Welcome to the forum.
I can’t help with the build issue, but there are three ways that have worked for me recently to get Android running under Qubes. It depends on your needs and what apps are needed.
-
A Debian 10 template with Anbox installed
-
Android-x86 in a Standalone, templated VM
-
BlissOS in a Standalone, templated VM
I have not built any of these from source (or even reviewed it) and they all have weakened security properties, so I consider them all untrusted and have them firewalled appropriately. There are various pros and cons which mostly fall under what’s included in the base Android image.
-
Anbox: A Debian 10 HVM template with the in-VM kernel includes the kernel modules already (ashmem, binder_linux). All that is necessary is to install snapd and the anbox snap.
It’s the closest to AOSP with no Google Play Services by default. It’s the easiest to get up and running.
However, the base image is Android 7 (old/outdated) and might be considered abandoned.
-
Android-x86:
Has Android 8 (Oreo) and 9 (Pie) images available. However, it includes Google Play Services by default which is set as a Device Policy Owner with “Find My Device” enabled by default. It also contains Android-x86-specific analytics, but can be turned off.
-
Bliss OS: Derivative of Android-x86.
Stable image is Android 9 (Pie) and Android 11 is available. They have a FOSS version (contains Aurora Droid and Aurora Store), and a Googled version available (Google Play Services/Store).
However, they have many preinstalled apps in the base image, but this depends on what you are seeking in an Android ROM.
My current approach is an Android-x86 install, templated, but I “de-Googled” the image after installation.
All in all, I don’t believe anyone uses an Android ROM on the PC with the expectation that it will retain the same security properties as a bare-metal Android install.
All of these images by default have security patch levels that are ancient and they’re all userdebug images with adb and root access.
When it comes to installation on R4.0, the default Android-x86 and Bliss OS images don’t know how to “speak” Xen, so the hard disk Qubes presents to the VM doesn’t show up. There’s another thread on the forum that shows how to deal with this, by making modifications to the stubdomain init file so that the disks are presented as IDE devices.
On R4.1, the hard disk is presented as an IDE device by default, so Android-x86 and Bliss OS install without any hacks.
With Android-x86 and Bliss OS, it’s very easy to make them templated VMs, as if one passes:
DATA=/dev/sdb
…to the “Install…” GRUB menu entry, the userdata partition will point to the private volume that Qubes presents for AppVMs derived from the template. Just remember to:
mkfs.ext2 /dev/qubes_dom0/vm-[appvm_name]-private
…before booting the AppVM for the first time.
Parting words:
xdotool selectwindow key ctrl+alt+F1
…is handy to get a root console for Android-x86/Bliss OS, and use F7 to get back to the graphical window. Also, if you connect the qube to a Proxy/NetVM with adb installed, you can use adb connect 10.137.X.Y; adb shell
to get into the image.