Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No android secured screen in Android 12 #34

Open
khaledAbbasExperitest opened this issue Dec 15, 2021 · 8 comments
Open

No android secured screen in Android 12 #34

khaledAbbasExperitest opened this issue Dec 15, 2021 · 8 comments

Comments

@khaledAbbasExperitest
Copy link

What is the issue or idea you have?

Have you tried STF?

Using latest JNI update
I am still unable to get secured screens(for example, changing pin code)
This behavior is only happening on Android 12 devices
@JesseCodeBones
Copy link

JesseCodeBones commented Feb 6, 2022
edited
Loading

from my information, visual display for secure screen only available for SYSTEM PROCESS from Android 12.
@khaledAbbasExperitest

@hyeongminju
Copy link

hyeongminju commented Feb 10, 2022
edited
Loading

@JesseCodeBones
@khaledAbbasExperitest

Anybody change this code about secure flag?
/jni/minicap-shared/aosp/src/minicap_31.cpp

// Create virtual display.
MCINFO("Creating virtual display");
mVirtualDisplay = android::SurfaceComposerClient::createDisplay(
  /* const String8& displayName */  android::String8("minicap"),
  /* bool secure */                 false // i think the secure flag that have to change true. 
);

but i could not build for aosp part.

here is my logs

mkdir -p libs/android-31/armeabi-v7a
docker run --rm
-a stdout -a stderr
-v /media/aosp/android-12.0.0_r2:/aosp
-v /Users/1004676/stf/minicap/jni/minicap-shared/aosp/:/app
-v /Users/1004676/stf/minicap/jni/minicap-shared/aosp/libs/android-31/armeabi-v7a:/artifacts
openstf/aosp:jdk8 /aosp.sh build aosp_arm-eng minicap
/aosp.sh: line 110: build/envsetup.sh: No such file or directory
make: *** [libs/android-31/armeabi-v7a/minicap.so] Error 1

i need help.

@varundtsfi
Copy link
Collaborator

Hi @hyeongminjum, @koral-- and @JesseCodeBones
I am working on it. Will provide you the data soon. It's taking time while building.

@varundtsfi
Copy link
Collaborator

Due to some urgency I was not able to build it but tonight with above changes I will build and share the result soon.

@varundtsfi
Copy link
Collaborator

Hi @hyeongminjum, @koral-- and @JesseCodeBones

I have build the OS with bool secure */ true,
Can you give it a try. I have attached the file with names mincap.zip. Download it and rename it to minicap.so.
minicap.zip

@hyeongminju
Copy link

hi @varundtsfi
thanks for you works.
i download and rename file(minicap.zip -> minicap.so)
then i try test (ABI = arm64-v8a // sdk = 31 )
but, i can not get secure stream. so, do i something wrong?

@varundtsfi
Copy link
Collaborator

HI @hyeongminju sorry for the delay

that means It is not working with the suggestion which you have suggested
mVirtualDisplay = android::SurfaceComposerClient::createDisplay(
/ const String8& displayName / android::String8("minicap"),
/ bool secure / false // i think the secure flag that have to change true.
);

Even If you try Chrome in incognito mode in any Android 12 version device, This solution will not work even the Video Streaming too. Google Have applied some restriction on display.

Right now I am working on Android 13 if I will get the time, I will again try this.
Thank you

@childnode
Copy link

childnode commented Jan 25, 2023
edited
Loading

UPDATE: IT IS IMPOSSIBLE TO "FIX" (bypass) this system security feature

tl;dr: @JesseCodeBones said it a year ago - only System (Services) are allowed to, but minicap in userland is not

reading discussion Genymobile/scrcpy#2129 again (see also Genymobile/scrcpy#36 )

the relevant one is: SurfaceFlinger: Only privileged processes can create a secure display

wether you set this flag or not, it is ignored!

see also same same on AWS DeviceFarm

since no third party gets privileged process access!!

see also
https://developer.android.com/guide/topics/permissions/overview
https://source.android.com/docs/core/permissions/perms-allowlist
https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/permission/Permissions.md#privileged-permissions

somehow perhaps there is a way via a custom work DPC but I don't see anything at first glance and I would be wondering beeing the first digging there
https://developers.google.com/android/work/requirements

so, no @khaledAbbasExperitest . unless you get root / customRom you will get the black screen by security-design!

WE CAN FINALLY CLOSE THIS AS "CAN'T BE SOLVED"

related to Genymobile/scrcpy#3323 > Genymobile/scrcpy#2129

#34 (comment) > Genymobile/scrcpy@3183d33
Genymobile/scrcpy@1fdde49#diff-1f17a0a1d204db8634ad7c994f1da34d4c9fb9484bca3289e2a5f22ddaaa78d6

They create a "secure" display

scrcpy android 12 too this in 1.18

Add support for Android 12 (Genymobile/scrcpy#2129, Genymobile/scrcpy#2402)

-even I don't understand anything of this code :D perhaps this helps to fix it in minicap too? -

and that's where @varundtsfi comment comes in back and is absolutely the correct answer:

/ bool secure / false // i think the secure flag that have to change true.

but looks like it is fixed in #29 isn't it?

🎉 eba5a1f missed to be added in https://github.com/DeviceFarmer/minicap/blob/master/Makefile so even in 2.7.1 prebuild https://yarnpkg.com/package/@devicefarmer/minicap-prebuilt?files android-31 is missing

This was referenced Jan 25, 2023
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@childnode @hyeongminju @varundtsfi @khaledAbbasExperitest @JesseCodeBones