Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Developing system apps without AOSP

Developing system apps without AOSP

If you work with Android development long enough, there is a high chance that you eventually will be developing system applications for a custom Android device. This is quite different from doing regular apps we publish on Google Play Store, and used to require that you have the entire AOSP source code checked out in order to work with it.

However, with some understanding of how Android internals work and how to use some undocumented features of the regular build tools, we can actually develop system apps without the whole mess that comes with AOSP.

In this session you'll learn how to use system and signature level permissions, how to efficiently call system APIs, and how to test all of this on a regular Android emulator. Hopefully this will make the daily life easier for all the Android developers working on system applications.

Erik Hellman

April 28, 2023
Tweet

More Decks by Erik Hellman

Other Decks in Programming

Transcript

  1. Developing system
    apps without AOSP
    Erik Helman

    View Slide

  2. View Slide

  3. Custom Android Devices

    View Slide

  4. Android Developer Boards

    View Slide

  5. System Apps vs Regular Apps
    • Hidden & System APIs
    • Signature & Permissions
    • Pre-installed

    View Slide

  6. Why?
    • No AOSP modifications
    • Developer Tooling
    • macOS and Windows

    View Slide

  7. Using an emulator

    View Slide

  8. Using an emulator

    View Slide

  9. Using an emulator

    View Slide

  10. Using a physical device (Pixel)
    $ adb shell getprop ro.treble.enabled
    true

    View Slide

  11. Download a Generic System
    Image

    View Slide

  12. Prepare the GSI
    $ unzip aosp_arm64-img-10018685.zip
    $ simg2img system.img system_raw.img
    $ gzip -c system_raw.img > system_raw.gz
    $ adb push system_raw.gz /storage/emulated/0/Download/

    View Slide

  13. Flash a GSI using DSU
    $ adb shell am start-activity \
    -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
    -a android.os.image.action.START_INSTALL \
    -d file:///storage/emulated/0/Download/system_raw.gz \
    --el KEY_SYSTEM_SIZE $(du -b system_raw.img|cut -f1) \
    --el KEY_USERDATA_SIZE

    View Slide

  14. Generic System Images
    documentation
    developer.android.com/topic/generic-system-image

    View Slide

  15. Permission protectionLevel

    View Slide

  16. Converting AOSP test certificates to
    Android keystore
    $ openssl pkcs8 -inform DER -nocrypt -in platform.pk8 -out platform-signing.key
    $ openssl pkcs12 -export -in platform.x509.pem -inkey platform.key \
    -name platform -out platform-signing.pem -password pass:password
    $ openssl pkcs12 -export -in platform.x509.pem -inkey platform-signing.key \
    -name platform -out platform-signing.pem -password pass:password
    $ keytool -importkeystore -destkeystore platform-signing.keystore \
    -deststorepass password -srckeystore platform.pem -srcstoretype PKCS12 -srcstorepass password

    View Slide

  17. Using the platform key for
    signing
    signingConfigs {
    debug {
    keyAlias 'platform'
    keyPassword 'password'
    storeFile rootProject.file('platform-signing.keystore')
    storePassword 'password'
    }
    }

    View Slide

  18. Installing from Android Studio

    View Slide

  19. Installing on the /system/app or /
    system/priv-app partition
    $ adb root
    $ adb disable-verity
    $ adb reboot # Wait for device to reboot...
    $ adb root
    $ adb remount
    $ adb shell mkdir /system/app/YourSystemApp
    $ adb push YourSystemApp.apk /system/app/YourSystemApp
    $ adb reboot # Not usually needed
    Remember to bump versionCode!

    View Slide

  20. Calling System APIs

    View Slide

  21. Permissions
    frameworks/base/core/res/AndroidManifest.xml

    android:protectionLevel="signature" />

    View Slide

  22. Inject input events
    (InputManager.java)

    View Slide

  23. Calling hidden APIs
    Refelctions (Slow!)
    private val injectMethod: Method = InputEvent::class.java
    .getMethod("injectInputEvent", InputEvent::class.java, Int::class.java)
    fun InputManager.injectEvent(inputEvent: InputEvent) {
    injectMethod.invoke(this, inputEvent, 0)
    }

    View Slide

  24. Calling hidden APIs
    Add an interface

    View Slide

  25. Calling hidden APIs
    Add an interface
    package android.hardware.input;
    import android.view.InputEvent;
    public interface InputManager {
    public boolean injectInputEvent(InputEvent event, int mode);
    }

    View Slide

  26. Calling hidden APIs
    Extract framework.jar & android.jar
    1. Copy files from device or emulator
    2. Convert from DEX to Java classes (DexTools)
    3. Package into a new android.jar file
    4. Replace android.jar in your SDK

    View Slide

  27. Calling hidden APIs
    Build a custom SDK
    $ mkdir ~/my-android-git
    $ cd ~/my-android-git
    $ repo init -u https://android.googlesource.com/platform/manifest \
    -b master -g all,-notdefault,tools
    $ repo sync -j8
    # Edit AOSP!
    $ . build/envsetup.sh
    $ lunch sdk-eng
    $ m

    View Slide

  28. Android Code Search
    cs.android.com

    View Slide

  29. Interesting @SystemAPI
    permissions

    android:protectionLevel="signature" />

    android:protectionLevel="signature" />

    android:protectionLevel="signature|privileged" />

    View Slide

  30. Interesting @SystemAPI
    permissions

    android:protectionLevel="signature|privileged|vendorPrivileged|oem|verifier|role" />

    android:protectionLevel="signature|privileged|vendorPrivileged|oem|verifier|role"/>

    View Slide

  31. Interesting @SystemAPI
    permissions

    android:protectionLevel="signature|recents|role|installer"/>

    View Slide

  32. Summary
    • How much System APIs do you need to use?
    • Reflection?
    • Custom interface
    • Custom Engineering SDK
    • Bookmark system AndroidManifest.xml
    • Navigating cs.andorid.com

    View Slide