SlideShare a Scribd company logo

Container based android

Lihan Chen
Lihan Chen

Presented by TC, Victor and Sting in COSCUP 2017. (Information and Communication Lab, Industrial Technology Research Institute)

1 of 30
Download to read offline
Copyright 2016 ITRI 工業技術研究院 0 Container-based Android (Android Containerization) 姓名:吳天健、許維德、鄭博文 單位:資通所
1Copyright 2016 ITRI 工業技術研究院 Outline ❖Preliminaries ❖Android Containerization ➢Isolate/share services among Android instances ❖Linux Kernel, Drivers and Android Binder ❖Window System and Graphics ❖Android X86 Containerization ❖TODOs ❖ICL’s Big Picture - Android as a Service
2Copyright 2016 ITRI 工業技術研究院 Preliminaries ❖ Android Platforms ➢ Nexus 7 with Android 6.X/Kernel 3.4.0 ➢ Pixel XL with Android 7.1.X/Kernel 3.18.31 ❖ LXC and Other Tools ➢ Built with Android NDK: android-toolchain-arm_64-4.9-android-24 ➢ LXC ➢ libcap (https://github.com/abstrakraft/lxc-android-libcap) • Only libcap is required, built in static (libcap.a) ➢ SELinux • Using essential Android code base: external/selinux • libselinux: external/selinux/libselinux – NOT external/libselinux which is a small port of libselinux for Android framework • libsepol: external/selinux/libsepol
3Copyright 2016 ITRI 工業技術研究院 Preliminaries (2) ❖ LXC ❖ Packaging LXC and tools /odm ├── bin │ ├── .... │ ├── lxc-start │ ├── lxc-stop │ ├── .... │ ├── setfilecon │ ├── setfiles │ └── ... ├── lib │ ├── liblxc.la │ ├── liblxc.so ├── libexec │ └── lxc │ ├── hooks │ │ └── unmount-namespace │ ├── lxc-apparmor-load │ ├── lxc-containers │ ├── lxc-monitord │ ├── lxc-net │ └── lxc-user-nic export CBA_HOME=/odm export PREFIX=$CBA_HOME export PIXEL_LIBS=/home/sting/cba/lxc/pixel-libs/usr CFLAGS="--sysroot=$SYSROOT -I$PIXEL_LIBS/include -fPIE" CPPFLAGS="$CPPFLAGS $CFLAGS" LDFLAGS="$LDFLAGS -fPIE -pie -L$PIXEL_LIBS/lib" ./configure --host=aarch64-linux-android --enable-shared=yes --enable-static=yes --disable-api-docs --enable-selinux --enable-capabilities --disable-examples --disable-lua --disable-python --disable-bash --enable-configpath-log --prefix=$PREFIX --with-systemdsystemunitdir=$PREFIX/lib/systemd/system --with-config-path=$CBA_HOME/containers --with-global-conf=$CBA_HOME/.config --with-runtime-path=/cache
4Copyright 2016 ITRI 工業技術研究院 Android Containerization
5Copyright 2016 ITRI 工業技術研究院 Containerization of Android ❖ Android was essentially designed for single instance architecture ❖ In order to better containerized Android, we need to ➢ Refactor essential Android key services architecture design to make it namespace- aware and sharable among Android containers ➢ Extend the current LXC to support namespace-aware device model and namespace- aware deriver development ➢ Extend Android virtual devices and drivers to support namespace-awareness Unified Linux Kernel & Drivers LXC Container (Cgroups, Namespace) SELinux Virtual Device Drivers Host Android Shared Framework Services Service Manager Surface Flinger Camera LXCTools Virtual Devices binder RIL alarm …. Netfilter, Virtual Ethernet Bridging iptables Power Mgmt. …. Android 1 Android 2 Audio Sensors
6Copyright 2016 ITRI 工業技術研究院 Linux Kernel, Drivers and Android Binder Victor
7Copyright 2016 ITRI 工業技術研究院 Isolate/Share Services among Android Containers ❖ Refactoring essential Android binder architecture design to enable isolate/share services among Android instances ➢ Namespace-aware IPC binder (Inspired by Container Virtualization Adapted to Android @浙江大学计算机系统结构实验室) ➢ Reduce the total # of Linux process ➢ Can be configured which services to be shared ➢ Caller is aware of the container ID of callee Linux Kernel + LXC + Drivers Virtual Devicesbinder 1 binder n Linux Kernel + LXC + Drivers Virtual Devices namespace-awarebinder Shared service invocation Unshared service invocation Before After
8Copyright 2016 ITRI 工業技術研究院 Android Service Registration & Discovery ServiceManagerService App 1. addService(name, service) 2. getService(name) 3. Binder IPC Transactions service
9Copyright 2016 ITRI 工業技術研究院 Virtual Binder Driver Lei Xu, Wenzhi Chen, Zonghui Wang, Guoxi Li, Chuan Li, Weijie Sun, Condroid:A Container-Based Virtualization SolutionAdapted forAndroid Devices , Proceedings of IEEE International Conference onMobile Cloud Computing, Services, and Engineering, 2015 Real binder driver Host Service Manager SHARED
10Copyright 2016 ITRI 工業技術研究院 Android Virtual Binder Architecture Service Manager Service App Host Service App Container1 Service App Container2 /dev/binder /dev/virtualbinder1 /dev/virtualbinder2 Virtual Binder Driver Real Binder Deriver Linux Kernel
