Database Info

[BUILD] Use Raspberry Pi to build Android Project (AOSP)

Hi all !
My current project is to use my Raspberry Pi as a Build Machine to build all Android sources (AOSP). In fact, I'll not build AOSP but the CyanogenMod (wich is mainly a fork from AOSP).
I know this may sound crazy, dumb or useless (according to Google, a 64-bit environment is required, and a lot (>> 4GB) of RAM if you're in a hurry), especially to use an ARM processor to build while all the Makefiles has been written to be used on x86...
But what I'm thinking about is a really cheap, silent, but working build machine, to sync the repo and build nightlies everyday. The first build will take some days but then, only the changes will be build so I think that only some hours per day will be required.
If I success, I'll create a big tutorial to explain what changes was required.
First of all, I had to add the Linux-armv61 arch as Host OS/ARCH :
Code:
[email protected] ~/buildspace/android/system/build $ git diff
diff --git a/core/envsetup.mk b/core/envsetup.mk
index 862b7f0..34eb31a 100644
--- a/core/envsetup.mk
+++ b/core/envsetup.mk
@@ -77,6 +77,10 @@ ifneq (,$(findstring Power,$(UNAME)))
HOST_ARCH := ppc
endif
[COLOR="SeaGreen"]+ifneq (,$(findstring arm,$(UNAME)))
+ HOST_ARCH := armv61
+endif
+[/COLOR]
BUILD_ARCH := $(HOST_ARCH)
ifeq ($(HOST_ARCH),)
then, I did this (because the raspbian ld doesn't support --icf) :
AdamOutler said:
so I did a
Code:
[email protected] ~/adb $ grep -r 'icf=safe' ./*
./build/core/combo/TARGET_linux-arm.mk: -Wl,--icf=safe \
and I removed that icf parameter.
Click to expand...
Click to collapse
-->
Code:
[email protected] ~/buildspace/android/system/build $ git diff
diff --git a/core/combo/TARGET_linux-arm.mk b/core/combo/TARGET_linux-arm.mk
index b36111f..24e0d99 100644
--- a/core/combo/TARGET_linux-arm.mk
+++ b/core/combo/TARGET_linux-arm.mk
@@ -146,7 +146,6 @@ TARGET_GLOBAL_LDFLAGS += \
-Wl,-z,relro \
-Wl,-z,now \
-Wl,--warn-shared-textrel \
[COLOR="Red"]- -Wl,--icf=safe \[/COLOR]
$(arch_variant_ldflags)
# We only need thumb interworking in cases where thumb support
but now I am stuck with this error :
Code:
make -C kernel/samsung/smdk4210 O=/media/totoext4part/cyanogenmod/system/out/target/product/n7000/obj/KERNEL_OBJ ARCH=arm CROSS_COMPILE=" /media/totoext4part/cyanogenmod/system/prebuilt/linux-x86/toolchain/arm-eabi-4.4.3/bin/arm-eabi-" headers_install
make[1]: Entering directory `/media/totoext4part/cyanogenmod/system/kernel/samsung/smdk4210'
/media/totoext4part/cyanogenmod/system/prebuilt/linux-x86/toolchain/arm-eabi-4.4.3/bin/arm-eabi-gcc: 1: /media/totoext4part/cyanogenmod/system/prebuilt/linux-x86/toolchain/arm-eabi-4.4.3/bin/arm-eabi-gcc: Syntax error: "(" unexpected
CHK include/linux/version.h
make[1]: Leaving directory `/media/totoext4part/cyanogenmod/system/kernel/samsung/smdk4210'
/bin/bash: r: command not found
make: [/media/totoext4part/cyanogenmod/system/out/target/product/n7000/obj/lib/crtbegin_static.o] Error 127 (ignored)
[COLOR="SeaGreen"]target SharedLib[/COLOR]: libdl (/media/totoext4part/cyanogenmod/system/out/target/product/n7000/obj/SHARED_LIBRARIES/libdl_intermediates/LINKED/libdl.so)
/usr/bin/ld: error: /media/totoext4part/cyanogenmod/system/out/target/product/n7000/obj/SHARED_LIBRARIES/libdl_intermediates/LINKED/libdl.so uses VFP register arguments, /media/totoext4part/cyanogenmod/system/out/target/product/n7000/obj/SHARED_LIBRARIES/libdl_intermediates/libdl.o does not
/usr/bin/ld: failed to merge target specific data of file /media/totoext4part/cyanogenmod/system/out/target/product/n7000/obj/SHARED_LIBRARIES/libdl_intermediates/libdl.o
/usr/bin/ld: warning: creating a DT_TEXTREL in a shared object.
collect2: ld returned 1 exit status
make: *** [/media/totoext4part/cyanogenmod/system/out/target/product/n7000/obj/SHARED_LIBRARIES/libdl_intermediates/LINKED/libdl.so] Error 1
I don't really know what I have to do and if it is because the HOST is an arm arch...
It have been a long time since I didn't put my hands in this kind of things and I need help to solve this problems... Thanks in advance !

