Waydroid template

apparatus · January 1, 2024, 7:51am

This guide is for creating Waydroid template that can be used to create AppVMs based on it.
The Android image is installed in template and applications and their configuration will be installed in AppVMs.
This guide is for setting up minimal Waydroid template. You may want to install additional packages like GUI terminal, file manager, passwordless root etc.

Create Waydroid template qube

Install debian-12-minimal template using “Qubes Template Manager” tool if you don’t have it already.

Update debian-12-minimal template using “Qubes Update” tool.

Clone debian-12-minimal and name it d12m-waydroid.

Start d12m-waydroid and open its root terminal using this command in dom0 terminal:

qvm-run -u root d12m-waydroid xterm &

All the commands in this guide must be run in d12m-waydroid qube root terminal if not stated otherwise.

Install required packages for Waydroid

Waydroid needs Wayland so we will install sway Wayland compositor for it:

apt install -y sway

We also need the qubes-core-agent-networking package to enable networking in minimal qube:

apt install -y qubes-core-agent-networking

Install Waydroid

Run these commands to install Waydroid:

apt install -y ca-certificates extrepo
https_proxy=http://127.0.0.1:8082 http_proxy=http://127.0.0.1:8082 extrepo enable waydroid
apt update
apt install -y waydroid

The installation is using extrepo package instead of downloading the shell script from waydro.id and running it.
This was suggested here:
Consider support for Android VMs · Issue #2233 · QubesOS/qubes-issues · GitHub
The link to the default installation process for reference:
Install Instructions | Waydroid

Original installation instructions if you prefer them:

apt install -y curl ca-certificates
curl --proxy http://127.0.0.1:8082/ --tlsv1.2 --proto =https --max-time 180 https://repo.waydro.id | https_proxy=http://127.0.0.1:8082 bash
apt install -y waydroid

Configure for Waydroid container not to start in TemplateVMs:

mkdir -p /etc/systemd/system/waydroid-container.service.d
cat << 'EOF' | tee /etc/systemd/system/waydroid-container.service.d/override.conf >/dev/null
[Unit]
ConditionPathExists=!/run/qubes/this-is-templatevm
EOF

Initialize Waydroid

Run this command to initialize Waydroid, It’ll download VANILLA Android image:

https_proxy=http://127.0.0.1:8082 http_proxy=http://127.0.0.1:8082 waydroid init

Or this command for Waydroid image with GApps support:

https_proxy=http://127.0.0.1:8082 http_proxy=http://127.0.0.1:8082 waydroid init -s GAPPS

Install Waydroid clipboard support

Configure automatic transfer of clipboard content between X11 and Wayland

We need to build and install clipnotify tool from sources to use it for receiving the X11 clipboard change events. You can build it in some other qube based on the same template and copy the built binaries to the d12m-waydroid qube and install them there to keep the d12m-waydroid template minimal or you can build it in the d12m-waydroid qube itself but you’ll need to install additional packages for building.
This example is for the second option.

You can download the clipnotify sources in the Waydroid template directly or in some other qube and transfer them to the Waydroid template.
To download the sources directly in Waydroid template you’ll need to install the additional packages unzip/git.
Since unzip/git probably won’t be used ever again in the Waydroid qube you may want to keep the Waydroid template minimal then you can download the sources in some other qube and transfer them to the Waydroid template.

Option 1: Download the sources directly in Waydroid template

Download and extract the clipnotify sources in Waydroid template:

apt install -y curl unzip
curl --proxy http://127.0.0.1:8082/ --tlsv1.2 --proto =https --max-time 180 https://codeload.github.com/cdown/clipnotify/zip/refs/heads/master -o clipnotify-master.zip
unzip -j clipnotify-master.zip -d clipnotify

or using git:

apt install -y git
git config --global http.proxy http://127.0.0.1:8082
git clone https://github.com/cdown/clipnotify.git
git config --global http.proxy ""

Option 2: Download the sources in some other qube and transfer them to Waydroid template

Download and extract the clipnotify sources in some qube with network access:

curl https://codeload.github.com/cdown/clipnotify/zip/refs/heads/master -o clipnotify-master.zip
unzip -j clipnotify-master.zip -d clipnotify

or using git:

git clone https://github.com/cdown/clipnotify.git

Transfer the clipnotify directory to d12m-waydroid qube:

qvm-copy clipnotify

After getting the sources in d12m-waydroid qube, move to the clipnotify sources directory in d12m-waydroid qube:
If you followed Option 1: Download the sources directly in Waydroid template:

cd clipnotify

If you followed Option 2: Download the sources in some other qube and transfer them to Waydroid template:

mv /home/user/QubesIncoming/*/clipnotify/ /home/user/
cd /home/user/clipnotify

Once you’re in the sources directory, build and install clipnotify:

apt install -y build-essential libx11-dev libxtst-dev
mkdir -p /opt/bin
sed -i "s|/usr/local|/opt|g" Makefile
make
make install
echo 'export PATH="/opt/bin:$PATH"' >> /etc/profile.d/opt-bin.sh