11Copyright 2016 ITRI 工業技術研究院 Virtual Devices and their Drivers ❖ Device Namespaces : namespace aware device driver (inspired by Cells proj. @ Columbia University) ➢ Stateful/Statelessdevice driver, stateful devices, like alarm device, the state of different namespaces must be maintained ❖ AlarmManagerService ➢ alarm-dev driver has been removed in Android Nougat, the functionality provided by the Android alarm-dev driver should now be present in the timerfd interface ➢ com_android_server_AlarmManagerService.cpp static const clockid_t android_alarm_to_clockid[N_ANDROID_TIMERFDS] • CLOCK_REALTIME_ALARM (since Linux 3.11) • CLOCK_REALTIME • CLOCK_BOOTTIME_ALARM (since Linux 3.11) • CLOCK_BOOTTIME (since Linux 3.15) • CLOCK_MONOTONIC • CLOCK_REALTIME Linux Kernel + LXC + Drivers Virtual Devices alarm- dev Android 1 Android n State1 Staten
12Copyright 2016 ITRI 工業技術研究院 Window System and Graphics Sting
13Copyright 2016 ITRI 工業技術研究院 Share or Not to Share SurfaceFlinger/WindowManager ❖浙江大学计算机系统结构实验室 ➢Share both SurfaceFlinger and Window Manager ➢Maintains different z-order range for different containers Linux Kernel + LXC + Drivers Surface Flinger buffer Host Android Shared Framework Services Surface Flinger Window Manager
14Copyright 2016 ITRI 工業技術研究院 Share or Not to Share SurfaceFlinger/WindowManager (2) ❖ICL Approach ➢Window Manager in each container ➢Single SurfaceFlinger instance on host • Maintains list of Layers of different Android containers • Groups Layers according to their container ID Linux Kernel + LXC + Drivers Surface Flinger buffer Host Android Shared Framework Services Surface Flinger Window Manager Android n Window Manager
15Copyright 2016 ITRI 工業技術研究院 Display Switching between Containers • Layers of different Android containers in SurfaceFlinger • SurfaceFlinger groups layers according to their container ID Assign layers of host container to layersSortedByZ of primary display primary display compose Assign layers of container 1 to layersSortedByZ of primary display primary display compose
16Copyright 2016 ITRI 工業技術研究院 Android X86 Containerization TC
17Copyright 2016 ITRI 工業技術研究院 Who is maintaining Android-x86 ?
18Copyright 2016 ITRI 工業技術研究院
19Copyright 2016 ITRI 工業技術研究院
20Copyright 2016 ITRI 工業技術研究院 Android-as-a-Service on PC Container1 App App App Android Framework Surface - flinger Windows - Manager Service- Manager Input- Manager Container2 App App App Android Framework Surface - flinger Windows - Manager Service- Manager Input- Manager Container3 App App App Android Framework Surface - flinger Windows - Manager Service- Manager Input- Manager PC LXCTools namespaces Graphic Driver Binder Driver Keyboard Driver Mouse Driver Touch-Panel Other Device Drivers Display Virtualization Binder (IPC) Virtualization Input Virtualization …... …... …... …... …... …...
21Copyright 2016 ITRI 工業技術研究院 Multiple instances of SurfaceFlinger Can there be multiple surfaceflinger(s) ? This implies to a second question : is gpu / driver (drm) shareable for gui(s) ? void SurfaceFlinger::doComposition() { ….pseudo code… FOR EACH DISPLAY i IF DISPLAY_ON( i ) IF (i) == MAIN_DISPLAY AND byte 1 of “/data/surfaceflinger/control” is Zero GOTO END r = GET_DIRTY_REGION DO_DISPLAY_COMPOSITION(r) DIRTY_REGION_CLEAR() HARDWARE_FLIP() ENDIF NOTITY_HARDWARE_COMPOSITION_ COMPLETE() ENDFOR POST_FRAMEBUFFER() LABEL END } Kernel Display Driver GPU Driver Graphic Driver Container ... ... OpenGL ES Surface- flinger Windows- Manager Hw Comp oser Container ... ... OpenGL ES Surface- flinger Windows- Manager Hw Comp oser Container ... ... OpenGL ES Surface- flinger Windows- Manager Hw Comp oser
22Copyright 2016 ITRI 工業技術研究院 Static /dev I want in each container servicemanager connect (open) /dev/binder (not /dev/binde1, /dev/binder2 , etc) /dev/ was mounted tmpfs, how about make it static? Container1 Servic e Manag er ... APP /dev/binder Kernel /dev/binder1 Container2 Servic e Manag er ... APP /dev/binder /dev/binder2 mknod /data/con1/rootfs/dev/binder 57 0 mknod /data/con2/rootfs/dev/binder 58 0 ##host /dev/binder major number 56 ##host /dev/binder1 major number 57 ##host /dev/binder2 major number 58 int main(int argc, char **argv) { int fd_count= 0; struct pollfdufds[4]; char *tmpdev; char* debuggable; char tmp[32]; int property_set_fd_init = 0; int signal_fd_init = 0; int keychord_fd_init = 0; bool is_charger = false; char initrc_path[PROP_VALUE_MAX]; /* If we are calledas'modprobe' command, we run asa * standaloneexecutable andreuse ueventd'slogic to do the job. */ if (strstr(argv[0], "modprobe")) return modprobe_main(argc, argv); if (!strcmp(basename(argv[0]), "ueventd")) return