Special build options for Android 11 on SECO boards - SOLON (formerly SBC-C31)
Android distribution prepared by SECO includes some specific settings to improve system access for our customers, to allow them to control the system, configure it and interact with every peripheral present on the board. This page contains information on those settings and how to enable them.
Root access
In a standard Android distribution, several subsystems and mechanisms can be only obtained by root application. Typically, this requires the applications to be built with the system, with dedicated settings and permissions. An alternative is known as “rooting”, which requires installing a prebuilt application on the system, whose role is giving root access to specific user applications.
We prefer an approach where the code is under our control. For this reason, we integrated an easier root mechanism, based on the very same client-daemon concept, but reduced to the basic, shared in source code.
How to enable
In order to integrate root access in the system, it is sufficient to add the following definition in the board-specific BoardConfig.mk file (e.g. myAndroid/device/seco/rk3399/c31_rk3399_Android11)
BOARD_USES_ROOTED_SU := true
and rebuild the system image.
Notes
This setting is very dangerous as it allows everyone to launch commands as root. For this reason, we do not define it in standard builds, and require the customer to explicitly enable it.
Automatic permissions for applications
For security reasons, android applications need to require specific permissions to interact with several devices and subsystems. While this is correct for applications written for generic android devices, it can be problematic for applications born for a well-known and controlled environment (as embedded android systems usually are). For this reason, we introduced a service, permallow, whose goal is to allow any required permission to freshly installed applications.
How to enable
In order to integrate permallow in the system, it is sufficient to add the following definition in the board-specific BoardConfig.mk file (e.g. myAndroid/device/seco/rk3399/c31_rk3399_Android11)
BOARD_USES_PERMALLOW := true
and rebuild the system image.
Notes
This setting is very dangerous, as no control is maintained on permissions granted to applications installed. For this reason, we do not define it in standard builds, and require the customer to explicitly enable it.