[GUIDE] How to port Bluez to Kitkat, Lollipop & Marshmallow

Introduction
When the bluetooth stack changed to Bluedroid in Android 4.2, it was a nightmare to some of the old devices like my GT-P6800. I didn't have any experience in Bluetooth before so I did what I know. I spent weeks to revert the 4.2 platform to Bluez. Even though I succeeded, it probably not doable for 4.3 and later.
Last Nov. I found that bluez.org announced support for Andriod in Sep. It gave me hope again! Thanks to the bluez team!:good: The principle is straight forward - Implement the functions defined in "hardware/libhardware/include/hardware/bluetooth.h". That's what I thought but I didn't have enough knowledge nor confidence to try...
After studying for a while, I started porting bluez to Android 4.4 last Christmas. It was frustrated and helpless. Although the lastest Android 4.4 example for Mako and Flo are out, they don't help much. A bunch of prebuilt kernel objects surely doesn't help! Porting for those devices already having bluedroid support is meaningless to most of us too...
Building the bluez hal and daemon are straight forward but how to make it really work is another story. After a few painful and frustrated weekends, I finally managed to pull everything together. I can start/stop and pairing bluetooth devices in the platform now. And here I'm, sharing my experiences. I think there might be better way and I welcome any corrections.
My p6800 has CSR bluetooth chip which has no bluedroid support. I think the same approach would work for other chips too. Cheers! :highfive:
** All paths assume your rom source dircetory to be the current directory **
1. Downlaod and Build
Bluez.org already has its own tutorial. I just summerize and list my suggestions.
1.1 local manifest
I learned my lesson and would avoid touching the "manifest.xml".
Add the following lines to your ".repo/local_manifests/local_menifest.xml"
For cm11, omni, etc.
Code:
<remote name="gcode" fetch="https://code.google.com/p/"/>
<remote name="korg" fetch="git://git.kernel.org/pub/scm/bluetooth/"/>
<remove-project name="android_external_bluetooth_bluedroid"/>
<project remote="korg" path="external/bluetooth/bluez" name="bluez" group="pdk" revision="master"/>
<project remote="korg" path="external/bluetooth/sbc" name="sbc" group="pdk" revision="master"/>
<project remote="gcode" path="external/bluetooth/glib" name="aosp-bluez.glib" group="pdk" revision="master"/>
For AOSP, replace the remove-project with:
Code:
<remove-project name="platform/external/bluetooth/bluedroid"/>
After repo sync, bluez will replace bluedroid.
1.2 patching bionic
The patches for bionic are simple. Mainly by adding two flags and the function epoll_create1().
Bionic may vary from ROMs. It is wiser to patch the bionic of your ROM manually. You may follow the changes of the two commits below:
https://code.google.com/p/aosp-blue...96020013615b00d70579123f&repo=platform-bionic
https://code.google.com/p/aosp-blue...3347746d0d9727d8439ef4c4&repo=platform-bionic
1.3 neccessary tools
There are tools in "external/bluetooth/bluez/tools". You may need some of those tools for setup or testing.
This is the "Android.mk" I added to "external/bluetooth/bluez/tools". You may cheery pick the required tools for your device.
Code:
#
# Bluetooth tools for setup and debug
# daniel_hk
LOCAL_PATH := external/bluetooth
# Retrieve BlueZ version from configure.ac file
BLUEZ_VERSION := $(shell grep ^AC_INIT $(LOCAL_PATH)/bluez/configure.ac | cpp -P -D'AC_INIT(_,v)=v')
# Specify pathmap for glib
#pathmap_INCL += glib:external/bluetooth/glib
# Specify common compiler flags
BLUEZ_COMMON_CFLAGS := -DVERSION=\"$(BLUEZ_VERSION)\" \
-DSTORAGEDIR=$(ANDROID_STORAGEDIR) \
# Disable warnings enabled by Android but not enabled in autotools build
BLUEZ_COMMON_CFLAGS += -Wno-pointer-arith -Wno-missing-field-initializers
# @ daniel, extra tools for CSR
ifeq ($(BOARD_HAVE_BLUETOOTH_CSR),true)
#
# bccmd
#
include $(CLEAR_VARS)
LOCAL_SRC_FILES:= \
bluez/lib/hci.c \
bluez/lib/bluetooth.c \
bluez/tools/bccmd.c \
bluez/tools/csr.c \
bluez/tools/csr_3wire.c \
bluez/tools/csr_bcsp.c \
bluez/tools/csr_hci.c \
bluez/tools/csr_h4.c \
bluez/tools/csr_usb.c \
bluez/tools/ubcsp.c
LOCAL_CFLAGS := $(BLUEZ_COMMON_CFLAGS)
LOCAL_C_INCLUDES:=\
$(LOCAL_PATH)/bluez \
$(LOCAL_PATH)/bluez/lib \
$(LOCAL_PATH)/bluez/tools \
$(LOCAL_PATH)/bluez/src \
$(LOCAL_PATH)/bluez/src/shared \
LOCAL_MODULE:=bccmd
include $(BUILD_EXECUTABLE)
#
# sdptool
#
include $(CLEAR_VARS)
LOCAL_SRC_FILES:= \
bluez/lib/hci.c \
bluez/lib/bluetooth.c \
bluez/lib/sdp.c \
bluez/tools/sdptool.c \
bluez/src/sdp-xml.c
LOCAL_CFLAGS := $(BLUEZ_COMMON_CFLAGS)
LOCAL_C_INCLUDES:=\
$(LOCAL_PATH)/bluez \
$(LOCAL_PATH)/bluez/lib \
$(LOCAL_PATH)/bluez/tools \
$(LOCAL_PATH)/bluez/src \
$(LOCAL_PATH)/bluez/src/shared \
LOCAL_C_INCLUDES += \
$(call include-path-for, glib) \
$(call include-path-for, glib)/glib \
LOCAL_SHARED_LIBRARIES := \
libglib \
LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE:=sdptool
include $(BUILD_EXECUTABLE)
endif
1.4 patches for CyanogenMod 11
In CyanogenMod 11, the function "pin_request_cb" has one more argument. The following file need some patches:
in the file "external/bluetooth/bluez/android/hal-bluetooth.c"
Code:
[I]** in function: handle_pin_request[/I]
bt_hal_cbacks->pin_request_cb(addr, name, ev->class_of_dev, 0); // @ daniel, added 0 for cm11
in the file "external/bluetooth/bluez/android/client/if-bt.c"
Code:
[I]** in function: pin_request_cb[/I]
static void pin_request_cb(bt_bdaddr_t *remote_bd_addr, bt_bdname_t *bd_name,
uint32_t cod, uint8_t secure) // @ daniel, added secure from cm11
{
/* Store for command completion */
bt_bdaddr_t2str(remote_bd_addr, last_remote_addr);
pin_request_addr = *remote_bd_addr;
haltest_info("%s: remote_bd_addr=%s bd_name=%s cod=%06x secure=%02x\n", __func__,
last_remote_addr, bd_name->name, cod, secure); // @ daniel, added
terminal_prompt_for("Enter pin: ", pin_request_answer);
}
2. kerenl patch
In the "README" inside "external/bluetooth/bluez/android", there is the line:
Minimal required version of management interface is 1.3. This corresponds to Linux 3.9 but latest available version is recommended.
Click to expand...
Click to collapse
If you have tried porting bluez and fail, check the logcat. You might probably found the error "Failed to access management interface". This is the key making bluez to work! Sadly, most of the existing Android kernels are before ver. 3.9! The latest kernel we have might be ver. 3.4.x and the kernel for my p6800 is ver. 3.0.x! As the above line stated, Bluez5 requires the kernel to have management interface 1.3 or above. That means we have to backport the bluetooth subsystem from at least ver. 3.9. I backport my kernel with the latest (3.13-1) found in linux-foundation.org: http://drvbp1.linux-foundation.org/~mcgrof/rel-html/backports/
It was a tough and painful job! There are lots of changes. I finally got a bootable backport kernel in 2 days!
I packed my patches in View attachment kernel-3.0.x-backport-3.13-1.zip. This patch is for my 3.0.x kernel which might be different from other 3.0.x kernels. Don't have time to tidy up but it works for me. Although I've done the hard part, it still requires extra patience to get yours done. Prepare yourself...
2.1 Backport 3.13-1 to your kernel
Direct replacements.
Replace the following folders in the zip with the one in your kernel source:
drivers/bluetooth
net/bluetooth
include/net/bluetooth
include/backport​
Direct replacement might not work!
Check include/linux in the zip
For each file,
add the required part (which I delimited with comments @ daniel and //@ ) to the corresponding file in your kernel source.
If file not exist,
copy the files to your kernel source​
Check your defconfig. As README suggested, defconfig should have:
CONFIG_BT
CONFIG_BT_RFCOMM
CONFIG_BT_RFCOMM_TTY
CONFIG_BT_BNEP
CONFIG_BT_BNEP_MC_FILTER
CONFIG_BT_BNEP_PROTO_FILTER
CONFIG_BRIDGE
CONFIG_UHID
# and for CSR chips
CONFIG_BT_HCIUART=y
CONFIG_BT_HCIUART_H4=y
CONFIG_BT_HCIUART_BCSP=y​
You probably need to compile the kernel many times to get it work. I worte a build script View attachment build-k.zip to compile the kernel only.
Copy build-k to your ROM source directory and type:
Code:
./build-k <your device>
2.2 Backport-hid-generic to your kernel
There is another patch in the Mako-kern example:
https://code.google.com/p/aosp-blue...eneric-driver.patch?repo=device-lge-mako-kern
Don't know if it is required for your kernel but adding this patch seems doesn't hurt.
If you do it right, you may find "Bluetooth management interface 1.4" in your logcat. Congratulation! Bluetoothd can connect to your kernel now!
3. initialization and setup
Take a look at your devices tree's TARGET_CUSTOM_BLUEDROID definition. If you have a file assigned, it supposed to replace the file "bluetooth.c" in the "system/bluetooth" project. In Android 4.4, this project is no longer exist/needed. Before Android 4.2, this project provide the functions "bt_enable()" and "bt_disable()" which are called in the frameworks. These functions will tell you how to "power on", "power off" and init your device's Bluetooth chip.
For CSR:
set /sys/class/rfkill/rfkill0/state to 1 ("power on")
start the service "bccmd" which will setup the chip and upload a PSConfig to the chip
start the service "hciattach" which init the port hci0 with parameters
start the service "bluetoothd" which is the bluez stack
The services are defined in init.rc or init.${ro.hardware}.rc.
3.1 Test your device and the tools
Disable the "import init.bluetooth.rc" line if you have added it before.
Example for CSR chips. Follow the steps in bt_enable. In a terminal or via adb:
Code:
$ su -- [I][COLOR="SeaGreen"]root user is required[/COLOR][/I]
# echo "1" > /sys/class/rfkill/rfkill0/state
# bccmd -t bcsp -d /dev/ttySAC0 -b 115200 psload -r /system/etc/PSConfig_8811.psr
Loading 0x212c ... done
Loading 0x212d ... done
...
Loading PSKEY_CLOCK_REQUEST_ENABLE ... done
Loading PSKEY_UART_HOST_WAKE ... done
# hciattach -p /dev/ttySAC0 bcsp 3000000 flow
Device setup complete
# hciconfig hci0 up
# hcitool scan -- [I][COLOR="SeaGreen"]turn on a device's bluetooth for testing[/COLOR][/I]
Nexus 4 -- [I][COLOR="SeaGreen"]found the device means bluetooth is working now[/COLOR][/I]
3.2 Init sequence
In Bluez5, the HAL (bluetooth.default.so) driver will be loaded at boot and the daemon (bluetoothd) will be started inside too. Take a look at the function "bool hal_ipc_init(void)" in "external/bluetooth/bluez/android/hal-ipc.c". You may find how the HAL is init which is different from pre-4.2 Androids.
In order to get the daemon (bluetoothd) to work, we have to init the chip before that.
I worte a shell script init.bt.sh to init the chip/port:
Code:
#!/system/bin/sh
# modified by daniel_hk
LOG_TAG="CSR8811-HCI"
BTUART_PORT=/dev/ttySAC0
BTSTATE=/sys/class/rfkill/rfkill0/state
PSCONFIG=/system/etc/PSConfig_8811.psr
logi ()
{
/system/bin/log -t $LOG_TAG -p i ": [email protected]"
}
loge ()
{
/system/bin/log -t $LOG_TAG -p e ": [email protected]"
}
failed ()
{
loge "$1: exit code $2"
exit $2
}
#Enable power of csr chip
echo "1" > $BTSTATE
# PS Config with bccmd
logwrapper /system/bin/bccmd -t bcsp -d $BTUART_PORT -b 115200 psload -r $PSCONFIG
case $? in
0) logi "bccmd init port....done";;
*) failed "port: $BTUART_PORT - bccmd failed" $?;
exit $?;;
esac
# attach HCI
logwrapper /system/bin/hciattach -p $BTUART_PORT bcsp 3000000 flow
case $? in
0) logi "hci attached to : $BTUART_PORT";;
*) failed "port: $BTUART_PORT - hciattach failed" $?;
exit $?;;
esac
exit 0
It takes time for bccmd and hciattach to complete. Putting them in seperate services requires delay in between. I think it is better to run them as application one after one.
A new rc file init.${ro.hardware}.bt.rc is created and need to be imported in your init.${ro.hardware}.rc
Code:
on boot
start bt_init
on property:init.svc.bluetoothd=running
start hci0_up
on property:init.svc.bluetoothd=stopped
start hci0_down
service bt_init /system/bin/logwrapper /system/bin/sh /system/etc/init.bt.sh
class main
user root
group bluetooth net_bt_admin system
disabled
oneshot
service hci0_up /system/bin/logwrapper /system/xbin/hciconfig hci0 up
class main
group bluetooth
disabled
oneshot
service hci0_down /system/bin/logwrapper /system/xbin/hciconfig hci0 down
class main
group bluetooth
disabled
oneshot
import init.bluetooth.rc
Since HAL (bluetooth.default.so) is started quite early, I start the service bt_init at boot. I have tried a few places, daemon might timed out before bt_init finish. It also seems no need to repeat the init process everytime.
When bluetoothd is running (system/core/init will set the property init.svc.bluetoothd=running), set hci0 up with hciconfig. And when the service bluetoothd is stopped, set hci0 down with hciconfig. There might be a better way. Please indulge me if something better coming up.
You may turn ON/OFF bluetooth in settings now. Pairing and file transfer is working too.
4. Further porting
Take a look at the function get_profile_interface() in the file external/bluetooth/bluez/android/hal-bluetooth.c. Some interfaces which frameworks requested are missing.
eg. Bluetooth Handsfree interface
Bluetooth Map Client Interface
Bluetooth Health Interface
Bluetooth GATT Interface​Update: Fully support for Kitkat now. Check the README inside the android folder for detail.
As I mentioned before, I'm new to bluetooth. Further reading is required for me to fix other services. I also don't have enough time now. I have to process the stuck works after the Chinese New Year holiday. :cyclops: Hoping I can continue by the end of Feb. In the mean time, I hope someone have better knowledge may help fix other services.
For those devices don't have bluedroid support, we have a chance to carry on now!

[GUIDE] Porting Bluez to Marshmallow
Check the modified Bluez in my github.
It has been tested with Omni6 (Android-6.0.1_r3)
You have to remove system_bt in local_manifest.xml (similar to bluedroid, check post #1 for detail)
CM needs extra modifications. Will be available after testing.