ueventd_main(argc,argv); if (!strcmp(basename(argv[0]), "watchdogd")) return watchdogd_main(argc, argv); /* clear the umask*/ umask(0); /* Get the basic filesystem setup we needput * together in theinitramdiskon / and then we'll * let the rc filefigureout therest. */ mkdir("/dev",0755); mkdir("/proc", 0755); mkdir("/sys", 0755); #if STATIC_DEV printf(">>>>>skip mount/devn"); #else mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"); #endif mkdir("/dev/pts", 0755); mkdir("/dev/socket", 0755); #if STATIC_DEV printf(">>>>>skip mount/dev/ptsn"); //use lxc's /dev/ptsinstead #else mount("devpts", "/dev/pts", "devpts", 0, NULL); #endif mount("proc", "/proc","proc", 0, NULL); mount("sysfs", "/sys", "sysfs", 0, NULL);
23Copyright 2016 ITRI 工業技術研究院 Exploit (kernel) memory Android-x86_5.1 is defaultly 32bits build As a server, install 16g RAM and enable kernel option ‘HIMEM_64G’... The OOM killer be called even when there is still plenty of memory available <0>[ 331.441013] lowmem_reserve[]: 0 0 0 0” and then Out-of-memory invoked <3>[ 2839.557148] binder4: binder_mmap: 6382 adf02000- ae000000 get_vm_area failed -12 <4>[ 2859.865885] vmap allocation for size 1044480 failed Recipe - In bootloader’s booting parameter, add vmalloc=512MB <6>[ 0.000000] vmalloc : 0xdfbfe000 - 0xffbfe000 ( 512 MB)
24Copyright 2016 ITRI 工業技術研究院 Camera HAL Besides virtualizing native linux device , it’s necessary to virtualize android HAL I want take a error on arm device as an example 02-18 02:52:31.744 24 24 I CameraService: Loaded"QCamera Module" camera module^M 02-18 02:52:31.744 24 24 E mm-camera-intf:mm_camera_open: dev name= /dev/video1, cam_idx = 1^M 02-18 02:52:31.941 24 24 E mm-camera-intf:mm_camera_open: opened, breakout while loop^M 02-18 02:52:31.941 24 24 E mm-camera-intf:mm_camera_socket_create: socket_fd=-1 No such fileor directory ^M 02-18 02:52:31.969 24 24 E mm-camera-intf:mm_camera_socket_create: socket_fd=-1 No such fileor directory ^M 02-18 02:52:31.970 24 24 E mm-camera-intf:mm_camera_open: cannot opendomain socket fd of '/dev/video1'(No such fileor directory)^M 02-18 02:52:32.029 24 24 E mm-camera-intf:camera_open: mm_camera_open err = -1^M 02-18 02:52:32.029 24 24 E QCamera3HWI:static int qcamera::QCamera3HardwareInterface::initCapabilities(int): camera_open failed^M 02-18 02:52:32.033 24 24 E CameraFlashlight: createFlashlightControl: failed to get camerainfo for camera0^M 02-18 02:52:32.033 24 24 E CameraFlashlight: findFlashUnits: failedto createflash control for 0^M 02-18 02:52:32.033 24 24 E mm-camera-intf:mm_camera_open: dev name= /dev/video2, cam_idx = 2^M 02-18 02:52:32.597 24 24 E mm-camera-intf:mm_camera_open: opened, breakout while loop^M 02-18 02:52:32.597 24 24 E mm-camera-intf:mm_camera_socket_create: socket_fd=-1 No such fileor directory ^M 02-18 02:52:32.619 24 24 E mm-camera-intf:mm_camera_socket_create: socket_fd=-1 No such fileor directory ^M 02-18 02:52:32.628 24 24 E mm-camera-intf:mm_camera_open: cannot opendomain socket fd of '/dev/video2'(No such fileor directory)^M 02-18 02:52:32.874 24 24 E mm-camera-intf:camera_open: mm_camera_open err = -1^M 02-18 02:52:32.874 24 24 E QCamera3HWI:static int qcamera::QCamera3HardwareInterface::initCapabilities(int): camera_open failed^M 02-18 02:52:32.874 24 24 E CameraFlashlight: createFlashlightControl: failed to get camerainfo for camera1^M 02-18 02:52:32.874 24 24 E CameraFlashlight: findFlashUnits: failedto createflash control for 1^M
25Copyright 2016 ITRI 工業技術研究院 TODOs
26Copyright 2016 ITRI 工業技術研究院 TODOs ❖Power Management ➢To share or not to share PowerManagerService ❖Activity Manager Service ❖Low Memory Killer ❖SELinux ➢To further isolate host and containers ❖SEE (Secure Execution Environment) Integration ➢vold and Qualcomm SEE issues ➢DRM
27Copyright 2016 ITRI 工業技術研究院 Android-X86 ICL is constructing the first cost-effective APP streaming cloud infrastructure, consisting of ❖ Low latency audio/video streaming services ❖ Scalable & cost-effective virtual/physical smartphone pool ➢Android-X86 virtual smartphones ➢Cost-effective smartphone SOC cluster server ➢Containerized Android doubles/triples the Android instances density of per U chassis ❖ BMC management software ➢H/W & S/W deployment automation ❖ APP Streaming Service Management CPU CPU CPU CPU CPU CPU CPU CPU 4 GB 8GB 4 GB 8GB ICL’s Big Picture - Android as a Service
28Copyright 2016 ITRI 工業技術研究院 Google group: Android-x86 http://groups.google.com/group/android-x86 IRC channel at irc.freenode.net #android-x86
29Copyright 2016 ITRI 工業技術研究院 Thank You! Questions and Comments?

