Hello guys
I saw that the other guide on how to build from sources is outdated, so I tought “why don't write another one more updated?”, and here we go!
-Warning-
Always use latest Ubuntu/Fedora and always use 64bit
Like DroidModderXtreme said don't make other cm10.2, wait more stable nightly
Guide contenent:
1. Setup build enviroment - Ubuntu & Fedora
2. Download & compile CM 9/10 sources
3. Download & compile CM 10.1/10.2 sources
4. Final statement
1. Setup build enviroment - Ubuntu & Fedora
install dependencies:
Code:
Ubuntu:
sudo apt-get install git gnupg flex bison gperf build-essential \
zip curl libc6-dev libncurses5-dev:i386 x11proto-core-dev \
libx11-dev:i386 libreadline6-dev:i386 libgl1-mesa-glx:i386 \
libgl1-mesa-dev g++-multilib mingw32 tofrodos \
python-markdown libxml2-utils xsltproc zlib1g-dev:i386 libssl-dev
Fedora
sudo yum install glibc.i686 glibc-devel.i686 libstdc++.i686 zlib-devel.i686
ncurses-devel.i686 libX11-devel.i686 libXrender.i686 libXrandr.i686 install git
gnupg gnupg2 flex flex-devel bison bison-devel gperf gcc gcc-c++ make
automake kernel-devel zip curl zlib zlib-devel glibc glibc-devel ncurses
ncurses-devel xulrunner xulrunner-devel libX11 libX11-common libX11-devel
xorg-x11-proto-devel readline readline-devel mesa-libGL mesa-libGL-devel
mesa-libGLU python-markdown libxml2 libxml2-devel libxslt libxslt-devel
perl perl-devel perl-Switch SDL SDL-devel wxGTK wxGTK-devel squashfs-tools
pngcrush schedtool
type this:
Code:
sudo ln -s /usr/lib/i386-linux-gnu/mesa/libGL.so.1 /usr/lib/i386-linux-gnu/libGL.so
configure usb:
Code:
gksudo gedit /etc/udev/rules.d/51-android.rules
add these lines, save and exit:
Code:
#Garmin-Asus
SUBSYSTEM=="usb", ATTR{idVendor}=="091E", MODE="0666"
#Google
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0666"
#HTC
SUBSYSTEM=="usb", ATTR{idVendor}=="0bb4", MODE="0666"
#Huawei
SUBSYSTEM=="usb", ATTR{idVendor}=="12d1", MODE="0666"
#K-Touch
SUBSYSTEM=="usb", ATTR{idVendor}=="24e3", MODE="0666"
#KT Tech
SUBSYSTEM=="usb", ATTR{idVendor}=="2116", MODE="0666"
#Kyocera
SUBSYSTEM=="usb", ATTR{idVendor}=="0482", MODE="0666"
#Lenevo
SUBSYSTEM=="usb", ATTR{idVendor}=="17EF", MODE="0666"
#LG
SUBSYSTEM=="usb", ATTR{idVendor}=="1004", MODE="0666"
#Motorola
SUBSYSTEM=="usb", ATTR{idVendor}=="22b8", MODE="0666"
#NEC
SUBSYSTEM=="usb", ATTR{idVendor}=="0409", MODE="0666"
#Nook
SUBSYSTEM=="usb", ATTR{idVendor}=="2080", MODE="0666"
#Nvidia
SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0666"
#OTGV
SUBSYSTEM=="usb", ATTR{idVendor}=="2257", MODE="0666"
#Pantech
SUBSYSTEM=="usb", ATTR{idVendor}=="10A9", MODE="0666"
#Philips
SUBSYSTEM=="usb", ATTR{idVendor}=="0471", MODE="0666"
#PMC-Sierra
SUBSYSTEM=="usb", ATTR{idVendor}=="04da", MODE="0666"
#Qualcomm
SUBSYSTEM=="usb", ATTR{idVendor}=="05c6", MODE="0666"
#SK Telesys
SUBSYSTEM=="usb", ATTR{idVendor}=="1f53", MODE="0666"
#Samsung
SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", MODE="0666"
#Sharp
SUBSYSTEM=="usb", ATTR{idVendor}=="04dd", MODE="0666"
#Sony Ericsson
SUBSYSTEM=="usb", ATTR{idVendor}=="0fce", MODE="0666"
#Toshiba
SUBSYSTEM=="usb", ATTR{idVendor}=="0930", MODE="0666"
#ZTE
SUBSYSTEM=="usb", ATTR{idVendor}=="19D2", MODE="0666"
set right permission:
Code:
sudo chmod a+r /etc/udev/rules.d/51-android.rules
--Java for Ubuntu--------------------------------------------------------------------------------------------
remove openJDK:
Code:
sudo apt-get purge openjdk-\* icedtea-\* icedtea6-\*
add java PPA
Code:
sudo add-apt-repository ppa:webupd8team/java
download and install it:
Code:
sudo apt-get update && sudo apt-get install oracle-java6-installer
--------------------------------------------------------------------------------------------------------------------
--Java for Fedora--------------------------------------------------------------------------------------------
download java JDK 6 x64-rpm.bin
Code:
[URL="http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html#jdk-6u45-oth-JPR"]CLICK[/URL]
install it (change ## with your version)
Code:
chmod +x /path/to/file/jdk-##-linux-*-rpm.bin && /path/to/binary/jdk-##-linux-*-rpm.bin
swap to oracle JDK with:
Code:
alternatives --config java
edit profile, save and close it (change ## with your version):
## export JAVA_HOME JDK ##
export JAVA_HOME="/usr/java/jdk1.6.0_##"
--------------------------------------------------------------------------------------------------------------------
download android SDK:
Code:
[URL="CLICK"]CLICK[/URL]
place it in home/android and edit bashrc:
Code:
gksudo gedit .bashrc
add this, save and exit:
Code:
# Android tools
export PATH=${PATH}:~/android/android-sdk-linux/tools
export PATH=${PATH}:~/android/android-sdk-linux/platform-tools
export PATH=${PATH}:~/bin
edit profile:
Code:
gksudo gedit .profile
add this PATH, save and exit:
Code:
PATH="$HOME/android/android-sdk-linux/tools:$HOME/android/android-sdk-linux/platform-tools:$PATH"
install the REPO:
Code:
mkdir ~/bin && PATH=~/bin:$PATH && curl http://commondatastorage.googleapis.com/git-repo-downloads/repo > ~/bin/repo && chmod a+x ~/bin/repo
2. Download & compile CM 9/10 sources
-change ## with your cm version
Code:
mkdir ~/android/cm##
cd ~/android/cm##
initialize the repo:
Code:
cm10
repo init -u git://github.com/CyanogenMod/android.git -b jellybean
cm9
repo init -u git://github.com/CyanogenMod/android.git -b ics
edit your manifest:
Code:
gksudo gedit ~/android/cm##/.repo/manifest.xml
add sony prebuilts, save and exit:
Code:
cm10
<project name="TheMuppets/proprietary_vendor_sony" path="vendor/sony" remote="github" revision="jellybean"/>
cm9
<project name="TheMuppets/proprietary_vendor_sony" path="vendor/sony" remote="github" revision="ics"/>
download with:
Code:
repo sync
download prebuilts:
Code:
cd ~/android/cm##/vendor/cm && . get-prebuilts
Code:
. build/envsetup.sh && brunch kumquat
to delete your build product do:
Code:
mka clobber
3. Download & compile CM 10.1/10.2 sources
-change ## with your cm version
Code:
mkdir ~/android/cm##
cd ~/android/cm##
initialize the repo:
Code:
cm10.1
repo init -u git://github.com/CyanogenMod/android.git -b cm-10.1
cm10.2
repo init -u git://github.com/CyanogenMod/android.git -b cm-10.2
edit your manifest:
Code:
gksudo gedit ~/android/cm##/.repo/manifest.xml
add sony prebuilts, save and exit:
Code:
cm10.1
<!--Xperia U-->
<project path="kernel/sony/u8500" name="munjeni/android_kernel_xperiago" remote="github" revision="jb-dev" />
<project path="vendor/sony" name="percy-g2/proprietary_vendor_Sony-u8500" remote="github" revision="cm-10.1" />
<project path="device/sony/montblanc-common" name="Legacy-Xperia/android_device_sony_montblanc-common" remote="github" revision="cm10.1" />
<project path="device/sony/kumquat" name="Gava97/android_device_sony_kumquat" remote="github" revision="cm10.1" />