Nice , Xperia Novathor devs also working on stable bluez 
 @95A31

Nice guide In CM11 you need also revert this https://github.com/CyanogenMod/andr...mmit/763c68d048d268bd931dffa72000f52830ffe2d8

95A31 said:
Nice guide In CM11 you need also revert this https://github.com/CyanogenMod/andr...mmit/763c68d048d268bd931dffa72000f52830ffe2d8
Click to expand...
Click to collapse
Thanks! Patch in section 1.4 is another alternative for cm11.

daniel_hk said:
Thanks! Patch in section 1.4 is another alternative for cm11.
Click to expand...
Click to collapse
Wops my fault :silly:, you have right

although i dont have my previous device which has csr chip..but those still have csr will get greatly benefited ..your work is incredible......god bless u!!!
keep the good work!!!

static void pin_request_cb is defined in external/bluetooth/bluez/android/client/if-bt.c

95A31 said:
static void pin_request_cb is defined in external/bluetooth/bluez/android/client/if-bt.c
Click to expand...
Click to collapse
yeah, it is also defined in if-bt.c but if you check android/Android.mk, only haltest use it. If you want to build haltest, you need to change if-bt.c too.
Take a look the file android/Android.mk which is the make file for android. bluetooth.default.so which cm11 refered to, use the definition in hal-bluetoth.c.
Sent from my Nexus 7 using Tapatalk

daniel_hk said:
yeah, it is also defined in if-bt.c but if you check android/Android.mk, only haltest use it. If you want to build haltest, you need to change if-bt.c too.
Take a look the file android/Android.mk which is the make file for android. bluetooth.default.so which cm11 refered to, use the definition in hal-bluetoth.c.
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
Forgot my unknowledge/newbie but I can not find it in hal-bluetoth.c (In BLueZ git)

95A31 said:
Forgot my unknowledge/newbie but I can not find it in hal-bluetoth.c (In BLueZ git)
Click to expand...
Click to collapse
It's in the android folder. In the same place as Android.mk.
If you can't find inside the file, you might have the old version. Try include the project in manifest and sync again.
I have a suggested local_manifest in post #1.
Good luck!
Sent from my Nexus 7 using Tapatalk

daniel_hk said:
It's in the android folder. In the same place as Android.mk.
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
I mean in hal-bluetooth.c, can you tell me the line in this version ot the file? (I know that it is a retarded question but I really can find other occurences of pin_request_cb outside handle_pin_request function) I am working on BlueZ git so I am working on lastest version

95A31 said:
I mean in hal-bluetooth.c, can you tell me the line in this version ot the file? (I know that it is a retarded question but I really can find other occurences of pin_request_cb outside handle_pin_request function) I am working on BlueZ git so I am working on lastest version
Click to expand...
Click to collapse
All the changes are listed in post#1.
In line 239 of you link, there is the line:
bt_hal_cbacks->pin_request_cb(addr, name, ev->class_of_dev);
It is a callback. The definition is in cm11 which had changed. That's why we have to add one more argument. (or revert the cm11 commit as you said)
The definition if-bt.c which is a client, is for testing. It has to define the callback which is required in int. Got it?

daniel_hk said:
All the changes are listed in post#1.
In line 239 of you link, there is the line:
bt_hal_cbacks->pin_request_cb(addr, name, ev->class_of_dev);
It is a callback. The definition is in cm11 which had changed. That's why we have to add one more argument. (or revert the cm11 commit as you said)
The definition if-bt.c which is a client, is for testing. It has to define the callback which is required in int. Got it?
Click to expand...
Click to collapse
Get it :good:

Ok, I have a nice bootloop: http://pastebin.com/QcZbEkfx Guys some ideas ?

95A31 said:
Ok, I have a nice bootloop: http://pastebin.com/QcZbEkfx Guys some ideas ?
Click to expand...
Click to collapse
I have checked your logcat. There is no management interface log. The kernel backport on blietooth subsystem is probably failed.
Sent from my Nexus 7 using Tapatalk

daniel_hk said:
I have checked your logcat. There is no management interface log. The kernel backport on blietooth subsystem is probably failed.
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
I foud this dependence in my case: WLAN init need that BT chip is initialized because WLAN ask clock to BT. The intoduction of import init.bluetooth.rc broke this dependence. Fu*king details :cyclops: I hope to save debug time to someone

Thanks, very helpful guide. Following this I was able to get BlueZ working on MSM7x27a. However, instead of dropping the backport sources in the kernel tree I followed this documentation to build the backports as external modules, which looks like a cleaner way to me. This requires building the kernel without BT (and, in cases like this, patching the source to remove some dependencies on built-in BT). This leaves the kernel sources (mostly) untouched, and makes adapting the backport sources easier because you can separately build the modules without doing a full kernel build.
The modules can then be built like this:
Code:
# clean output files
make -C kernel/backports ARCH=arm CROSS_COMPILE="arm-eabi-" KLIB=$OUT/obj/KERNEL_OBJ KLIB_BUILD=$OUT/obj/KERNEL_OBJ mrproper
# configure
make -C kernel/backports ARCH=arm CROSS_COMPILE="arm-eabi-" KLIB=$OUT/obj/KERNEL_OBJ KLIB_BUILD=$OUT/obj/KERNEL_OBJ menuconfig
# build
make -C kernel/backports ARCH=arm CROSS_COMPILE="arm-eabi-" KLIB=$OUT/obj/KERNEL_OBJ KLIB_BUILD=$OUT/obj/KERNEL_OBJ

jjm34 said:
Thanks, very helpful guide. Following this I was able to get BlueZ working on MSM7x27a. However, instead of dropping the backport sources in the kernel tree I followed this documentation to build the backports as external modules, which looks like a cleaner way to me. This requires building the kernel without BT (and, in cases like this, patching the source to remove some dependencies on built-in BT). This leaves the kernel sources (mostly) untouched, and makes adapting the backport sources easier because you can separately build the modules without doing a full kernel build.
The modules can then be built like this:
Code:
# clean output files
make -C kernel/backports ARCH=arm CROSS_COMPILE="arm-eabi-" KLIB=$OUT/obj/KERNEL_OBJ KLIB_BUILD=$OUT/obj/KERNEL_OBJ mrproper
# configure
make -C kernel/backports ARCH=arm CROSS_COMPILE="arm-eabi-" KLIB=$OUT/obj/KERNEL_OBJ KLIB_BUILD=$OUT/obj/KERNEL_OBJ menuconfig
# build
make -C kernel/backports ARCH=arm CROSS_COMPILE="arm-eabi-" KLIB=$OUT/obj/KERNEL_OBJ KLIB_BUILD=$OUT/obj/KERNEL_OBJ
Click to expand...
Click to collapse
Yeah! Yours seems better. I was messing with the kernel for a while before backport. Traditional backport kill my WiFi so I did what I knew. I will try yours later.
Any other success would be cheerful.
Sent from my Nexus 7 using Tapatalk

Sucessfully ported on CyanogenMod 11.0 git (using Bluetooth from AOSP).
HOWTO:
Remove CyanogenMod Bluetooth and grab AOSP version by local_manifest:
Code:
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<remote name="kernel"
fetch="git://git.kernel.org/pub/scm/" />
<remote name="googlecode"
fetch="https://code.google.com/" />
<remove-project name="CyanogenMod/android_external_bluetooth_bluedroid" />
<project remote="kernel" path="external/bluetooth/bluez" name="bluetooth/bluez" groups="pdk" revision="master" />
<project remote="kernel" path="external/bluetooth/sbc" name="bluetooth/sbc" groups="pdk" revision="master" />
<project remote="googlecode" path="external/bluetooth/glib" name="p/aosp-bluez.glib" groups="pdk" revision="master" />
<remove-project name="CyanogenMod/android_packages_apps_Bluetooth" />
<remove-project name="CyanogenMod/android_packages_apps_BluetoothExt" />
<project path="packages/apps/Bluetooth" name="platform/packages/apps/Bluetooth" remote="aosp" revision="refs/tags/android-4.4.2_r1" />
<project path="aosp/packages/apps/Settings" name="platform/packages/apps/Settings" remote="aosp" revision="refs/tags/android-4.4.2_r1" />
<project path="aosp/frameworks/base" name="platform/frameworks/base/" remote="aosp" revision="refs/tags/android-4.4.2_r1" />
<project path="aosp/hardware/libhardware" name="platform/hardware/libhardware/" remote="aosp" revision="refs/tags/android-4.4.2_r1" />
</manifest>
Replace CyanogenMod Bluetooth system with AOSP one:
Code:
rm cm-11.0/hardware/libhardware/include/hardware/bluetooth.h
cp aosp/hardware/libhardware/include/hardware/bluetooth.h cm-11.0/hardware/libhardware/include/hardware/bluetooth.h
rm -rf cm-11.0/frameworks/base/core/java/android/bluetooth
cp -r aosp/frameworks/base/core/java/android/bluetooth cm-11.0/frameworks/base/core/java/android
rm cm-11.0/frameworks/base/services/java/com/android/server/BluetoothManagerService.java
cp aosp/frameworks/base/services/java/com/android/server/BluetoothManagerService.java cm-11.0/frameworks/base/services/java/com/android/server/BluetoothManagerService.java
rm -rf cm-11.0/packages/apps/Settings/src/com/android/settings/bluetooth
cp -r aosp/packages/apps/Settings/src/com/android/settings/bluetooth cm-11.0/packages/apps/Settings/src/com/android/settings
Adapt CyanogenMod with this changes:
Code:
diff --git a/frameworks/base/Android.mk b/frameworks/base/Android.mk
index 91338ef..43a87ef 100644
--- a/frameworks/base/Android.mk
+++ b/frameworks/base/Android.mk
@@ -88,10 +88,8 @@ LOCAL_SRC_FILES += \
core/java/android/wipower/IWipower.aidl \
core/java/android/wipower/IWipowerManagerCallback.aidl \
core/java/android/bluetooth/IBluetooth.aidl \
- core/java/android/bluetooth/IQBluetooth.aidl \
core/java/android/bluetooth/IBluetoothA2dp.aidl \
core/java/android/bluetooth/IBluetoothCallback.aidl \
- core/java/android/bluetooth/IQBluetoothAdapterCallback.aidl \
core/java/android/bluetooth/IBluetoothHeadset.aidl \
core/java/android/bluetooth/IBluetoothHeadsetPhone.aidl \
core/java/android/bluetooth/IBluetoothHealth.aidl \
@@ -100,18 +98,12 @@ LOCAL_SRC_FILES += \
core/java/android/bluetooth/IBluetoothPan.aidl \
core/java/android/bluetooth/IBluetoothManager.aidl \
core/java/android/bluetooth/IBluetoothManagerCallback.aidl \
- core/java/android/bluetooth/IQBluetoothManagerCallback.aidl \
core/java/android/bluetooth/IBluetoothPbap.aidl \
core/java/android/bluetooth/IBluetoothMap.aidl \
core/java/android/bluetooth/IBluetoothStateChangeCallback.aidl \
- core/java/android/bluetooth/IBluetoothHandsfreeClient.aidl \
- core/java/android/bluetooth/IBluetoothHidDevice.aidl \
- core/java/android/bluetooth/IBluetoothHidDeviceCallback.aidl \
core/java/android/bluetooth/IBluetoothGatt.aidl \
core/java/android/bluetooth/IBluetoothGattCallback.aidl \
core/java/android/bluetooth/IBluetoothGattServerCallback.aidl \
- core/java/android/bluetooth/IBluetoothSap.aidl \
- core/java/android/bluetooth/IBluetoothDun.aidl \
core/java/android/content/IClipboard.aidl \
core/java/android/content/IContentService.aidl \
core/java/android/content/IIntentReceiver.aidl \
@@ -407,7 +399,6 @@ aidl_files := \
frameworks/base/core/java/com/android/internal/view/IInputMethodClient.aidl \
frameworks/base/core/java/com/android/internal/view/IInputMethodManager.aidl \
frameworks/base/core/java/com/android/internal/view/IInputMethodSession.aidl \
- frameworks/base/core/java/android/bluetooth/BluetoothLEServiceUuid.aidl \
frameworks/base/graphics/java/android/graphics/Bitmap.aidl \
frameworks/base/graphics/java/android/graphics/Rect.aidl \
frameworks/base/graphics/java/android/graphics/Region.aidl \

