-
-
Notifications
You must be signed in to change notification settings - Fork 3.2k
Termux and Android 10
Android 10 transition has been cancelled and as result Termux will not receive updates on Play Store anymore. Google policy for Android applications require to bump target SDK level to at least 29, but we cannot do that due to Termux application design.
Use Termux application and add-ons from F-Droid.
That are all operating system behavior changes. Specifically, this one: https://developer.android.com/about/versions/10/behavior-changes-all#execute-permission
Untrusted apps that target Android 10 cannot invoke exec() on files within the app's home directory. This execution of files from the writable app home directory is a W^X violation. Apps should load only the binary code that's embedded within an app's APK file.
Check also the issue related to code execution restrictions: https://github.com/termux/termux-app/issues/1072.
Note that issue may not affect users with custom Android like Lineage OS, or those who have SELinux in permissive mode.
According to Google Play policy and Android application design, we will have to bundle packages inside APK files and distribute as regular applications - just like we do currently with Termux add-ons (API, Widget, Float, etc). This is the only viable solution in long-term.
Here are brief overview of the packaging changes:
- All files from .deb file are extracted and renamed to have .so as extension. These "shared libraries" are part of the APK file just like normal native code.
- A file mapping will be created and packaged inside APK as well. It will be needed to create symlinks from .so file in native lib directory to matching file inside $PREFIX (Termux system root).
- No
apt
anddpkg
will be available. All basic package management functionality is done by Termux application. A tiny script will be present to allow package management from shell. - Updated
termux-exec
execve()
wrapper - now usesproot
to run user binaries and bypass restrictions from SELinux. As proot is unstable, not all users will be able to run custom binaries.
Of course, that will have serious impact on user experience. From that point Termux will no longer be same as was before. Many things likely will stop working.
Development is done in https://github.com/termux/termux-app/tree/android-10.
Do not like solution proposed by Termux maintainers, want to help to solve issues on the latest Android OS versions and make Termux better? - Submit your pull requests and we will figure out whether it would be better than APK-based packaging.
Theoretical suggestions, especially ones like "custom binary loaders" or something extremelly ridiculous like "rewrite everything in WASM" are NOT ACCEPTED!
Suggestions to use proot
to execute everything are not accepted. Proot
is not stable and still against Google Play policy. It also not known how
such solution will be viable in long-term.
Android 10+:
-
Users updating Termux compiled with SDK-28 to application compiled with SDK-29, will not face the
execve()
restriction. -
On some devices,
execve()
is restricted even for target SDK <=28, so any Termux build doesn't work on them. -
Access to
/proc/net
is restricted. As resultnetstat
and other utilities using data from this interface will not work anymore. -
Shared storage may become inaccessible.
-
Termux:API:
termux-wifi-enable
is no-op on SDK-29. (only when both Termux and Termux:API are compiled with target SDK 29) -
Termux:API:
termux-telephony-deviceinfo
will not show IMEI on SDK-29.
Android 11:
- Some utilities may crash due to file descriptor sanitizer.