Install X11 and Wayland clipboard cli tools:

apt install -y xclip wl-clipboard

Configure sway to run script that will automatically transfer of clipboard content between X11 and Wayland on sway start:

echo "exec /opt/bin/x11-wl-clip.sh" > /etc/sway/config.d/99-x11-wl-clip.conf
mkdir -p /opt/bin
cat << 'EOF' | tee /opt/bin/x11-wl-clip.sh >/dev/null
#!/bin/bash
x11_wl='while DISPLAY=":0" clipnotify -s clipboard; do xclip -d ":0" -selection clipboard -o | wl-copy; done'
wl_x11='wl-paste -nw xclip -d ":0" -selection clipboard'
eval "${x11_wl}" &>/dev/null &
eval "${wl_x11}" &>/dev/null
pstree -A -p $$ | grep -Eow "[0-9]+" | xargs kill &>/dev/null
EOF
chmod +x /opt/bin/x11-wl-clip.sh

Install `pyclip` required by Waydroid

apt install -y xclip wl-clipboard pip python3-venv
python3 -m venv /opt/venv/pyclip
source /opt/venv/pyclip/bin/activate
pip install --proxy http://127.0.0.1:8082 pyclip
deactivate
echo 'export PATH="$PATH:/opt/venv/pyclip/bin"' >> /etc/profile.d/python-venv.sh
echo 'export PYTHONPATH="$PYTHONPATH:/opt/venv/pyclip/lib/python3.11/site-packages"' >> /etc/profile.d/python-venv.sh

Links for reference:
General Troubleshooting | Waydroid
No python-pyclips · Issue #981 · waydroid/waydroid · GitHub

Configure firewall for Waydroid

For Qubes OS 4.2:

cat << 'EOF' | tee /etc/systemd/system/waydroid-firewall.service >/dev/null
[Unit]
ConditionPathExists=!/run/qubes/this-is-templatevm
PartOf=waydroid-container.service
After=waydroid-container.service
BindsTo=waydroid-container.service
Requires=qubes-iptables.service
After=qubes-iptables.service
BindsTo=qubes-iptables.service
[Service]
Type=oneshot
ExecStart=/usr/bin/bash -c "if (nft create chain ip qubes waydroid-input) &>/dev/null; then nft add rule ip qubes custom-input jump waydroid-input; fi"
ExecStart=/usr/bin/bash -c "if (nft create chain ip qubes waydroid-forward) &>/dev/null; then nft add rule ip qubes custom-forward jump waydroid-forward; fi"
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-input iifname "waydroid0" meta l4proto {tcp, udp} th dport { 53, 67 } accept
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-forward iifname "waydroid0" oifgroup 1 accept
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-forward oifname "waydroid0" iifgroup 1 accept
ExecStop=/usr/sbin/nft flush chain ip qubes waydroid-input
ExecStop=/usr/sbin/nft flush chain ip qubes waydroid-forward
RemainAfterExit=yes
[Install]
WantedBy=waydroid-container.service
EOF
systemctl daemon-reload
systemctl enable waydroid-firewall.service

For Qubes OS 4.1:

cat << 'EOF' | tee /etc/systemd/system/waydroid-firewall.service >/dev/null
[Unit]
ConditionPathExists=!/run/qubes/this-is-templatevm
PartOf=waydroid-container.service
After=waydroid-container.service
BindsTo=waydroid-container.service
Requires=qubes-iptables.service
After=qubes-iptables.service
BindsTo=qubes-iptables.service
[Service]
Type=oneshot
ExecStart=/usr/sbin/iptables -I INPUT -i waydroid0 -p tcp -m multiport --dports 53,67 -j ACCEPT
ExecStart=/usr/sbin/iptables -I INPUT -i waydroid0 -p udp -m multiport --dports 53,67 -j ACCEPT
ExecStart=/usr/sbin/iptables -I FORWARD 2 -o eth0 -i waydroid0 -j ACCEPT
ExecStart=/usr/sbin/iptables -I FORWARD 2 -i eth0 -o waydroid0 -j ACCEPT
ExecStop=/usr/sbin/iptables -D INPUT -i waydroid0 -p tcp -m multiport --dports 53,67 -j ACCEPT
ExecStop=/usr/sbin/iptables -D INPUT -i waydroid0 -p udp -m multiport --dports 53,67 -j ACCEPT
ExecStop=/usr/sbin/iptables -D FORWARD -o eth0 -i waydroid0 -j ACCEPT
ExecStop=/usr/sbin/iptables -D FORWARD -i eth0 -o waydroid0 -j ACCEPT
RemainAfterExit=yes
[Install]
WantedBy=waydroid-container.service
EOF
systemctl daemon-reload
systemctl enable waydroid-firewall.service

Disable sway window title bar and status bar

This will make Waydroid run in fullscreen.

