Android 内核编译模拟

环境配置

硬件配置

64GB内存

软件包

• aosp
• android-kernel
• Android Studio
• adb 等 android-tools

sudo apt-get install git-core gnupg flex bison build-essential zip curl zlib1g-dev libc6-dev-i386 x11proto-core-dev libx11-dev lib32z1-dev libgl1-mesa-dev libxml2-utils xsltproc unzip fontconfig rsync

export REPO=$(mktemp /tmp/repo.XXXXXXXXX)
curl -o ${REPO} https://storage.googleapis.com/git-repo-downloads/repo
gpg --recv-keys 8BB9AD793E8E6153AF0F9A4416530D5E920F5C65
curl -s https://storage.googleapis.com/git-repo-downloads/repo.asc | gpg --verify - ${REPO} && install -m 755 ${REPO} ~/bin/repo

AOSP

安装源码

# you need to git config --global YourEmail & Name first
repo init --partial-clone -b main -u https://mirrors.tuna.tsinghua.edu.cn/git/AOSP/platform/manifest
repo sync -c -j8

构建

source build/envsetup.sh
lunch aosp_cf_x86_64_phone-trunk_staging-userdebug
nohup m &

Android Kernel

安装源码

repo init -u https://mirrors.tuna.tsinghua.edu.cn/git/AOSP/kernel/manifest -b android-gs-raviole-5.10-android12-d1
# you may need to modify .repo/manifest/default.xml to tuna mirror
repo sync

好像没有 common 目录，（不同版本结构不同）

编译

模拟器

Android 11 后 GKI 内核编译方法：

# kernel
BUILD_CONFIG=common/build.config.gki.x86_64 build/build.sh
# kernel modules
BUILD_CONFIG=common-modules/virtual-device/build.config.virtual_device.x86_64 build/build.sh

对于 Android 12 模拟器内核模块编译：

BUILD_CONFIG=common-modules/virtual-device/build.config.virtual_device.x86_64 build/build.sh

对于 Android 13 后引入的 bazel 方法编译模拟器内核：

tools/bazel run //common-modules/virtual-device:virtual_device_x86_64_dist [-- --destdir=$DIST_DIR]

Cuttlefish

Cuttlefish 为测试 build 的模拟器

git clone https://github.com/google/android-cuttlefish
cd android-cuttlefish
tools/buildutils/build_packages.sh

bazel 安装需要修改代理：https://github.com/bazelbuild/bazel/issues/23492
编译好后即可安装：

sudo apt install ./cuttlefish-base_*.deb ./cuttlefish-user_*.deb
sudo usermod -aG kvm,cvdnetwork,render $USER
sudo reboot

模拟已有内核

访问 google 已编译发布的内核：
https://ci.android.com/builds/branches/aosp-android-latest-release/grid?legacy=1
选择其中 aosp_cf_x86_64_only_phone 最新 build 下载
下载 aosp_cf_x86_64_only_phone-img-14654133.zip 和 cvd_host_package.tar.gz 两个包。
然后执行以下命令：

mkdir cf
cd cf
tar -xvf /path/to/cvd-host_package.tar.gz
unzip /path/to/aosp_cf_x86_64_phone-img-xxxxxx.zip

然后运行 HOME=$PWD ./bin/launch_cvd --daemon 即可
访问 https://<host-ip>:8443 即可管理安卓设备。

漏洞复现

Badspin

CVE-2022-20421-漏洞复现

参考链接

• https://source.android.com/docs/setup/start?hl=zh-cn
• https://github.com/google/android-cuttlefish
• https://github.com/bazelbuild/bazel/issues/23492
• https://developer.android.com/studio/run/emulator-commandline?hl=zh-cn