Anbox

From ArchWiki
Jump to navigation Jump to search

Anbox is a container-based software for running Android on GNU/Linux distributions.

Prerequisite

Warning: Many users were recently affected by an issue which occurs in the combination of kernel 5.10 with lxc ≤ 4.0.5.
Note: The dkms modules do not work on kernels ≥5.7 anymore. Follow the instructions below instead. For older kernels see Old kernels.

You need to run a kernel which comes with the ashmem and binder modules. They are not part of Arch Linux's default kernel, thus you need to install a kernel which ships these modules, and need to configure your bootloader to give you a way to start your system using the newly installed kernel.

You have multiple options:

Using Linux-Zen

The linux-zen kernel includes the necessary options. This might be the most comfortable way, as you do not have to compile the kernel (which takes a long time) and will receive updated versions easily, because the package is from the repository.

Building a kernel

Alternatively, you can recompile the linux kernel — or any other kernel package — with the necessary options. Please read Kernel#Compilation.

You can also download the source files from packages.archlinux.org, change the config and run makepkg. However, as soon as you install an updated version of the kernel from the repository, your changes will be undone, thus it is better to use a different package.

Necessary config options

Modules can either be compiled into the kernel (y), into modules (m), or not at all (n). Also, not all combinations in the config are possible, and some options will require other options.

The config options below will will compile ashmem and binder as modules, while the last option specifies that there will be three devices created in the /dev/ directory, when the binder module is loaded.

CONFIG_ASHMEM=m 
CONFIG_ANDROID=y
CONFIG_ANDROID_BINDER_IPC=m
CONFIG_ANDROID_BINDERFS=n
CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder"

When building a kernel from the AUR, one can do it with these steps:

  1. run makepkg --nobuild, which will download the sources, verify and extract them and run the prepare() function.
  2. edit the .config file (with the dot in the filename), which is located at the base of the kernel directory.
  3. at the end of the prepare() function was probably a command which regenerates the makefiles with information from the config, possibly make olddefconfig. Move that to the build() function, or execute it yourself.
  4. run makepkg --noextract, which will continue from the place where makepkg --nobuild stopped.

config using binderfs

Not everybody was happy with the binder module in Linux. To address the issues, binderfs was created. One has to choose between the old and the new way when compiling the kernel. With the options below one will use binderfs instead.

With the kernel sources comes also a simple script to set confing options. It will not do dependency checks, just like when editing the config by hand. When being in the same directory where the .config file lies, one can execute the following commands.

scripts/config --module  CONFIG_ASHMEM
scripts/config --enable  CONFIG_ANDROID
scripts/config --enable  CONFIG_ANDROID_BINDER_IPC
scripts/config --enable  CONFIG_ANDROID_BINDERFS
scripts/config --set-str CONFIG_ANDROID_BINDER_DEVICES ""

This script is quite handy when building a kernel from the AUR, as it is enough to insert these lines at the right place in the PKGBUILD.

You will notice that here binder is not compiled as module. The reason is, I did not find out how to. Fell invited to give it a shot, and discuss it in Talk:Anbox.

Booting the new kernel

Please refer to the wiki page of your bootloader, to find out, how to boot with the new kernel. Booting into a newer kernel (version) is one of the few occasions when you have to reboot a Linux system. You should do that before starting Anbox.

Installation

Loading the modules

Anbox does not load the modules on demand, starting an app will fail if they are not loaded.

To load them right now, use:

# modprobe -a binder-linux ashmem-linux

To load them always at boot, one can load them via the systemd-modules-load.service. To do so, create a file inside /etc/modules-load.d/, which contains the lines:

/etc/modules-load.d/anbox.conf
ashmem_linux
binder_linux

Mounting binderfs

If your kernel uses binderfs, there is one more step to do: Mounting a binder filesystem.

Firstly, you will need a mountpoint. By default, Anbox will look at /dev/binderfs. You can create that directory now, but it will be removed at boot time. You can use systemd-tmpfiles to create this directory at boot time. For that, create a file in /etc/tmpfiles.d/ with the content:

/etc/tmpfiles.d/anbox.conf
d! /dev/binderfs 0755 root root

Secondly, you need to mount the binder filesystem. This can be done by

# mount -t binder none /dev/binderfs

To mount it always at boot, add a line in the fstab. Using the option nofail here will not greet you with a recovery shell when you are booting a kernel without binderfs support (such as the standard kernel).

/etc/fstab
none                         /dev/binderfs binder   nofail  0      0

Install Android Image

Install one of these images:

Note: The images are outdated (based on Android 7.1). For now there are no newer images available from upstream. Nobody else built newer images yet either, documentation is at build-android.md.

Generally, one needs Houdini to run ARM applications on a x86_64 computer, and you may want google apps, so anbox-image-gappsAUR would be a good way to go if you do not know what you need.

Install Anbox

Install anbox-gitAUR.

Afterwards. start/enable anbox-container-manager.service.

You have now all the required steps done to use Anbox! In the menu of your desktop environment, you should find several entries in the category Others, which can now be launched.

The first call will take longer. Behind the scenes, anbox session-manager will be launched. For testing purposes, you can also execute anbox session-manager manually in a terminal. That is very useful if anbox crashes and you want to report or fix the bug. Just launch it, and wait until it crashes (if ever). There is also a systemd unit for users, which can be used to start the session-manager on bootup. An advantage is that you can use journalctl --user -b -u anbox-session-manager to find logs about what happened in case of a crash. Keep in mind though, that when it crashes and you start a new app, it will also start the session-manager, but it will be run independently from systemd. To start and enable the unit, run

$ systemctl --user enable --now anbox-session-manager.service

Network

Via NetworkManager

If you are using NetworkManager you can use it to configure the networking.