Disable sway window title bar:

echo "default_border none" > /etc/sway/config.d/94-disable-window-titlebar.conf

To disable sway status bar you need to edit the default sway config /etc/sway/config and remove or comment out the entire bar section:

nano /etc/sway/config

Find and remove/comment out the entire bar{} section e.g.:

#
# Status Bar:
#
# Read `man 5 sway-bar` for more information about this section.
bar {
    position top

    # When the status_command prints a new line to stdout, swaybar updates.
    # The default just shows the current date and time.
    status_command while date +'%Y-%m-%d %I:%M:%S %p'; do sleep 1; done

    colors {
        statusline #ffffff
        background #323232
        inactive_workspace #32323200 #32323200 #5c5c5c
    }
}

Create `.desktop` file to start Waydroid in sway using qube app menu

When you start sway it’ll open the X11 window with sway but when you close this window it won’t cause sway to exit.
To not leave the sway with Waydroid running in background when you close the window we need to track this window and when it’s closed we need to kill the sway and Waydroid processes.
For this we need to install xwininfo tool:

apt install -y x11-utils

Create script to start the sway and Waydroid:

cat << 'EOF' | tee /opt/bin/sway-waydroid.sh >/dev/null
#!/bin/bash
sway &>/dev/null &
WAYLAND_DISPLAY="wayland-1" XDG_SESSION_TYPE="wayland" DISPLAY=":1" waydroid first-launch &>/dev/null &
for i in $(seq 1 3);
do
    if xwininfo -name "wlroots - X11-1" &>/dev/null; then
        break
    fi
    sleep 1
done
while xwininfo -name "wlroots - X11-1" &>/dev/null; do
    sleep 2
done
WAYLAND_DISPLAY="wayland-1" XDG_SESSION_TYPE="wayland" DISPLAY=":1" waydroid session stop &>/dev/null
pstree -A -p $$ | grep -Eow "[0-9]+" | xargs kill &>/dev/null
EOF
chmod +x /opt/bin/sway-waydroid.sh

Create the .desktop file to start Waydroid in sway using qube app menu:

cat << 'EOF' | tee /usr/share/applications/Waydroid-Sway.desktop >/dev/null
[Desktop Entry]
Type=Application
Name=Waydroid-Sway
Exec=/opt/bin/sway-waydroid.sh
Icon=waydroid
Categories=X-WayDroid-App;
X-Purism-FormFactor=Workstation;Mobile;
EOF

Create script to install apk from the terminal

cat << 'EOF' | tee /opt/bin/waydroid-install-apk >/dev/null
WAYLAND_DISPLAY="wayland-1" XDG_SESSION_TYPE="wayland" DISPLAY=":1" waydroid app install $1
EOF
chmod +x /opt/bin/waydroid-install-apk

Create script to upgrade Waydroid image in template from the terminal

cat << 'EOF' | tee /opt/bin/waydroid-upgrade >/dev/null
https_proxy=http://127.0.0.1:8082 http_proxy=http://127.0.0.1:8082 waydroid upgrade
EOF
chmod +x /opt/bin/waydroid-upgrade

File manager in Waydroid qube

If you want to use the file manager in Waydroid qube then you need to install these packages in Waydroid qube template:

apt install -y thunar qubes-core-agent-thunar

Enable sound for the Waydroid qube

To get the sound working in the Waydroid qube, for Qubes OS 4.2 you need to install pipewire-qubes package in Waydroid qube template:

apt install -y pipewire-qubes

In case you don’t want for some Waydroid qubes to have sound (e.g. for protection against profiling threat and tracking or increasing attack surface) you can clone the d12m-waydroid template without sound to d12m-waydroid-sound template and install the sound package in d12m-waydroid-sound template.
Then you can choose whatever the Waydroid qube should have the sound or not by setting the suitable template for it.

Add Waydroid App menu shortcut to the newly created qubes by default

To add the Waydroid App menu shortcut to the newly created qubes you need to set default-menu-items feature for Waydroid template.
Open dom0 terminal and run this command to set the default App menu items for qubes based on this template:

qvm-features d12m-waydroid default-menu-items "Waydroid-Sway.desktop debian-xterm.desktop"

At this point the template is configured and ready to be used.

Additional information

Upgrade Waydroid image

To upgrade Waydroid image in the future you’ll need to manually run this command in Waydroid template d12m-waydroid:

waydroid-upgrade

See above on how to create waydroid-upgrade command if it doesn’t exist.

