Search code examples
androidandroid-emulatorxposed

Running Xposed inside Google Android Emulator with custom image


Problem description:

I need to get droidmon working on a specific android image with predefined parameters. Xposed framework shows an error on installation, that it requires root access.

Environment:

Google Android Emulator running a custom rooted Android 4.4.2 x86 image with kernel version 3.4.67+ (but i have the same problem with 3.10+) Used parameters (+ extra params that have nothing to do with android itslef):

  • -avd
  • -kernel
  • -ramdisk
  • -no-cache
  • -selinux permissive
  • -no-snapstorage
  • -verbose
  • -show-kernel

SDK-Tools-Version: 25.2.2

SDK-Platform-Tools: 24.0.3

Android is configured to allow unkown sources for apks

Already tried:

  1. Remounting /system RW
  2. Using -selinux disabled (xposed however requires -selinux permissive)
  3. Extracting the update-binary from xposed and run the script with su

Current Status:

If i try installing Xposed i get the following log messages from the emulator:

[  355.372965] type=1400 audit(1477138733.355:23): avc:  denied  { execute } for  pid=2796 comm="posed.installer" name="app_process" dev="mtdblock1" ino=7847 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:app_data_file:s0 tclass=file permissive=1
[  355.372984] type=1400 audit(1477138733.355:24): avc:  denied  { execute_no_trans } for  pid=2796 comm="posed.installer" path="/data/data/de.robv.android.xposed.installer/cache/app_process" dev="mtdblock1" ino=7847 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:app_data_file:s0 tclass=file permissive=1
[  355.440354] type=1400 audit(1477138733.415:25): avc:  denied  { read } for  pid=2769 comm="posed.installer" name="app_process" dev="mtdblock0" ino=96 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
[  355.440410] type=1400 audit(1477138733.415:26): avc:  denied  { open } for  pid=2769 comm="posed.installer" name="app_process" dev="mtdblock0" ino=96 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
[  355.440450] type=1400 audit(1477138733.415:27): avc:  denied  { getattr } for  pid=2769 comm="posed.installer" path="/system/bin/app_process" dev="mtdblock0" ino=96 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
[  365.476143] type=1400 audit(1477138743.455:28): avc:  denied  { execute } for  pid=2805 comm="Thread-110" name="su" dev="mtdblock0" ino=972 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:su_exec:s0 tclass=file permissive=1
[  365.476280] type=1400 audit(1477138743.455:29): avc:  denied  { read open } for  pid=2805 comm="Thread-110" name="su" dev="mtdblock0" ino=972 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:su_exec:s0 tclass=file permissive=1
[  365.476371] type=1400 audit(1477138743.455:30): avc:  denied  { execute_no_trans } for  pid=2805 comm="Thread-110" path="/system/xbin/su" dev="mtdblock0" ino=972 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:su_exec:s0 tclass=file permissive=1

Status-Update:

As i know for now, the image was not rooted properly. I rerooted the Image using the packaged su binary from SuperSU-2.78. I manipulated the system.img by mounting it to a folder on my linux machine and added su and daemonsu (basically su copied and renamed) to /system/xbin/ and changed permissions to 6755 for both files. Additionally for now i added 2 lines to the end of /etc/init.goldfish.sh

#remount /system rw
mount -o rw,remount /system

#start daemonsu as auto-daemon
/system/xbin/daemonsu --auto-daemon

After installing both Superuser.apk from SuperSU and a suitable Xposed-Version, Xposed initially installs but after reboot it leads to segfaults in libdvm.so


Solution

  • Finally managed to get this working (requires older sdk version (pre November 2016)

    SuperSU still required as told in the question above

    Kernel Image lower than version 3.10 (kernel-qemu or engine classic)

    1. Start emulator in verbose-mode
    2. note the temporary file which is used to mount /system inside qemu
    3. Install Xposed but Cancel reboot
    4. Copy temporary system.img from /tmp/android-{username}/emulator-{random chars} to lets say your home directory
    5. Shutdown emulator
    6. Overwrite existing system.img with the one from your home directory
    7. Start Emulator again
    8. Xposed should now be operating

    Kernel Version 3.10+ (kernel-ranchu or real sandboxed emulator)

    Unfortunatly there is currently no known way of modifying the system.img from within the ranchu-emulator, ranchu seems to block every write-operation. The blocked operations let the system think, that the partition is broken, so the system remounts the partition readonly as a safty fallback.

    Two found work-arounds:

    1.) Use parameter -engine classic when starting the emulator (therefore forcing kernel-qemu) you can use the steps above to do your changes

    2.) Use a kernel-image lower version 3.10 to avoid emulator ranchu. You can use the steps above and after your changes have been applied use the previous kernel-image again