The goal of Celadon in Container (CIC) feature is to run the Celadon Android image in a Docker container, so that you can run the image on Linux devices through Docker tools, and run Android applications in it.
CIC version 0.5 provides a preview of the feature for pilot and development purposes. Some features such as Trusty, Verified Boot, and OTA update are not included in this preview version. Those features are planned for the upcoming releases.
The build environment is as same as Celadon, except for the Docker
CIC should be able to run on modern PCs with Intel® 6th generation or later processors with integrated GPU. The Intel NUC model NUC7i7BNH and model NUC7i5BNH are recommended to try out the CIC features.
CIC currently requires Linux kernel version 4.14.20 or later, which is available in most Linux distributions such as Clear Linux, Rancher OS and Ubuntu, etc.
The current instructions are based on Ubuntu 16.04
Both build machine and target device require Docker to be installed, here are the instructions for Ubuntu, refer to the Docker official document for details
$ sudo apt-get install apt-transport-https ca-certificates curl
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce docker-ce-cli containerd.io
If you would like to use Docker as a non-root user:
$ sudo usermod -aG docker $USER
Remember to log out and back in for this to take effect!
Verify that the Docker is installed correctly by running the hello-world image:
$ docker run --rm hello-world
$ repo init -u https://github.com/projectceladon/manifest.git -b celadon/p/mr0/master -m cic
$ repo sync --no-tags
There are two build targets:
- cic: target to compliant with Android CDD. Choose this one if SELinux is required.
- cic_dev: for development purpose. Choose this one if the host OS does not support SELinux.
Take cic_dev target for example
$ source build/envsetup.sh
$ lunch cic_dev-userdebug
$ make -j cic
The result package will be at $OUT/$TARGET_PRODUCT-*.tar.gz
Download and extract the CIC package to the target device (here we use cic_dev-xxxx.tar.gz for example) and install it by the aic script:
$ tar xzf ../cic_dev-xxxx.tar.gz
$ ./aic install
Now the CIC is installed, you can launch it with command:
$ ./aic start
A window will be pop-up showing Android is booting after the CIC container is initialized and running.
You can stop the CIC with command:
$ ./aic stop
Or uninstall it with:
$ ./aic uninstall
If SELinux is required, you need to build you own kernel with following patch:
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 2380b8d..fc07e55 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -979,6 +979,10 @@ static noinline int avc_denied(u32 ssid, u32 tsid,
u8 driver, u8 xperm, unsigned flags,
struct av_decision *avd)
{
+ if (ssid == SECINITSID_KERNEL) {
+ avd->allowed = 0xffffffff;
+ return 0;
+ }
if (flags & AVC_STRICT)
return -EACCES;CIC runs as a Docker container, so you can use Docker CLI commands directly for debugging. For example, if you encounter some issues, capture necessary information by the following commands:
$ docker logs aic-manager 2>&1 | tee aic-manager.log
$ docker exec -it android0 sh | tee android.log
# getprop
# logcat -b all