[Feature]: Multi-user support #2765
Comments
|
Duplicate of #2291
Since android 11, if an app uses https://developer.android.com/about/versions/11/privacy/storage#other-private-dirs https://developer.android.com/training/basics/intents/package-visibility#package-name Why are you trying to hide termux? |
@rayfoss What feature(s) are you needing that are missing? |
|
... I'm not trying to hide Termux at all... I just don't use the owner account for anything but... work. 99% of the time i'm in a slave account, even Google Pay works in it. I used the following app to findout that other work apps CAN see what other apps I have installed, zero permissions needed: https://play.google.com/store/apps/details?id=com.ytheekshana.deviceinfo&hl=en_US&gl=US Unfortunately I can't even switch to the owner account and install Termux there, as that might tip my employer know I don't live in the country I'm pretending to be in. I only have apps that are common in the area on that account. |
The app has requested Lolz, you seem to have a lot of problems ;) But termux prefix limitation has existed since the start. If you use limited packages, you can compile those packages for your secondary user prefix and termux should work, will of course require removing check in app, I may do that them myself in near future for a refactor required. Or maybe look into hacks mentioned in #2734, since you have the more motivation needed for secondary user support ;) |
|
Does a work profile works for you? |
|
Hi, Could be a solution a new script for the compilation environment supporting this?
In this case the new App will be independent of the regular Termux, right? |
|
https://github.com/termux/termux-app#Forking Make sure to change |
|
Hi @agnostic-apollo ,
It seems then that the forking option (create a fork package with a new package name) is a viable solution. Using this technique anyone can create a totally isolated environment. However, I feel this requires to be more user-friendly. Do you think it's a good idea to develop one script to complete all the tasks? So instead of manually execute all steps, execute one command only. One side advantage of this is the option to execute this inside a testing tool to check if all the environment+plugins+packages are compatible with the My objective is to "package" custom user Apps (linux binaries+Termux-GUI scripts) inside an APK to use them as standalone Android Apps. I hope you want to support this. |
PRs are welcome. For testing purposes such a script might be useful, but I suspect that a real fork would anyways want to customise things like which packages to include in bootstrap, or which addon apps to include, so not sure how helpful it would be for forkers |
|
Real forks would also make other changes to |
For forking Termux:GUI you just need to change the package name, and replace the package name accordingly in the |
|
?Any updates about the issue? I have not been able to use termux because of that! Thankz |
@kdrag0n 's NestBox requires Developer Mode and wireless debugging... I couldn't set it up, so it also has similar problems. |
|
For people with rooted devices, it should be possible to mount secondary user private app data directory assigned to termux at I have added support locally to run commands at app init, not sure if I will have time to add in-built support to do mounting before this release, already got too many things. Can at least ignore the secondary user check if prefix is accessible. No plans for other ways. Have seen NestBox updates on twitter by @kdrag0n, looks pretty interesting, if termux ever goes away, there is at least some hope if non-root support is maintained by google in future. |
|
Is there any solution to this yet cause I'm also I'm need of it |
|
Next version should have multi user support for termux on secondary user and if users want to install termux on adoptable storage, assuming root access has been granted to termux. Tested on A11 and A13. I still need to finalize this like add docs and add settings toggle, etc. Secondary User
Adoptable Storage
|
@agnostic-apollo Or is there another way to get multi-user (like recompiling the app manually from source)? I've read there is but theres no good guide on how to modify the source and bootstrap generation scripts to properly support it, I'd appreciate some help |
|
AFAIK agnostic-apollo works in a local fork, so there is no way to try it until it's released. |
|