<project path="hardware/semc/dash" name="CyanogenMod/android_hardware_sony_DASH" remote="github" revision="jellybean" />
<!--Custom Repo-->
<project path="frameworks/av" name="Legacy-Xperia/android_frameworks_av" remote="github" revision="cm-10.1" />
<project path="frameworks/native" name="Legacy-Xperia/android_frameworks_native" remote="github" revision="cm-10.1" />
<project path="hardware/libhardware" name="Legacy-Xperia/android_hardware_libhardware" remote="github" revision="cm-10.1" />
<project path="hardware/libhardware_legacy" name="Legacy-Xperia/android_hardware_libhardware_legacy" remote="github" revision="cm-10.1" />
<project path="system/core" name="Legacy-Xperia/android_system_core" />
<project path="bootable/recovery" name="DevSwift/android_bootable_recovery-1" remote="github" revision="cm-10.1" />
cm10.2
<!--Xperia U-->
<project path="kernel/sony/u8500" name="munjeni/android_kernel_xperiago" remote="github" revision="jb-dev" />
<project path="device/sony/kumquat" name="XperiaNovathor/android_device_sony_kumquat" remote="github" revision="master" />
<project path="vendor/sony" name="Andrewas/proprietary_vendor_sony" remote="github" revision="master" />
<project path="hardware/semc" name="munjeni/aosp_4.3_hardware_semc" remote="github" revision="master" />
delete these lines only for cm 10.1
Code:
<project path="frameworks/av" name="CyanogenMod/android_frameworks_av" remote="github" revision="cm-10.1" />
<project path="frameworks/native" name="CyanogenMod/android_frameworks_native" remote="github" revision="cm-10.1" />
<project path="hardware/libhardware" name="CyanogenMod/android_hardware_libhardware" remote="github" revision="cm-10.1" />
<project path="hardware/libhardware_legacy" name="CyanogenMod/android_hardware_libhardware_legacy" remote="github" revision="cm-10.1" />
<project path="system/core" name="CyanogenMod/android_system_core" />
<project path="bootable/recovery" name="CyanogenMod/android_bootable_recovery" remote="github" revision="cm-10.1" />
download with:
Code:
repo sync
download prebuilts:
Code:
cd ~/android/cm##/vendor/cm && . get-prebuilts
do this only for cm10.2
Code:
patch -p1 < device/sony/kumquat/patches/external_bluetooth_bluedroid.patch
patch -p1 < device/sony/kumquat/patches/framework_av.patch
patch -p1 < device/sony/kumquat/patches/framework_native.patch
patch -p1 < device/sony/kumquat/patches/hardware_libhardware.patch
patch -p1 < device/sony/kumquat/patches/hardware_libhardware_legacy.patch
patch -p1 < device/sony/kumquat/patches/system_netd.patch
patch -p1 < device/sony/kumquat/patches/system_core.patch
Code:
. build/envsetup.sh && brunch kumquat
to delete your build product do:
Code:
mka clobber
4. Final Statement
This is a WIP, so if you have idea, suggestion, spot errors... fell free to post/pm me them
Thanks goes to @elia222, @Gava97, @DroidModderXtreme, @percy_g2, @munjeni, Legacy-Xperia and Cyanogenmod, @Andrewasth
WARNING : DO NOT MAKE 10.2 BUILDS FOR NOW,OTHERWHISE I WILL CALL A MOD !!!
Wait until nighty6/7
DroidModderXtreme said:
WARNING : DO NOT MAKE 10.2 BUILDS FOR NOW,OTHERWHISE I WILL CALL A MOD !!!
Wait until nighty6/7
Click to expand...
Click to collapse
Added to OP
Inviato dal mio Xperia U con Tapatalk
DroidModderXtreme said:
WARNING : DO NOT MAKE 10.2 BUILDS FOR NOW,OTHERWHISE I WILL CALL A MOD !!!
