Pre-installing prebuilt APK nightmare
333 views
Skip to first unread message
void coder
Jan 23, 2023, 3:06:42 PM1/23/23
to Android Building
Hi. I'm struggling for quite some time now with pre-installing a prebuilt 3rd party APK on 11. This turned to be quite a journey.
One would think this is a rather common generic task pretty much every vendor has to go through so some Android built-in automation must be there to help with the task. Like e.g. dropping the APK to some predefined vendor pre-installed apps folder or similar easy to use way ...
But nope, I can't find any official AOSP documentation on this so Google Search and dev forums apparently is my only source of info on the topic :(
Apparently the general consensus is to go with a dummy APK project for the prebuilt APK + BUILD_PREBUILT rule in the makefile + LOCAL_SRC_FILES pointing to prebuilt and presigned APK.
The method seems to work for simple Java only apps but is a serious hassle if the APK has native libs in it. You literally have to manually unpack the APK archive, extract the shared .so libs from it and build those into image along side other system libs for the whole thing to work. And pray to Android gods none of those extracted native libs conflict with system libs or libs from other APKs preinstalled in the same way. I wasn't able to find any way to recreate what Package Manager does when installing APK at runtime, i.e. create /data/app/<package>/lib dir where it extracts all of native libs belonging to package.
Anyways, while this method worked fine for some test APKs I tried it doesn't fly with the only 3rd party APK I actually need it for. For whatever reason the pre-installed app won't run, apparently failing to init Webview according to logcat. My first thought was SELinux but no difference with system booted into fully permissive mode either. The same app will work perfectly fine when installed via remote "adb install" or e.g. local "pm install" on the device. Unfortunately original developer no longer accessible to help with debugging so looks like a dead end. Any ideas on possible reasons much appreciated.
Anyways, my next thought was - fine - if I can't pre-install I'll try installing the APK on the first boot via Package Manager as I know this works fine. To my surprise, this also turned to be quite a nightmare. First there is a system build rule which will prevent adding an APK to image via PRODUCT_COPY_FILES as a simple data file. You will get an error like e.g.
build/make/core/Makefile:49: error: Prebuilt apk found in PRODUCT_COPY_FILES: vendor/foo/bar.apk:vendor/foo/bar.apk, use BUILD_PREBUILT instead!.
Essentially sending you back to use the dummy APK project and BUILD_PREBUILT method described above which already failed for me. Eventually I edited the core Makefile to remove the check so I can still proceed with building the APK in.
This worked but only to fail later on when I actually attempted to install the built-in APK via "pm install -r ...". PM will fail with INSTALL_PARSE_FAILED_NO_CERTIFICATES error.
This is where it all getting super fishy. Same APK pushed to device over adb will 'pm install' just fine. I started digging and discovered that despite APK having the same file size the actual content is different. SHA checksum differs for the original APK and the one copied to device via PRODUCT_COPY_FILES which is why I believe PM is failing to extract the certificates.
I believe I noticed something similar with some but not all shared native .so libs. Doesn't matter whether they are added via PRODUCT_COPY_FILES or using .mk + BUILD_PREBUILT rule. Some .so will have slightly different size, like 16 bytes or so. Clearly some processing going on already prebuilt binaries which is super confusing. Perhaps some extra signing?
Any ideas please? Is there a way to add a file to image as is, preventing build system to process it in any way whatsoever.
Sorry if I missed something obvious, a complete AOSP beginner here ...
One would think this is a rather common generic task pretty much every vendor has to go through so some Android built-in automation must be there to help with the task. Like e.g. dropping the APK to some predefined vendor pre-installed apps folder or similar easy to use way ...
But nope, I can't find any official AOSP documentation on this so Google Search and dev forums apparently is my only source of info on the topic :(
Apparently the general consensus is to go with a dummy APK project for the prebuilt APK + BUILD_PREBUILT rule in the makefile + LOCAL_SRC_FILES pointing to prebuilt and presigned APK.
The method seems to work for simple Java only apps but is a serious hassle if the APK has native libs in it. You literally have to manually unpack the APK archive, extract the shared .so libs from it and build those into image along side other system libs for the whole thing to work. And pray to Android gods none of those extracted native libs conflict with system libs or libs from other APKs preinstalled in the same way. I wasn't able to find any way to recreate what Package Manager does when installing APK at runtime, i.e. create /data/app/<package>/lib dir where it extracts all of native libs belonging to package.
Anyways, while this method worked fine for some test APKs I tried it doesn't fly with the only 3rd party APK I actually need it for. For whatever reason the pre-installed app won't run, apparently failing to init Webview according to logcat. My first thought was SELinux but no difference with system booted into fully permissive mode either. The same app will work perfectly fine when installed via remote "adb install" or e.g. local "pm install" on the device. Unfortunately original developer no longer accessible to help with debugging so looks like a dead end. Any ideas on possible reasons much appreciated.
Anyways, my next thought was - fine - if I can't pre-install I'll try installing the APK on the first boot via Package Manager as I know this works fine. To my surprise, this also turned to be quite a nightmare. First there is a system build rule which will prevent adding an APK to image via PRODUCT_COPY_FILES as a simple data file. You will get an error like e.g.
build/make/core/Makefile:49: error: Prebuilt apk found in PRODUCT_COPY_FILES: vendor/foo/bar.apk:vendor/foo/bar.apk, use BUILD_PREBUILT instead!.
Essentially sending you back to use the dummy APK project and BUILD_PREBUILT method described above which already failed for me. Eventually I edited the core Makefile to remove the check so I can still proceed with building the APK in.
This worked but only to fail later on when I actually attempted to install the built-in APK via "pm install -r ...". PM will fail with INSTALL_PARSE_FAILED_NO_CERTIFICATES error.
This is where it all getting super fishy. Same APK pushed to device over adb will 'pm install' just fine. I started digging and discovered that despite APK having the same file size the actual content is different. SHA checksum differs for the original APK and the one copied to device via PRODUCT_COPY_FILES which is why I believe PM is failing to extract the certificates.
I believe I noticed something similar with some but not all shared native .so libs. Doesn't matter whether they are added via PRODUCT_COPY_FILES or using .mk + BUILD_PREBUILT rule. Some .so will have slightly different size, like 16 bytes or so. Clearly some processing going on already prebuilt binaries which is super confusing. Perhaps some extra signing?
Any ideas please? Is there a way to add a file to image as is, preventing build system to process it in any way whatsoever.
Sorry if I missed something obvious, a complete AOSP beginner here ...
Reply all
Reply to author
Forward
0 new messages