[Samsung] Unpacking 'Non-Standard' Boot.img Problems for 64 Bit Device

This is in relation to this and my post on xda.
The main reason I want to make a custom kernel is to gain root and once I successfully have then add other CPU governors, and since this is considered a low activity device on xda I will have to do this myself. Also I you are just gonna say use twrp to flash SuperSU, well I can't as it seems to not work with the device when its running Lollipop 5.1.1
Device Specifications:
Current Android Version: Android Lollipop 5.1.1
Chipset: Marvell Armada PXA1908 (Note: Due to this being a rarely used chip, the CF-Auto root won't work)
Custom Recovery Status: TWRP 3.0.2-0 (More on this later on)
Root Status (This is why I am here): Android KitKat 4.4.4 (Root) , Android Lollipop 5.1.1 (NO ROOT Yet)
ARMv8 64-bit
Now let's get into my steps up to the point and then my problem.
Note: In the kernel readme it states to use the toolchain 4.8 but when I use it, it complains of not being able to find gcc. Also in the read me it states "get Toolchain download and install arm-eabi-4.8 toolchain for ARM EABI.(64bit)" and when reading up on it, https://developer.android.com/ndk/guides/standalone_toolchain.html#syt , it says to use aarch64 for ARM 64 Bit devices.
Device Source Code can be found at Here
Code:
cd ~/android
export CROSS_COMPILE=~/android/ndk/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-
cd ~/android/kernel
make ARCH=arm64 pxa1908_xcover3lte_eur_defconfig
make ARCH=arm64
This outputs: Image, Image.gz, .dts and .dtb files.
Where's the kernel readme (I believe this hasn't been update since kitkat) says the output will be,
- Kernel : Kernel/arch/arm/boot/zImage
- module : Kernel/drivers/*/*.ko
Note: when trying to compile with the 32- bit ARM toolchain it fails, as the config is found in arm64, wheres other configs are found in arm.
So know I have a kernel (Image or Image.gz), and some .dts and .dtb files. Now to unpack boot.img, this is where problems occur. When trying to use tools like abootimg or the various different versions of unmkbootimg, they complain about non-standard boot.img.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
or
While also try saving it as a zImage when its meant to be a Image.gz, or they extract it without throwing any errors, but when looking at the extracted files with a hex editor, it is all 00 throughout the files, therefore a useless file.
So their for I tried manually unpacking with a hex editor and managed to get the kernel. Left is my Compiled and Right is the hex version.
Notice the difference in size, is this because the kernel in boot.img is stripped of its debugging items while mine isn't? If so I should look up on how to fix that.
But am having troubles trying to extract the ramdisk via hex.
So is anyone able to either:
a) Help me extract the boot.img properly (with tools like unmkbootimg or with a hex editor)
or
b) do this for me and explain how you achieved it so I myself is am able to do it when needed.
I have attached necessary files if you want to have a look at them yourself.
Any help is appreciated.
FIles(XDA attachments not working): https://drive.google.com/file/d/0B_5mtquWAP3MZjJQay1ERFprbnM/view?usp=sharing

After Numerous trial and error, I finally managed to output ramdisk.cpio.gz.
The start of a Gzip file in hex is, 1F 8B 08, therefor when using the search function in you had editor application you can narrow down your results to 1 or 2 files (2 Files for me as my kernel and ramdisk are both gzipped). You then follow it all the way down till you find a big bunch of zeros(seems like they are passing between files). When you reach the bunch of zeros include the first "00" at the end of the other hexidecial. E.G. End of one of my gzip files is "CE 24 00 00 00....00 (ZERO PADDING BETWEEN FILES), Threaded the end of my file is "CE 24 00".
Knowing this I was able to successfully extract and verify both my kernel and ramdisk files are correct.

Perl script for unpacking
Code:
#!/usr/bin/perl
######################################################################
#
# File : split_bootimg.pl
# Author(s) : William Enck <[email protected]>
# Description : Split appart an Android boot image created
# with mkbootimg. The format can be found in
# android-src/system/core/mkbootimg/bootimg.h
#
# Thanks to alansj on xda-developers.com for
# identifying the format in bootimg.h and
# describing initial instructions for splitting
# the boot.img file.
#
# Last Modified : Tue Dec 2 23:36:25 EST 2008
# By : William Enck <[email protected]>
#
# Copyright (c) 2008 William Enck
#
######################################################################
use strict;
use warnings;
# Turn on print flushing
$|++;
######################################################################
## Global Variables and Constants
my $SCRIPT = __FILE__;
my $IMAGE_FN = undef;
# Constants (from bootimg.h)
use constant BOOT_MAGIC => 'ANDROID!';
use constant BOOT_MAGIC_SIZE => 8;
use constant BOOT_NAME_SIZE => 16;
use constant BOOT_ARGS_SIZE => 512;
# Unsigned integers are 4 bytes
use constant UNSIGNED_SIZE => 4;
# Parsed Values
my $PAGE_SIZE = undef;
my $KERNEL_SIZE = undef;
my $RAMDISK_SIZE = undef;
my $SECOND_SIZE = undef;
my $DT_SIZE = undef;
######################################################################
## Main Code
&parse_cmdline();
&parse_header($IMAGE_FN);
=format (from bootimg.h)
** +-----------------+
** | boot header | 1 page
** +-----------------+
** | kernel | n pages
** +-----------------+
** | ramdisk | m pages
** +-----------------+
** | second stage | o pages
** +-----------------+
**
** n = (kernel_size + page_size - 1) / page_size
** m = (ramdisk_size + page_size - 1) / page_size
** o = (second_size + page_size - 1) / page_size
** p = (dt_size + page_size - 1) / page_size
**
** 0. all entities are page_size aligned in flash
** 1. kernel and ramdisk are required (size != 0)
** 2. second is optional (second_size == 0 -> no second)
** 3. load each element (kernel, ramdisk, second) at
** the specified physical address (kernel_addr, etc)
** 4. prepare tags at tag_addr. kernel_args[] is
** appended to the kernel commandline in the tags.
** 5. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr
** 6. if second_size != 0: jump to second_addr
** else: jump to kernel_addr*/
=cut
my $n = int(($KERNEL_SIZE + $PAGE_SIZE - 1) / $PAGE_SIZE);
my $m = int(($RAMDISK_SIZE + $PAGE_SIZE - 1) / $PAGE_SIZE);
my $o = int(($SECOND_SIZE + $PAGE_SIZE - 1) / $PAGE_SIZE);
my $p = int(($DT_SIZE + $PAGE_SIZE - 1) / $PAGE_SIZE);
my $k_offset = $PAGE_SIZE;
my $r_offset = $k_offset + ($n * $PAGE_SIZE);
my $s_offset = $r_offset + ($m * $PAGE_SIZE);
my $t_offset = $s_offset + ($o * $PAGE_SIZE);
(my $base = $IMAGE_FN) =~ s/.*\/(.*)$/$1/;
my $k_file = "kernel.gz";
my $r_file = "ramdisk.gz";
my $s_file = "second.gz";
my $t_file = "dt.img";
# The kernel is always there
print "Writing $k_file ...";
&dump_file($IMAGE_FN, $k_file, $k_offset, $KERNEL_SIZE);
print " complete.\n";
# The ramdisk is always there
print "Writing $r_file ...";
&dump_file($IMAGE_FN, $r_file, $r_offset, $RAMDISK_SIZE);
print " complete.\n";
# The Second stage bootloader is optional
unless ($SECOND_SIZE == 0) {
print "Writing $s_file ...";
&dump_file($IMAGE_FN, $s_file, $s_offset, $SECOND_SIZE);
print " complete.\n";
}
# The DT.img stage is optional
unless ($DT_SIZE == 0) {
print "Writing $t_file ...";
&dump_file($IMAGE_FN, $t_file, $t_offset, $DT_SIZE);
print " complete.\n";
}
######################################################################
## Supporting Subroutines
=header_format (from bootimg.h)
struct boot_img_hdr
{
unsigned char magic[BOOT_MAGIC_SIZE];
unsigned kernel_size; /* size in bytes */
unsigned kernel_addr; /* physical load addr */
unsigned ramdisk_size; /* size in bytes */
unsigned ramdisk_addr; /* physical load addr */
unsigned second_size; /* size in bytes */
unsigned second_addr; /* physical load addr */
uint32_t dt_size; /* device tree size in bytes */
uint32_t dt_addr; /* device tree address in bytes */
unsigned tags_addr; /* physical addr for kernel tags */
unsigned page_size; /* flash page size we assume */
unsigned char name[BOOT_NAME_SIZE]; /* asciiz product name */
unsigned char cmdline[BOOT_ARGS_SIZE];
unsigned id[8]; /* timestamp / checksum / sha1 / etc */
};
=cut
sub parse_header {
my ($fn) = @_;
my $buf = undef;
open INF, $fn or die "Could not open $fn: $!\n";
binmode INF;
# Read the Magic
read(INF, $buf, BOOT_MAGIC_SIZE);
unless ($buf eq BOOT_MAGIC) {
die "Android Magic not found in $fn. Giving up.\n";
}
# Read kernel size and address (assume little-endian)
read(INF, $buf, UNSIGNED_SIZE * 2);
my ($k_size, $k_addr) = unpack("VV", $buf);
# Read ramdisk size and address (assume little-endian)
read(INF, $buf, UNSIGNED_SIZE * 2);
my ($r_size, $r_addr) = unpack("VV", $buf);
# Read second size and address (assume little-endian)
read(INF, $buf, UNSIGNED_SIZE * 2);
my ($s_size, $s_addr) = unpack("VV", $buf);
# Read dt size and address (assume little-endian)
read(INF, $buf, UNSIGNED_SIZE * 2);
my ($t_size, $t_addr) = unpack("VV", $buf);
# Ignore tags_addr
read(INF, $buf, UNSIGNED_SIZE);
# get the page size (assume little-endian)
read(INF, $buf, UNSIGNED_SIZE);
my ($p_size) = unpack("V", $buf);
# Read the name (board name)
read(INF, $buf, BOOT_NAME_SIZE);
my $name = $buf;
# Read the command line
read(INF, $buf, BOOT_ARGS_SIZE);
my $cmdline = $buf;
# Ignore the id
read(INF, $buf, UNSIGNED_SIZE * 8);
# Close the file
close INF;
# Print important values
printf "Page size: %d (0x%08x)\n", $p_size, $p_size;
printf "Kernel size: %d (0x%08x)\n", $k_size, $k_size;
printf "Ramdisk size: %d (0x%08x)\n", $r_size, $r_size;
printf "Second size: %d (0x%08x)\n", $s_size, $s_size;
printf "dt size: %d (0x%08x)\n", $t_size, $t_size;
printf "Board name: $name\n";
printf "Command line: $cmdline\n";
# Save the values
$PAGE_SIZE = $p_size;
$KERNEL_SIZE = $k_size;
$RAMDISK_SIZE = $r_size;
$SECOND_SIZE = $s_size;
$DT_SIZE = $t_size;
}
sub dump_file {
my ($infn, $outfn, $offset, $size) = @_;
my $buf = undef;
open INF, $infn or die "Could not open $infn: $!\n";
open OUTF, ">$outfn" or die "Could not open $outfn: $!\n";
binmode INF;
binmode OUTF;
seek(INF, $offset, 0) or die "Could not seek in $infn: $!\n";
read(INF, $buf, $size) or die "Could not read $infn: $!\n";
print OUTF $buf or die "Could not write $outfn: $!\n";
close INF;
close OUTF;
}
######################################################################
## Configuration Subroutines
sub parse_cmdline {
unless ($#ARGV == 0) {
die "Usage: $SCRIPT boot.img\n";
}
$IMAGE_FN = $ARGV[0];
}
The reason why none of tools support our image is because it has different header format. For example mkbootimg:
Code:
unsigned tags_addr; /* physical addr for kernel tags */
unsigned page_size; /* flash page size we assume */
unsigned unused[2]; /* future expansion: should be 0 */
but we need for our kernel such a code
Code:
unsigned dt_size; /* device tree size in bytes */
unsigned dt_addr; /* device tree address in bytes */
unsigned tags_addr; /* physical addr for kernel tags */
unsigned page_size; /* flash page size we assume */

