Circle Device


Quick Reference

Hacking Android

Hacking Android

"May I clarify the question... who knows foreign office secrets apart from the foreign office?"
"Oh, that's easy, only the Kremlin."
- Yes Prime Minister S01E06 A Victory for Democracy

The problem with Android and selinux (the customised selinux of the Android Open Source Project) is that it is difficult to disable.

My Oukitel C8 runs Android 7.0 and kernel 3.18.35+ and my best hope it to re-compile init and the SELinux libraries and simply pretend that when called the operation was successful.


Prepare for downloading the source:

I decided that it would be best to install the required stuff in a docker container. The container image I use is debian:buster.

docker run -it --volume /root/android:/root --name androidbuild \
--hostname androidbuild debian:buster

Then install the required development packages. The android NDK has an binary of the arm LLVM clang cross compiler for compiling the actual android code, the NDK files are installed along with the rest of AOSP.

apt-get update
apt-get install bison g++-multilib git gperf libxml2-utils
apt-get install make zlib1g-dev:i386 zip
apt-get install curl python2.7

* zlib1g-dev:i386 did not work for me... I just deleted :i386...

From here the /root directory is actually the directory mapped in the above docker command... it could even be /home/ben/aosp. Install the repo tool:

cd ~
mkdir ~/bin
export PATH=~/bin:$PATH
curl > ~/bin/repo
chmod a+x ~/bin/repo
# make python invoke python2.7
ln -s /usr/bin/python2.7 bin/python

Once the build tools are all installed get a 1.8 release of Java from Oracle or maybe the OpenJDK.

Special note for Alpine Linux: for some reason openjdk could not complete its install process successfully, complaining of something like: OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00 To fix this I found that one can set a kernel parameter on the host: echo 1 > /proc/sys/kernel/pax/softmode or kernel.pax.softmode=1 in /etc/sysctl.conf.

apt-get install openjdk-8-jdk-headless

AOSP Downloading Instructions | Sony Xperia Open Devices

Preparation Complete, Now Clone Repositories

Configure git for use in he container:

git config --global ""
git config --global "Alfred Example"

This is going to hurt, the AOSP source code is very big :-(...

mkdir android
cd android
repo init -u -b android-7.0.0_r34
repo sync

Of course the last argument can be changed depending on your requirements. It happens that my Oukitel C8 is running Nougat 7.0.0 (well, the settings page says 7.0 so it has to be close). A full list is available:

List of Android Branches

Building init

Well, that took a while... as I said, lots of code. Now to setup our build environment and make init.

. build/
lunch aosp_arm-eng
make libc
make libc++
make libinit_parser
make out/target/product/generic/root/init

This will compile init for the 32bit ARM architecture. To see a list of available lunch options do not include the argument aosp_arm-eng.


Check in the out/target/product/generic/root/ directory for the newly build executable:

file out/target/product/generic/root/init
...: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV) ...

Building other utilities

It is likely you have adb and fastboot from the NDK or Android Studio but the source is included with AOSP so they can be compiled...

make out/host/linux-x86/bin/adb
make out/host/linux-x86/bin/fastboot

Of course you can always just make the entire tree:


or faster with

make -j4

I simply want to try and disable selinux on my phone and so I didn't want to compile 90GiB of code...

When compiling the process stopped at Jack with "unbound variable USER" quite odd, I set the environment variable and re-ran make.

Install the custom init on the Oukitel C8

init is included in the boot.img file in the CPIO archive, details on how to extract and create a CPIO archive for the C8 are available on the C8 page.

Quick Links: Techie Stuff | General | Personal | Quick Reference