Wait until nighty6/7
Click to expand...
Click to collapse
Why calling a mod?
Inviato dal mio ST25i con Tapatalk
How much are sources in size..??
Probably I live in india...its hard to download...
And will dis guide work for cm7..??
Do we have sources for cm7..??
I m a newbie..not experienced enough..
ajain3982 said:
How much are sources in size..??
Probably I live in india...its hard to download...
And will dis guide work for cm7..??
Do we have sources for cm7..??
I m a newbie..not experienced enough..
Click to expand...
Click to collapse
Sources are about 10+ GB
For cm7 i don't know
Inviato dal mio Xperia U con Tapatalk
No need to add dependencies on our own! I will fork the buildserver from percy or will add dependencies on his and then we could just replace the manifest.xml
Andrewasth said:
No need to add dependencies on our own! I will fork the buildserver from percy or will add dependencies on his and then we could just replace the manifest.xml
Click to expand...
Click to collapse
But why not? Doing this you'll familiarize more with repo...
Inviato dal mio Xperia U con Tapatalk
Xperia_Modder said:
But why not? Doing this you'll familiarize more with repo...
Inviato dal mio Xperia U con Tapatalk
Click to expand...
Click to collapse
Of course! It will show others how to download sources! I just told it to make it easier When I will add support for kumquat you could write it as a second method I will send you the commands
Andrewasth said:
Of course! It will show others how to download sources! I just told it to make it easier When I will add support for kumquat you could write it as a second method I will send you the commands
Click to expand...
Click to collapse
Good idea, i'll split in short & long version, waiting for you
Inviato dal mio Xperia U con Tapatalk
Xperia_Modder said:
Good idea, i'll split in short & long version, waiting for you
Inviato dal mio Xperia U con Tapatalk
Click to expand...
Click to collapse
Will try my way tomorrow most probably
What about for fedora ? Some are not working with yum install..
Little Zed said:
What about for fedora ? Some are not working with yum install..
Click to expand...
Click to collapse
If i remeber right with feodara is a little more complicated; i'll see other guides and add it
Inviato dal mio Xperia U con Tapatalk
Xperia_Modder said:
If i remeber right with feodara is a little more complicated; i'll see other guides and add it
Inviato dal mio Xperia U con Tapatalk
Click to expand...
Click to collapse
Thank you. I've been having trouble building and syncing ROMs. Will wait for your guide
Get 404 error not found in the bin file
Neurom707 said:
Get 404 error not found in the bin file
Click to expand...
Click to collapse
ops, the repo file is outdated, use this
Code:
curl http://commondatastorage.googleapis.com/git-repo-downloads/repo > ~/bin/repo
In a few hours i'll update the OP with these small fix + how to build on fedora
Xperia_Modder said:
ops, the repo file is outdated, use this
Code:
curl http://commondatastorage.googleapis.com/git-repo-downloads/repo > ~/bin/repo
In a few hours i'll update the OP with these small fix + how to build on fedora
Click to expand...
Click to collapse
Thanks
New problem
says:
[email protected]:/home/toms/android/cm10.1# repo init -u git://github.com/CyanogenMod/android.git -b cm-10.1
No command 'repo' found, did you mean:
Command 'rep' from package 'rep' (universe)
Command 'repro' from package 'repro' (universe)
Command 'repl' from package 'mailutils-mh' (universe)
Command 'repl' from package 'nmh' (universe)
repo: command not found
Neurom707 said:
Thanks
New problem
says:
[email protected]:/home/toms/android/cm10.1# repo init -u git://github.com/CyanogenMod/android.git -b cm-10.1
No command 'repo' found, did you mean:
Command 'rep' from package 'rep' (universe)
Command 'repro' from package 'repro' (universe)
Command 'repl' from package 'mailutils-mh' (universe)
Command 'repl' from package 'nmh' (universe)
repo: command not found
Click to expand...
Click to collapse
did you do:
gksudo gedit .bashrc, then add export PATH=${PATH}:~/bin
Xperia_Modder said:
did you do:
gksudo gedit .bashrc, then add export PATH=${PATH}:~/bin
Click to expand...