Recommended

Intro to Flutter
Intro to FlutterIntro to Flutter
Intro to Flutter
Eason Pai
 
Google flutter and why does it matter
Google flutter and why does it matterGoogle flutter and why does it matter
Google flutter and why does it matter
Ahmed Abu Eldahab
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
Opersys inc.
 
Android app development
Android app developmentAndroid app development
Android app development
Tanmoy Roy
 
Intro to Flutter SDK
Intro to Flutter SDKIntro to Flutter SDK
Intro to Flutter SDK
digitaljoni
 
Pune Flutter Presents - Flutter 101
Pune Flutter Presents - Flutter 101Pune Flutter Presents - Flutter 101
Pune Flutter Presents - Flutter 101
Arif Amirani
 
Introduction to Flutter.pptx
Introduction to Flutter.pptxIntroduction to Flutter.pptx
Introduction to Flutter.pptx
DiffouoFopaEsdras
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with Pie
Opersys inc.
 

Recommended

Intro to Flutter
Intro to FlutterIntro to Flutter
Intro to Flutter
Eason Pai
 
Google flutter and why does it matter
Google flutter and why does it matterGoogle flutter and why does it matter
Google flutter and why does it matter
Ahmed Abu Eldahab
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
Opersys inc.
 
Android app development
Android app developmentAndroid app development
Android app development
Tanmoy Roy
 
Intro to Flutter SDK
Intro to Flutter SDKIntro to Flutter SDK
Intro to Flutter SDK
digitaljoni
 
Pune Flutter Presents - Flutter 101
Pune Flutter Presents - Flutter 101Pune Flutter Presents - Flutter 101
Pune Flutter Presents - Flutter 101
Arif Amirani
 
Introduction to Flutter.pptx
Introduction to Flutter.pptxIntroduction to Flutter.pptx
Introduction to Flutter.pptx
DiffouoFopaEsdras
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with Pie
Opersys inc.
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
Jimmy Software
 
A flight with Flutter
A flight with FlutterA flight with Flutter
A flight with Flutter
Ahmed Tarek
 
Android application development ppt
Android application development pptAndroid application development ppt
Android application development ppt
Gautam Kumar
 
Flutter overview - advantages & disadvantages for business
Flutter overview - advantages & disadvantages for businessFlutter overview - advantages & disadvantages for business
Flutter overview - advantages & disadvantages for business
Bartosz Kosarzycki
 
Mobile DevOps pipeline using Google Flutter
Mobile DevOps pipeline using Google FlutterMobile DevOps pipeline using Google Flutter
Mobile DevOps pipeline using Google Flutter
Ahmed Abu Eldahab
 
Introduction to Flutter
Introduction to FlutterIntroduction to Flutter
Introduction to Flutter
Apoorv Pandey
 
Android
Android Android
Android Santi Brata Nath Joy
 
Flutter state management from zero to hero
Flutter state management from zero to heroFlutter state management from zero to hero
Flutter state management from zero to hero
Ahmed Abu Eldahab
 
Flutter
FlutterFlutter
Flutter
Shyju Madathil
 
Using the Presentation API and external screens on Android
Using the Presentation API and external screens on AndroidUsing the Presentation API and external screens on Android
Using the Presentation API and external screens on AndroidXavier Hallade
 
Android Platform Architecture
Android Platform ArchitectureAndroid Platform Architecture
Android Platform Architecture
Naresh Chintalcheru
 
Flutter vs react native head to toe comparison [2021 edition]
Flutter vs react native head to toe comparison [2021 edition]Flutter vs react native head to toe comparison [2021 edition]
Flutter vs react native head to toe comparison [2021 edition]
Katy Slemon
 
Flutter
Flutter Flutter
Flutter
Mohit Nainwal
 
Flutter
FlutterFlutter
Flutter
Ankit Kumar
 
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
ijafrc
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
Sander Alberink
 
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?
Opersys inc.
 
Android PPT Presentation 2018
Android PPT Presentation 2018Android PPT Presentation 2018
Android PPT Presentation 2018
Rao Purna
 
Android ppt
Android pptAndroid ppt
Android pptPooja Garg
 
Flutter Festival - Intro Session
Flutter Festival - Intro SessionFlutter Festival - Intro Session
Flutter Festival - Intro Session
Google Developer Students Club NIT Silchar
 
Android containerization in brief
Android containerization in briefAndroid containerization in brief
Android containerization in brief
Po-wen Cheng
 
Coscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudCoscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloud
Tian-Jian Wu
 

More Related Content

What's hot

Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
Jimmy Software
 
A flight with Flutter
A flight with FlutterA flight with Flutter
A flight with Flutter
Ahmed Tarek
 
Android application development ppt
Android application development pptAndroid application development ppt
Android application development ppt
Gautam Kumar
 
Flutter overview - advantages & disadvantages for business
Flutter overview - advantages & disadvantages for businessFlutter overview - advantages & disadvantages for business
Flutter overview - advantages & disadvantages for business
Bartosz Kosarzycki
 
Mobile DevOps pipeline using Google Flutter
Mobile DevOps pipeline using Google FlutterMobile DevOps pipeline using Google Flutter
Mobile DevOps pipeline using Google Flutter
Ahmed Abu Eldahab
 
Introduction to Flutter
Introduction to FlutterIntroduction to Flutter
Introduction to Flutter
Apoorv Pandey
 
Flutter state management from zero to hero
Flutter state management from zero to heroFlutter state management from zero to hero
Flutter state management from zero to hero
Ahmed Abu Eldahab
 
Flutter
FlutterFlutter
Flutter
Shyju Madathil
 
Using the Presentation API and external screens on Android
Using the Presentation API and external screens on AndroidUsing the Presentation API and external screens on Android
Using the Presentation API and external screens on AndroidXavier Hallade
 
Android Platform Architecture
Android Platform ArchitectureAndroid Platform Architecture
Android Platform Architecture
Naresh Chintalcheru
 
Flutter vs react native head to toe comparison [2021 edition]
Flutter vs react native head to toe comparison [2021 edition]Flutter vs react native head to toe comparison [2021 edition]
Flutter vs react native head to toe comparison [2021 edition]
Katy Slemon
 
Flutter
Flutter Flutter
Flutter
Mohit Nainwal
 
Flutter
FlutterFlutter
Flutter
Ankit Kumar
 
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
ijafrc
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
Sander Alberink
 
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?
Opersys inc.
 
