On 3/15/20 3:25 PM, Denys Nykula wrote: > Hello, I once linked a thread about Android 10 forbidding apps to run > binaries from their home directory, causing problems for termux apt-get > packaging model. Restriction can become farther in 11, covering system > toybox and dynamic Java calls. And in general compilation on device as > well as sideload of prebuilt binaries, or call to system ones.
Why are you asking _me_ about this? Post it to the list. The restriction is an Android thing, not a toybox thing. > thestinger: >> The system executables like those that are part of the system's >> toybox are not part of the public API and access to them can be >> removed at any point. It isn't yet enforced for native libraries, but >> it should be expected that the same restriction will be applied. It >> wasn't done all at the same time to make this less disrupted. >> >> I developed a full set of changes to disallow every way of performing >> dynamic native code execution as part of my security work on >> GrapheneOS (including under previous names of the project), and I >> landed assorted bits and pieces of this upstream. > > https://github.com/termux/termux-app/issues/1072#issuecomment-599239097 > Discussion is marked off-topic, need to click each post to read. > > What's your thought on how you'll proceed with your idea of development > on the device for the device? I've said a dozen times that I want to convince android to create a posix container within which you can run binaries you build. Here it is from last year: http://lists.landley.net/pipermail/toybox-landley.net/2019-June/010512.html Here it is from 2016: http://lists.landley.net/pipermail/toybox-landley.net/2016-July/008504.html http://lists.landley.net/pipermail/toybox-landley.net/2016-October/008725.html http://lists.landley.net/pipermail/toybox-landley.net/2016-December/008771.html Here it is on another mailing list entirely: http://lists.landley.net/pipermail/aboriginal-landley.net/2017-January/002594.html > On my todo heap there's a version of that > older pkgsrc world bootstrap script that I heavily uglified to run in > adb shell otherwise unprivileged on Android 9, given a musl.cc archive > of correct architecture. In an hour, it builds a prefix with things > like gmake, quickjs, tmux, perl and libcurl. > > But for example dropbear and vim turn out broken, so my thought, of > starting it manually on Android 10+ once after boot through adb shell > and sshing into that user from some play store adware client to code > scripts and web apps, is yet distant. ... good luck? Rob _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