Click to collapse
Yes?
Sent from my Xperia U using xda app-developers app
Neurom707 said:
Yes?
Sent from my Xperia U using xda app-developers app
Click to expand...
Click to collapse
try to type this in terminal from home directory
Code:
PATH=~/bin:$PATH
and retry repo sync
There are the steps I did to get stock USB tethering working on my rooted s-off t6vzw:
Use adb to pull /system/customize/ACC/default.xml
Use a text editor to edit default.xml by changing the following:
Code:
Line 152:
CHANGE <item type="boolean" name="tethering_guard_support">true</item>
TO <item type="boolean" name="tethering_guard_support">false</item>
Code:
Line 699:
CHANGE <item type="integer" name="TetheringGuard_Rule">1</item>
TO <item type="integer" name="TetheringGuard_Rule">0</item>
Copy your edited default.xml to the phone's internal storage using Windows Explorer
Open adb shell
Type su.
Type cd /sdcard
Type mount -o rw,remount /system
Type cp default.xml /system/customize/ACC
Type adb reboot.
This is illegal.. You are committing high level fraud. You took an oath of allegiance to VZW. VERIZON INVESTORS will not be happy with this post.
HTC One MAX
DROID3R said:
This is illegal.. You are committing high level fraud. You took an oath of allegiance to VZW. VERIZON INVESTORS will not be happy with this post.
HTC One MAX
Click to expand...
Click to collapse
hahahaha You can find these post everywhere
Do you know how to disable the provision check for Wi-Fi?
TappEd from my HTC One Max
Check out my website for encouragement....
www.projectintercession.blogspot.com
Hi,
I run CM 13 and want to encrypt my sd card. The internal storage is already encrypted. I do NOT want to use the sd card as "internal" or "adopted" because the sd is for data only and I want all the apps in the faster internal storage. I do not care if the sd is usable on other phones or not, I just want to completely encrypt it.
The security menu doesn't show a "encrypt sd card" option anymore as in previous versions.
So what is the best way to encrypt the sd card?
Is there some command like "vdc cryptfs" which handles sd cards?
Thanks.
Nobody got a solution for this?
I've been reading various Android crypto documentations, the vold source code etc. and haven't found a solution yet. Seems like this is not a feature readily available...
Ok, after some work I figured out a way to do it.
You need a rooted phone and an adb connection to it. I tried this with CM13, other versions or roms will probably differ slightly in the parameters, so you should have basic linux shell skills.
The first step is to get a cryptsetup binary compiled for the architecture of your phone. You can compile it yourself from sources like https://android.googlesource.com/platform/external/cryptsetup/+/master or https://github.com/nelenkov/cryptsetup.
But I was lazy and installed LUKS Manager from the Play store. It contains a version of cryptsetup compiled for ARM. Extract it like this:
Code:
adb root
adb shell
setenforce 0
cd /data/app/com.nemesis2.luksmanager-1
unzip base.apk
cp assets/lm.cryptsetup /data
chmod 755 /data/lm.cryptsetup
Now we have the cryptsetup binary lying in /data/lm.cryptsetup. You can now uninstall LUKS Manager again as we don't need it anymore.
Now is a good time to back up the contents of your sd card. Then insert it into the phone and format it as portable if you don't have done that yet.
The next step is to figure out the device node of your sd card. You don't easily see this when looking at the mounts as vold hides it from us. So go to /dev/block and look at the device nodes. You are looking for a mmc device that has just one partition (just one extra node with ...p1). Then open it with fdisk and look if the size matches your sd card. On my phone it was mmcblk1.
Now we split the sd into two partitions: one very small (like 10MB) fat32 partition and the rest as an encrypted partition with LUKS header. This is to trick vold into helping us making the encrypted partition visible to regular Android apps.
Run fdisk for the mmc device (not the one with ...p1, the one without) and delete the existing partition. Create two partitions as outlined above. Set the type of the small partition to "c" (fat32) and the type for the large one to "8e".
