Emulator Modification in /system/ for Debugging Purposes #

[sdfgsdfgd]

We have a prod build that we would like to divert some connections to our backend server at yyy.com lets say, we want to divert requests from the backend to a ktor server on device (localhost), a diversion easily achievable via DNS server or something like that (maybe also requiring SSL termination, a custom CA cert, for which we'd need to create the cert inside /system/etc/security/cacerts/...

For this we would need a readable and modifiable /system/

This is very easily achievable on local emulator ! But it doesn't work with the Git Actions this repo provides. Is the problem with the avd manager ? I don't think so, it's achievable on local.

On Local:

1. Start it with :

emulator -avd Pixel_3a_API_34_extension_level_7_arm64-v8a -writable-system

2. Run

adb root && adb shell "remount" && adb shell "mount" | grep system

3. Observe /system/ and /system/etc/security/cacerts are now visible and writable

adbd is already running as root
Successfully disabled verity
Remounted /system as RW
Remounted /vendor as RW
Remounted /product as RW
Remounted /system_dlkm as RW
Remounted /system_ext as RW
Remount succeeded
/dev/block/dm-1 on /system_dlkm type erofs (ro,seclabel,relatime,user_xattr,acl,cache_strategy=readaround)
/dev/block/dm-2 on /system_ext type ext4 (ro,seclabel,relatime)
overlay on /system type overlay (rw,seclabel,noatime,lowerdir=/system,upperdir=/mnt/scratch/overlay/system/upper,workdir=/mnt/scratch/overlay/system/work,userxattr,override_creds=off)
overlay on /system_dlkm type overlay (rw,seclabel,noatime,lowerdir=/system_dlkm,upperdir=/mnt/scratch/overlay/system_dlkm/upper,workdir=/mnt/scratch/overlay/system_dlkm/work,userxattr,override_creds=off)
overlay on /system_ext type overlay (rw,seclabel,noatime,lowerdir=/system_ext,upperdir=/mnt/scratch/overlay/system_ext/upper,workdir=/mnt/scratch/overlay/system_ext/work,userxattr,override_creds=off)

On Git Actions, android-emulator-runner:

name: ADB Commands Test

on: [push]

jobs:
  test:
    runs-on: macos-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Set up JDK 11
        uses: actions/setup-java@v2
        with:
          java-version: '11'
          distribution: 'adopt'

      - name: Start emulator
        uses: reactivecircus/android-emulator-runner@v2
        with:
          api-level: 30
          target: default
          arch: x86_64
          profile: Nexus 6
          emulator-options: "-writable-system"
          script: |
            adb root
            adb shell "remount"
            adb shell "mount" | grep system

      - name: Run ADB Commands
        run: |
          adb devices
          adb root
          adb shell "remount"
          adb shell "mount" | grep system

So the pipeline actually gets stuck in an infinite loop:
https://github.com/kaanx022/pipeline_tests/actions/runs/7254111464/job/19762130870

Remember the goal is just getting access to system/ .... redirecting prod version of our app's calls to domain.com with custom cert to our debugging server at that'll be running localhost (on device) by dns server installation on system, isn't it possible to replicate the emulator's behaviour on git action emulator ? why not ?

Originally posted by @sdfgsdfgd in #359

[sdfgsdfgd]

hope there's a solution for this usecase

The cat is out of the bag.

[sdfgsdfgd]

no ? ok

[kaanx022]

interesting that nobody knows the answer to this

[oliveeyay]

Tried as well recently and still stuck in an infinite booting loop 😢

PS: even when specifying explicitly target: google_apis, which is normally the target emulator that supports mounting the system partition as root.

No one found a solution?