Install application in Waydroid

In a DisposableVM:

download an application apk (for example F-Droid from https://f-droid.org/)
qvm-copy it to your Waydroid AppVM or DisposableVM

In your Waydroid AppVM or DisposableVM:

Run waydroid-install-apk (see above) with the path to the apk file e.g.:

waydroid-install-apk /home/user/QubesIncoming/disp1629/F-Droid.apk

Change keyboard layout in Waydroid

Settings → Languages & input → Physical keyboard → wayland_keyboard
Add layouts.
Change keyboard layout with Ctrl+Space.

Transfer files to/from Waydroid

The Waydroid internal storage is located in this path:

/home/user/.local/share/waydroid/data/media/0/

You can copy files to/from there.
Or you can set up shared folders like this:
Setting up a shared folder | Waydroid
Or you can try to configure it like this:
Secure way of sharing host files and directories with Waydroid · waydroid/waydroid · Discussion #1107 · GitHub

Info about your system that apps in Waydroid will know

Apps installed in Waydroid will be able to see your CPU and system kernel.
Since qubes use kernel provided by dom0 by default then apps in Waydroid can know that you’re running Waydroid in Qubes OS (e.g. 6.7.3-1.qubes.fc37.x86_64). To hide this you can use in-VM kernel instead:

You’ll need to reinitialize the Waydroid in template after switching the kernel.
Boot the Waydroid template with new kernel and run this command in its root terminal for VANILLA Android image:

https_proxy=http://127.0.0.1:8082 http_proxy=http://127.0.0.1:8082 waydroid init -f

Or this command for Waydroid image with GApps support:

https_proxy=http://127.0.0.1:8082 http_proxy=http://127.0.0.1:8082 waydroid init -f -s GAPPS

Troubleshootings

1. From Application menu, choose AppVM / Waydroid-Sway, BUT nothing displayed.

Solution:
Application menu, choose AppVM / xterm, in the displayed xterm, manually launch waydroid with this command to see the debug output:

sed "s|&>/dev/null||g" /opt/bin/sway-waydroid.sh | source /dev/stdin

2. How to exit the AppVM ?

Solution:
From dom0 Qubes Domain traybar, for the AppVM, choose Shutdown.

apparatus · January 1, 2024, 7:52am

Some additional info:

Aurora Store newer than version 4.2.5 crashes on Waydroid:

github.com/waydroid/waydroid

Some apps constantly crash (e.g. Skyshowtime)

opened 08:13AM - 28 Jul 23 UTC

michaldybczak

**Describe the bug** I manged to run Waydroid without issues on Manjaro. I inst…alled Aurora shop from apk. It run with the setup steps, I logged in to Google and then it crashed. It looks like it opens the usual, main app screen but it doesn't load fully, because it crashes before any app or graphic shows up. I also wanted to run Skyshowtime app (streaming TV) and it let me to log in and the main screen, but when clicking on any of the show or movie icons, it minimizes and on second try it crashes. Apps installed via F-Droid work. There is some additional problem with F-Droid not updating repos on the next launch, but that is a different issue that we can ignore here. During crashes, I get in log: ``` (015983) [09:51:03] % tail -n 60 -F /var/lib/waydroid/waydroid.log (015983) [09:51:03] *** output passed to waydroid stdout, not to this log *** ``` The path above is the path to the general log, but it still doesn't have the details. So where is this output passed and how to access it? When I use `waydroid --details-to-stdout log` it just show the usual log entries, nothing more (see the log below). **General information (please complete the following information):** - Waydroid tools Version 1.4.1 arch = x86_64 vendor_type = MAINLINE system_datetime = 1690085411 vendor_datetime = 1690089493 suspend_action = freeze mount_overlays = True images_path = /var/lib/waydroid/images system_ota = https://ota.waydro.id/system/lineage/waydroid_x86_64/VANILLA.json vendor_ota = https://ota.waydro.id/vendor/waydroid_x86_64/MAINLINE.json binder = binder vndbinder = vndbinder hwbinder = hwbinder binder_protocol = aidl3 service_manager_protocol = aidl3 **Desktop (please complete the following information):** Operating System: Manjaro Linux KDE Plasma Version: 5.27.6 KDE Frameworks Version: 5.108.0 Qt Version: 5.15.10 Kernel Version: 6.4.6-1-MANJARO (64-bit) Graphics Platform: Wayland Processors: 8 × Intel® Core™ i7-6700HQ CPU @ 2.60GHz Memory: 7.6 GiB of RAM Graphics Processor: Mesa Intel® HD Graphics 530 Manufacturer: Alienware Product Name: Alienware 17 R3 System Version: 1.13.1 **Additional context** Add any other context about the problem here. **Logs (please upload as file)** ``` michaldybczak  alienware-PC  ~  waydroid --details-to-stdout log (016283) [09:55:16] % tail -n 60 -F /var/lib/waydroid/waydroid.log (016283) [09:55:16] *** output passed to waydroid stdout, not to this log *** bus = cls._new_for_bus(address_or_type, mainloop=mainloop) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NotSupported: Using X11 for dbus-daemon autolaunch was disabled at compile time, set your DBUS_SESSION_BUS_ADDRESS instead (002288) [08:36:13] % /usr/lib/waydroid/data/scripts/waydroid-net.sh start vnic is waydroid0 (002288) [08:36:13] % systemctl is-active -q nfcd (002288) [08:36:13] % chmod 777 -R /dev/dri (002288) [08:36:13] % chmod 777 -R /dev/fb0 (002288) [08:36:13] % chmod 777 -R /dev/video1 (002288) [08:36:13] % chmod 777 -R /dev/video0 (002288) [08:36:13] % mv /var/lib/waydroid/config_session /var/lib/waydroid/lxc/waydroid (002288) [08:36:13] % mount -o ro /var/lib/waydroid/images/system.img /var/lib/waydroid/rootfs (002288) [08:36:13] % mount -t overlay -o ro,lowerdir=/var/lib/waydroid/overlay:/var/lib/waydroid/rootfs,upperdir=/var/lib/waydroid/overlay_rw/system,workdir=/var/lib/waydroid/overlay_work/system,xino=off overlay /var/lib/waydroid/rootfs (002288) [08:36:13] % mount -o ro /var/lib/waydroid/images/vendor.img /var/lib/waydroid/rootfs/vendor (002288) [08:36:13] % mount -t overlay -o ro,lowerdir=/var/lib/waydroid/overlay/vendor:/var/lib/waydroid/rootfs/vendor,upperdir=/var/lib/waydroid/overlay_rw/vendor,workdir=/var/lib/waydroid/overlay_work/vendor,xino=off overlay /var/lib/waydroid/rootfs/vendor (002288) [08:36:13] % mount -o bind /var/lib/waydroid/waydroid.prop /var/lib/waydroid/rootfs/vendor/waydroid.prop (002288) [08:36:13] Save config: /var/lib/waydroid/waydroid.cfg (002288) [08:36:13] % lxc-start -P /var/lib/waydroid/lxc -F -n waydroid -- /init (002288) [08:36:13] New background process: pid=5771, output=background (002288) [08:36:13] % lxc-info -P /var/lib/waydroid/lxc -n waydroid -sH RUNNING (005723) [08:36:23] waydroidusermonitor: Received transaction: 1 (005723) [08:36:23] Android with user 0 is ready (005723) [08:36:23] % adb start-server (005723) [08:36:23] % adb connect 192.168.240.112 already connected to 192.168.240.112:5555 (005723) [08:36:23] Established ADB connection to Waydroid device at 192.168.240.112. (002288) [08:36:39] % lxc-info -P /var/lib/waydroid/lxc -n waydroid -sH RUNNING (005723) [09:14:56] waydroidusermonitor: Received transaction: 2 (005723) [09:16:21] waydroidusermonitor: Received transaction: 2 (005723) [09:18:56] waydroidusermonitor: Received transaction: 2 (005723) [09:19:39] waydroidusermonitor: Received transaction: 2 (005723) [09:20:51] waydroidclipboard: Received transaction: 2 (005723) [09:20:51] Could not setup clipboard (005723) [09:20:54] waydroidclipboard: Received transaction: 2 (005723) [09:20:54] Could not setup clipboard (005723) [09:20:54] waydroidclipboard: Received transaction: 2 (005723) [09:20:54] Could not setup clipboard (005723) [09:24:21] waydroidclipboard: Received transaction: 2 (005723) [09:24:21] Could not setup clipboard (005723) [09:24:21] waydroidclipboard: Received transaction: 2 (005723) [09:24:21] Could not setup clipboard (005723) [09:24:23] waydroidclipboard: Received transaction: 2 (005723) [09:24:23] Could not setup clipboard (005723) [09:24:23] waydroidclipboard: Received transaction: 2 (005723) [09:24:23] Could not setup clipboard (005723) [09:27:17] waydroidclipboard: Received transaction: 2 (005723) [09:27:17] Could not setup clipboard (005723) [09:32:54] waydroidclipboard: Received transaction: 2 (005723) [09:32:54] Could not setup clipboard (005723) [09:37:57] waydroidclipboard: Received transaction: 2 (005723) [09:37:57] Could not setup clipboard (005723) [09:41:05] waydroidusermonitor: Received transaction: 2 (005723) [09:42:57] waydroidusermonitor: Received transaction: 2 (014768) [09:44:39] % tail -n 60 -F /var/lib/waydroid/waydroid.log (014768) [09:44:39] *** output passed to waydroid stdout, not to this log *** (015983) [09:51:03] % tail -n 60 -F /var/lib/waydroid/waydroid.log (015983) [09:51:03] *** output passed to waydroid stdout, not to this log *** ``` Additional info: ``` michaldybczak  alienware-PC  ~  zgrep -i -e android -e memfd -e ashmem /proc/config.gz CONFIG_X86_ANDROID_TABLETS=m # Android CONFIG_ANDROID_BINDER_IPC=y CONFIG_ANDROID_BINDERFS=y CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder" # CONFIG_ANDROID_BINDER_IPC_SELFTEST is not set # end of Android CONFIG_MEMFD_CREATE=y ``` EDIT: I tried Disney+ from APK and it runs, but when I try to play the video, it informs me that it plays in full screen mode, I hear the sound (very quietly thou) but the screen is black, as if the output was to some other screen. ` waydroidusermonitor: Received transaction: 2` It looks like Manjaro kernel is compatible, but the issue lies elsewhere.