It should look like this:
Code:
# fdisk /dev/block/mmcblk1
The number of cylinders for this disk is set to 3902128.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems.
Command ('m' for help): p
Disk mmcblk1: 127.8 GB, 127864930304 bytes
4 heads, 16 sectors/track, 3902128 cylinders
Units = cylinders of 64 * 512 = 32768 bytes
Device Boot Start End Blocks Id System
mmcblk1p1 33 352 10240 c Win95 FAT32 (LBA)
mmcblk1p2 353 3902128 124856832 8e Linux LVM
Now we format and set up the partitions. Replace "mmcblk1" with the device node on your device.
Code:
mkfs.vfat /dev/block/mmcblk1p1
/data/lm.cryptsetup -i 5000 -h sha256 luksFormat /dev/block/mmcblk1p2
/data/lm.cryptsetup luksOpen /dev/block/mmcblk1p2 sdcrypt
mkfs.ext2 /dev/mapper/sdcrypt
The mkfs.ext2 may take a while. I'm using ext4 here as it's usually faster for reads than f2fs. I use the sd mostly for long-term media storage, so reads are more important than writes.
When you are done reboot your phone.
When it is up again check your sd card storage. It should be a bit below the size you chose for the small fat32 partition, e.g. around 9 MB. If that worked, then vold has mounted the small partition and made it available to regular Android apps.
Connect with adb and check the volume id of the fat32 partition like this:
Code:
blkid /dev/block/mmcblk1p1
Mine is "5824-FB9F". You need to adapt the following commands and insert your volume id.
Now we open the crypto container and mount the partition over the mountpoint of the small fat32 partition. This way we reuse the work that vold has just done and switch out the partitions without it noticing.
These are the commands you need to issue on a root shell to do the mount:
Code:
echo "your_secret_password" | /data/lm.cryptsetup luksOpen /dev/block/mmcblk1p2 sdcrypt
mount /dev/mapper/sdcrypt /mnt/media_rw/5824-FB9F -t ext4 -o nosuid,nodev,noexec,noatime,nodiratime,context=u:object_r:vfat:s0
am broadcast -a android.intent.action.MEDIA_MOUNTED -d file:///storage/5824-FB9F
This needs to be done on after each reboot. I use tasker for this, but there are plenty of other methods. The script contains your password. So make sure that it is stored on the encrypted /data partition and not somewhere insecure.
On the first mount I had to fix the permissions like this:
Code:
chown -r media_rw:media_rw /mnt/media_rw/5824-FB9F
chmod 770 /mnt/media_rw/5824-FB9F
Have phun!
Just for your convenience, here is the tasker profile I use to automatically mount it on startup:
Code:
<TaskerData sr="" dvi="1" tv="4.8u5">
<Profile sr="prof6" ve="2">
<cdate>1478460038918</cdate>
<edate>1478460038919</edate>
<id>6</id>
<mid0>5</mid0>
<nme>Booted</nme>
<Event sr="con0" ve="2">
<code>411</code>
<pri>0</pri>
</Event>
</Profile>
<Task sr="task5">
<cdate>1478457711553</cdate>
<edate>1478460213089</edate>
<id>5</id>
<nme>Mount Sdcrypt</nme>
<Action sr="act0" ve="7">
<code>123</code>
<Str sr="arg0" ve="3">echo "your_secret_password" | /data/lm.cryptsetup luksOpen /dev/block/mmcblk1p2 sdcrypt</Str>
<Int sr="arg1" val="20"/>
<Int sr="arg2" val="1"/>
<Str sr="arg3" ve="3"/>
<Str sr="arg4" ve="3"/>
<Str sr="arg5" ve="3"/>
</Action>
<Action sr="act1" ve="7">
<code>123</code>
<Str sr="arg0" ve="3">mount /dev/mapper/sdcrypt /mnt/media_rw/5824-FB9F -t ext4 -o nosuid,nodev,noexec,noatime,nodiratime,context=u:object_r:vfat:s0</Str>
<Int sr="arg1" val="20"/>
<Int sr="arg2" val="1"/>
<Str sr="arg3" ve="3"/>
<Str sr="arg4" ve="3"/>
<Str sr="arg5" ve="3"/>
</Action>
<Action sr="act2" ve="7">
<code>123</code>
<Str sr="arg0" ve="3">am broadcast -a android.intent.action.MEDIA_MOUNTED -d file:///storage/5824-FB9F</Str>
<Int sr="arg1" val="0"/>
<Int sr="arg2" val="1"/>
<Str sr="arg3" ve="3"/>
<Str sr="arg4" ve="3"/>
<Str sr="arg5" ve="3"/>
</Action>
</Task>
</TaskerData>
You just need to replace the password, the block device node name and the volume id of the fat32 filesystem.
