Waydroid and whonix

Support
1

Hi
I’m trying to run Way-droid on Whonix but having some issues since dnsmasq is not giving dhcp to the lxc container.

Any help would be great, I think a guide on running android inside whonix would be a great addition to the wiki since many operations require phone apps.

These are the step i took so far

  1. Adding the repo
export DISTRO="bullseye" && \
sudo scurl -Sf https://repo.waydro.id/waydroid.gpg --output /usr/share/keyrings/waydroid.gpg && \
echo "deb [signed-by=/usr/share/keyrings/waydroid.gpg] tor+https://repo.waydro.id/ $DISTRO main" > ~/waydroid.list && \
sudo mv ~/waydroid.list /etc/apt/sources.list.d/waydroid.list && \
sudo apt update
  1. Installing

sudo apt install waydroid -y

  1. Starting the init process and downloading images.

sudo waydroid init

  1. Editing conf files for vm support

nano /var/lib/waydroid/waydroid_base.prop

change these

ro.hardware.gralloc=default
ro.hardware.egl=swiftshader
  1. Start

sudo systemctl start waydroid-container

or manually with


sudo waydroid container start
  1. Xfce is using x11 so we have to use a wayland compositor
sudo apt install weston
setsid weston &
  1. Adjust the window size and then enter this in the terminal

XDG_SESSION_TYPE=wayland waydroid show-full-ui

This should start android with a full ui

Currently I I’m not recieving dhcp from dnsmasq.

I tried to restart the script installed at

/usr/lib/waydroid/data/scripts/waydroid-net.sh

the bridge interface is created but when I enter the console I do not receive any dhcp

sudo wayland shell
ip a
2

That would be good.

Just a guess: There’s no DHCP server installed in Whonix-Workstation. Therefore the container might not get an internal IP from DHCP.

Another guess:
Whonix-Workstation Firewall - Whonix might interfere. Try either:

3

Allowing UDP fixed the issue, I can now download apps from F-Droid after installing it with sudo waydroid app install <downloaded fdroid apk >

1 Like
4

I have Waydroid working on what (last time I checked was yesterday) is the latest version of whonix on KVM this is because Anbox sadly did not work. I have also managed to get some APKs on there and they work.

While this is all good, I am experiencing some issues, namely that the waydroid setup I have going right now does not seem to be connected to the internet, which I require for the task I am doing, as it requires a connection. I suspect that this could be related to the firewall in whonix, as I saw in a past question about waydroid where the user solved their problem by allowing UDP (I think), and it was for a network related issue. I completed the steps in the wiki and nothing seems to have changed.

Anybody else using waydroid on whonix waydroid with this problem? Also if anyone answering wants more details about my problem feel free to HMU

5

Is it possible to use Waydroid manual from Kicksecure wiki? I followed this manual in Whonix None Qubes. The result is that I see Waydroid in application list but I can not run Waydroid.

6

Not as long as this notice is on top of that wiki page:

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

Documenting installation of Waydroid including digital software verification was the simple part. But apparently Waydroid only runs with Wayland which is more difficult to install, specifically in Qubes.

7

There were problems after setting waydroid to whonix 17.0.3.0 for kvm in the same way that the author of this topic indicated in the first post. Namely, there is no Internet inside the container itself. At the same time, both on whonix 16x and on pure debian 12 bookworm (connected to whonix gateway), everything works without problems. True, on the old and stable version of whonix, I had to completely deactivate the firewall, because disabling udp only allowed running waydroid, but not accessing the Internet through it. But in whonix 17 this was not enough and when trying to go online, it writes something like: “unable to resolve host” in all applications (browser, f-droid and a few more accidentally installed). Searching on the github in the waydroid branch for tags like “unable to resolve host”, etc., nothing was found. Yes, and everything works on debian 12 and whonix 16, so I dare to assume that the problem is in whonix 17, but specifically what, I have no idea …

Screenshot_2023-07-17_20-40-50
Screenshot_2023-07-17_20-40-501085×502 99.7 KB

8

mostly its Tor exit blocker issue, change the circuits in GW through anon-connection-wizard (just try to reconnect).

9

Experimentally, I found out that the problem was in apparmor profile dnsmasq. Only by completely disabling it did the network fully work on waydroid and the applications in it. I checked whonix 17 on virtualbox more and there this apparmor profile does not affect the performance of the network. It is strange that on kvm the situation is reversed. Again, I will make a reservation, apparmor profile dnsmasq in any case needs to be edited by adding:
@{run}/waydroid-lxc/ r,
@{run}/waydroid-lxc/* rw,
but it is applicable to all OS. On whonix 16 kvm it was done and everything functioned perfectly, but on whonix 17 kvm for some reason it didn’t.

10

dnsmasq is in complain mode by default, so if its activated this is something you changed by your side.

1 Like
11

I understand it. I’m just a little surprised that in the last whonix 16 (although still relevant at the moment, before the official release of version 17) in all editions, the activated profile dnsmasq does not break anything, in whonix 17 virtualbox everything is also surprisingly good, but not in kvm 17.
Apparently these are some features of the network, unique to the internal operation of virtual machines kvm and the transition to debian bookworm, but I don’t understand anything about this)

12

Not caused by Whonix.

Please reproduce the issue without Whonix and report it to Debian. Otherwise highly unlikely that it will ever be fixed.

13

Unfinished wiki page: