Ubuntu
livecd-rootfs package

system group creation for android container device access needs to move out of the build scripts

Bug #1187750 reported by Oliver Grawert
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
livecd-rootfs (Ubuntu)
New
High
Unassigned

Bug Description

currently live-build/ubuntu-touch/hooks/02-add_user_to_groups.chroot has a hardcoded way of creating system groups for android device access in ubuntu-touch. since we want to build images for arches that are not necessarily using the android layer in the future this functionality needs to move into a postinst script of the lxc-android-config package instead.

in android kernel, drivers and binary userspace tools are using a hardcoded GID -> groupname mapping to manage device access
http://paste.ubuntu.com/5735451/ has the full list of group mapping to GIDs

it currently seems like we have to have at least a minimal set of these groups on the ubuntu side to have sockets and /dev entries mapped to the hardcoded GIDs the android side expects for granting access.

when discussing this migration the foundations team had massive concerns about using such a hardcoded mapping on the ubuntu side. while this bug is easily fixed by moving the script to the right package, further discussion is needed to find a conceptual solution that suits all parties and does not break devcie access and socket communication with android services.

Revision history for this message
Oliver Grawert (ogra) wrote :

subscribed canonical-foundations and the phone foundations teams since this requires discussion across both

Changed in livecd-rootfs (Ubuntu):
importance: Undecided → High
Revision history for this message
Colin Watson (cjwatson) wrote :

The stuff with changing the audio group's gid is particularly egregious. That will break as soon as the base-passwd package is upgraded. You must not ever change the gid of a global static group.

Revision history for this message
Colin Watson (cjwatson) wrote :

What interfaces does the Android side use to detect the calling group IDs? If there's any way to interpose some kind of shim there, that would be far preferable to a scheme requiring the group IDs to match between Android and Ubuntu; not least because the group IDs used here are all in the range reserved for use by users.

Changed in livecd-rootfs (Ubuntu):
status: New → Triaged
Revision history for this message
Stéphane Graber (stgraber) wrote :

Why was the audio group's gid changed? My understanding is that the Android kernel has hardcoded GIDs, not hardcoded names, so if we have to use those, we could certainly prefix the group names on the Ubuntu side to avoid name collision.

However, I agree with Colin that having those in the range reserved for user groups is problematic. One solution would be to move the user range to higher values (making the user/group IDs on touch devices start at 10000) which would avoid any potential clash but would lead to a difference in uids/gids between standard ubuntu and ubuntu touch.

Revision history for this message
Stéphane Graber (stgraber) wrote :

It may also be a good idea not to actually add all those groups to the system group list, but instead use something like libnss-extrausers in the nss stack to have a cleanly separate list of groups that's simply stacked on top of the system's by nss.

Revision history for this message
Steve Langasek (vorlon) wrote : Re: [Bug 1187750] Re: system group creation for android container device access needs to move out of the build scripts

On Wed, Jun 05, 2013 at 12:16:05PM -0000, Colin Watson wrote:
> What interfaces does the Android side use to detect the calling group
> IDs?

My understanding is that these are not *detected* at all, but are instead
hard-coded in various kernel drivers. Hence the hard-coding also on the
userspace side.

Revision history for this message
Oliver Grawert (ogra) wrote :

http://android-dls.com/wiki/index.php?title=Android_UIDs_and_GIDs has the required mapping for the commonly used android groups

Revision history for this message
Oliver Grawert (ogra) wrote :

(that should be the most minimal list vs the full list pasted in the bug description)

Sergio Schvezov (sergiusens)
Changed in livecd-rootfs (Ubuntu):
status: Triaged → In Progress
Mathew Hodson (mhodson)
Changed in livecd-rootfs (Ubuntu):
status: In Progress → New
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.