akuhak said:
Perl script for unpacking
The reason why none of tools support our image is because it has different header format. For example mkbootimg:but we need for our kernel such a code
Click to expand...
Click to collapse
Yes @akuhak I had realised that about a week ago (header sizes), also another thing is most of these tools deal with a zImage, where's I boot.img has a hOmage (which is a 64 byte uImage header followed by the kernel. I have succesfully unpacked this boot.img (the kernel, ramdisk and dt.img).
Now if this script works it will be good for other users, but for me my need has already been done.
I am just having trouble trying to get this booting up on my phone when I repack it (I haven't been paying to much attention to this project becuse of exam revision)
Edit: I have tested it and verified thatvit works by comparing the files produced by hand and the files produced by this script via the sha1sum command. I have uploaded it onto my xCover3 post linking back here and giving the credit to you for posting it here. Thanks for your help

It easier to found already existing tool. Our device (I am owning Xcover 3 too) has pxa1088 board. It is known that similar boards has similar structure. So i found these thread github(dot)com/kumajaya/degas-mkbootimg (he has also topic here in xda with his researchs)
It has the same board so these tools works fine for us The only difference I noticed - header unknown value is 0x03000000 for our device and 0x02000000 for Galaxy Tab 4. Maybe something wrong with dtb image - I didn't check these yet.
BTW our phone has same characteristics as Samsung SM-G531F Galaxy Grand Prime (same board, same cpu, same gpu, only screen a bit different) and grandprimevelte has 5.1.1 android onboard and working TWRP recovery (I was trying to flash it but was unsuccessful).
As for same board - For Example Xcover 3 Value Edition has completely different board (exynos3475 with mali-t760mp8 gpu). The same characteristics as for Samsung SM-J200 Galaxy J2. So we can use root methods from j2lte. This means - flash TWRP then install SuperSu zip archive - thats all.
But we cannot use TWRP from VE cause of very different hardwares.
Now Im working on improving degas utilities...

akuhak said:
It easier to found already existing tool. Our device (I am owning Xcover 3 too) has pxa1088 board. It is known that similar boards has similar structure. So i found these thread github(dot)com/kumajaya/degas-mkbootimg (he has also topic here in xda with his researchs)
It has the same board so these tools works fine for us The only difference I noticed - header unknown value is 0x03000000 for our device and 0x02000000 for Galaxy Tab 4. Maybe something wrong with dtb image - I didn't check these yet.
BTW our phone has same characteristics as Samsung SM-G531F Galaxy Grand Prime (same board, same cpu, same gpu, only screen a bit different) and grandprimevelte has 5.1.1 android onboard and working TWRP recovery (I was trying to flash it but was unsuccessful).
As for same board - For Example Xcover 3 Value Edition has completely different board (exynos3475 with mali-t760mp8 gpu). The same characteristics as for Samsung SM-J200 Galaxy J2. So we can use root methods from j2lte. This means - flash TWRP then install SuperSu zip archive - thats all.
But we cannot use TWRP from VE cause of very different hardwares.
Now Im working on improving degas utilities...
Click to expand...
Click to collapse
TWRP for xcover3 value editio came out about 7 says ago, and apparently one user has tried it and is working on their value edition version. (When I had a quick look at the source code yesterdau I happenend to notice it was a exynos board). I had previously tried the dagas scripts and they didn't work for our image at the time, yet your providerd version does. Great idea for searching up the board name (Marvell) as that is one of the only things I hadn't thought to Google.
Feel free to compile TWRP under android 5.1.1 branch. I can/will chime in with relevant info, as well as you can use info from TWRPs source code on the other twrp versions of our device. The only reason I haven't tried it as of yet is becuse i using my my mobile data 99% of the time and just don't have the data to so are downloading source code.
As for the dt.img, I veriefed the scripts output to my on manually extraction and it's the same for both files. (Sha1). But there is a little bit of trailing data (anything past SEANDROIDENFORCING) which is ignored, I am not sure id it's importance as of yet(other then SuperSu omits it from the boot.img when using SuperSu.zip.
Will pop back into here later today.

Ok I completed my tools collection for pxa1088
Source Code: github(dot)com/AKuHAK/pxa1088-mkbootimg
All necessary utilities can be achieved via my modified android_img_repack_tools repo: github(dot)com/AKuHAK/android_img_repack_tool
By just typing ./configure and make
If you are scared by traffic I released tools in one archive: github(dot)com/AKuHAK/android_img_repack_tools/releases/tag/1st.
How to use? I created README in github: github(dot)com/AKuHAK/pxa1088-mkbootimg/blob/master/README
Tools can extract and than pack back boot.img and recovery.img from XCover3. If you didn't extract uImage and dtb.img you can repack boot.img (recovery.img) without hash sum changes. If you extract zImage from uImage and than pack again in uImage your resulting uImage will be different cause uIimage header contain timestamp which will be taken from your PC settings. But resulting uImage still HAVE to be valid.

akuhak said:
Ok I completed my tools collection for pxa1088
Source Code: github(dot)com/AKuHAK/pxa1088-mkbootimg
All necessary utilities can be achieved via my modified android_img_repack_tools repo: github(dot)com/AKuHAK/android_img_repack_tool
By just typing ./configure and make
If you are scared by traffic I released tools in one archive: github(dot)com/AKuHAK/android_img_repack_tools/releases/tag/1st.
How to use? I created README in github: github(dot)com/AKuHAK/pxa1088-mkbootimg/blob/master/README
Tools can extract and than pack back boot.img and recovery.img from XCover3. If you didn't extract uImage and dtb.img you can repack boot.img (recovery.img) without hash sum changes. If you extract zImage from uImage and than pack again in uImage your resulting uImage will be different cause uIimage header contain timestamp which will be taken from your PC settings. But resulting uImage still HAVE to be valid.
Click to expand...
Click to collapse
Cool, will have a look tomorrow, it's hitting 1am for me now. Just one quick correction in the above post of yours. You mention zImage is extracted from the uImage. That is incorrect, is is in fact just a gzipped kernel image (Image.gz) not a zImage.
Yes I know both types of formats are compressed, but our device runs a armv8 cpu which is 64 bits (albeit our kernel is using a 32 but instruction set not a 64 bit instruction set and this means or OS is also 32 bits then). Apon reading the documentation found in the source code, you will realise that it can only handle a) the uncompressed kernel image (Image) or b) a compressed version of the image in gzip format (Image.gz). This is further proven when looking at the boot.img with a hex editor as you can clearly see 2 Files that start with the gzip header format (1F 8B 08) which are the gzipped kernel (also if you go back by 64 bytes then you will be at the start of the uImage header which holds or the appropriate info about the kernel.uImage file) and our ramdisk.
So hopefully you may have just made a mistake in the above post, but if not then you are outputting the incorrect file, which may confuse some users of they don't know much but just wanted to compile the kernel from source.
Sorry about the above rant, will now have a quick look at your github. Thanks for your work you have put into this phone.
Edit: when you mention the android img repack tools, did you use this, http://forum.xda-developers.com/showthread.php?t=2600364 , and if so what modification have you done since I already have the downloaded (used the last of my mobile data last month to get it)
EDIT2: Gonna have a mess around with them tomorrow. One question, sorry for sounding like a noon, but how does the compression differs between normal gzip and minigzip, how will these differences affect a repacked ramdisk and what got you onto that piece of info.
And I had a quick look at your github, seen all your ps2 back related source code.you using FMCB, a hardmod (a chip) or a internal hardrive via an Ethernet adapter. I see sp193, doctorxyz, have commuted to your repo, so sounds like your a ps2 dev, which is cool as ****

1) About zImage. Maybe I need to be more clear: Xcover 3 kernel has uImage onboard with gzip compression. You can extract kernel from that gzipped uImage - I just thought that zImage is name for extracted kernel Sorry if I made mistake in this case.
uImage can be created with use of u-boot tool (denx(dot)de/wiki/U-Boot/WebHome)
For example
Code:
mkimage -I boot.uImage
will provide such an information for our device
Code:
Image Name: pxa1928dkb linux
Created: Wed May 18 15:13:06 2016
Image Type: AArch64 Linux Kernel Image (gzip compressed)
Data Size: 6616640 Bytes = 6461.56 kB = 6.31 MB
Load Address: 01000000
Entry Point: 01000000
This information is extracted from uImage kernel (64 bytes). After header we will see our gzipped kernel - you are right. I just simply extracted it with 7zip from boot.img-uImage.
The difference is that your way didn't use uImage header at all - so you will be unable to pack it back without mistakes - or your gzipped kernel have to be completely the same in size which is almost impossible to achieve. With use of mkimage you can alter kernels (of course only if samsung doesnt check something else) and get correct uImage in output.
2) About difference between minigzip and gzip. In fact I don't know why its happened but I didn't found a reason why ramdisk have to be packed exactly with minigzip. I tried almost all flag combinations with gzip but I get the same result that was in output file only with minigzip
As about kernel it is packed with maximum compression without name with normal gzip.
So assuming minigzip for ramdisk, gzip -n -9 for kernel. But Im completely sure that we can use any combination of gzipers and image still will be valid (but of course will be different in hash). We need to use exactly this combination only if we need to get the same file.
3) Yes Im using exactly this kitchen - I just removed all branches except 5.1.1 added minigzip, my tools and u-boot mkimage tool generation.
4) Yes Im one of still alive ps2 developers I just realized that my phone isn't rooted and started to dig what I can do with it.

akuhak said:
1) About zImage. Maybe I need to be more clear: Xcover 3 kernel has uImage onboard with gzip compression. You can extract kernel from that gzipped uImage - I just thought that zImage is name for extracted kernel Sorry if I made mistake in this case.
uImage can be created with use of u-boot tool (denx(dot)de/wiki/U-Boot/WebHome)
For example will provide such an information for our device
This information is extracted from uImage kernel (64 bytes). After header we will see our gzipped kernel - you are right. I just simply extracted it with 7zip from boot.img-uImage.
The difference is that your way didn't use uImage header at all - so you will be unable to pack it back without mistakes - or your gzipped kernel have to be completely the same in size which is almost impossible to achieve. With use of mkimage you can alter kernels (of course only if samsung doesnt check something else) and get correct uImage in output.
2) About difference between minigzip and gzip. In fact I don't know why its happened but I didn't found a reason why ramdisk have to be packed exactly with minigzip. I tried almost all flag combinations with gzip but I get the same result that was in output file only with minigzip
As about kernel it is packed with maximum compression without name with normal gzip.
So assuming minigzip for ramdisk, gzip -n -9 for kernel. But Im completely sure that we can use any combination of gzipers and image still will be valid (but of course will be different in hash). We need to use exactly this combination only if we need to get the same file.
3) Yes Im using exactly this kitchen - I just removed all branches except 5.1.1 added minigzip, my tools and u-boot mkimage tool generation.
4) Yes Im one of still alive ps2 developers I just realized that my phone isn't rooted and started to dig what I can do with it.
Click to expand...
Click to collapse
1) yes a zImage is one type of you can get when compiling for ARM Devices, you Device is ARM64 so thierare differences. As for extracting the kernel I have always include the 64 byte header (since the middle of last week when I realised that it was there after running binwalk against the file). So yea your assumption was correct up untill a week ago.
2) Interesting. I will be sure to make changes accordingly.
3) cool I have 2 out of four so will download accordingly
4) cool, that the development scene is still going since the ps2 reached it 16 birthday this year.
5) as for root on this device chainfire has needed to go Systemless after/on 6.0 device or 5.1.1. Samsung devices, so to achive root on those devices it requires the modification of boot.img. what his SuperSu.zip does is patch the sepolicy file to allow 3 rules to run in permissive, modify other bits of the ramdisk accordingly to allow for it to run services and mount su.img at boot and it creates and place the necessary files inside su.img. I have completed all that by hand after reading his update-script numerous times. My only roadblock has been try to get the boot.img to boot.I was currently in the process, of try (I have tried alot of different ways including mkbootimg etc.) Manuallying replacing the ramdisk contents with the modified version, and then modify the bootmimg header to continue any modifed value (ramdisk size and dt offset) but am only partially done as I haven't had the chance the last few days to do it.

Awesome tool, unpack, repacked without a single modification and then ran "sha1sum" to both boot.img's and they are exactly the same. You are amazing . I have referenced your tools in this thread (http://forum.xda-developers.com/android/development/4-4-4-5-1-1-6-0-1-samsung-xcover3-t3465132 ) straight to your github. Now to try my modified ramdisk and see If my phone can boot it. Will post results soon.
======
Yes I can boot custom boot.img, without the SEANDORIDENFORCEING showing up. I can see my ramdisk changes, work, I can type adb root and I don't get the product in build message, but trying to do anything that requires root e.g. trying to push su.img to /data or /cache, gets me the error permission denied, but hey I am half way there to getting root.

Patched kernel CVE-2016-5195 (aka "Dirtycow")

For those of you wanting to patch your device asap, you can download my patched kernel. This is built from the latest Samsung standard sources with a couple of minor config changes, namely the ability to change SELinux enforcing mode as boot and runtime, removal of DM_VERITY and KNOX_KAP and a couple of IPv6 / QoS items (netfilter targets, qdiscs). The full config diff is below.
If you want to use this kernel you will need to create your own bootimage. On your device
Code:
# dd if=/dev/block/platform/15540000.dwmmc0/by-name/BOOT of=/sdcard/boot.img
Unpack the boot image (you can use this tool. In the unpacked folder, replace the boot.img-zImage with the new zImage from the zip file you downloaded. Recreate the bootimage with the mkbootimg tool (all the command line args you need to supply will be in the files that the unpackbootimg command created - just plug these values back in).
Now you can adb push the new boot.img back to your device and flash it using the reverse operation
Code:
# dd if=/sdcard/boot.img of=/dev/block/platform/15540000.dwmmc0/by-name/BOOT
If you want to compile your own kernel, here's the patch. In the kernel source dir, do
Code:
$ git init
$ git add .
$ git commit -m "initial"
$ git apply CVE-2016-5195.patch
CVE-2016-5195.patch:
Code:
From 4ecebb23a13c366b5d46cd0a76f14e6c81dd2da7 Mon Sep 17 00:00:00 2001
From: DL <[email protected]>
Date: Tue, 25 Oct 2016 19:36:32 +0700
Subject: [PATCH] Dirtycow Patch - CVE-2016-5195
---
include/linux/mm.h | 1 +
mm/memory.c | 28 ++++++++++++++++++++++++----
2 files changed, 25 insertions(+), 4 deletions(-)
mode change 100755 => 100644 include/linux/mm.h
mode change 100755 => 100644 mm/memory.c
diff --git a/include/linux/mm.h b/include/linux/mm.h
old mode 100755
new mode 100644
index 93b01bb..979e4c7
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1711,6 +1711,7 @@ static inline struct page *follow_page(struct vm_area_struct *vma,
#define FOLL_HWPOISON 0x100 /* check page is hwpoisoned */
#define FOLL_NUMA 0x200 /* force NUMA hinting page fault */
#define FOLL_MIGRATION 0x400 /* wait for page to replace migration entry */
+#define FOLL_COW 0x4000 /* internal GUP flag */
typedef int (*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr,
void *data);
diff --git a/mm/memory.c b/mm/memory.c
old mode 100755
new mode 100644
index bcde4a1..5331526
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1497,6 +1497,16 @@ int zap_vma_ptes(struct vm_area_struct *vma, unsigned long address,
}
EXPORT_SYMBOL_GPL(zap_vma_ptes);
+/*
+ * FOLL_FORCE can write to even unwritable pte's, but only
+ * after we've gone through a COW cycle and they are dirty.
+ */
+static inline bool can_follow_write_pte(pte_t pte, unsigned int flags)
+{
+ return pte_write(pte) ||
+ ((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte));
+}
+
/**
* follow_page_mask - look up a page descriptor from a user-virtual address
* @vma: vm_area_struct mapping @address
@@ -1604,7 +1614,7 @@ split_fallthrough:
}
if ((flags & FOLL_NUMA) && pte_numa(pte))
goto no_page;
- if ((flags & FOLL_WRITE) && !pte_write(pte))
+ if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags))
goto unlock;
page = vm_normal_page(vma, address, pte);
@@ -1911,7 +1921,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
*/
if ((ret & VM_FAULT_WRITE) &&
!(vma->vm_flags & VM_WRITE))
- foll_flags &= ~FOLL_WRITE;
+ foll_flags |= FOLL_COW;
cond_resched();
}
@@ -3913,8 +3923,18 @@ retry:
if (unlikely(pmd_none(*pmd)) &&
unlikely(__pte_alloc(mm, vma, pmd, address)))
return VM_FAULT_OOM;
- /* if an huge pmd materialized from under us just retry later */
- if (unlikely(pmd_trans_huge(*pmd)))
+ /*
+ * If a huge pmd materialized under us just retry later. Use
+ * pmd_trans_unstable() instead of pmd_trans_huge() to ensure the pmd
+ * didn't become pmd_trans_huge under us and then back to pmd_none, as
+ * a result of MADV_DONTNEED running immediately after a huge pmd fault
+ * in a different thread of this mm, in turn leading to a misleading
+ * pmd_trans_huge() retval. All we have to ensure is that it is a
+ * regular pmd that we can walk with pte_offset_map() and we can do that
+ * through an atomic read in C, which is what pmd_trans_unstable()
+ * provides.
+ */
+ if (unlikely(pmd_trans_unstable(pmd)))
return 0;
/*
* A regular pmd is established and it can't morph into a huge pmd
--
1.8.3.1
diff -Naur arch/arm/configs/trelte_00_defconfig .config
Code:
--- arch/arm/configs/trelte_00_defconfig 2016-03-01 17:00:22.000000000 +0700
+++ .config 2016-10-18 19:21:17.000000000 +0700
@@ -102,7 +102,8 @@
# CONFIG_TREE_RCU_TRACE is not set
# CONFIG_RCU_BOOST is not set
# CONFIG_RCU_NOCB_CPU is not set
-# CONFIG_IKCONFIG is not set
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=19
CONFIG_CGROUPS=y
CONFIG_CGROUP_DEBUG=y
@@ -391,7 +392,7 @@
CONFIG_RKP_DBLMAP_PROT=y
CONFIG_HYP_RKP=y
CONFIG_TIMA_RKP_30=y
-CONFIG_KNOX_KAP=y
+# CONFIG_KNOX_KAP is not set
CONFIG_TIMA_RKP_L1_TABLES=y
# CONFIG_TIMA_RKP_L2_TABLES is not set
# CONFIG_TIMA_RKP_DEBUG is not set
@@ -741,9 +742,23 @@
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_INET_UDP_DIAG is not set
-# CONFIG_TCP_CONG_ADVANCED is not set
+CONFIG_TCP_CONG_ADVANCED=y
+# CONFIG_TCP_CONG_BIC is not set
CONFIG_TCP_CONG_CUBIC=y
-CONFIG_DEFAULT_TCP_CONG="cubic"
+CONFIG_TCP_CONG_WESTWOOD=y
+# CONFIG_TCP_CONG_HTCP is not set
+# CONFIG_TCP_CONG_HSTCP is not set
+# CONFIG_TCP_CONG_HYBLA is not set
+# CONFIG_TCP_CONG_VEGAS is not set
+# CONFIG_TCP_CONG_SCALABLE is not set
+# CONFIG_TCP_CONG_LP is not set
+# CONFIG_TCP_CONG_VENO is not set
+# CONFIG_TCP_CONG_YEAH is not set
+# CONFIG_TCP_CONG_ILLINOIS is not set
+# CONFIG_DEFAULT_CUBIC is not set
+CONFIG_DEFAULT_WESTWOOD=y
+# CONFIG_DEFAULT_RENO is not set
+CONFIG_DEFAULT_TCP_CONG="westwood"
# CONFIG_TCP_MD5SIG is not set
CONFIG_IPV6=y
CONFIG_IPV6_PRIVACY=y
@@ -839,7 +854,7 @@
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
# CONFIG_NETFILTER_XT_TARGET_CT is not set
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
-# CONFIG_NETFILTER_XT_TARGET_HL is not set
+CONFIG_NETFILTER_XT_TARGET_HL=y
# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
CONFIG_NETFILTER_XT_TARGET_LOG=y
@@ -948,16 +963,16 @@
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_CONNTRACK_IPV6=y
CONFIG_IP6_NF_IPTABLES=y
-# CONFIG_IP6_NF_MATCH_AH is not set
-# CONFIG_IP6_NF_MATCH_EUI64 is not set
-# CONFIG_IP6_NF_MATCH_FRAG is not set
-# CONFIG_IP6_NF_MATCH_OPTS is not set
-# CONFIG_IP6_NF_MATCH_HL is not set
-# CONFIG_IP6_NF_MATCH_IPV6HEADER is not set
-# CONFIG_IP6_NF_MATCH_MH is not set
-# CONFIG_IP6_NF_MATCH_RPFILTER is not set
-# CONFIG_IP6_NF_MATCH_RT is not set
-# CONFIG_IP6_NF_TARGET_HL is not set
+CONFIG_IP6_NF_MATCH_AH=y
+CONFIG_IP6_NF_MATCH_EUI64=y
+CONFIG_IP6_NF_MATCH_FRAG=y
+CONFIG_IP6_NF_MATCH_OPTS=y
+CONFIG_IP6_NF_MATCH_HL=y
+CONFIG_IP6_NF_MATCH_IPV6HEADER=y
+CONFIG_IP6_NF_MATCH_MH=y
+CONFIG_IP6_NF_MATCH_RPFILTER=y
+CONFIG_IP6_NF_MATCH_RT=y
+CONFIG_IP6_NF_TARGET_HL=y
CONFIG_IP6_NF_FILTER=y
CONFIG_IP6_NF_TARGET_REJECT=y
CONFIG_IP6_NF_TARGET_REJECT_SKERR=y
@@ -987,39 +1002,39 @@
#
# Queueing/Scheduling
#
-# CONFIG_NET_SCH_CBQ is not set
+CONFIG_NET_SCH_CBQ=y
CONFIG_NET_SCH_HTB=y
-# CONFIG_NET_SCH_HFSC is not set
-# CONFIG_NET_SCH_PRIO is not set
+CONFIG_NET_SCH_HFSC=y
+CONFIG_NET_SCH_PRIO=y
# CONFIG_NET_SCH_MULTIQ is not set
# CONFIG_NET_SCH_RED is not set
# CONFIG_NET_SCH_SFB is not set
-# CONFIG_NET_SCH_SFQ is not set
+CONFIG_NET_SCH_SFQ=y
# CONFIG_NET_SCH_TEQL is not set
# CONFIG_NET_SCH_TBF is not set
# CONFIG_NET_SCH_GRED is not set
-# CONFIG_NET_SCH_DSMARK is not set
+CONFIG_NET_SCH_DSMARK=y
# CONFIG_NET_SCH_NETEM is not set
# CONFIG_NET_SCH_DRR is not set
# CONFIG_NET_SCH_MQPRIO is not set
# CONFIG_NET_SCH_CHOKE is not set
# CONFIG_NET_SCH_QFQ is not set
# CONFIG_NET_SCH_CODEL is not set
-# CONFIG_NET_SCH_FQ_CODEL is not set
-# CONFIG_NET_SCH_INGRESS is not set
+CONFIG_NET_SCH_FQ_CODEL=y
+CONFIG_NET_SCH_INGRESS=y
# CONFIG_NET_SCH_PLUG is not set
#
# Classification
#
CONFIG_NET_CLS=y
-# CONFIG_NET_CLS_BASIC is not set
+CONFIG_NET_CLS_BASIC=y
# CONFIG_NET_CLS_TCINDEX is not set
# CONFIG_NET_CLS_ROUTE4 is not set
-# CONFIG_NET_CLS_FW is not set
+CONFIG_NET_CLS_FW=y
CONFIG_NET_CLS_U32=y
# CONFIG_CLS_U32_PERF is not set
-# CONFIG_CLS_U32_MARK is not set
+CONFIG_CLS_U32_MARK=y
# CONFIG_NET_CLS_RSVP is not set
# CONFIG_NET_CLS_RSVP6 is not set
# CONFIG_NET_CLS_FLOW is not set
@@ -1036,7 +1051,7 @@
CONFIG_NET_ACT_GACT=y
# CONFIG_GACT_PROB is not set
CONFIG_NET_ACT_MIRRED=y
-# CONFIG_NET_ACT_IPT is not set
+CONFIG_NET_ACT_IPT=y
# CONFIG_NET_ACT_NAT is not set
# CONFIG_NET_ACT_PEDIT is not set
# CONFIG_NET_ACT_SIMP is not set
@@ -1438,7 +1453,6 @@
# CONFIG_BCACHE is not set
CONFIG_BLK_DEV_DM=y
# CONFIG_DM_DEBUG is not set
-CONFIG_DM_BUFIO=y
CONFIG_DM_CRYPT=y
# CONFIG_DM_SNAPSHOT is not set
# CONFIG_DM_THIN_PROVISIONING is not set
@@ -1450,7 +1464,7 @@
# CONFIG_DM_DELAY is not set
# CONFIG_DM_UEVENT is not set
# CONFIG_DM_FLAKEY is not set
-CONFIG_DM_VERITY=y
+# CONFIG_DM_VERITY is not set
# CONFIG_TARGET_CORE is not set
# CONFIG_FUSION is not set
@@ -1467,7 +1481,7 @@
# CONFIG_EQUALIZER is not set
# CONFIG_NET_FC is not set
CONFIG_MII=y
-# CONFIG_IFB is not set
+CONFIG_IFB=y
# CONFIG_NET_TEAM is not set
# CONFIG_MACVLAN is not set
# CONFIG_VXLAN is not set
@@ -4524,8 +4538,9 @@
# CONFIG_SECURITY_PATH is not set
CONFIG_LSM_MMAP_MIN_ADDR=4096
CONFIG_SECURITY_SELINUX=y
-# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set
-# CONFIG_SECURITY_SELINUX_DISABLE is not set
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1