Haven't pushed changes yet. And it will require root as I said. Compiling app with different prefix won't do much, you would need to recompile all termux packages as well. |
@romanovj
@agnostic-apollo I probably can work mostly from proot-distro (and in fact, 90% of the time I'm inside a archlinux proot, the only times I needed to exit proot was just updating termux packages), so technically all I need is probably ssh and proot-distro on the app, nothing else (not even pkg or apt) |
|
@RealEthanPlayzDev ofc you will need to change some lines also, you can proot into anything, just unpack rootfs and write your own script all you need is to patch proot binary with patchelf, and couple of libraries like here (I used this files in order to proot into homeassistant docker container from adb shell) |
@romanovj |
|
@RealEthanPlayzDev ofc you need to change path to whatever you have |
|
I've tried following that Reddit post's instructions along with changing the paths it needs, currently I'm stuck here: I believe talking about this here would be off-topic, do you have Discord perhaps? |
|
@agnostic-apollo what do you think about hexpatching? I tried with /data/local/tmp/termu for adb and had no major problems. It's definitely easier than recompiling everything |
|
Check #2734 for more generic solution for secondary users. It might be doable, but the prefix may also be used in other non binary files or in scripts and without the full |
|
I have a dumb idea about this issue. (I edited this message before being aware of #2734) -TERMUX_BASE_DIR="/data/data/${TERMUX_APP_PACKAGE}/files"
-TERMUX_CACHE_DIR="/data/data/${TERMUX_APP_PACKAGE}/cache"
+TERMUX_BASE_DIR="/data/user/0/${TERMUX_APP_PACKAGE}/files/21473"
+TERMUX_CACHE_DIR="/data/user/0/${TERMUX_APP_PACKAGE}/cache"
TERMUX_ANDROID_HOME="${TERMUX_BASE_DIR}/home"
TERMUX_APPS_DIR="${TERMUX_BASE_DIR}/apps"
TERMUX_PREFIX="${TERMUX_BASE_DIR}/usr"When in Because binary-patch does not tolerate string length changes, However it might not be trivial to handle cases like encoded/compressed text, or the string itself is in some multi-byte non-ASCII encoding. (ah there could be other situations like checksummed files etc, as mentioned in #2734) As for what I looked up Android source code and then found that Android OS defined // We need to keep process uid within Integer.MAX_VALUE.
@VisibleForTesting
static final int MAX_USER_ID = Integer.MAX_VALUE / UserHandle.PER_USER_RANGE;where /**
* @hide Range of uids allocated for a user.
*/
@UnsupportedAppUsage
public static final int PER_USER_RANGE = 100000;Besides, the maximum allowed @GuardedBy("mUsersLock")
private int scanNextAvailableIdLocked() {
for (int i = MIN_USER_ID; i < MAX_USER_ID; i++) {
if (mUsers.indexOfKey(i) < 0 && !mRemovingUserIds.get(i)) {
return i;
}
}
return -1;
}It also seems somewhat hilarious that my Android 7 AVD actually threw out |
|
@agnostic-apollo Oh it seems that I'm not the first person who has once came up with similar idea.
Edit after reply: it's simply because of lack of execute permission. |
https://stackoverflow.com/questions/13769141/can-i-change-rpath-in-an-already-compiled-binary https://github.com/NixOS/patchelf http://blog.tremily.us/posts/rpath/ You may not have understood the suggestion in #2734 Packages must be compiled with for example
|
Probably? at least
Sorry I forgot to take a screenshot :-) I'm actually going to fix this myself.
I saw that the
I haven't done any binary patch so far. I just changed the |
(1) I think (2) I have just made some commits (based on a77e598) which reflect (3) Even after doing massive string replace above (when doing build), I can still find related things like: It's concerning that Termux-packaged executable may have references pointing to some outside dependencies, like |
|
I'm avoiding usage of equivalent path with redundant part like |
|
Ah sorry for posting replies before editing it carefully. I think I've done editing to clarify my points. |
|
@agnostic-apollo I've summarized my thoughts in this comment, the discussion around this idea might better continue in #2734 instead. |
Feature description
Multiuser is still essential for maintaining privacy, as Android 12 has no way to stop apps from seeing what other apps you have installed. I can run Termux on my primary user as the app I'm hiding from has DRM protection that disables features, and Multi-user trips the DRM.
It would also be useful to have separate termux environments.
Additional information
Nix-on-droid also doesn't work. I'll use termius instead.
The text was updated successfully, but these errors were encountered: