Unpacking Brillo Image

From Indonesian Research And Development Center
Jump to: navigation, search

Disclaimer

Tutorial ini hanya untuk tujuan pembelajaran semata. Penulis tidak betanggungjawab atas penggunaan maupun penyalahgunaan tutorial ini. Use at your own risk.


Pendahuluan

Pada tutorial singkat kali ini akan dibahas mengenai cara untuk mengekstrak image Brillo. Brillo itu sendiri pada prinsipnya adalah sistem operasi android yang dibuat lebih sederhana dan optimal dari segi kecepatan serta diperuntukkan bagi perangkat yang berkaitan dengan IoT (Internet of Things). Ketika tutorial ini ditulis, akses untuk Brillo masih terbatas dan memerlukan registrasi. Perangkat yang akan dibahas pada tutorial ini adalah Andromeda Box tipe Andromeda Edge yang dibuat oleh perusahaan Marvell. Berikut ini adalah spesifikasi dari Andromeda Edge:

  • Quad-core A53 @1.2GHz
  • 1GB LPDDR3, 8GB eMMC
  • Support CSI, DSI
  • 802.11n, BT4.0, 802.15.4
  • HDMI 1.3a
  • 2x MIC, Speaker
  • 2x USB type A
  • Micro USB OTG
  • Micro SD card slot
  • High speed expansion I/O
  • Low speed expansion I/O

Andromeda Edge ini masih terbilang baru ketika tutorial ini ditulis dan perangkatnya masih cukup sulit untuk ditemukan di pasaran Indonesia. Untungnya, situs Andromeda Box menyediakan halaman untuk mengunduh sistem operasinya.


Langkah-langkah

  • Langkah pertama adalah, unduh firmware dari situs Andromeda Box:
% wget -q http://andromedabox.org/wp-content/uploads/2015/12/Brillo-Image.zip
  • Setelah berhasil mengunduh image tersebut, lanjutkan dengan mengekstraknya:
% unzip Brillo-Image.zip
  • Berkas yang berhasil diekstrak akan disimpan pada sub direktori Brillo-Image. Selanjutnya, pindah ke sub direktori tersebut:
% cd Brillo-Image
  • Gunakan perintah file untuk mengetahui jenis berkas yang berhasil diekstrak:
% file *
boot.img:              Android bootimg, kernel (0x10008000), ramdisk (0x11000000), page size: 2048, cmdline \
                       (androidboot.console=ttyS1 console=ttyS1,115200 panic_debug uart)
cache.img:             Android sparse image, version: 1.0, Total of 65536 4096-byte output blocks in 15 input chunks.
misc.bin:              data
NVM.img:               Android sparse image, version: 1.0, Total of 8192 4096-byte output blocks in 10 input chunks.
obm.bin:               data
primary_gpt:           GPT partition table, version 1.0, GUID: 49aa9793-49c6-3054-fb00-d354306ff5eb, disk size: 14680064 sectors \
                       of 512 bytes
provision-device:      POSIX shell script, ASCII text executable
provision-device.bat:  ASCII text
provision-sfbin:       POSIX shell script, ASCII text executable
provision-sfbin.bat:   ASCII text
recovery.img:          Android bootimg, kernel (0x10008000), ramdisk (0x11000000), page size: 2048, cmdline \
                       (androidboot.console=ttyS1 console=ttyS1,115200 panic_debug uart)
system.img:            Android sparse image, version: 1.0, Total of 262144 4096-byte output blocks in 623 input chunks.
tim_recovery_ulc1.bin: data
tim_ulc1.bin:          data
u-boot.bin:            PCX ver. 2.5 image data bounding box [8223, 54531] - [0, 2304], 20-bit uncompressed
userdata.img:          Android sparse image, version: 1.0, Total of 1060448 4096-byte output blocks in 124 input chunks.
  • Khusus untuk berkas boot.img, dapat diekstrak menggunakan aplikasi abootimg. Jika menggunakan sistem operasi Linux distro Fedora, maka Anda dapat melakukan instalasi aplikasi tersebut menggunakan perintah seperti ini:
% sudo dnf install abootimg
  • Lanjutkan dengan mengekstrak berkas boot.img. Sebaiknya buat sub direktori baru untuk menyimpan berkas yang berhasil diekstrak (misalnya buat sub direktori boot):
% ##### buat sub direktori "boot" dan pindah ke sub direktori tersebut
% mkdir boot && cd $_

% ##### ekstrak berkas "boot.img"
% abootimg -x ../boot.img
  • Berikut ini adalah berkas yang berhasil diekstrak beserta jenisnya:
% file *
bootimg.cfg: ASCII text
initrd.img:  gzip compressed data, from Unix
zImage:      Linux kernel ARM boot executable zImage (little-endian)
  • Isi dari berkas bootimg.cfg adalah sebagai berikut (baris terakhir sengaja dipisahkan agar lebih mudah dibaca):
% cat bootimg.cfg
bootsize = 0x6ce000
pagesize = 0x800
kerneladdr = 0x10008000
ramdiskaddr = 0x11000000
secondaddr = 0x10f00000
tagsaddr = 0x10000100
name =
cmdline = androidboot.console=ttyS1 console=ttyS1,115200 panic_debug uart_dma crashkernel=4k@0x8140000 \
          user_debug=31 earlyprintk=uart8250-32bit,0xd4017000 cma=20M ddr_mode=2 RDCA=08140400 \
          cpmem=32M@0x06000000 androidboot.exist.cp=18 androidboot.hardware=iap140 androidboot.selinux=enforcing
  • Selanjutnya adalah mengekstrak berkas initrd.img. Seperti langkah sebelumnya, sebaiknya berkas ini diekstrak ke sub direktori baru (misalnya sub direktori initrd). Berikut ini adalah perintahnya:
% ##### buat sub direktori "initrd" dan pindah ke sub direktori tersebut
% mkdir initrd && cd $_

% ##### ekstrak berkas "initrd.img"
% gunzip -c ../initrd.img | cpio -i
  • Berikut ini adalah struktur direktori serta berkas yang berhasil diekstrak:
.
├── acct
├── cache
├── config
├── d -> /sys/kernel/debug
├── data
├── default.prop
├── dev
├── etc -> /system/etc
├── file_contexts.bin
├── fstab.iap140
├── init
├── init.environ.rc
├── init.iap140.rc
├── init.rc
├── init.usb.rc
├── mnt
├── oem
├── proc
├── property_contexts
├── sbin
│   ├── adbd
│   ├── ueventd -> ../init
│   └── watchdogd -> ../init
├── sdcard -> /storage/self/primary
├── seapp_contexts
├── selinux_version
├── sepolicy
├── service_contexts
├── storage
├── sys
├── system
├── ueventd.iap140.rc
├── ueventd.rc
└── vendor -> /system/vendor

13 directories, 21 files
  • Berikut ini adalah isi dari beberapa berkas yang berhasil diekstrak:
default.prop:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=1
#
# BOOTIMAGE_BUILD_PROPERTIES
#
ro.bootimage.build.date=Mon Dec 7 02:14:59 PST 2015
ro.bootimage.build.date.utc=1449483299
ro.bootimage.build.fingerprint=Brillo/ledflasher/abox_edge:6.0/MASTER/root12070214:userdebug/test-keys
persist.sys.usb.config=adb
init.environ.rc:
# set up the global environment
on init
    export ANDROID_BOOTLOGO 1
    export ANDROID_ROOT /system
    export ANDROID_ASSETS /system/app
    export ANDROID_DATA /data
    export ANDROID_STORAGE /storage
    export EXTERNAL_STORAGE /sdcard
    export ASEC_MOUNTPOINT /mnt/asec
    export BOOTCLASSPATH
    export SYSTEMSERVERCLASSPATH
init.rc:
# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#

import /init.environ.rc
import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.usb.configfs.rc
import /init.${ro.zygote}.rc

on early-init
    # Set init and its forked children's oom_adj.
    write /proc/1/oom_score_adj -1000

    # Disable sysrq from keyboard
    write /proc/sys/kernel/sysrq 0

    # Set the security context of /adb_keys if present.
    restorecon /adb_keys

    # Shouldn't be necessary, but sdcard won't start without it. http://b/22568628.
    mkdir /mnt 0775 root system

    start ueventd

on init
    sysclktz 0

    # Backward compatibility.
    symlink /system/etc /etc
    symlink /sys/kernel/debug /d

    # Link /vendor to /system/vendor for devices without a vendor partition.
    symlink /system/vendor /vendor

    # Mount cgroup mount point for cpu accounting
    mount cgroup none /acct cpuacct
    mkdir /acct/uid

    # Create cgroup mount point for memory
    mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
    mkdir /sys/fs/cgroup/memory 0750 root system
    mount cgroup none /sys/fs/cgroup/memory memory
    write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
    chown root system /sys/fs/cgroup/memory/tasks
    chmod 0660 /sys/fs/cgroup/memory/tasks
    mkdir /sys/fs/cgroup/memory/sw 0750 root system
    write /sys/fs/cgroup/memory/sw/memory.swappiness 100
    write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
    chown root system /sys/fs/cgroup/memory/sw/tasks
    chmod 0660 /sys/fs/cgroup/memory/sw/tasks

    # Mount staging areas for devices managed by vold
    # See storage config details at http://source.android.com/tech/storage/
    mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000
    restorecon_recursive /mnt

    mkdir /mnt/secure 0700 root root
    mkdir /mnt/secure/asec 0700 root root
    mkdir /mnt/asec 0755 root system
    mkdir /mnt/obb 0755 root system
    mkdir /mnt/media_rw 0750 root media_rw
    mkdir /mnt/user 0755 root root
    mkdir /mnt/user/0 0755 root root
    mkdir /mnt/expand 0771 system system

    # Storage views to support runtime permissions
    mkdir /storage 0755 root root
    mkdir /mnt/runtime 0700 root root
    mkdir /mnt/runtime/default 0755 root root
    mkdir /mnt/runtime/default/self 0755 root root
    mkdir /mnt/runtime/read 0755 root root
    mkdir /mnt/runtime/read/self 0755 root root
    mkdir /mnt/runtime/write 0755 root root
    mkdir /mnt/runtime/write/self 0755 root root

    # Symlink to keep legacy apps working in multi-user world
    symlink /storage/self/primary /sdcard
    symlink /mnt/user/0/primary /mnt/runtime/default/self/primary

    # memory control cgroup
    mkdir /dev/memcg 0700 root system
    mount cgroup none /dev/memcg memory

    write /proc/sys/kernel/panic_on_oops 1
    write /proc/sys/kernel/hung_task_timeout_secs 0
    write /proc/cpu/alignment 4