Android PPT Presentation 2018
Android PPT Presentation 2018Android PPT Presentation 2018
Android PPT Presentation 2018
Rao Purna
 
Flutter Festival - Intro Session
Flutter Festival - Intro SessionFlutter Festival - Intro Session
Flutter Festival - Intro Session
Google Developer Students Club NIT Silchar
 

What's hot (20)

Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
 
A flight with Flutter
A flight with FlutterA flight with Flutter
A flight with Flutter
 
Android application development ppt
Android application development pptAndroid application development ppt
Android application development ppt
 
Flutter overview - advantages & disadvantages for business
Flutter overview - advantages & disadvantages for businessFlutter overview - advantages & disadvantages for business
Flutter overview - advantages & disadvantages for business
 
Mobile DevOps pipeline using Google Flutter
Mobile DevOps pipeline using Google FlutterMobile DevOps pipeline using Google Flutter
Mobile DevOps pipeline using Google Flutter
 
Introduction to Flutter
Introduction to FlutterIntroduction to Flutter
Introduction to Flutter
 
Android
Android Android
Android
 
Flutter state management from zero to hero
Flutter state management from zero to heroFlutter state management from zero to hero
Flutter state management from zero to hero
 
Flutter
FlutterFlutter
Flutter
 
Using the Presentation API and external screens on Android
Using the Presentation API and external screens on AndroidUsing the Presentation API and external screens on Android
Using the Presentation API and external screens on Android
 
Android Platform Architecture
Android Platform ArchitectureAndroid Platform Architecture
Android Platform Architecture
 
Flutter vs react native head to toe comparison [2021 edition]
Flutter vs react native head to toe comparison [2021 edition]Flutter vs react native head to toe comparison [2021 edition]
Flutter vs react native head to toe comparison [2021 edition]
 
Flutter
Flutter Flutter
Flutter
 
Flutter
FlutterFlutter
Flutter
 
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
 
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?
 
Android PPT Presentation 2018
Android PPT Presentation 2018Android PPT Presentation 2018
Android PPT Presentation 2018
 
Android ppt
Android pptAndroid ppt
Android ppt
 
Flutter Festival - Intro Session
Flutter Festival - Intro SessionFlutter Festival - Intro Session
Flutter Festival - Intro Session
 

Similar to Container based android

Android containerization in brief
Android containerization in briefAndroid containerization in brief
Android containerization in brief
Po-wen Cheng
 
Coscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudCoscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloud
Tian-Jian Wu
 
Targeting Android with Qt
Targeting Android with QtTargeting Android with Qt
Targeting Android with Qt
Espen Riskedal
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new Platforms
Linaro
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3
Opersys inc.
 
DRIVE PX 2
DRIVE PX 2DRIVE PX 2
DRIVE PX 2
Shri Sundaram
 
Neo4J with Docker and Azure - GraphConnect 2015
Neo4J with Docker and Azure - GraphConnect 2015Neo4J with Docker and Azure - GraphConnect 2015
Neo4J with Docker and Azure - GraphConnect 2015
Patrick Chanezon
 
IAU workshop 2018 day one
IAU workshop 2018 day oneIAU workshop 2018 day one
IAU workshop 2018 day one
Walid Shaari
 
“Open Standards: Powering the Future of Embedded Vision,” a Presentation from...
“Open Standards: Powering the Future of Embedded Vision,” a Presentation from...“Open Standards: Powering the Future of Embedded Vision,” a Presentation from...
“Open Standards: Powering the Future of Embedded Vision,” a Presentation from...
Edge AI and Vision Alliance
 
An Introduction To Android
An Introduction To AndroidAn Introduction To Android
An Introduction To Android
natdefreitas
 
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixLCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
The Linux Foundation
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
ArangoDB Database
 
“Khronos Standard APIs for Accelerating Vision and Inferencing,” a Presentati...
“Khronos Standard APIs for Accelerating Vision and Inferencing,” a Presentati...“Khronos Standard APIs for Accelerating Vision and Inferencing,” a Presentati...
“Khronos Standard APIs for Accelerating Vision and Inferencing,” a Presentati...
Edge AI and Vision Alliance
 
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Ron Munitz
 
Cross-compilation native sous android
Cross-compilation native sous androidCross-compilation native sous android
Cross-compilation native sous android
Thierry Gayet
 
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...Paris Open Source Summit
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Ron Munitz
 
How OpenShift SDN helps to automate
How OpenShift SDN helps to automateHow OpenShift SDN helps to automate
How OpenShift SDN helps to automate
Ilkka Tengvall
 
Android developer tools
Android developer toolsAndroid developer tools
Android developer tools
inovex GmbH
 
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profile
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profileLinux Kernel , BSP, Boot Loader, ARM Engineer - Satish profile
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profile
Satish Kumar
 

Similar to Container based android (20)

Android containerization in brief
Android containerization in briefAndroid containerization in brief
Android containerization in brief
 
Coscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloudCoscup2018 itri android-in-cloud
Coscup2018 itri android-in-cloud
 
Targeting Android with Qt
Targeting Android with QtTargeting Android with Qt
Targeting Android with Qt
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new Platforms
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3
 
DRIVE PX 2
DRIVE PX 2DRIVE PX 2
DRIVE PX 2
 
Neo4J with Docker and Azure - GraphConnect 2015
Neo4J with Docker and Azure - GraphConnect 2015Neo4J with Docker and Azure - GraphConnect 2015
Neo4J with Docker and Azure - GraphConnect 2015
 
IAU workshop 2018 day one
IAU workshop 2018 day oneIAU workshop 2018 day one
IAU workshop 2018 day one
 
“Open Standards: Powering the Future of Embedded Vision,” a Presentation from...
“Open Standards: Powering the Future of Embedded Vision,” a Presentation from...“Open Standards: Powering the Future of Embedded Vision,” a Presentation from...
“Open Standards: Powering the Future of Embedded Vision,” a Presentation from...
 
An Introduction To Android
An Introduction To AndroidAn Introduction To Android
An Introduction To Android
 
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixLCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
 
“Khronos Standard APIs for Accelerating Vision and Inferencing,” a Presentati...
“Khronos Standard APIs for Accelerating Vision and Inferencing,” a Presentati...“Khronos Standard APIs for Accelerating Vision and Inferencing,” a Presentati...
“Khronos Standard APIs for Accelerating Vision and Inferencing,” a Presentati...
 
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
 
Cross-compilation native sous android
Cross-compilation native sous androidCross-compilation native sous android
Cross-compilation native sous android
 
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
 
How OpenShift SDN helps to automate
How OpenShift SDN helps to automateHow OpenShift SDN helps to automate
How OpenShift SDN helps to automate
 
Android developer tools
Android developer toolsAndroid developer tools
Android developer tools
 
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profile
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profileLinux Kernel , BSP, Boot Loader, ARM Engineer - Satish profile
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profile
 

Recently uploaded

Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
ShamsuddeenMuhammadA
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
Google
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 

Recently uploaded (20)

Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 

Container based android

  • 1. Copyright 2016 ITRI 工業技術研究院 0 Container-based Android (Android Containerization) 姓名:吳天健、許維德、鄭博文 單位:資通所
  • 2. 1Copyright 2016 ITRI 工業技術研究院 Outline ❖Preliminaries ❖Android Containerization ➢Isolate/share services among Android instances ❖Linux Kernel, Drivers and Android Binder ❖Window System and Graphics ❖Android X86 Containerization ❖TODOs ❖ICL’s Big Picture - Android as a Service
  • 3. 2Copyright 2016 ITRI 工業技術研究院 Preliminaries ❖ Android Platforms ➢ Nexus 7 with Android 6.X/Kernel 3.4.0 ➢ Pixel XL with Android 7.1.X/Kernel 3.18.31 ❖ LXC and Other Tools ➢ Built with Android NDK: android-toolchain-arm_64-4.9-android-24 ➢ LXC ➢ libcap (https://github.com/abstrakraft/lxc-android-libcap) • Only libcap is required, built in static (libcap.a) ➢ SELinux • Using essential Android code base: external/selinux • libselinux: external/selinux/libselinux – NOT external/libselinux which is a small port of libselinux for Android framework • libsepol: external/selinux/libsepol
  • 4. 3Copyright 2016 ITRI 工業技術研究院 Preliminaries (2) ❖ LXC ❖ Packaging LXC and tools /odm ├── bin │ ├── .... │ ├── lxc-start │ ├── lxc-stop │ ├── .... │ ├── setfilecon │ ├── setfiles │ └── ... ├── lib │ ├── liblxc.la │ ├── liblxc.so ├── libexec │ └── lxc │ ├── hooks │ │ └── unmount-namespace │ ├── lxc-apparmor-load │ ├── lxc-containers │ ├── lxc-monitord │ ├── lxc-net │ └── lxc-user-nic export CBA_HOME=/odm export PREFIX=$CBA_HOME export PIXEL_LIBS=/home/sting/cba/lxc/pixel-libs/usr CFLAGS="--sysroot=$SYSROOT -I$PIXEL_LIBS/include -fPIE" CPPFLAGS="$CPPFLAGS $CFLAGS" LDFLAGS="$LDFLAGS -fPIE -pie -L$PIXEL_LIBS/lib" ./configure --host=aarch64-linux-android --enable-shared=yes --enable-static=yes --disable-api-docs --enable-selinux --enable-capabilities --disable-examples --disable-lua --disable-python --disable-bash --enable-configpath-log --prefix=$PREFIX --with-systemdsystemunitdir=$PREFIX/lib/systemd/system --with-config-path=$CBA_HOME/containers --with-global-conf=$CBA_HOME/.config --with-runtime-path=/cache
  • 5. 4Copyright 2016 ITRI 工業技術研究院 Android Containerization
  • 6. 5Copyright 2016 ITRI 工業技術研究院 Containerization of Android ❖ Android was essentially designed for single instance architecture ❖ In order to better containerized Android, we need to ➢ Refactor essential Android key services architecture design to make it namespace- aware and sharable among Android containers ➢ Extend the current LXC to support namespace-aware device model and namespace- aware deriver development ➢ Extend Android virtual devices and drivers to support namespace-awareness Unified Linux Kernel & Drivers LXC Container (Cgroups, Namespace) SELinux Virtual Device Drivers Host Android Shared Framework Services Service Manager Surface Flinger Camera LXCTools Virtual Devices binder RIL alarm …. Netfilter, Virtual Ethernet Bridging iptables Power Mgmt. …. Android 1 Android 2 Audio Sensors
  • 7. 6Copyright 2016 ITRI 工業技術研究院 Linux Kernel, Drivers and Android Binder Victor
  • 8. 7Copyright 2016 ITRI 工業技術研究院 Isolate/Share Services among Android Containers ❖ Refactoring essential Android binder architecture design to enable isolate/share services among Android instances ➢ Namespace-aware IPC binder (Inspired by Container Virtualization Adapted to Android @浙江大学计算机系统结构实验室) ➢ Reduce the total # of Linux process ➢ Can be configured which services to be shared ➢ Caller is aware of the container ID of callee Linux Kernel + LXC + Drivers Virtual Devicesbinder 1 binder n Linux Kernel + LXC + Drivers Virtual Devices namespace-awarebinder Shared service invocation Unshared service invocation Before After
  • 9. 8Copyright 2016 ITRI 工業技術研究院 Android Service Registration & Discovery ServiceManagerService App 1. addService(name, service) 2. getService(name) 3. Binder IPC Transactions service
  • 10. 9Copyright 2016 ITRI 工業技術研究院 Virtual Binder Driver Lei Xu, Wenzhi Chen, Zonghui Wang, Guoxi Li, Chuan Li, Weijie Sun, Condroid:A Container-Based Virtualization SolutionAdapted forAndroid Devices , Proceedings of IEEE International Conference onMobile Cloud Computing, Services, and Engineering, 2015 Real binder driver Host Service Manager SHARED
  • 11. 10Copyright 2016 ITRI 工業技術研究院 Android Virtual Binder Architecture Service Manager Service App Host Service App Container1 Service App Container2 /dev/binder /dev/virtualbinder1 /dev/virtualbinder2 Virtual Binder Driver Real Binder Deriver Linux Kernel
  • 12. 11Copyright 2016 ITRI 工業技術研究院 Virtual Devices and their Drivers ❖ Device Namespaces : namespace aware device driver (inspired by Cells proj. @ Columbia University) ➢ Stateful/Statelessdevice driver, stateful devices, like alarm device, the state of different namespaces must be maintained ❖ AlarmManagerService ➢ alarm-dev driver has been removed in Android Nougat, the functionality provided by the Android alarm-dev driver should now be present in the timerfd interface ➢ com_android_server_AlarmManagerService.cpp static const clockid_t android_alarm_to_clockid[N_ANDROID_TIMERFDS] • CLOCK_REALTIME_ALARM (since Linux 3.11) • CLOCK_REALTIME • CLOCK_BOOTTIME_ALARM (since Linux 3.11) • CLOCK_BOOTTIME (since Linux 3.15) • CLOCK_MONOTONIC • CLOCK_REALTIME Linux Kernel + LXC + Drivers Virtual Devices alarm- dev Android 1 Android n State1 Staten
  • 13. 12Copyright 2016 ITRI 工業技術研究院 Window System and Graphics Sting
  • 14. 13Copyright 2016 ITRI 工業技術研究院 Share or Not to Share SurfaceFlinger/WindowManager ❖浙江大学计算机系统结构实验室 ➢Share both SurfaceFlinger and Window Manager ➢Maintains different z-order range for different containers Linux Kernel + LXC + Drivers Surface Flinger buffer Host Android Shared Framework Services Surface Flinger Window Manager
  • 15. 14Copyright 2016 ITRI 工業技術研究院 Share or Not to Share SurfaceFlinger/WindowManager (2) ❖ICL Approach ➢Window Manager in each container ➢Single SurfaceFlinger instance on host • Maintains list of Layers of different Android containers • Groups Layers according to their container ID Linux Kernel + LXC + Drivers Surface Flinger buffer Host Android Shared Framework Services Surface Flinger Window Manager Android n Window Manager
  • 16. 15Copyright 2016 ITRI 工業技術研究院 Display Switching between Containers • Layers of different Android containers in SurfaceFlinger • SurfaceFlinger groups layers according to their container ID Assign layers of host container to layersSortedByZ of primary display primary display compose Assign layers of container 1 to layersSortedByZ of primary display primary display compose
  • 17. 16Copyright 2016 ITRI 工業技術研究院 Android X86 Containerization TC
  • 18. 17Copyright 2016 ITRI 工業技術研究院 Who is maintaining Android-x86 ?
  • 19. 18Copyright 2016 ITRI 工業技術研究院
  • 20. 19Copyright 2016 ITRI 工業技術研究院
  • 21. 20Copyright 2016 ITRI 工業技術研究院 Android-as-a-Service on PC Container1 App App App Android Framework Surface - flinger Windows - Manager Service- Manager Input- Manager Container2 App App App Android Framework Surface - flinger Windows - Manager Service- Manager Input- Manager Container3 App App App Android Framework Surface - flinger Windows - Manager Service- Manager Input- Manager PC LXCTools namespaces Graphic Driver Binder Driver Keyboard Driver Mouse Driver Touch-Panel Other Device Drivers Display Virtualization Binder (IPC) Virtualization Input Virtualization …... …... …... …... …... …...
  • 22. 21Copyright 2016 ITRI 工業技術研究院 Multiple instances of SurfaceFlinger Can there be multiple surfaceflinger(s) ? This implies to a second question : is gpu / driver (drm) shareable for gui(s) ? void SurfaceFlinger::doComposition() { ….pseudo code… FOR EACH DISPLAY i IF DISPLAY_ON( i ) IF (i) == MAIN_DISPLAY AND byte 1 of “/data/surfaceflinger/control” is Zero GOTO END r = GET_DIRTY_REGION DO_DISPLAY_COMPOSITION(r) DIRTY_REGION_CLEAR() HARDWARE_FLIP() ENDIF NOTITY_HARDWARE_COMPOSITION_ COMPLETE() ENDFOR POST_FRAMEBUFFER() LABEL END } Kernel Display Driver GPU Driver Graphic Driver Container ... ... OpenGL ES Surface- flinger Windows- Manager Hw Comp oser Container ... ... OpenGL ES Surface- flinger Windows- Manager Hw Comp oser Container ... ... OpenGL ES Surface- flinger Windows- Manager Hw Comp oser
