Skip to content

cxxsheng/SecurePatchedEmulator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
2024-06-diffs
2024-06-diffs
 
 
README.md
README.md
 
 

Repository files navigation

SecurePatchedEmulator

SecurePatchedEmulator provides a prebuilt Android emulator image with the latest security patches, enabling security researchers to easily access a secure, reliable, and up-to-date Android environment for testing and development purposes. Before using SecurePatchedEmulator, ensure that you have the latest version of the Android SDK Platform-Tools and Android Emulator installed.

Downloads

Version Security Patch Download Link
14.0.0_r1 2024-06 android-14.0.0_r1.zip
13.0.0_r1 2024-06 android-13.0.0_r1.zip
12.0.0_r1 2024-06 android-12.0.0_r1.zip

Usage

To set up and launch the SecurePatchedEmulator, follow these steps:

  1. Download the desired Android emulator image. For example, to launch android-14.0.0_r1:

    wget https://github.com/cxxsheng/SecurePatchedEmulator/releases/download/2024-06/android-14.0.0_r1.zip

  2. Extract the downloaded zip file to the desired output directory:

    unzip android-14.0.0_r1.zip -d /path/to/emulator/

    Replace /path/to/emulator with the actual path where you want to extract the emulator files.

  3. Launch the emulator, specifying the path to the extracted emulator directory:

    cd /path/to/sdk/tools
./emulator @YourAVDName -sysdir /path/to/emulator/x86_64

    Replace YourAVDName with the name of your Android Virtual Device (AVD) and /path/to/emulator with the actual path where you extracted the emulator files. Ensure that the Android version used to create YourAVDName matches the Android version of the emulator image.

Building

To create a secure Android emulator image with the latest security patches, follow these steps:

  1. Initialize and sync the AOSP repository:

    repo init -u https://android.googlesource.com/platform/manifest -b android-14.0.0_r1
repo sync

    Replace android-14.0.0_r1 with the desired Android version.

  2. Identify the latest security patch tag from the platform_build repository on GitHub. For example, android-security-14.0.0_r9:

  3. Fetch the security patch tag across all AOSP repositories:

    2. repo forall -p -c 'git fetch aosp android-security-14.0.0_r9 --depth 1'

    Replace android-security-14.0.0_r9 with the actual security patch tag.

  4. Generate a diff file to review the changes between the current HEAD and the security patch:

    repo forall -p -c 'git log --oneline HEAD..FETCH_HEAD' > 14.0.0_r1-to-14.0.0_r9.diff.txt

  5. Merge the security patch into the AOSP repositories:

    repo forall -p -c 'git merge FETCH_HEAD'

  6. Modify the security patch date in the emulator image:

    In the build/make/core/version_defaults.mk file, locate the ro.build.version.security_patch variable and change its value to the desired security patch date, e.g., 2024-06-05.

  7. Build the Android emulator image:

    For Android 13 and above:

    source ./build/envsetup.sh
lunch sdk_phone_x86_64-userdebug
make emu_img_zip -j$(nproc)

    This generates an sdk-repo-linux-system-images-eng.[username]].zip file.

    For Android 12 and below:

    source build/envsetup.sh
lunch sdk_phone_x86_64-userdebug
make -j$(nproc) sdk sdk_repo

    The make sdk sdk_repo command creates two files under aosp-main/out/host/linux-x86/sdk/sdk_phone_x86_64:

    • sdk-repo-linux-system-images-eng.[username].zip
    • repo-sys-img.xml

Postscript

After android-14.0.0_r29, using lunch sdk_phone_x86_64-userdebug will result in the following error:

Valid combos must be of the form <product>-<release>-<variant>

After consulting Google's documentation, it was found that the trunk_staging option needs to be added, but using lunch sdk_phone_x86_64-trunk_staging-userdebug will result in the following error:

In file included from build/make/core/config.mk:380:
In file included from build/make/core/envsetup.mk:369:
build/make/core/product_config.mk:226: error: Cannot locate config makefile for product "sdk_phone_x86_64"

I found that the target/product/sdk_phone_x86_64.mk file no longer exists, and I looked at the commit that describes the changes:

Retire obsolete emulator targets and boards

the sdk_phone* targets are replaced with sdk_phone64*,
the emulator* boards are replaced with emu64* in
the device/generic/goldfish folder.

Bug: 295259752
Test: presubmit
Change-Id: I069a06baf02aea30db617f183abbfeaa6f968f29
Signed-off-by: Roman Kiryanov <rkir@google.com>

Therefore, the correct command to use should be:

lunch sdk_phone64_x86_64-trunk_staging-userdebug

Reference:

  1. Merging AOSP Security Patches into Custom ROMs | Aditya Telange.
  2. Use Android Emulator virtual devices | Android Open Source Project.

About

Android Emulator with Newest Security Patch

Resources

Readme
Activity

Stars

19 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases 3

android-security-12.1.0_r2 Latest
Oct 27, 2024
+ 2 releases

Packages

No packages published

Contributors 2