After having used it for a few days, I encountered a few problems regarding the access rights to the sd card: new folders are created with the unix-ownership of the app doing the create. All other apps don't have access and I couldn't find anything like a global umask for all Android apps. Usually portable sd cards are formatted vfat, so there are no unix permissions at all.
I first thought about solutions like bindfs, which is an extra FUSE layer which can replace the permissions on access. But I was to lazy to set up a build environment. So I replaced the ext4 on the encrypted drive with exfat, which also does not have permissions.
Why exfat and not fat? Because I don't want the limit of 4GB per file.
To switch to exfat, format the encrypted drive like this:
Code:
mkfs.exfat /dev/mapper/sdcrypt
Mounting is done like this:
Code:
mount /dev/mapper/sdcrypt /mnt/media_rw/5824-FB9F -t exfat -o nosuid,nodev,noexec,noatime,uid=1023,gid=1023,fmask=0007,dmask=0007
Just replace the commands in the steps above with these.
Kudos to robberknight for finding out how this works on Marshmellow!
After upgrading to lineage 14.1 (Android 7.1.2), the given approach did no longer work.
The sd card storage is now divided into multiple "views" by making use of mount namespaces.
This allows an user to grant or deny sd card permission at app runtime.
The corresponding git commit in "vold" is:
Code:
commit 66270a21df1058434e4d63691221f11ff5387a0f
Commit: Jeff Sharkey <[email protected]>
CommitDate: Thu Jun 25 22:40:08 2015 -0700
Let's reinvent storage, yet again!
..
After countless hours of tracing through vold, I developed a solution for lineage 14.1.
Main changes:
mount source exfat filesystem with correct selinux context
automatically unmount all user views and then call the "sdcard" binary to set up the user views again. "sdcard" is normally called by vold internally.
The updated mount script can either store the password or ask for the password upon mount.
Not storing the password might come in handy if you are forced to reveal any unlock codes:
If the encrypted volume is not mounted, the "original" SD card content from the first partition is mounted by Android.
Here's the updated script, please adjust path to cryptsetup binary / uuid of the sd card:
Code:
password=""
cardid="780AD-7FC9"
cardmnt="/mnt/media_rw/$cardid"
cryptsetup_bin="/data/cryptsetup.arm"
function die()
{
echo "$*"
exit 1
}
# ask user for password if not given
if [ "$password" = "" ]; then
echo -n "Enter password: "
read password
fi
echo "$password" | $cryptsetup_bin luksOpen /dev/block/mmcblk1p2 sdcrypt
password=""
test -b /dev/mapper/sdcrypt || die "luksOpen failed"
# unmount old sdcard (up to four mount points on lineage 14.1)
count=0
while grep -q -F "$cardid" /proc/mounts; do
# force unmount like the UI would
umount -f "/mnt/media_rw/$cardid"
count=$((count+1))
[ $count -eq 10 ] && die "sdcard $cardid still mounted? Please check."
done
echo "Unmounted $count old mount points"
# Mount base filesystem with correct selinux context
mount /dev/mapper/sdcrypt "$cardmnt" -t exfat -o context=u:object_r:fuseblk:s0,nosuid,nodev,noexec,noatime,uid=1023,gid=1023,fmask=0007,dmask=0007
# set up read/write views using "sdcard"
sdcard -u 1023 -g 1023 -U 0 "/mnt/media_rw/$cardid" "$cardid"
# tell MediaServer to search for new content
am broadcast -a android.intent.action.MEDIA_MOUNTED -d "file:///storage/$cardid"
Hopefully this is useful for someone else.
