How to build a Release ("user" build with release-keys)?

[Torsten Appelhagen]

Hello,

I finally managed to build x86_64 "userdebug" even with OpenGApps (it complains about non-certified device but this is another issue to be addressed later on).

Now there's a bunch of instructions all over the web on how to sign APKs, but I wasn't able to find something about signing a build?

Finally I found there is a tool to create 4 necessary keys (releasekey, platform, media, shared). I did so and learned I have to define PRODUCT_DEFAULT_DEV_CERTIFICATE in my device-makefile to make use of it.

Then I started making, but the script aborted complaining about missing testkey - why? This shouldn't be necessary as far as I understood.

Anyway I made one and now the build completed!

But in build.prop I see "dev-keys", not "release-keys". How do I correct that? The only information I found was that I should run "make dist" which would re-sign everything and change this, but it didn't.

Moreover, the "user" build is not bootable, it displays a security failure on init and panics (rebooting to bootloader)... I assume this is related to the previous issue since "userdebug" runs fine. Not sure how I can debug this but hopefully this will disappear once the build is correctly signed?

[Torsten Appelhagen]

I can see the following lines in "userdebug" mode:

[    5.515850] audit: type=1400 audit(1388534511.721.3): avc:  denied  { getattr } for  pid=1 comm="init" path="/plat_file_contexts" dev="tmpfs" ino=6572 scontext=u:r:kernel:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
[    5.515887] audit: type=1400 audit(1388534511.721.4): avc:  denied  { read } for  pid=1 comm="init" name="plat_file_contexts" dev="tmpfs" ino=6572 scontext=u:r:kernel:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
[    5.515905] audit: type=1400 audit(1388534511.721.5): avc:  denied  { open } for  pid=1 comm="init" path="/plat_file_contexts" dev="tmpfs" ino=6572 scontext=u:r:kernel:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1

In "user" mode SELinux is enforcing AFAIK, so probably this is an issue which could prevent proper booting? If so, how can I circumvent it?

[DDS Central]

It's still permissive in your log.

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-x86...@googlegroups.com.
To post to this group, send email to andro...@googlegroups.com.
Visit this group at https://groups.google.com/group/android-x86.
For more options, visit https://groups.google.com/d/optout.

[Torsten Appelhagen]

sure, because in restricted mode the system reboots immediately...

[j.nis...@nifdex.com]

Hey Torsten,

 

we are facing the same problem; did you finally get everything working?

 

We would like to build: 

 

Android x86 7.1.2 r2 / x86_64 / user / release keys

 

Could you share how you exactly signed the release?

 

About the SELinux problems, yes android-x86 is violating rules and this will result in the panic as you described below.

 

For us it would be okay to set SELinux to permissive=1 but we would like to build a user release.

And this type of release automatically enabled SELinux …

 

Didn’t yet find a way to disable SELinux.

 

I think we can disable it, but it is somewhere in system/core/init/(init.cpp)

 

Thanks, and best regards

Julian

[bors...@gmail.com]

Julian,

no, we haven't received any helpful answers on this topic, so we concentrated on other isses (to be posted soon ;-))..

BR

Torsten

[j.nis...@nifdex.com]

Torsten,

maybe i found a solution for the SELinux problem ...

https://groups.google.com/forum/#!searchin/android-x86/android_x86_64-user%7Csort:date/android-x86/BolrqWIC1CY/o2U0JPvzBQAJ

Build is running about 40% will test asap, and response.

But of course this will not enable SELinux just bypass the checks, but this is okay for us, maybe you can also use this solution.

regards

Julian

[j.nis...@nifdex.com]

yes can confirm this is working.

System can boot now.

System is now without SuperSu and adb is disabled by default.

Currently i am unable to enable networking adb because i don't have root access ;)

regards

Julian

[Đỗ Khoa]

Hello Julian,

Can you enable USB adb?

Vào 21:32:07 UTC+7 Thứ Bảy, ngày 27 tháng 4 năm 2019, j.ni...@nifdex.com đã viết:

[Julian Nischler]

Hey,

I can't test USB adb because i don't have an usb slave or OTG port ...

So i require tcp adb.

Using usb adb i could try adb tcp... but not possible for me.

All the settings are available, so usb adb should work i think.

1. tab 8x on build version

2. Enable USB Debugging ...

But all of this doesn't enable tcp ip listen for adbd.

I looked ad adb/daemon/main.cpp and found some security checks preventing network mode to start in a secure build.

I disables this checks and not the adbd deamon is able to start in network mode.

But i always get unauthorized after trying to connect.

ro.adb.secure is set to 1

So I think this requires the rsa keys to be known or to ask to confirm.

But the confirm window is not appearing.

And adding my adb public key to the adb_keys file also failed ....

In the settings app in developer options there is a point "revoke all usb keys" i think this button should clear the adb_keys file.

But pressing this button causes the settings app to die ...

So i think there is something wrong with the secure mode of adb ....

Thanks and beste regards

Julian

--
You received this message because you are subscribed to a topic in the Google Groups "Android-x86" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/android-x86/D_lBiD5_al4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to android-x86...@googlegroups.com.

[Julian Nischler]

did someone find a way how to enable network ADB in a release build ?

I tried to change the ADB source but i am unable to get adb working.

regards

Julian

[Sadhna Sharma]

Hello Julian,

I had the same issue, I fixed by disabling USB authentication for my device

below patch in system/core/adb/daemon/main.cpp

+@@ -187,6 +187,12 @@ int adbd_main(int server_port) {
+         auth_required = false;
+     }
+
++    //Disable USB authentication for dltv72 device, before running adbd.
++    std::string prop_device = android::base::GetProperty("ro.product.device", "");
++    if(!prop_device.compare("yourdeviceName")){
++        auth_required = false;
++    }
++
+     adbd_auth_init();
+

+     // Our external storage path may be different than apps, since

Apart from above change I didn't do any change in Android source tree, and it works for me.

Hope this helps you too.

[Julian Nischler]

Hello Sadhna,

sounds promissing.

Did you try ADB over Network (TCP) ?

What version of Android are you building ?

And you are building user / release-keys ?

regards

Julian

[Sadhna Sharma]

Hello Julian,

Sorry for late reply,

Yes I am using adb over tcpip.

I am building android 9.

and yes I am building with release keys

Thanks,

Sadhna