARY_PATH to point to lxc userspace tools
We use prebuilt lxc userspace tools from linux containers CI. Those are installed in /data partition which by default is not in the PATH android shell looks binaries into. Modify the system/core/rootdir/init.environ.rc file to include the path of LXC userspace tools in $PATH and export LD_LIBRARY_PATH.
project system/core/ diff --git a/rootdir/init.environ.rc.in b/rootdir/init.environ.rc.in index c32337a..9d91d60 100644 --- a/rootdir/init.environ.rc.in +++ b/rootdir/init.environ.rc.in @@ -1,6 +1,6 @@ # set up the global environment on init - export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin + export PATH /data/lxc/lxc/bin:/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin export ANDROID_BOOTLOGO 1 export ANDROID_ROOT /system export ANDROID_ASSETS /system/app @@ -8,6 +8,7 @@ on init export ANDROID_STORAGE /storage export ASEC_MOUNTPOINT /mnt/asec export LOOP_MOUNTPOINT /mnt/obb + export LD_LIBRARY_PATH /data/lxc/lxc/lib export BOOTCLASSPATH %BOOTCLASSPATH% export SYSTEMSERVERCLASSPATH %SYSTEMSERVERCLASSPATH% export LD_PRELOAD libsigchain.so%TARGET_LDPRELOAD%
However, LD_LIBRARY_PATH doesn't work for AOSP based android image and needs investigation. See phabricator task for more details.
Disable enforced PIE executables in bionic
Currently LXC userspace tools doesn't have executables compiled with PIE support, See github issue for more information, to workaround this, we patch bionic and disable the check which enforces only PIE executables.
diff --git a/linker/linker.cpp b/linker/linker.cpp index 54867dc..55ca67a 100644 --- a/linker/linker.cpp +++ b/linker/linker.cpp @@ -2401,11 +2401,11 @@ static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW( si->dynamic = nullptr; si->ref_count = 1; - ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); - if (elf_hdr->e_type != ET_DYN) { - __libc_format_fd(2, "error: only position independent executables (PIE) are supported.\n"); - exit(EXIT_FAILURE); - } + //ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); + //if (elf_hdr->e_type != ET_DYN) { + // __libc_format_fd(2, "error: only position independent executables (PIE) are supported.\n"); + // exit(EXIT_FAILURE); + //} // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). parse_LD_LIBRARY_PATH(ldpath_env);
This patch needs to be dropped when LXC have proper PIE support.
Disable SELinux
SELinux and optionally audit as well needs to be disabled to run container on Android. For that edit BOARD_KERNEL_CMDLINE in the BoardConfig.mk file of device tree to pass androidboot.selinux=permissive and selinux=0.
BOARD_KERNEL_CMDLINE := console=tty0 androidboot.hardware=hammerhead user_debug=31 maxcpus=2 msm_watchdog_v2.enable=1 androidboot.bootdevice=msm_sdcc.1 androidboot.selinux=permissive
Remove the nosuid,nodev option from the data partition
Android by default mounts /data partition with nosuid,nodev options and this results in problem when using executables with suid in rootfs, given it is put inside /data partition. To fix this, we change fstab.devicename in devicetree to remoev nosuid and nodev option.
diff --git a/fstab.hammerhead b/fstab.hammerhead index a582221..39455c1 100644 --- a/fstab.hammerhead +++ b/fstab.hammerhead @@ -4,7 +4,7 @@ # specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK /dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,barrier=1 wait -/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check,encryptable=/dev/block/platform/msm_sdcc.1/by-name/metadata +/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 noatime,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check,encryptable=/dev/block/platform/msm_sdcc.1/by-name/metadata /dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check /dev/block/platform/msm_sdcc.1/by-name/persist /persist ext4 nosuid,nodev,barrier=1,data=ordered,nodelalloc,nomblk_io_submit,errors=panic wait /dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337,context=u:object_r:firmware_file:s0 wait
Apply bionic patch to shift TLS slots
TLS slots used by the bionic conflicts with the libc/hybris, this results in OpenGL and/or Qt based applications crashing, to fix this Ubuntu Touch and Mer uses patch to not cause conflicts between libc and bionic. Apply this patch to bionic. If linked patch doesn't cleanly apply to your bionic checkout, required changes are simple enough to apply manually.
Fix Permission for backlight brightness file
By default brightness sysfs file permission doesn't allow other user to change brightness, this results in kwin failing to turn backlight on and off. To fix that in init.devicename.rc change the permission as shown below:
diff --git a/init.hammerhead.rc b/init.hammerhead.rc index a08d015..e34c563 100644 --- a/init.hammerhead.rc +++ b/init.hammerhead.rc @@ -138,7 +138,7 @@ on boot chown system system /sys/class/leds/green/on_off_ms chown system system /sys/class/leds/blue/on_off_ms chown system system /sys/class/leds/red/rgb_start - chmod 664 /sys/class/leds/lcd-backlight/brightness + chmod 666 /sys/class/leds/lcd-backlight/brightness on post-fs-data write /sys/kernel/boot_adsp/boot 1
For devices which don't require Android binary blobs
- Normal Linux system with kernel and drivers supporting Wayland
- KWin/Wayland and Plasma Mobile packages