    # scheduler tunables
    # Disable auto-scaling of scheduler tunables with hotplug. The tunables
    # will vary across devices in unpredictable ways if allowed to scale with
    # cpu cores.
    write /proc/sys/kernel/sched_tunable_scaling 0
    write /proc/sys/kernel/sched_latency_ns 10000000
    write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
    write /proc/sys/kernel/sched_compat_yield 1
    write /proc/sys/kernel/sched_child_runs_first 0

    write /proc/sys/kernel/randomize_va_space 2
    write /proc/sys/kernel/kptr_restrict 2
    write /proc/sys/vm/mmap_min_addr 32768
    write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
    write /proc/sys/net/unix/max_dgram_qlen 600
    write /proc/sys/kernel/sched_rt_runtime_us 950000
    write /proc/sys/kernel/sched_rt_period_us 1000000

    # reflect fwmark from incoming packets onto generated replies
    write /proc/sys/net/ipv4/fwmark_reflect 1
    write /proc/sys/net/ipv6/fwmark_reflect 1

    # set fwmark on accepted sockets
    write /proc/sys/net/ipv4/tcp_fwmark_accept 1

    # disable icmp redirects
    write /proc/sys/net/ipv4/conf/all/accept_redirects 0
    write /proc/sys/net/ipv6/conf/all/accept_redirects 0

    # Create cgroup mount points for process groups
    mkdir /dev/cpuctl
    mount cgroup none /dev/cpuctl cpu
    chown system system /dev/cpuctl
    chown system system /dev/cpuctl/tasks
    chmod 0666 /dev/cpuctl/tasks
    write /dev/cpuctl/cpu.shares 1024
    write /dev/cpuctl/cpu.rt_runtime_us 800000
    write /dev/cpuctl/cpu.rt_period_us 1000000

    mkdir /dev/cpuctl/bg_non_interactive
    chown system system /dev/cpuctl/bg_non_interactive/tasks
    chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
    # 5.0 %
    write /dev/cpuctl/bg_non_interactive/cpu.shares 52
    write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
    write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000

    # sets up initial cpusets for ActivityManager
    mkdir /dev/cpuset
    mount cpuset none /dev/cpuset
    mkdir /dev/cpuset/foreground
    mkdir /dev/cpuset/foreground/boost
    mkdir /dev/cpuset/background
    # system-background is for system tasks that should only run on
    # little cores, not on bigs
    # to be used only by init, so don't change the permissions
    mkdir /dev/cpuset/system-background
    # this ensures that the cpusets are present and usable, but the device's
    # init.rc must actually set the correct cpus
    write /dev/cpuset/foreground/cpus 0
    write /dev/cpuset/foreground/boost/cpus 0
    write /dev/cpuset/background/cpus 0
    write /dev/cpuset/system-background/cpus 0
    write /dev/cpuset/foreground/mems 0
    write /dev/cpuset/foreground/boost/mems 0
    write /dev/cpuset/background/mems 0
    write /dev/cpuset/system-background/mems 0
    chown system system /dev/cpuset
    chown system system /dev/cpuset/foreground
    chown system system /dev/cpuset/foreground/boost
    chown system system /dev/cpuset/background
    chown system system /dev/cpuset/tasks
    chown system system /dev/cpuset/foreground/tasks
    chown system system /dev/cpuset/foreground/boost/tasks
    chown system system /dev/cpuset/background/tasks
    chmod 0664 /dev/cpuset/foreground/tasks
    chmod 0664 /dev/cpuset/foreground/boost/tasks
    chmod 0664 /dev/cpuset/background/tasks
    chmod 0664 /dev/cpuset/tasks


    # qtaguid will limit access to specific data based on group memberships.
    #   net_bw_acct grants impersonation of socket owners.
    #   net_bw_stats grants access to other apps' detailed tagged-socket stats.
    chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
    chown root net_bw_stats /proc/net/xt_qtaguid/stats

    # Allow everybody to read the xt_qtaguid resource tracking misc dev.
    # This is needed by any process that uses socket tagging.
    chmod 0644 /dev/xt_qtaguid

    # Create location for fs_mgr to store abbreviated output from filesystem
    # checker programs.
    mkdir /dev/fscklogs 0770 root system

    # pstore/ramoops previous console log
    mount pstore pstore /sys/fs/pstore
    chown system log /sys/fs/pstore/console-ramoops
    chmod 0440 /sys/fs/pstore/console-ramoops
    chown system log /sys/fs/pstore/pmsg-ramoops-0
    chmod 0440 /sys/fs/pstore/pmsg-ramoops-0

    # enable armv8_deprecated instruction hooks
    write /proc/sys/abi/swp 1

# Healthd can trigger a full boot from charger mode by signaling this
# property when the power button is held.
on property:sys.boot_from_charger_mode=1
    class_stop charger
    trigger late-init

# Load properties from /system/ + /factory after fs mount.
on load_system_props_action
    load_system_props

on load_persist_props_action
    load_persist_props
    start logd
    start logd-reinit

# Indicate to fw loaders that the relevant mounts are up.
on firmware_mounts_complete
    rm /dev/.booting

# Mount filesystems and start core system services.
on late-init
    trigger early-fs
    trigger fs
    trigger post-fs

    # Load properties from /system/ + /factory after fs mount. Place
    # this in another action so that the load will be scheduled after the prior
    # issued fs triggers have completed.
    trigger load_system_props_action

    # Now we can mount /data. File encryption requires keymaster to decrypt
    # /data, which in turn can only be loaded when system properties are present
    trigger post-fs-data
    trigger load_persist_props_action

    # Remove a file to wake up anything waiting for firmware.
    trigger firmware_mounts_complete

    trigger early-boot
    trigger boot


on post-fs
    start logd
    # once everything is setup, no need to modify /
    mount rootfs rootfs / ro remount
    # Mount shared so changes propagate into child namespaces
    mount rootfs rootfs / shared rec
    # Mount default storage into root namespace
    mount none /mnt/runtime/default /storage slave bind rec