Well done. Working good so far.
What sources did you use?

dicksteele said:
Well done. Working good so far.
What sources did you use?
Click to expand...
Click to collapse
He said" This is built from the latest Samsung standard source"

zealjibia said:
He said" This is built from the latest Samsung standard source"
Click to expand...
Click to collapse
I understand that. N910CXXU2DPI7 appears to be the latest. Which is why my question was simply, which one did he use, to verify that was it.

dicksteele said:
I understand that. N910CXXU2DPI7 appears to be the latest. Which is why my question was simply, which one did he use, to verify that was it.
Click to expand...
Click to collapse
Yes, correct. I used the latest vanilla Samsung sources N910CXXU2DPI7. You can download them directly from Samsung. I've supplied the patch and the config diff, so everyone can precisely replicate the linked binary kernel version if they wish.

dl12345 said:
Yes, correct. I used the latest vanilla Samsung sources N910CXXU2DPI7. You can download them directly from Samsung. I've supplied the patch and the config diff, so everyone can precisely replicate the linked binary kernel version if they wish.
Click to expand...
Click to collapse
Excellent thanks. I've downloaded and getting compile errors. But I've been on travel for the past couple of weeks and my brains is not completely functioning.

dicksteele said:
Excellent thanks. I've downloaded and getting compile errors. But I've been on travel for the past couple of weeks and my brains is not completely functioning.
Click to expand...
Click to collapse
If it helps to know, I use the android ndk 13 toolchain. Here are two files that I use, the first to setup the environment, the second to build the kernel. My NDK is installed in /opt/android/android-ndk-r13
/opt/android/setvars.sh
Code:
#!/bin/bash
NDKARCH="arm-linux-androideabi"
NDKARCHVER="4.9"
NDKVER="r13"
NDKBASE="/opt/android/android-ndk"
NDK="${NDKBASE}-${NDKVER}"
export NDKBIN="${NDK}/toolchains/${NDKARCH}-${NDKARCHVER}/prebuilt/linux-x86_64/bin"
export CROSS_COMPILE="${NDKARCH}-"
export ARCH=arm
export SUBARCH=arm
RE=".*${NDK}.*[:]*"
if [[ ! ${PATH} =~ ${RE} ]] ; then
export PATH="$PATH:${NDKBIN}"
elif [[ ${PATH} =~ ${RE} ]]; then
export PATH=$(echo $PATH | awk -F':' \
"{ \
i = 1; \
for (i = 1; i <= NF; i++) { \
if (\$i !~ /android-ndk/) printf \"%s\", \$i; \
else printf \"%s\", \"${NDKBIN}\"; \
if ( i < NF) printf \":\"; \
}; \
}")
fi
echo CROSS_COMPILE=$CROSS_COMPILE
echo PATH=$PATH
/opt/android/note4/src/kernel/build_kernel.sh
Code:
#!/bin/bash
. /opt/android/setvars.sh
export KBUILD_BUILD_USER=dl12345
export KBUILD_BUILD_HOST=xda
set -x
make -j16 ARCH=arm KBUILD_USER=$KBUILD_BUILD_USER KBUILD_BUILD_HOST=$KBUILD_BUILD_HOST $1
make ARCH=arm exynos5433-tre_eur_open_16.dtb

dl12345 said:
If it helps to know, I use the android ndk 13 toolchain. Here are two files that I use, the first to setup the environment, the second to build the kernel. My NDK is installed in /opt/android/android-ndk-r13
/opt/android/setvars.sh
Code:
#!/bin/bash
NDKARCH="arm-linux-androideabi"
NDKARCHVER="4.9"
NDKVER="r13"
NDKBASE="/opt/android/android-ndk"
NDK="${NDKBASE}-${NDKVER}"
export NDKBIN="${NDK}/toolchains/${NDKARCH}-${NDKARCHVER}/prebuilt/linux-x86_64/bin"
export CROSS_COMPILE="${NDKARCH}-"
export ARCH=arm
export SUBARCH=arm
RE=".*${NDK}.*[:]*"
if [[ ! ${PATH} =~ ${RE} ]] ; then
export PATH="$PATH:${NDKBIN}"
elif [[ ${PATH} =~ ${RE} ]]; then
export PATH=$(echo $PATH | awk -F':' \
"{ \
i = 1; \
for (i = 1; i <= NF; i++) { \
if (\$i !~ /android-ndk/) printf \"%s\", \$i; \
else printf \"%s\", \"${NDKBIN}\"; \
if ( i < NF) printf \":\"; \
}; \
}")
fi
echo CROSS_COMPILE=$CROSS_COMPILE
echo PATH=$PATH
/opt/android/note4/src/kernel/build_kernel.sh
Code:
#!/bin/bash
. /opt/android/setvars.sh
export KBUILD_BUILD_USER=dl12345
export KBUILD_BUILD_HOST=xda
set -x
make -j16 ARCH=arm KBUILD_USER=$KBUILD_BUILD_USER KBUILD_BUILD_HOST=$KBUILD_BUILD_HOST $1
make ARCH=arm exynos5433-tre_eur_open_16.dtb
Click to expand...
Click to collapse
This helps thanks a ton. I've really never attempted to compile a kernel for android. That's my last frontier.
I've done Linux over 10 years ago, I've just been content with using others.
They've all been great, but the only thing that was missing was the Revoke USB debugging authorizations on most of the custom ones.
I'd have to flash back to stock if ADB lost its mind and wouldn't recognize the phone.
Good stuff, great work. Much appreciation. Hope you stick around !

If you want to use ADB on this kernel and you're booting with SELinux in enforcing mode, you'll need to first run a terminal and execute
Code:
$ su
# setenforce 0
If you don't do this, ADB will appear not to work or even recognize the device.
When you're done, just setenforce 1 again. Of course, depending on how your ramdisk is setup, this may not be necessary but it's worth knowing if you run into apparent problems with ADB.

dl12345 said:
If you want to use ADB on this kernel and you're booting with SELinux in enforcing mode, you'll need to first run a terminal and execute
Code:
$ su
# setenforce 0
If you don't do this, ADB will appear not to work or even recognize the device.
When you're done, just setenforce 1 again. Of course, depending on how your ramdisk is setup, this may not be necessary but it's worth knowing if you run into apparent problems with ADB.
Click to expand...
Click to collapse
ADB usually works fine. After reflashing and moving to a new machine ADBKeys is usually hosed.
So Revoke USB debugging authorizations is not under Developer Options to reset under some kernels, but it is under stock and it was after I applied yours. Which was cool.
It doesn't happen a lot just enough to be annoying.

This is nice.. @dl12345 I suggest make a flashable kernel..
Im not seeing any updated kernel right now specially for n910c device,.. no more kernel devs

radz_ said:
This is nice.. @dl12345 I suggest make a flashable kernel..
Im not seeing any updated kernel right now specially for n910c device,.. no more kernel devs
Click to expand...
Click to collapse
[KERNEL][PI7 v1.5][6.0.1][TW] talexop - Note4 N910C Permissive
N910C_PI7_6.0.1_talexop_v1.5.zip
Came out Nov 2
Hoping sources will be out soon

The thing with a flashable kernel is that everyone has a different ramdisk, so making something that fits all sizes is tricky. I figured it better to just let people use their existing ramdisk and so they won't notice any real change, regardless of the ROM they're using.

dl12345 said:
The thing with a flashable kernel is that everyone has a different ramdisk, so making something that fits all sizes is tricky. I figured it better to just let people use their existing ramdisk and so they won't notice any real change, regardless of the ROM they're using.
Click to expand...
Click to collapse
I saw your post in talexop's thread... are you able to confirm if dm verity is disabled with Permissive?
Im not really satisfied with systemless root, i want system mode root.. but it requires custom kernel with dm verity disabled.
http://forum.xda-developers.com/app...LX5SBEoShv5AasiQg&sig2=4Ak_z3p5coQU3YK0NY8aYw

radz_ said:
I saw your post in talexop's thread... are you able to confirm if dm verity is disabled with Permissive?
Im not really satisfied with systemless root, i want system mode root.. but it requires custom kernel with dm verity disabled.
http://forum.xda-developers.com/app...LX5SBEoShv5AasiQg&sig2=4Ak_z3p5coQU3YK0NY8aYw
Click to expand...
Click to collapse
Flashed the talexop kernel, then the system mode supersu. Both worked fine together

radz_ said:
I saw your post in talexop's thread... are you able to confirm if dm verity is disabled with Permissive?
Im not really satisfied with systemless root, i want system mode root.. but it requires custom kernel with dm verity disabled.
http://forum.xda-developers.com/app...LX5SBEoShv5AasiQg&sig2=4Ak_z3p5coQU3YK0NY8aYw
Click to expand...
Click to collapse
Yes, CONFIG_DM_VERITY is disabled on this kernel as is CONFIG_KNOX_KAP. I run this kernel in enforcing mode (you can switch SELinux on or off with a boot command line parameter, or with the setenforce command).

dicksteele said:
Flashed the talexop kernel, then the system mode supersu. Both worked fine together
Click to expand...
Click to collapse
Oh nice... thanks for the confirmation mate.
For now I went back to stock, talexop kernel has wifi issue.. hoping for a fix soon..

radz_ said:
Oh nice... thanks for the confirmation mate.
For now I went back to stock, talexop kernel has wifi issue.. hoping for a fix soon..
Click to expand...
Click to collapse
I compiled a kernel and mine is doing the same thing. But I think I found the fix. I hope. Kernel's running good I think.
But it's my first one ever and I'm still tickering with things.
It will be 70-80% stock. IF I release it it won't be until the end of the month at least.

dicksteele said:
I compiled a kernel and mine is doing the same thing. But I think I found the fix. I hope. Kernel's running good I think.
But it's my first one ever and I'm still tickering with things.
It will be 70-80% stock. IF I release it it won't be until the end of the month at least.
Click to expand...
Click to collapse
These are all ramdisk related problems, and one of the reasons I just posted a link to a kernel rather than full boot image.
This wifi issue is a known problem caused by using secure_storage with a custom kernel or ROM. Your default.prop in your ramdisk should turn off securestorage
Code:
ro.securestorage.support=false
I'd also suggest the following edits in default.prop which are related to adb. Just search them here on XDA. There's lots of info
Code:
ro.secure=0
persist.service.adb.enable=1
persist.service.debuggable=1
ro.debuggable=1
ro.adb.secure=0
persist.sys.usb.config=mtp,adb

dl12345 said:
Yes, CONFIG_DM_VERITY is disabled on this kernel as is CONFIG_KNOX_KAP. I run this kernel in enforcing mode (you can switch SELinux on or off with a boot command line parameter, or with the setenforce command).
Click to expand...
Click to collapse
I do not think you can change to enforcing... It is only permissive. Are you sure it changed?
---------- Post added at 10:47 ---------- Previous post was at 10:45 ----------
dl12345 said:
These are all ramdisk related problems, and one of the reasons I just posted a link to a kernel rather than full boot image.
This wifi issue is a known problem caused by using secure_storage with a custom kernel or ROM. Your default.prop in your ramdisk should turn off securestorage
Code:
ro.securestorage.support=false
I'd also suggest the following edits in default.prop which are related to adb. Just search them here on XDA. There's lots of info
Code:
ro.secure=0
persist.service.adb.enable=1
persist.service.debuggable=1
ro.debuggable=1
ro.adb.secure=0
persist.sys.usb.config=mtp,adb
Click to expand...
Click to collapse
Bump

Why can't I compile the msm android kernel?

I've been stuck at this for more than a week, so I'd appreciate any help.
What am I trying to do? (you can skip this part if you want)
I'm trying to do android kernel exploitation. That's not my current problem though. To learn kernel exploitation, I need to be able to get a version of android that is vulnerable to a certain vulnerability. So here's what I'm doing:
1. Going here to select a CVE that I want to learn how to exploit
2. After selecting a CVE, I need to select a build that is vulnerable to that CVE from here
3. Now that I have chosen a build (QQ3A.200805.001 in my case), I note its branch name (android-10.0.0_r41 in my case)
4. Now I need to be able to run this build in the android emulator (qemu) once as a production build, and once with KASAN+KCOV+debugging symbols for gdb
Before I begin, I'm following these guides:
1. https://source.android.com/devices/tech/debug/kasan-kcov
2. https://source.android.com/setup/build/building-kernels-deprecated
3. Google
My Setup:
I did this to download everything I need:
Bash:
git clone https://android.googlesource.com/kernel/msm
cd msm
git fetch --all --tags --prune
git checkout remotes/origin/android-msm-coral-4.14-android10
cd ..
mkdir AOSP
cd AOSP
repo init -u https://android.googlesource.com/platform/manifest
repo sync -j`nproc`
repo init -b android-10.0.0_r41
repo sync -j`nproc`
cd ..
When I went to the AOSP directory and tried compiling with:
Bash:
source ./build/envsetup.sh
lunch aosp_flame-userdebug # For the Pixel 4
m
It compiled in 4 hours, but it worked.
My First Issue:
I then created this bash script in the main folder to try to compile the msm kernel normally (without KASAN/KCOV):
Bash:
###########
# Params: #
###########
ARCH=arm64
CONFIG=cuttlefish_defconfig
###########
# Script: #
###########
read -p "Compile with clang instead of gcc? [y/N] " USE_CLANG
if [ $USE_CLANG == y ] || [ $USE_CLANG == Y ]; then
COMPILER=clang
CC_PATH=$(pwd)/AOSP/prebuilts/clang/host/linux-x86/clang-r346389c/bin/
else
COMPILER=gcc
CC_PATH=$(pwd)/AOSP/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin/
export CROSS_COMPILE=aarch64-linux-android-
fi
export ARCH=$ARCH
export PATH=$PATH:$CC_PATH
cd msm
make clean
make distclean
make $CONFIG
make CC=$COMPILER
When I run it with GCC, I get bombarded with depreciation warnings and I get an error:
Code:
Android GCC has been deprecated in favor of Clang, and will be removed from
Android in 2020-01 as per the deprecation plan in:
https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86/+/master/GCC_4_9_DEPRECATION.md
...
Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: -fstack-protector-strong not supported by compiler
When I run it with clang, I also get a ton of warnings and this error:
Code:
./arch/arm64/include/asm/stack_pointer.h:8:51: error: register 'sp' unsuitable for global register variables on this target
register unsigned long current_stack_pointer asm ("sp");
...
In file included from ./include/linux/kvm_host.h:14:
./include/linux/signal.h:81:11: warning: array index 3 is past the end of the array (which contains 1 element) [-Warray-bounds]
return (set->sig[3] | set->sig[2] |
Full outputs for the script can be found here (for gcc) and here (for clang). Basically my first issue is that I don't know why I'm getting these compilation errors. So any suggestions would be greatly appreciated.
My Second Issue:
Now, I am checking out the remotes/origin/android-msm-coral-4.14-android10 branch in the msm repo, but I think this isn't the way to go because I need the kernel version that corresponds to a certain build/branch (QQ3A.200805.001 or android-10.0.0_r41 in my case). I think I need to build the exact version that is precompiled in the AOSP repository.
For example, if I go to the AOSP/device/google/coral directory, and run git log, I get something like this:
Code:
commit 62d311ad7cfc3e76a5278634427596462069b44d (HEAD, tag: android-10.0.0_r41, tag: m/android-10.0.0_r41, aosp/android10-qpr3-release)
Merge: 7b91fff 0657c80
Author: android-build-team Robot <[email protected]>
Date: Wed Jun 10 23:45:11 2020 +0000
Merge cherrypicks of [11827366, 11829660, 11829049, 11829662, 11829647, 11829300, 11826697, 11829719, 11829051, 11829663, 11829664, 11829838, 11829052, 11829472, 11829586] into qt-qpr3-release
Change-Id: Ic126de75c24133f8d43df7c9d8f09059a9ca8089
commit 0657c80f016720f70ed6f9618f928a30e71f2b79
Author: wenchangliu <[email protected]>
Date: Tue Mar 24 18:11:18 2020 +0800
coral: Add seccomp policy for Codec2 process
Add seccomp policy for Codec2 process.
Bug: 149511958
Test: adb shell killall media.hwcodec
Change-Id: Iab64bd42ead0c5a27769a757007282c2dddf911d
(cherry picked from commit 3628a510a808a52c4ebf69958a8343928e5df3f2)
(cherry picked from commit 45a6093f3d085ca2a531c2607bd12dbc1eff6bf9)
commit 7b91fffc14afb41cf14772566272c72b37c36785
Merge: 2e7f1a3 e8c9484
Author: android-build-team Robot <[email protected]>
Date: Wed Jun 10 00:37:23 2020 +0000
...
Link for this exact commit/tag can be found here. However, there is no android-10.0.0_r41 tag in the msm source repo, so I don't know which version of the msm repo corresponds to the prebuilt one in the AOSP directory. And.. I don't know where to start looking tbh.
Any help is greatly appreciated.