Using host /etc/hosts in AlienDalvik/AndroidAppSupport (AD/AAS) via bind mount on SFOS 4.5

General
#1

[DISCLAIMER]
have no idea if this interferes with system updates!
[/DISCLAIMER]
I see 2 ways to get the /etc/hosts file to be used in AD/AAS.

  1. Add the script /usr/libexec/appsupport/alien-generate-extra-config.sh
    with this:
    lxc.mount.entry = /etc/hosts system/etc/hosts none bind,create=file 0 0. Make it executable. Didn't test this one, though.
  2. Patch /usr/libexec/appsupport/prepare-aliendalvik.sh. After …"$CONTAINER_CONFIG_PATH/10-bsp_config" put echo “lxc.mount.entry = /etc/hosts system/etc/hosts none bind,create=file 0 0” >> “$CONTAINER_CONFIG_PATH/10-bsp_config” This has been used by several people, including me.
Don't forget to restart AD/AAS.
Verify:
devel-su appsupport-attach cat /etc/hosts
(this changed in 4.5, see https://docs.sailfishos.org/Develop/Platform/Testing_Advice/#android-apps)
references:
sfos-4-5-feedback-thread: #229, #256
Patch (I hope there wasn't loss characters...):
--- /usr/libexec/appsupport/prepare-aliendalvik.org.sh  2023-01-25 20:52:12.000000000 +0000
+++ /usr/libexec/appsupport/prepare-aliendalvik.sh      2023-02-11 23:47:29.737036812 +0000
@@ -121,6 +121,7 @@
 /usr/libexec/appsupport/alien-generate-rootfs-config.sh "$CONTAINER_CONFIG_PATH/40-rootfs_config"
 
 /usr/libexec/appsupport/appsupport-generate-config --type lxc --user-id "$ALIEN_USER_ID" --instance "$INSTANCE_NAME" --base-uid "$ALIEN_BASE_UID" "$CONTAINER_CONFIG_PATH/10-bsp_config" || exit 32
+echo "lxc.mount.entry = /etc/hosts system/etc/hosts none bind,create=file 0 0" >> "$CONTAINER_CONFIG_PATH/10-bsp_config"
 
 /usr/libexec/appsupport/alien-generate-net-config.sh $PRIVILEGED "$CONTAINER_CONFIG_PATH/30-net_config"
8 Likes
How to add root SSL certificate to Android subsystem
#2

I’ve been using method 2 for a few days, works like a charm. Thank you!

#4

We used to be able to block ads by editing the DNS (setting up AdGuard DNS, for example) in the Android settings. It seems like this is not working anymore. What happened with that option?

#5

Have you considered Blokada?

1 Like
#6

Not necessary for now. I’m blocking the ads in the browser, but I’m just curious to know what happened with that option.

#7

Thank you. Method Nr. 2 has worked and considering what it does, method Nr. 1 cannot work ( lxc.mount.entry is not a command; it’s a config setting).

#8

You have a wrong character for quotes under 2. I copied directly, instead of using the patch file and it didn’t work, until I changed the quotes. Otherwise it works great, thanks.

2 Likes
#9

My old solution apparently didn’t work anymore, and I feel a little uncomfortable editing system executables esp. under /usr/lib, so I took some time to investigate.

Looking at /usr/libexec/appsupport/prepare-aliendalvik.sh I find the following towards the end ofthe file:

if [ -f /usr/libexec/appsupport/alien-generate-extra-config.sh ]; then
    /usr/libexec/appsupport/alien-generate-extra-config.sh $INSTANCE_NAME $CONTAINER_CONFIG_PATH
fi

# This needs to be after all the config generation scripts have run
for CONFIG_FILE in $(ls -1 $CONTAINER_CONFIG_PATH/*_config | sort); do
    echo "lxc.include = $CONFIG_FILE" >> $CONTAINER_CONFIG_AGGREGATE_FILE
done

/usr/libexec/appsupport/alien-generate-extra-config.sh does not exist, so I presume its purpose is to add user customisation.

I created it and made it executable, with the following content:

#!/bin/sh

echo ">>> $0" >&2
echo ">>> \$1 $1" >&2
echo ">>> \$2 $2" >&2

[ "$#" -gt 1 ] && shift

echo "lxc.mount.entry = /etc/hosts system/etc/hosts none bind,create=file 0 0" > "$1/29-hosts_config"

About [ "$#" -gt 1 ] && shift:

$INSTANCE_NAME is usually empty, and not quoted, which is why $CONTAINER_CONFIG_PATH is passed to the script as the first argument and not the second.

Considering that $INSTANCE_NAME might not be empty in some scenario, this sort of shifting is required.

This could have been avoided by simply quoting the variables or changing the order around, but as I said, I prefer not to dig around in there.

Anyhow, as it is, it should be stable enough.

I tested with an Android browser without adblocking, with some sites from /etc/hosts, connection is refused, as it should be.

4 Likes
[Privacy] Preventing Android App Support from importing personal data like contacts
#10

Version 4.6 changed many things about appsupport and none of previously mentioned methods work anymore. It can be simply fixed by creating the following script in /etc/appsupport.conf.d/init/prepare-hook.d/ (you might need to create the directory) and don’t forget to make it executable.

# cat /etc/appsupport.conf.d/init/prepare-hook.d/50-etc-hosts.sh

#!/bin/sh

echo "lxc.mount.entry = /etc/hosts system/etc/hosts none bind,create=file 0 0" > "${CONTAINER_CONFIG_PATH}/29-hosts_config"

Other modifications are not necessary, so reinstalling appsupport should not break anything.

4 Likes
#11

Noticed that it is different in 4.6, but didn’t investigate, as I don’t need it ATM.
Nice!
Did you try to put it in /etc/appsupport.conf.d/mount-hooks/?
(on my test device (XA2), init in your path, as you suggested, doesn’t exist, just in case there are differences…)
Thanks

#12

I quickly checked the mount-hooks directory and the script does get executed (not sure when) but the environment variable CONTAINER_CONFIG_PATH is not set in that case.

On my phone the path didn’t exist either so I created it. But based on scripts in /opt/appsupport/init/ there is a line in appsupport_run_hook_scripts():

    # Then run possible user hooks
    appsupport_run_hook_script "/etc/appsupport.conf.d/init/$1" "user "

By checking where the function is used I guessed that /etc/appsupport.conf.d/init/ is supposed to mirror the structure of /opt/appsupport/init/.

I’m currently content with this solution so I won’t be exploring too much other posibilities.

1 Like