    # We chown/chmod /cache again so because mount is run as root + defaults
    chown system cache /cache
    chmod 0770 /cache
    # We restorecon /cache in case the cache partition has been reset.
    restorecon_recursive /cache

    # Create /cache/recovery in case it's not there. It'll also fix the odd
    # permissions if created by the recovery system.
    mkdir /cache/recovery 0770 system cache

    #change permissions on vmallocinfo so we can grab it from bugreports
    chown root log /proc/vmallocinfo
    chmod 0440 /proc/vmallocinfo

    chown root log /proc/slabinfo
    chmod 0440 /proc/slabinfo

    #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
    chown root system /proc/kmsg
    chmod 0440 /proc/kmsg
    chown root system /proc/sysrq-trigger
    chmod 0220 /proc/sysrq-trigger
    chown system log /proc/last_kmsg
    chmod 0440 /proc/last_kmsg

    # make the selinux kernel policy world-readable
    chmod 0444 /sys/fs/selinux/policy

    # create the lost+found directories, so as to enforce our permissions
    mkdir /cache/lost+found 0770 root root

on post-fs-data
    # We chown/chmod /data again so because mount is run as root + defaults
    chown system system /data
    chmod 0771 /data
    # We restorecon /data in case the userdata partition has been reset.
    restorecon /data

    # Make sure we have the device encryption key
    start logd
    start vold
    installkey /data

    # Emulated internal storage area
    mkdir /data/media 0770 media_rw media_rw
    # Start bootcharting as soon as possible after the data partition is
    # mounted to collect more data.
    mkdir /data/bootchart 0755 shell shell
    bootchart_init

    # Avoid predictable entropy pool. Carry over entropy from previous boot.
    copy /data/system/entropy.dat /dev/urandom

    # create basic filesystem structure
    mkdir /data/misc 01771 system misc
    mkdir /data/misc/bluedroid 02770 bluetooth net_bt_stack
    # Fix the access permissions and group ownership for 'bt_config.conf'
    chmod 0660 /data/misc/bluedroid/bt_config.conf
    chown bluetooth net_bt_stack /data/misc/bluedroid/bt_config.conf
    mkdir /data/misc/bluetooth 0770 system system
    mkdir /data/misc/keystore 0700 keystore keystore
    mkdir /data/misc/gatekeeper 0700 system system
    mkdir /data/misc/keychain 0771 system system
    mkdir /data/misc/net 0750 root shell
    mkdir /data/misc/radio 0770 system radio
    mkdir /data/misc/sms 0770 system radio
    mkdir /data/misc/zoneinfo 0775 system system
    mkdir /data/misc/vpn 0770 system vpn
    mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
    mkdir /data/misc/systemkeys 0700 system system
    mkdir /data/misc/wifi 0770 wifi wifi
    mkdir /data/misc/wifi/sockets 0770 wifi wifi
    mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
    mkdir /data/misc/ethernet 0770 system system
    mkdir /data/misc/dhcp 0770 dhcp dhcp
    mkdir /data/misc/user 0771 root root
    mkdir /data/misc/perfprofd 0775 root root
    # give system access to wpa_supplicant.conf for backup and restore
    chmod 0660 /data/misc/wifi/wpa_supplicant.conf
    mkdir /data/local 0751 root root
    mkdir /data/misc/media 0700 media media
    mkdir /data/misc/boottrace 0771 system shell
    mkdir /data/misc/update_engine 0700 root root
    mkdir /data/misc/trace 0700 root root

    # For security reasons, /data/local/tmp should always be empty.
    # Do not place files or directories in /data/local/tmp
    mkdir /data/local/tmp 0771 shell shell
    mkdir /data/data 0771 system system
    mkdir /data/app-private 0771 system system
    mkdir /data/app-asec 0700 root root
    mkdir /data/app-lib 0771 system system
    mkdir /data/app 0771 system system
    mkdir /data/property 0700 root root
    mkdir /data/tombstones 0771 system system

    # create dalvik-cache, so as to enforce our permissions
    mkdir /data/dalvik-cache 0771 root root

    # create resource-cache and double-check the perms
    mkdir /data/resource-cache 0771 system system
    chown system system /data/resource-cache
    chmod 0771 /data/resource-cache

    # create the lost+found directories, so as to enforce our permissions
    mkdir /data/lost+found 0770 root root

    # create directory for DRM plug-ins - give drm the read/write access to
    # the following directory.
    mkdir /data/drm 0770 drm drm

    # create directory for MediaDrm plug-ins - give drm the read/write access to
    # the following directory.
    mkdir /data/mediadrm 0770 mediadrm mediadrm

    mkdir /data/anr 0775 system system

    # symlink to bugreport storage location
    symlink /data/data/com.android.shell/files/bugreports /data/bugreports

    # Separate location for storing security policy files on data
    mkdir /data/security 0711 system system

    # Create all remaining /data root dirs so that they are made through init
    # and get proper encryption policy installed
    mkdir /data/backup 0700 system system
    mkdir /data/media 0770 media_rw media_rw
    mkdir /data/ss 0700 system system
    mkdir /data/system 0775 system system
    mkdir /data/system/heapdump 0700 system system
    mkdir /data/user 0711 system system

    setusercryptopolicies /data/user

    # Reload policy from /data/security if present.
    setprop selinux.reload_policy 1

    # Set SELinux security contexts on upgrade or policy update.
    restorecon_recursive /data

    # Check any timezone data in /data is newer than the copy in /system, delete if not.
    exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo

    # If there is no fs-post-data action in the init.<device>.rc file, you
    # must uncomment this line, otherwise encrypted filesystems
    # won't work.
    # Set indication (checked by vold) that we have finished this action
    #setprop vold.post_fs_data_done 1

on boot
    # basic network init
    ifup lo
    hostname localhost
    domainname localdomain

    # set RLIMIT_NICE to allow priorities from 19 to -20
    setrlimit 13 40 40

    # Memory management.  Basic kernel parameters, and allow the high
    # level system server to be able to adjust the kernel OOM driver
    # parameters to match how it is managing things.
    write /proc/sys/vm/overcommit_memory 1
    write /proc/sys/vm/min_free_order_shift 4
    chown root system /sys/module/lowmemorykiller/parameters/adj
    chmod 0664 /sys/module/lowmemorykiller/parameters/adj
    chown root system /sys/module/lowmemorykiller/parameters/minfree
    chmod 0664 /sys/module/lowmemorykiller/parameters/minfree

    # Tweak background writeout
    write /proc/sys/vm/dirty_expire_centisecs 200
    write /proc/sys/vm/dirty_background_ratio  5

    # Permissions for System Server and daemons.
    chown radio system /sys/android_power/state
    chown radio system /sys/android_power/request_state
    chown radio system /sys/android_power/acquire_full_wake_lock
    chown radio system /sys/android_power/acquire_partial_wake_lock
    chown radio system /sys/android_power/release_wake_lock
    chown system system /sys/power/autosleep
    chown system system /sys/power/state
    chown system system /sys/power/wakeup_count
    chown radio system /sys/power/wake_lock
    chown radio system /sys/power/wake_unlock
    chmod 0660 /sys/power/state
    chmod 0660 /sys/power/wake_lock
    chmod 0660 /sys/power/wake_unlock

    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
    chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
    chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
    chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
    chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
    chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
    chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
    chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy

    # Assume SMP uses shared cpufreq policy for all CPUs
    chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq

    chown system system /sys/class/timed_output/vibrator/enable
    chown system system /sys/class/leds/keyboard-backlight/brightness
    chown system system /sys/class/leds/lcd-backlight/brightness
    chown system system /sys/class/leds/button-backlight/brightness
    chown system system /sys/class/leds/jogball-backlight/brightness
    chown system system /sys/class/leds/red/brightness
    chown system system /sys/class/leds/green/brightness
    chown system system /sys/class/leds/blue/brightness
    chown system system /sys/class/leds/red/device/grpfreq
    chown system system /sys/class/leds/red/device/grppwm
    chown system system /sys/class/leds/red/device/blink
    chown system system /sys/class/timed_output/vibrator/enable
    chown system system /sys/module/sco/parameters/disable_esco
    chown system system /sys/kernel/ipv4/tcp_wmem_min
    chown system system /sys/kernel/ipv4/tcp_wmem_def
    chown system system /sys/kernel/ipv4/tcp_wmem_max
    chown system system /sys/kernel/ipv4/tcp_rmem_min
    chown system system /sys/kernel/ipv4/tcp_rmem_def
    chown system system /sys/kernel/ipv4/tcp_rmem_max
    chown root radio /proc/cmdline

    # Define default initial receive window size in segments.
    setprop net.tcp.default_init_rwnd 60

    class_start core

on nonencrypted
    class_start main
    class_start late_start

on property:vold.decrypt=trigger_default_encryption
    start defaultcrypto

on property:vold.decrypt=trigger_encryption
    start surfaceflinger
    start encrypt

on property:sys.init_log_level=*
    loglevel ${sys.init_log_level}

on charger
    class_start charger

on property:vold.decrypt=trigger_reset_main
    class_reset main

on property:vold.decrypt=trigger_load_persist_props
    load_persist_props
    start logd
    start logd-reinit

on property:vold.decrypt=trigger_post_fs_data
    trigger post-fs-data

on property:vold.decrypt=trigger_restart_min_framework
    class_start main

on property:vold.decrypt=trigger_restart_framework
    class_start main
    class_start late_start

on property:vold.decrypt=trigger_shutdown_framework
    class_reset late_start
    class_reset main

on property:sys.powerctl=*
    powerctl ${sys.powerctl}

# system server cannot write to /proc/sys files,
# and chown/chmod does not work for /proc/sys/ entries.
# So proxy writes through init.
on property:sys.sysctl.extra_free_kbytes=*
    write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}

# "tcp_default_init_rwnd" Is too long!
on property:sys.sysctl.tcp_def_init_rwnd=*
    write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}


## Daemon processes to be run by init.
##
service ueventd /sbin/ueventd
    class core
    critical
    seclabel u:r:ueventd:s0

service healthd /sbin/healthd
    class core
    critical
    seclabel u:r:healthd:s0
    group root system

service console /system/bin/sh
    class core
    console
    disabled
    user shell
    group shell log readproc
    seclabel u:r:shell:s0

on property:ro.debuggable=1
    # Give writes to anyone for the trace folder on debug builds.
    # The folder is used to store method traces.
    chmod 0773 /data/misc/trace
    start console

service flash_recovery /system/bin/install-recovery.sh
    class main
    oneshot
  • Tutorial ini tidak akan membahas isi dari berkas lainnya. Anda dapat mencari tahu isi tiap berkas lainnya dengan mengikuti langkah di atas. Selanjutnya adalah mengekstrak bagian sistem dari Brillo. Berkas yang akan diekstrak adalah system.img. Untuk mengekstraknya, Anda dapat menggunakan aplikasi sim2img yang kode sumbernya terdapat pada repositori ekstra android. Tutorial ini akan menggunakan cara lain untuk menghindari proses kompilasi yang memakan waktu. Caranya adalah dengan menggunakan skrip python yang memiliki nama dan fungsi yang sama, yaitu sim2img.py. Terlebih dahulu kembali ke direktori dimana berkas image Brillo yang telah diekstrak berada dan unduh skrip tersebut:
% ##### pindah ke sub direktori dimana image Brillo berada
% cd ../..