Work on Waydroid webcam support:

github.com/waydroid/waydroid

Feature Request: libcamera support

opened 03:43AM - 12 Sep 22 UTC

rothn

**Is your feature request related to a problem? Please describe.** Waydroid cur…rently supports mainline Linux cameras by passing low-level V4L2 camera devices through to Android, which sets them up as extremely limited external webcams. This is not ideal, e.g. for Android apps that use the front-facing camera to capture QR codes. **Describe the solution you'd like** * Include libcamera as an optional dependency * Install the compiled libcamera Android HAL in the container * Set "ro.hardware.camera=\<libcamera-so-path\>" instead of "ro.hardware.camera=v4l2" on supported hardware **Describe alternatives you've considered** * One-off camera implementations per platform: Infeasible due to required effort, but support would be betteer * Vanilla v4l2-- Generally unusable because lacks color calibration support, autofocus, etc. found in complex cameras (e.g., PinePhone Pro, Librem 5) **Additional context** * libcamera has basic support for [Librem 5](https://git.libcamera.org/libcamera/libcamera.git/commit/src/libcamera?id=502ab9a146e037cc10e3315ced91a0bdfa385472), with more thorough support [coming soon](https://puri.sm/posts/cameras-its-complicated/) * libcamera fully supports [PinePhone Pro](https://git.libcamera.org/libcamera/libcamera.git/tree/src/libcamera/pipeline/rkisp1?id=83996258a9fc852552fc66726c313c9ed4e325b3) * libcamera supports the vanilla [PinePhone](https://git.libcamera.org/libcamera/libcamera.git/tree/src/libcamera/pipeline/simple/simple.cpp?id=502ab9a146e037cc10e3315ced91a0bdfa385472)

ludovic · January 1, 2024, 5:32pm

Thank @apparatus for this very good guide! Below an update proposal.

Small fix for the clipnotify zip

curl https://codeload.github.com/cdown/clipnotify/zip/refs/heads/master -o clipnotify-master.zip
unzip -j clipnotify-master.zip -d clipnotify

→

apt install unzip -y
curl --proxy http://127.0.0.1:8082/ --tlsv1.2 --proto =https --max-time 180 https://codeload.github.com/cdown/clipnotify/zip/refs/heads/master>
unzip -j clipnotify-master.zip -d clipnotify

When the TemplateVM created

create an AppVM, in Settings / Applications, refresh Applications, add Waydroid-Sway
create a DispsableVM, in Settings / Applications, refresh Applications, add Waydroid-Sway

Troubleshootings

From Application menu, choose AppVM / Waydroid-Sway, BUT nothing displayed.
Solution : Application menu, choose AppVM / xterm, in the displayed xterm, manually launch waydroid : /opt/bin/sway-waydroid.sh
How to exit the AppVM ?
Solution : From dom0 Qubes Domain traybar, for the AppVM, choose Shutdown.

ludovic · January 1, 2024, 6:16pm

apparatus:

Install apk in Waydroid

To install apk in Waydorid AppVM run this command in its terminal:
WAYLAND_DISPLAY="wayland-1" XDG_SESSION_TYPE="wayland" DISPLAY=":1" waydroid app install /path/to/app.apk

update proposal : add this command to a script file and put it in /etc/skel/, something like :

cat << 'EOF' | tee /etc/skell/install-apk
WAYLAND_DISPLAY="wayland-1" XDG_SESSION_TYPE="wayland" DISPLAY=":1" waydroid app install $1
EOF

Install your first application

In an DisposableVM:

download an application apk (for example F-Droid from https://f-droid.org/)
qvm-copy it to your Waydroid AppVM or DisposableVM

In your Waydroid AppVM or DisposableVM:

Run install-apk (see above) with the apk file (for example : ./install-apk QubesIncoming/disp1629/F-Droid.apk)

apparatus · January 1, 2024, 6:34pm

ludovic:

Small fix for the clipnotify zip

curl https://codeload.github.com/cdown/clipnotify/zip/refs/heads/master -o clipnotify-master.zip
unzip -j clipnotify-master.zip -d clipnotify

→

apt install unzip -y
curl --proxy http://127.0.0.1:8082/ --tlsv1.2 --proto =https --max-time 180 https://codeload.github.com/cdown/clipnotify/zip/refs/heads/master>
unzip -j clipnotify-master.zip -d clipnotify

I’ve thought about it as well but in the end I’ve decided that instead of installing unzip/git in the Waydroid template just to download the sources only once and then never use it again it’d be better to keep the template minimal and just download it in another qube instead.
I’ve added both options so users can choose what fits them best.

Thanks, I’ve added them as well.
Just with some correction to start the waydroid script manually with debug output by removing &>/dev/null from the commands.

apparatus · January 1, 2024, 6:46pm

Thanks, I’ve added this change as well.
With the correction that it’s better to place the script in /opt/bin instead of /etc/skel/ because if you change the script later in your template then this change won’t be propagated to the existing AppVMs based on this template.
The /opt/bin is already in the PATH so you can call it without specifying the full path to the script.

ludovic · January 1, 2024, 8:19pm

Proposal update for sound:

To get sound in the Waydroid AppVM or DisposableVM, in the TemplateVM you should install pipewire-qubes (for Qubes-OS 4.2):

apt install pipewire-qubes -y

Note: to avoid a too big default template (and so a bigger attack surface), I cloned d12m-waydroid to d12m-waydroid-sound and added the above package only in d12m-waydroid-sound. So I choose for an AppVM if I want sound or not.

apparatus · January 2, 2024, 1:28pm

Thanks, it’s worth mentioning. I’ve added this info to the guide.

brainchild059 · January 10, 2024, 9:18am

Thanks for the great guide, have Waydroid all set up in a Template and AppVM.

EDIT: Below was due to being on Qubes 4.1, anyone on 4.2+ shouldn’t have this same problem. Thanks to @apparatus for the reminder.

I did have a problem with no internet connectivity in Waydroid itself. TemplateVM and AppVMs had connectivity just fine, and running ip addr show in terminal showed all the interfaces and assigned IPs. But the Waydroid container itself wasn’t getting any network, and wasn’t showing any assigned IPV4 address.

Solution was found here, in the post by rustyx on April 25th 2023:

No worky in Ubuntu 22.04.

The script /usr/lib/waydroid/data/scripts/waydroid-net.sh prefers nft, iptables-legacy, iptables, in that order.

There are 2 problems with that logic:

nftables doesn’t work in combination with iptables rules (which I have on due to Docker)

iptables-legacy doesn’t work at all

So the script has no chance of ever working.

With the following patch that disables nft and iptables-legacy I was able to get Internet working:
sudo sed -i~ -E 's/=.\$\(command -v (nft|ip6?tables-legacy).*/=/g' \
     /usr/lib/waydroid/data/scripts/waydroid-net.sh

Now Waydroid is working pretty great!

apparatus · January 10, 2024, 9:24am

Do you have Qubes OS 4.1?
It isn’t mentioned in the guide but it is for Qubes OS 4.2 and it’s using nftables because Qubes OS replaced iptables with nftables in Qubes OS 4.2.

brainchild059 · January 10, 2024, 10:27am

Yes you’re right I’m still on 4.1! Completely forgot about the 4.2 switch to nftables. Will edit my post to add.

apparatus · January 10, 2024, 10:47am

You can try to replace this:

ExecStart=/usr/bin/bash -c "if (nft create chain ip qubes waydroid-input) &>/dev/null; then nft add rule ip qubes custom-input jump waydroid-input; fi"
ExecStart=/usr/bin/bash -c "if (nft create chain ip qubes waydroid-forward) &>/dev/null; then nft add rule ip qubes custom-forward jump waydroid-forward; fi"
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-input iifname "waydroid0" meta l4proto {tcp, udp} th dport { 53, 67 } accept
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-forward iifname "waydroid0" oifgroup 1 accept
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-forward oifname "waydroid0" iifgroup 1 accept
ExecStop=/usr/sbin/nft flush chain ip qubes waydroid-input
ExecStop=/usr/sbin/nft flush chain ip qubes waydroid-forward

with this:

