[Toybox] Android R apps can't call system toybox?
Rob Landley
rob at landley.net
Sun Mar 15 14:10:07 PDT 2020
On 3/15/20 3:25 PM, Denys Nykula wrote:
> Hello, I once linked a thread about Android 10 forbidding apps to run
> binaries from their home directory, causing problems for termux apt-get
> packaging model. Restriction can become farther in 11, covering system
> toybox and dynamic Java calls. And in general compilation on device as
> well as sideload of prebuilt binaries, or call to system ones.
Why are you asking _me_ about this? Post it to the list. The restriction is an
Android thing, not a toybox thing.
> thestinger:
>> The system executables like those that are part of the system's
>> toybox are not part of the public API and access to them can be
>> removed at any point. It isn't yet enforced for native libraries, but
>> it should be expected that the same restriction will be applied. It
>> wasn't done all at the same time to make this less disrupted.
>>
>> I developed a full set of changes to disallow every way of performing
>> dynamic native code execution as part of my security work on
>> GrapheneOS (including under previous names of the project), and I
>> landed assorted bits and pieces of this upstream.
>
> https://github.com/termux/termux-app/issues/1072#issuecomment-599239097
> Discussion is marked off-topic, need to click each post to read.
>
> What's your thought on how you'll proceed with your idea of development
> on the device for the device?
I've said a dozen times that I want to convince android to create a posix
container within which you can run binaries you build. Here it is from last year:
http://lists.landley.net/pipermail/toybox-landley.net/2019-June/010512.html
Here it is from 2016:
http://lists.landley.net/pipermail/toybox-landley.net/2016-July/008504.html
http://lists.landley.net/pipermail/toybox-landley.net/2016-October/008725.html
http://lists.landley.net/pipermail/toybox-landley.net/2016-December/008771.html
Here it is on another mailing list entirely:
http://lists.landley.net/pipermail/aboriginal-landley.net/2017-January/002594.html
> On my todo heap there's a version of that
> older pkgsrc world bootstrap script that I heavily uglified to run in
> adb shell otherwise unprivileged on Android 9, given a musl.cc archive
> of correct architecture. In an hour, it builds a prefix with things
> like gmake, quickjs, tmux, perl and libcurl.
>
> But for example dropbear and vim turn out broken, so my thought, of
> starting it manually on Android 10+ once after boot through adb shell
> and sshing into that user from some play store adware client to code
> scripts and web apps, is yet distant.
... good luck?
Rob
More information about the Toybox
mailing list