Big thanks to haggertk for bringing lineage 14.x to the Samsung Galaxy S5 (klte).
I tried the solution by robberknight and thomasjfox on a Motorola G (2015) "osprey" running the latest nightly LineageOs 14, but when I want to mount the exfat, I get an error:
mount: '/storage/emulated/0/'->'/dev/storage/xxxx-xxxx': No such file or directory
Is the exfat-support missing on my device?
Edit: I formated the LUKS partition with my ubuntu machine to fat32 (vfat). Then I was able to mount it with the solution by thomasjfox. Just changed -t exfat to -t vfat
Glad it's working for you. As the linux kernel is different for each LineageOS phone, it could be that the Motorola G (2015) does not have exfat support. Though I always thought that exfat support is provided by userspace (FUSE), so it should work IMHO.
does this still work with current Android 10?
I'm considering trying this on my Xiaomi Note 9S (curtana).
But before I start I'd love it if somebody could tell me if they have tried it on an Android 10 device and if it worked.
I'd feel more confident that I don't do the work of backing up and restoring my sdcard in vain (since this post is from 2016/17 and about Android 6..)
hagekic548 said:
does this still work with current Android 10?
Click to expand...
Click to collapse
Works for me except last part (about mounting and setting permissions). I prefer use fbind magisk module to handle encrypted partitions on my SD card, slightly modded it to meet Android 10, works fine so far.
Did anyone developed an app that you want to be installed as a preinstalled app on your custom Android image (Oreo)?
I am trying to add my app, I have done so far:
I went on the device where I have flashed my custom Android (AOSP) and using adb shell I wen to system/etc/permissions/privapp-permissions-google.xml
I have added my package name and permissions I want to be preaproved with my custom ROM.
Code:
<permissions>
<privapp-permissions package="com.package.name">
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.INTERNET
android.permission.ACCESS_MOCK_LOCATION
android.permission.WRITE_SETTINGS
</privapp-permissions>
</permissions>
And when I look with
Code:
adb shell dumpsys package com.package.name
I only get
Code:
requested permissions:
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.INTERNET
android.permission.ACCESS_MOCK_LOCATION
android.permission.WRITE_SETTINGS
install permissions:
android.permission.WRITE_SETTINGS: granted=true
android.permission.INTERNET: granted=true
As you notice, my package is not granted all permissions I need. I have also added to my Android.mk of my AOSP build flag :
Code:
ro.control_privapp_permissions=enforce
Whatever I try to do I can`t manage to get my app to have all the permissions I need when I flash and push my app to the device.
Did anyone had experience with this? Any input would be appreciated
Icarus0348 said:
Did anyone developed an app that you want to be installed as a preinstalled app on your custom Android image (Oreo)?
I am trying to add my app, I have done so far:
I went on the device where I have flashed my custom Android (AOSP) and using adb shell I wen to system/etc/permissions/privapp-permissions-google.xml
I have added my package name and permissions I want to be preaproved with my custom ROM.
Code:
<permissions>
<privapp-permissions package="com.package.name">
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.INTERNET
android.permission.ACCESS_MOCK_LOCATION
android.permission.WRITE_SETTINGS
</privapp-permissions>
</permissions>
And when I look with
Code:
adb shell dumpsys package com.package.name
I only get
Code:
requested permissions:
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.INTERNET
android.permission.ACCESS_MOCK_LOCATION
android.permission.WRITE_SETTINGS
install permissions:
android.permission.WRITE_SETTINGS: granted=true
android.permission.INTERNET: granted=true
As you notice, my package is not granted all permissions I need. I have also added to my Android.mk of my AOSP build flag :
Code:
ro.control_privapp_permissions=enforce
Whatever I try to do I can`t manage to get my app to have all the permissions I need when I flash and push my app to the device.
Did anyone had experience with this? Any input would be appreciated
Click to expand...
Click to collapse
Your app need to be in the priv-app folder in order to get privileges whitelist permission from privapp-permissions-google.xml.
Btw, I am actually looking for a way which is able to make app as privileges without put into priv-app folder.