  • 23. 22Copyright 2016 ITRI 工業技術研究院 Static /dev I want in each container servicemanager connect (open) /dev/binder (not /dev/binde1, /dev/binder2 , etc) /dev/ was mounted tmpfs, how about make it static? Container1 Servic e Manag er ... APP /dev/binder Kernel /dev/binder1 Container2 Servic e Manag er ... APP /dev/binder /dev/binder2 mknod /data/con1/rootfs/dev/binder 57 0 mknod /data/con2/rootfs/dev/binder 58 0 ##host /dev/binder major number 56 ##host /dev/binder1 major number 57 ##host /dev/binder2 major number 58 int main(int argc, char **argv) { int fd_count= 0; struct pollfdufds[4]; char *tmpdev; char* debuggable; char tmp[32]; int property_set_fd_init = 0; int signal_fd_init = 0; int keychord_fd_init = 0; bool is_charger = false; char initrc_path[PROP_VALUE_MAX]; /* If we are calledas'modprobe' command, we run asa * standaloneexecutable andreuse ueventd'slogic to do the job. */ if (strstr(argv[0], "modprobe")) return modprobe_main(argc, argv); if (!strcmp(basename(argv[0]), "ueventd")) return ueventd_main(argc,argv); if (!strcmp(basename(argv[0]), "watchdogd")) return watchdogd_main(argc, argv); /* clear the umask*/ umask(0); /* Get the basic filesystem setup we needput * together in theinitramdiskon / and then we'll * let the rc filefigureout therest. */ mkdir("/dev",0755); mkdir("/proc", 0755); mkdir("/sys", 0755); #if STATIC_DEV printf(">>>>>skip mount/devn"); #else mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"); #endif mkdir("/dev/pts", 0755); mkdir("/dev/socket", 0755); #if STATIC_DEV printf(">>>>>skip mount/dev/ptsn"); //use lxc's /dev/ptsinstead #else mount("devpts", "/dev/pts", "devpts", 0, NULL); #endif mount("proc", "/proc","proc", 0, NULL); mount("sysfs", "/sys", "sysfs", 0, NULL);
  • 24. 23Copyright 2016 ITRI 工業技術研究院 Exploit (kernel) memory Android-x86_5.1 is defaultly 32bits build As a server, install 16g RAM and enable kernel option ‘HIMEM_64G’... The OOM killer be called even when there is still plenty of memory available <0>[ 331.441013] lowmem_reserve[]: 0 0 0 0” and then Out-of-memory invoked <3>[ 2839.557148] binder4: binder_mmap: 6382 adf02000- ae000000 get_vm_area failed -12 <4>[ 2859.865885] vmap allocation for size 1044480 failed Recipe - In bootloader’s booting parameter, add vmalloc=512MB <6>[ 0.000000] vmalloc : 0xdfbfe000 - 0xffbfe000 ( 512 MB)
  • 25. 24Copyright 2016 ITRI 工業技術研究院 Camera HAL Besides virtualizing native linux device , it’s necessary to virtualize android HAL I want take a error on arm device as an example 02-18 02:52:31.744 24 24 I CameraService: Loaded"QCamera Module" camera module^M 02-18 02:52:31.744 24 24 E mm-camera-intf:mm_camera_open: dev name= /dev/video1, cam_idx = 1^M 02-18 02:52:31.941 24 24 E mm-camera-intf:mm_camera_open: opened, breakout while loop^M 02-18 02:52:31.941 24 24 E mm-camera-intf:mm_camera_socket_create: socket_fd=-1 No such fileor directory ^M 02-18 02:52:31.969 24 24 E mm-camera-intf:mm_camera_socket_create: socket_fd=-1 No such fileor directory ^M 02-18 02:52:31.970 24 24 E mm-camera-intf:mm_camera_open: cannot opendomain socket fd of '/dev/video1'(No such fileor directory)^M 02-18 02:52:32.029 24 24 E mm-camera-intf:camera_open: mm_camera_open err = -1^M 02-18 02:52:32.029 24 24 E QCamera3HWI:static int qcamera::QCamera3HardwareInterface::initCapabilities(int): camera_open failed^M 02-18 02:52:32.033 24 24 E CameraFlashlight: createFlashlightControl: failed to get camerainfo for camera0^M 02-18 02:52:32.033 24 24 E CameraFlashlight: findFlashUnits: failedto createflash control for 0^M 02-18 02:52:32.033 24 24 E mm-camera-intf:mm_camera_open: dev name= /dev/video2, cam_idx = 2^M 02-18 02:52:32.597 24 24 E mm-camera-intf:mm_camera_open: opened, breakout while loop^M 02-18 02:52:32.597 24 24 E mm-camera-intf:mm_camera_socket_create: socket_fd=-1 No such fileor directory ^M 02-18 02:52:32.619 24 24 E mm-camera-intf:mm_camera_socket_create: socket_fd=-1 No such fileor directory ^M 02-18 02:52:32.628 24 24 E mm-camera-intf:mm_camera_open: cannot opendomain socket fd of '/dev/video2'(No such fileor directory)^M 02-18 02:52:32.874 24 24 E mm-camera-intf:camera_open: mm_camera_open err = -1^M 02-18 02:52:32.874 24 24 E QCamera3HWI:static int qcamera::QCamera3HardwareInterface::initCapabilities(int): camera_open failed^M 02-18 02:52:32.874 24 24 E CameraFlashlight: createFlashlightControl: failed to get camerainfo for camera1^M 02-18 02:52:32.874 24 24 E CameraFlashlight: findFlashUnits: failedto createflash control for 1^M
  • 26. 25Copyright 2016 ITRI 工業技術研究院 TODOs
  • 27. 26Copyright 2016 ITRI 工業技術研究院 TODOs ❖Power Management ➢To share or not to share PowerManagerService ❖Activity Manager Service ❖Low Memory Killer ❖SELinux ➢To further isolate host and containers ❖SEE (Secure Execution Environment) Integration ➢vold and Qualcomm SEE issues ➢DRM
  • 28. 27Copyright 2016 ITRI 工業技術研究院 Android-X86 ICL is constructing the first cost-effective APP streaming cloud infrastructure, consisting of ❖ Low latency audio/video streaming services ❖ Scalable & cost-effective virtual/physical smartphone pool ➢Android-X86 virtual smartphones ➢Cost-effective smartphone SOC cluster server ➢Containerized Android doubles/triples the Android instances density of per U chassis ❖ BMC management software ➢H/W & S/W deployment automation ❖ APP Streaming Service Management CPU CPU CPU CPU CPU CPU CPU CPU 4 GB 8GB 4 GB 8GB ICL’s Big Picture - Android as a Service
  • 29. 28Copyright 2016 ITRI 工業技術研究院 Google group: Android-x86 http://groups.google.com/group/android-x86 IRC channel at irc.freenode.net #android-x86
  • 30. 29Copyright 2016 ITRI 工業技術研究院 Thank You! Questions and Comments?