Execute the following command to create the bridge connection:

$ nmcli con add type bridge ifname anbox0 -- connection.id anbox-net ipv4.method shared ipv4.addresses 192.168.250.1/24
  • ifname anbox0 specifies the bridge interface name, in this case anbox0. Do not change this as Anbox will only detect the bridge interface if it is named anbox0.
  • connection.id anbox-net specifies the name of the connection to be anbox-net when it appears in NetworkManager. You can change this if you wish.
  • ipv4.method shared instructs NetworkManager to create a NAT network and route outgoing packets according to the system routing rules. For that, the dnsmasq package is required. dnsmasq does not needs to be configured or be started as systemd service, it will be used behind the scenes by NetworkManager — if it is not available, this step will fail silently. You can leave this and the ipv4.addresses parameter out if you wish to attach the Anbox container directly to a specific network, see Network bridge#With NetworkManager. If you choose this option, you must also change the network configuration of the container in anbox-container-manager.service, see the next bullet point.
  • ipv4.addresses 192.168.250.1/24 specifies the default gateway and subnet of the NAT network. If you wish to change this (e.g. to 192.168.42.1/24) you must also indicate the new subnet to anbox in the anbox-container-manager.service using: --container-network-address=192.168.42.2/24 --container-network-gateway=192.168.42.1

NetworkManager will automatically setup the bridge every reboot so you only need to execute the command once.

Via systemd-networkd

The package anbox-gitAUR provides configuration files for systemd-networkd in /usr/lib/systemd/network/ to enable networking in anbox.

Therefore, you can start/enable systemd-networkd before starting anbox-container-manager.service.

Via anbox-bridge script

Alternatively you can use the anbox-bridge script used by the project.

You must execute anbox-bridge every time before starting anbox-container-manager.service in order to get network working in Anbox. The easiest solution for that is to create a drop-in file for the service.

/etc/systemd/system/anbox-container-manager.service.d/enable-anbox-bridge.conf
[Service]
ExecStartPre=/usr/bin/anbox-bridge start
ExecStopPost=/usr/bin/anbox-bridge stop

Usage

You can run the Android applications on your desktop's launcher on Other category.

If you want to use adb to debug, install android-tools. The anbox session-manager must already be running when launching it.

$ adb shell

Installing apps

Unless you picked an image with Houdini, Anbox does not have support for ARM applications. So apps must have a x86_64 architecture.

Through adb

To install /path/to/app.apk

$ adb install /path/to/app.apk

To get the list of installed applications

$ adb shell pm list packages

Note that output will be similar to package:app.name, where app.name is different from the one displayed in the Anbox container.

To uninstall app.name

$ adb uninstall app.name

If app.name is a system app

$ adb uninstall --user 0 app.name

Through apps stores

Apps can be easily installed through apps stores. In anbox-image-gappsAUR PlayStore is included.

Sensor data

Via dbus different sensors can be set. Documentation on that can be found at dbus.md

Temperature data

That is the example from the author (PRs #1522 & #1540)

$ dbus-send --session --dest=org.anbox --print-reply /org/anbox org.freedesktop.DBus.Properties.Set string:org.anbox.Sensors string:Temperature variant:double:25.1

GPS data

(introduced by PR #1606)

GPS sensor data can also be manipulated.

If your PC has a WWAN card, you can use gpsd and the code from the PR to feed Anbox with GPS data. You do not need to have a SIM-Card for GPS.

Otherwise, you can also look at the PR to learn how to feed it fake data with the help of [1].

Root shell

With this script from the Anbox project one can get a root shell inside the Android container.

It is not part of the anbox-gitAUR package, and it also does not use adb.

Tips and tricks

Android developer options

Some extra steps need to be done besides unlocking them the same way you do on an android phone. When installing the android image, some modifications to products/anbox.xml are required:

  • <unavailable-feature name="android.hardware.usb.host" /> is the reason why they are not available.
  • <feature name="android.software.backup" /> will be needed too, to avoid a NullPointerException.

(reference: Github issue #444)

Getting debugging information

Obviously, it is helpful to have debugging symbols in the Anbox build. For that, when compiling Anbox, add options=('!strip') to the PKGBUILD, as by default they are removed. And, use either -DCMAKE_BUILD_TYPE=RelWithDebInfo or -DCMAKE_BUILD_TYPE=Debug in the cmake call.

But there is more to it! Anbox uses backward-cpp. If you do not delete the build files for Anbox, it will print pretty stack traces when crashing, which point out the places in the source code.

Also see the remarks in #Install Anbox.

Troubleshooting

If you run into issues, take a look at the official Issue Tracker: [2]

Old CPUs

Anbox requires support for SSE 4.1/4.2 and SSSE 3, because Android wants that too. Some older CPUs do not provide that, so you probably cannot use Anbox, see: Anbox Github Issue 499.

Old kernels

Before the kernel modules were mainlined, they were out of tree modules, which needed to be installed seperately from the kernel (Like it is the case for the nvidia kernel modules). They are not compatible with kernel 5.7 or newer.

It is still possible to use that approach with the linux-lts or other old kernels. The package to install the modules via DKMS is not available in the AUR anymore, but can be retrieved with git clone https://aur.archlinux.org/anbox-modules-dkms, or resurected from [3].

Kernel 5.10 with lxc ≤ 4.0.5

If kernel 5.10.0 - 5.10.3 is used together with lxc ≤ 4.0.5, anbox session-manager will segfault very soon. Updating either the kernel to 5.10.4 or using a newer lxc version fixes this.

Secure Boot error

If you get this error message:

modprobe: ERROR: could not insert 'ashmem_linux': Operation not permitted

Secure Boot is likely blocking the module. You can either disable Secure Boot or sign the ashmem module yourself.

More info can be found in the Anbox Github Docs.

See also