% ##### unduh skrip sim2img.py
% wget -q https://usefulshellscript.googlecode.com/svn/trunk/simg2img.py
  • Lanjutkan dengan membuat direktori dengan nama system dan pindah ke sub direktori tersebut. Sub direktori tersebut nantinya akan digunakan untuk menyimpan berkas system.img yang telah diekstrak:
% mkdir system && cd $_
  • Jalankan skrip simg2img.py untuk mengekstrak berkas system.img:
% python ../simg2img.py ../system.img
  • Hasil dari perintah di atas adalah sebuah berkas dengan nama tmp.img. Berkas tersebut merupakan filesystem dengan tipe ext4:
% file tmp.img
tmp.img: Linux rev 1.0 ext4 filesystem data, UUID=da594c53-9beb-f85c-85c5-cedf76546f7a, volume name "system" (extents) (large files)
  • Selanjutnya, mount berkas tmp.img tersebut misalnya ke direktori /mnt/tmp (perintah berikut ini akan melakukan mounting dengan opsi read-only):
% sudo mount -o ro tmp.img /mnt/tmp
  • Dari sini, Anda dapat mulai menelusuri isi filesystem tersebut. Berikut ini adalah strukturnya tanpa berkas yang berupa symbolic link:
.
├── bin
│   ├── apmanager
│   ├── audio_hal_playback_test
│   ├── audio_hal_record_test
│   ├── avahi-browse
│   ├── avahi-daemon
│   ├── bluetooth-cli
│   ├── bluetoothtbd
│   ├── bootctl
│   ├── brillo_audio_test
│   ├── bspatch
│   ├── core2md
│   ├── crash_reporter
│   ├── crash_sender
│   ├── curl
│   ├── dbus-daemon
│   ├── dbus-example-client
│   ├── dbus-example-daemon
│   ├── dbus-send
│   ├── dhcpcd
│   ├── dhcpcd-6.8.2
│   ├── dhcptool
│   ├── dnsmasq
│   ├── firewalld
│   ├── gdbserver
│   ├── grep
│   ├── hostapd
│   ├── hostapd_cli
│   ├── iotop
│   ├── ip
│   ├── ip6tables
│   ├── iptables
│   ├── iw
│   ├── keyboard-example
│   ├── keystore
│   ├── keystore_cli
│   ├── keystore_cli_v2
│   ├── ledflasher
│   ├── ledservice
│   ├── lights-hal-example-app
│   ├── linker
│   ├── logcat
│   ├── logd
│   ├── logpersist.start
│   ├── mediaserver
│   ├── memory_replay32
│   ├── memtest
│   ├── metrics_client
│   ├── metrics_collector
│   ├── metricsd
│   ├── nativepowerman
│   ├── periodic_scheduler
│   ├── ping
│   ├── postinst_example
│   ├── power_example
│   ├── r
│   ├── reboot
│   ├── rootdev
│   ├── sensorservice
│   ├── sensors-hal-example-app
│   ├── sensors-ndk-example-app
│   ├── servicemanager
│   ├── sh
│   ├── shill
│   ├── showlease
│   ├── slesTest_playFdPath
│   ├── slesTest_recBuffQueue
│   ├── slesTest_sawtoothBufferQueue
│   ├── test-nusensors
│   ├── tlsdate
│   ├── tlsdated
│   ├── tlsdate-helper
│   ├── toolbox
│   ├── toybox
│   ├── tracepath
│   ├── tracepath6
│   ├── traceroute6
│   ├── update_engine
│   ├── update_engine_client
│   ├── weaved
│   ├── webservd
│   ├── wifi_init
│   ├── wireless_daemon
│   ├── wpa_cli
│   └── wpa_supplicant
├── build.prop
├── etc
│   ├── audio_basic_element_apu.xml
│   ├── audio_basic_element_codec.xml
│   ├── audio_gain_config.xml
│   ├── audio_path_config_apu.xml
│   ├── audio_path_config_codec.xml
│   ├── audio_policy.conf
│   ├── audio_virtualpath_config.xml
│   ├── avahi-daemon.conf
│   ├── bluetooth
│   │   ├── auto_pair_devlist.conf
│   │   ├── bt_did.conf
│   │   └── bt_stack.conf
│   ├── crash_reporter_logs.conf
│   ├── dbus-1
│   │   └── com.android.Weave.conf
│   ├── dbus.conf
│   ├── dhcpcd-6.8.2
│   │   └── dhcpcd.conf
│   ├── event-log-tags
│   ├── firmware
│   │   └── mrvl
│   │       ├── sd8777_uapsta.bin
│   │       ├── txpwrlimit_cfg.bin
│   │       └── WlanCalData_ext.conf
│   ├── fs_config_files
│   ├── init
│   │   ├── apmanager.rc
│   │   ├── avahi-daemon.rc
│   │   ├── bluetoothtbd.rc
│   │   ├── brillo.rc
│   │   ├── crash_reporter.rc
│   │   ├── firewalld.rc
│   │   ├── keystore.rc
│   │   ├── ledflasher.rc
│   │   ├── ledservice.rc
│   │   ├── logcatd.rc
│   │   ├── logd.rc
│   │   ├── mediaserver.rc
│   │   ├── metrics_collector.rc
│   │   ├── metricsd.rc
│   │   ├── mwirelessd.rc
│   │   ├── nativepowerman.rc
│   │   ├── perfprofd.rc
│   │   ├── sensorservice.rc
│   │   ├── servicemanager.rc
│   │   ├── shill.rc
│   │   ├── tlsdated.rc
│   │   ├── update_engine.rc
│   │   ├── weaved.rc
│   │   └── webservd.rc
│   ├── init.firewall-setup.sh
│   ├── init.wifi-setup.sh
│   ├── media_codecs.xml
│   ├── NOTICE.html.gz
│   ├── os-release.d
│   │   ├── bdk_version
│   │   ├── crash_server
│   │   ├── product_id
│   │   └── product_version
│   ├── platform_audio_config.xml
│   ├── recovery-resource.dat
│   ├── security
│   │   ├── cacerts
│   │   │   ├── 00673b5b.0
...
│   │   │   └── ff783690.0
│   │   ├── cacerts_google
│   │   │   ├── 00673b5b.0
...
│   │   │   └── ff783690.0
│   │   ├── mac_permissions.xml
│   │   └── otacerts.zip
│   ├── update_engine
│   │   └── update-payload-key.pub.pem
│   └── weaved
│       ├── commands
│       │   ├── ledflasher.json
│       │   └── metrics.json
│       ├── states
│       │   ├── ledflasher.schema.json
│       │   └── metrics.schema.json
│       └── weaved.conf
├── lib
│   ├── crtbegin_so.o
│   ├── crtend_so.o
│   ├── hw
│   │   ├── audio.primary.mrvl.so
│   │   ├── bluetooth.default.so
│   │   ├── bootctrl.mrvl.so
│   │   ├── lights.mrvl.so
│   │   ├── local_time.default.so
│   │   ├── power.mrvl.so
│   │   ├── sensors.iap140.so
│   │   └── wifi_driver.iap140.so
│   ├── libacm.so
│   ├── libapmanager-client.so
│   ├── libaudioflinger.so
│   ├── libaudiopolicyenginedefault.so
│   ├── libaudiopolicymanagerdefault.so
│   ├── libaudiopolicymanager.so
│   ├── libaudiopolicyservice.so
│   ├── libaudioresampler.so
│   ├── libaudioroute.so
│   ├── libaudiospdif.so
│   ├── libaudioutils.so
│   ├── libavahi-client.so
│   ├── libavahi-common.so
│   ├── libavahi-core.so
│   ├── libbacktrace.so
│   ├── libbacktrace_test.so
│   ├── libbase.so
│   ├── libbinder.so
│   ├── libbinderwrapper.so
│   ├── libbinderwrapper_test_support.so
│   ├── libbrillo-binder.so
│   ├── libbrillo-dbus.so
│   ├── libbrillo-http.so
│   ├── libbrillo-minijail.so
│   ├── libbrillo-policy.so
│   ├── libbrillo.so
│   ├── libbrillo-stream.so
│   ├── libbt-vendor.so
│   ├── libcamera_client.so
│   ├── libcamera_metadata.so
│   ├── libcameraservice.so
│   ├── libcap.so
│   ├── libcares.so
│   ├── libchrome-dbus.so
│   ├── libchrome.so
│   ├── libc_malloc_debug_leak.so
│   ├── libc_malloc_debug_qemu.so
│   ├── libcommon_time_client.so
│   ├── libcrypto.so
│   ├── libc.so
│   ├── libc++.so
│   ├── libcurl.so
│   ├── libcutils.so
│   ├── libdaemon.so
│   ├── libdbus.so
│   ├── libdl.so
│   ├── libdrmframework.so
│   ├── libeffects.so
│   ├── libEGL.so
│   ├── libevent.so
│   ├── libexpat.so
│   ├── libfirewalld-client.so
│   ├── libGLES_trace.so
│   ├── libGLESv2.so
│   ├── libgui.so
│   ├── libhardware_legacy.so
│   ├── libhardware.so
│   ├── libicui18n.so
│   ├── libicuuc.so
│   ├── libiprouteutil.so
│   ├── libjpeg.so
│   ├── libkeymaster1.so
│   ├── libkeymaster_messages.so
│   ├── libkeystore_binder.so
│   ├── libkeystore-engine.so
│   ├── libledservice-client.so
│   ├── libLLVM.so
│   ├── liblog.so
│   ├── liblogwrap.so
│   ├── libMarvellWireless.so
│   ├── libmedialogservice.so
│   ├── libmediaplayerservice.so
│   ├── libmedia.so
│   ├── libmediautils.so
│   ├── libmetrics.so
│   ├── libmicrohttpd.so
│   ├── libminijail.so
│   ├── libm.so
│   ├── libnativepower.so
│   ├── libnativepower_test_support.so
│   ├── libnbaio.so
│   ├── libnetd_client.so
│   ├── libnetlink.so
│   ├── libnetutils.so
│   ├── libnl.so
│   ├── libOpenMAXAL.so
│   ├── libOpenSLES.so
│   ├── libopus.so
│   ├── libpackagelistparser.so
│   ├── libpagemap.so
│   ├── libpcrecpp.so
│   ├── libpcre.so
│   ├── libpowermanager.so
│   ├── libprotobuf-cpp-lite-rtti.so
│   ├── libprotobuf-cpp-lite.so
│   ├── libradio_metadata.so
│   ├── libradioservice.so
│   ├── libradio.so
│   ├── libresourcemanagerservice.so
│   ├── librootdev.so
│   ├── libRScpp.so
│   ├── libselinux.so
│   ├── libsensorservice.so
│   ├── libsensor.so
│   ├── libserviceutility.so
│   ├── libshill-client.so
│   ├── libshill-net.so
│   ├── libsinesource.so
│   ├── libsoftkeymasterdevice.so
│   ├── libsoftkeymaster.so
│   ├── libsonic.so
│   ├── libsonivox.so
│   ├── libsoundtriggerservice.so
│   ├── libsoundtrigger.so
│   ├── libspeexresampler.so
│   ├── libssl.so
│   ├── libstagefright_amrnb_common.so
│   ├── libstagefright_avc_common.so
│   ├── libstagefright_enc_common.so
│   ├── libstagefright_foundation.so
│   ├── libstagefright_httplive.so
│   ├── libstagefright_omx.so
│   ├── libstagefright.so
│   ├── libstagefright_soft_aacdec.so
│   ├── libstagefright_soft_aacenc.so
│   ├── libstagefright_soft_amrdec.so
│   ├── libstagefright_soft_amrnbenc.so
│   ├── libstagefright_soft_amrwbenc.so
│   ├── libstagefright_soft_flacenc.so
│   ├── libstagefright_soft_g711dec.so
│   ├── libstagefright_soft_gsmdec.so
│   ├── libstagefright_soft_mp3dec.so
│   ├── libstagefright_soft_opusdec.so
│   ├── libstagefright_soft_rawdec.so
│   ├── libstagefright_soft_vorbisdec.so
│   ├── libstagefright_wfd.so
│   ├── libstagefright_yuv.so
│   ├── libstdc++.so
│   ├── libsync.so
│   ├── libsysutils.so
│   ├── libtinyalsa.so
│   ├── libtinycompress.so
│   ├── libui.so
│   ├── libunwind.so
│   ├── libupdate_engine_client.so
│   ├── libutils.so
│   ├── libvorbisidec.so
│   ├── libweaved-internal.so
│   ├── libweaved.so
│   ├── libweave.so
│   ├── libwebservd-client-internal.so
│   ├── libwebserv-proxies-internal.so
│   ├── libwebserv.so
│   ├── libwilhelm.so
│   ├── libwpa_client.so
│   ├── libz.so
│   └── shill
│       └── shims
│           └── wpa_supplicant.conf
├── lost+found
├── usr
│   ├── icu
│   │   └── icudt56l.dat
│   └── share
│       └── zoneinfo
│           └── tzdata
└── xbin
    ├── add-property-tag
    ├── check-lost+found
    ├── cpustats
    ├── dbus-monitor
    ├── ksminfo
    ├── latencytop
    ├── librank
    ├── micro_bench
    ├── micro_bench_static
    ├── perfprofd
    ├── procmem
    ├── procrank
    ├── puncture_fs
    ├── rawbu
    ├── sane_schedstat
    ├── showmap
    ├── showslab
    ├── simpleperf
    ├── strace
    ├── su
    └── taskstats

26 directories, 555 files
  • Sistem operasi Brillo ini erat kaitannya dengan protokol yang bernama weave. Konfigurasi protokol tersebut dapat ditemukan pada berkas dengan nama weaved.conf pada sub direktori etc/weaved. Berikut ini adalah isi dari berkas tersebut (informasi yang berkaitan dengan OAuth tidak ditampilkan):
#
# Copyright 2015 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

# OAuth 2.0 client id.
client_id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

# OAuth 2.0 client secret.
client_secret=XXXXXXXXXXXXXXXXXXXXXXXX

# OAuth 2.0 API key.
api_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

# Human readable name of the device.
name=LED

# Human readable description of the device.
# Defaults to empty string"
description=Marvell led flasher

# Location of the device.
# location=

# Manufacturer of the device.
oem_name=Marvell

# Model of the device.
# Defaults to Brillo.
model_name=LED

# Five character code assigned by the cloud registry of device models.
# Defaults to "AAAAA" (Unregistered model).
model_id=AALRW

# Maximum role for local anonymous user.
local_anonymous_access_role=user

# If true, allows local pairing using Privet API.
# local_pairing_enabled=true

# If true, allows local discovery using mDns.
# local_discovery_enabled=true

# GCD service polling interval in milliseconds.
# polling_period_ms=7000

# GCD service backup polling interval in milliseconds.
# backup_polling_period_ms=1800000

# Automatic mode causes buffet to automatically bring up a SoftAP for
# bootstrapping when it looses network connectivity for long enough,
# and on first boot.
# wifi_auto_setup_enabled=true

# List of pairing modes supported by device.
# Values can be one of pinCode, embeddedCode, ultrasound32, audible32.
# Defaults to pinCode if embedded_code_path is empty, or embeddedCode otherwise.
pairing_modes=embeddedCode

# Absolute path to file specifying an embedded pairing code. The file at
# embedded_code_path should be a file in key value format, with a key
# embedded_code.
# Defaults to empty path.
embedded_code_path=/etc/weaved/weaved.conf

# Embedded code.
embedded_code=hello
  • Dari sini, Anda dapat melanjutkan proses eksplorasi lebih jauh untuk mempelajari cara kerja sistem operasi Brillo tersebut.


Penutup

Seiring dengan perkembangan teknologi Internet of Things (IoT), maka kemungkinan besar sistem operasi Brillo akan sering ditemui pada perangkat embedded yang ada di sekitar kita. Sekian tutorial kali ini, semoga bermanfaat. Terima kasih kepada Tuhan Yang Maha Esa, Maxindo, N3 dan Anda yang telah membaca tutorial ini.


Referensi