ExecStart=/usr/sbin/iptables -I INPUT -i waydroid0 -p tcp -m multiport --dports 53,67 -j ACCEPT
ExecStart=/usr/sbin/iptables -I INPUT -i waydroid0 -p udp -m multiport --dports 53,67 -j ACCEPT
ExecStart=/usr/sbin/iptables -I FORWARD 2 -o eth0 -i waydroid0 -j ACCEPT
ExecStart=/usr/sbin/iptables -I FORWARD 2 -i eth0 -o waydroid0 -j ACCEPT
ExecStop=/usr/sbin/iptables -D INPUT -i waydroid0 -p tcp -m multiport --dports 53,67 -j ACCEPT
ExecStop=/usr/sbin/iptables -D INPUT -i waydroid0 -p udp -m multiport --dports 53,67 -j ACCEPT
ExecStop=/usr/sbin/iptables -D FORWARD -o eth0 -i waydroid0 -j ACCEPT
ExecStop=/usr/sbin/iptables -D FORWARD -i eth0 -o waydroid0 -j ACCEPT

untested

brainchild059 · January 11, 2024, 9:52am

Confirming that these iptables-version firewall rules work for Waydroid in Qubes 4.1!
Thank you for taking care of us poor souls who haven’t been able to make the jump to 4.2 yet

scales · January 16, 2024, 10:39am

Qubes os is still handle to Wayland, so I was thinking to use Wayland on Qubes OS, user shall make sys-gui and after separate between X11 and Wayland.
My solution is making two sys-gui, one is managing gui on X11 server of dom0 and normal templates, other one manage Wayland compositor.

But I understood to be able to use Wayland on Qubes os, this solution is greatest!
User can use safely Android apps without Google service, thank you!

PostedPortal · January 18, 2024, 7:03am

Hey There,

‘create an AppVM, in Settings / Applications, refresh Applications, add Waydroid-Sway’

I have refreshed the apps but i cant find waydroid-sway. Only waydroid. Are they the same thing?

I went ahead and tried opening waydroid. It opened ‘initialize waydroid’ and I chose my android type and downloaded it.

when i try waydroid-install-apk /home/user/QubesIncoming/disp1629/F-Droid.apk it says WayDroid session is stopped

What am i doing wrong here?

apparatus · January 18, 2024, 10:19am

It seems that you’ve missed some of the guides steps or there was an error somewhere that you didn’t notice.
Try to create Waydroid template from the beginning.

It seems that you don’t have .desktop file that should’ve been created here:

PostedPortal · January 19, 2024, 4:16am

okay, waydroid-sway shows app in qubes settings apps now. I think i had an error on the sway install.

How do I get aurora store 4.2.5? Their gitlab keeps redirecting to their main site where they only have 4.3.5. F-droid doesnt have 4.2.5 either.

apparatus · January 19, 2024, 4:26am

You can download it from here:

And verify the signature:

scales · January 21, 2024, 1:11pm

I think Droid-ify is privacy safely than F-Droid as client.
So first I install apk of Droid-ify, after I enable F-Droid Archive repository in Droid-ify, Aurora Store v4.2.5 is existing in F-Droid Archive repository, so it can install from here.
And Aurora Store use Exodus for monitor packet of apps, user should install Exodus.

n1ete · January 29, 2024, 12:15am

Thanks for making android research and devolpment more easy than ever on qubes with low resource overhead!

Everything seems to work so far only issue i have left is changing size of the output window for highres screens:
Scaling settings in /etc/sway/config seem to have an effect on waydroid but the window size stays the same so the visible part of the screen is about 1/5…
if i resize the window android ist dynamicly rescaling, is that possible to configure? on chromebooks the rescaling works kinda.
I tried also the command waydroid shell wm density 320 and that helped also with with scaling but again the window size is too small.
I also found out that there is a Multi-Window-Mode any expierience with it?

Waydroid template

Create Waydroid template qube

Install required packages for Waydroid

Install Waydroid

Initialize Waydroid

Install Waydroid clipboard support

Configure automatic transfer of clipboard content between X11 and Wayland

Option 1: Download the sources directly in Waydroid template

Option 2: Download the sources in some other qube and transfer them to Waydroid template

Install pyclip required by Waydroid

Configure firewall for Waydroid

Disable sway window title bar and status bar

Create .desktop file to start Waydroid in sway using qube app menu

Create script to install apk from the terminal

Create script to upgrade Waydroid image in template from the terminal

File manager in Waydroid qube

Enable sound for the Waydroid qube

Add Waydroid App menu shortcut to the newly created qubes by default

At this point the template is configured and ready to be used.

Additional information

Upgrade Waydroid image

Install application in Waydroid

Change keyboard layout in Waydroid

Transfer files to/from Waydroid

Info about your system that apps in Waydroid will know

Troubleshootings

1. From Application menu, choose AppVM / Waydroid-Sway, BUT nothing displayed.

2. How to exit the AppVM ?

When the TemplateVM created

Troubleshootings

Install your first application

Install `pyclip` required by Waydroid

Create `.desktop` file to start Waydroid in sway using qube app menu