Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Draft] Add option to install the server as an APK #3517

Closed
wants to merge 10 commits into from
Closed

[Draft] Add option to install the server as an APK #3517

wants to merge 10 commits into from

Conversation

rom1v
Copy link
Collaborator

@rom1v rom1v commented Oct 2, 2022

To get shell permissions, the server must execute a java main() executable from adb shell.

The jar/apk containing the executable can be either pushed to any location (/data/local/tmp), or installed on the device.

Since the beginning of the project, scrcpy just pushed the server to /data/local/tmp, because it's faster and simpler.

However, scrcpy might benefit from a companion Android app for supporting new features:

  • provide an IME (to inject non-ASCII text);
  • forward audio (a proper integration of what sndcpy does);
  • optionally mirror camera instead of the screen (which requires a user authorization from an app)…

Instead of building a separate Android app to manage (install/reinstall), this PR makes possible to install the server directly as an APK (and execute the server from there):

scrcpy --install
scrcpy --reinstall

This paves the way to easily integrate Android component and start activities or services embedded in the server.

As a consequence, the server is now named scrcpy-server.apk (which is a drawback IMO, since people will want to install it manually instead of letting the client manage it) and is apk-signed so that it can be installed.

Refs #1722
Refs #1880 (comment)

rom1v added 10 commits October 2, 2022 17:59
This will allow to install it.
Use "pm list package -f" to find where the APK is actually installed on
the device.
Use "dumpsys package com.genymobile.scrcpy" to get the APK version.
This will allow to uninstall the server when necessary.
When this flag is set, the scrcpy is installed rather than pushed to
/data/local/tmp.
With --install, the server is installed only if the current version is
not already installed. Passing --reinstall force reinstallation is all
cases.
The cleanup process will need to know the APK path to execute the
CleanUp java executable.
The cleanup process is slightly different when the server is installed
rather than pushed.
@rom1v
Copy link
Collaborator Author

rom1v commented Oct 2, 2022

@yangfl This might impact Debian packaging: with this PR, the APK is signed. I updated build_without_gradle.sh do perform these tasks manually (without gradle). Please let me know if it's ok for you (but it's not urgent).

@rom1v rom1v changed the title [Draft] Add option to install server as APK [Draft] Add option to install the server as an APK Oct 2, 2022
@yangfl
Copy link
Contributor

yangfl commented Oct 2, 2022

It's ok, since we can ask users to download and install apk from android side, or just sign it with a random key.

@rom1v
Copy link
Collaborator Author

rom1v commented Oct 3, 2022

I am a bit worried about security implications though.

If someone manage to make you install a malicious app having package com.genymobile.scrcpy, then the next time the scrcpy client is executed, it will execute the java "executable" embedded in this package with shell permissions. This is a form of privilege escalation.

Maybe the server (executed by adb shell) and the companion APK to install should be a separate APK in the end. That would prevent this problem (no code from the APK could be executed with shell permissions).

When the app is pushed to /data/local/tmp, this is ok because no app can write to /data/local/tmp/ (to replace the server just after it is pushed but before it is executed).

@yangfl
Copy link
Contributor

yangfl commented Oct 3, 2022

I think we can check signature of preinstalled apk and stop (or at least warn users and let them choose) running of unknown apk.

Maybe checking hash of apk file is a better choice, but I can't find how to do it...

@quyleanh
Copy link
Contributor

quyleanh commented Nov 4, 2022

Sorry for asking but is there any progress of this PR?

@rom1v
Copy link
Collaborator Author

rom1v commented Nov 4, 2022

Sorry for asking but is there any progress of this PR?

Due to #3517 (comment), I think it would be better to use a companion app instead. This PR is a good base but it is not intended to be merged as is.

@quyleanh
Copy link
Contributor

quyleanh commented Nov 5, 2022

Thank you for explaining.
It's sad when an other approach of injecting non-ASCII text goes nowhere...

@rom1v
Copy link
Collaborator Author

rom1v commented Nov 5, 2022

It's sad when an other approach of injecting non-ASCII text goes nowhere...

HID keyboard (over USB) should work pretty well.

@quyleanh
Copy link
Contributor

quyleanh commented Nov 6, 2022

HID keyboard (over USB) should work pretty well.

Actually this feature doesn't fit my need. I would like a faster switch for mouse and keyboard.
Sometimes it also cannot detect my keyboard hardware.

@rom1v
Copy link
Collaborator Author

rom1v commented Apr 25, 2024

Now, there is audio, camera and HID without the need for an app. Closing.

@rom1v rom1v closed this Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants