Profile cover photo
Profile photo
Stuart Hicks
Code Monkey
Code Monkey

Stuart's posts

Post has shared content
Also happy to see better keyboard navigation popping up.
Do you use your keyboard to navigate the web? We’re making it easier to search, explore, and find your way around the world in Google Maps.

In addition to being able to pan and zoom within Maps using your keyboard, you can now find and learn more about specific places like neighborhoods, transit stations and shops and restaurants.

Here’s how it works:
- On your keyboard, press Tab to focus the map. An area of the map will be highlighted with a square.
- Below the square, there will be a numbered list of places in that area.
- To move around the map, use the arrow keys. To move the map by one square, hold down Shift while using the arrow keys.
- To zoom in or out of the map, press + or -.
- To learn more about a place, press the number associated with the place. 

Post has shared content
Best Chromecast backdrop I've seen in a while.
Lost In The Woods

This photo was another one from last year in Japan. My wife and I set off to find undiscovered areas to shoot. Found this naturally growing bamboo forest somewhere between Saga and Fukuoka.

#japan   #bamboo   #landscapephotography   #landscape   #sonya7r  

Post has shared content
My mind is truly blown now. Not only is the Environment variables resizeable [1], but the Path window is no longer a long list of ; separated strings that you pretty much needed to copy into an external editor to do anything with.

Now, as of Windows 10 preview 10565, there's an actual UI for editing it. 



Post has shared content
Love it when a fun idea turns into something genuinely useful in unexpected ways.

Post has shared content
This is seriously cool.
Vysor Share

Remote screen and ADB access

There's a few tools already out that that lets you control your Android through your PC. Vysor isn't unique in that regard. However, I think I have the other apps beat in with seamless setup and compatibility (no root to boot). :)

However, I had actually envisioned Vysor as a developer tool. Vysor gives you all the benefits of a physical device, but with the ease and integration of an emulator in your development environment.

The headline feature of Vysor is Vysor Share. You can share your device to another Vysor user, across the office or across the globe. This means screen and ADB. This is something I've wanted as an indie dev for a long time: a way to deploy and debug on a remote tester's device. It's as easy as sending a link.

Vysor was actually leaked before I was ready to release, but the roadmap also includes Vysor Server: a device farm that your Android dev team can access remotely. Test device specific issues, run automated suites across a dozen devices, etc. You don't need to pass test devices around anymore, just access them through Vysor.

So, on 5.0-Alpha1 (OnePlusOne), I diabled both mtp and camera mode in the usb computer connection settings (was just messing around). Now the usb connection doesn't work at all (not even adb), and the usb computer connections page doesnt open (if I tap the menu item, nothing happens).

I've tried reanabling adb via setprop and the various options that a google search brings up, and nothing. After reboot, getprop shows adb, but it doesnt work. Developer Settings shows usb debugging as enabled, and trying to disable it causes a soft-reboot.

The problem persists on Alpha2 even after cache and dalvik wiped (so I guess the issue is on userdata, which I'd rather not wipe if at all possible. I have backups, but I'm lazy).

Anyone got any ideas?

Post has shared content
Loving the new site!
At Paranoid Android, we go for providing the best usability and design. All day, every day. This is accomplished by dedication to the work. To celebrate that, we are pushing a brand new website. 

The website follows Paranoid Android's new design language aiming to help new and experienced users alike learn about us and our features through simple animations and short descriptions. You can learn about our team members through the Team page on the site, download the official AOSPA wallpapers for both desktops and mobile devices or easily reach important links from the menu. 

The downloads section also received an overhaul following a clean and bold design. You can now reach downloads for both Official and Legacy devices at the same place. 

The website is responsive, looks great on all displays and can be checked out right now at so head over there and #stayparanoid.

Post has shared content
On LPX13D, SELinux, and root

As promised, here are some more details about the current situation.

Why it breaks

Google has really put some effort into better securing Android, and we've seen a lot of SELinux related commits to the AOSP tree over the past months. There is some disconnect between the AOSP tree and actual L preview builds, some things from AOSP are not in the L preview build, and vice versa. Ultimately, it's a pretty good bet these things will mostly align, though.

On most devices and firmwares, SuperSU's daemon is started by the service script that runs at system boot time, as user root with the init context. This is what the daemon needs to function.

Recently, they've started requiring all started services to run in their own SELinux context, instead of init. Developers and security guys following AOSP have known this was coming; AOSP builds have been logging complaints about this specific service not having its own context for a while now.

Now this script runs as root, but as the install_recovery context, which breaks SuperSU's operation, as it is a very restrictive context.

In the last AOSP build I have tried (a few weeks old), there were a fair number of other holes that we could use to launch the daemon. At first glance(!), it seems those have all been closed. An impressive feat by the guys working on this, if it proves true.

How to fix it

To fix root, all that really had to be done was ensure the daemon's startup script is run at boot as the root user with the init context.

There are multiple ways to do this, but unfortunately for now it seems that it does require a modified kernel package (changing the ramdisk).

In the modified kernel packages I've posted for the Nexus 5 and Nexus 7, the daemon's startup is fixed by commenting out the line in init.rc that forces the script to run as the install_recovery context, so now it runs as init again, and all is well.


As stated above, it seems for now that modifications to the kernel package are required to have root, we cannot attain it with only modifications to the system partition.

Combine that with a locked bootloader (and optionally dm-verity) and a device becomes nigh unrootable - exactly as intended by the security guys.

Exploit-based roots are already harder to do thanks to SELinux, and now because of the kernel requirements for persistent root, these exploits will need to be run at every boot. Exploits that make the system unstable (as many do) are thus out as well.

Of course, this is all dependent on OEMs implementing everything exactly right. If a certain OEM doesn't protect one of their services correctly, then we can leverage that to launch the daemon without kernel modifications. While I'm fairly certain this will be the case for a bunch of devices and firmwares, especially the earlier L firmwares, this is not something you should expect or base decisions on. It is now thus more important than ever to buy unlocked devices if you want root.

It might also mean that every firmware update will require re-rooting, and OTA survival mode will be broken. For many (but far from all) devices we can probably automate patching the kernel package right in the SuperSU installer ZIP. We can try to keep it relatively easy, but updating stock firmwares while maintaining root is probably not going to work as easy and fast as it did until now.

Apps need updates

Unsurprisingly, with a new major Android release, apps will need updates. None more so than apps that go beyond the Android API, as root apps do, but even some non-root apps will be affected by the security changes.

As one example, someone posted in the SuperSU thread of a kernel flashing app that didn't work. From the logcat you could see that it was looking for partitions in /dev/block from its normal non-root user and non-init context. That used to be possible, but now it is restricted: normal apps no longer have read access there. 

The solution for that app is actually quite simple: list the /dev/block contents using root instead. But simple solution or not, the app will still need to be updated.

By far most root apps should be updateable for L without too much issue. There are indeed exceptions that will need some special care, but those are rare.

Permissive vs enforcing

The kernel packages I posted for the Nexus 5 and 7 LPX13D  firmware keep SELinux mostly set to enforcing. I say mostly, because SuperSU actually switches a small part of the system to permissive, so apps calling su can do most things without much interference. The details on this are lengthy (yes, your apps will be able to modify policies as well if needed, which should be rare), and I will document these for other developers after L retail release, assuming it will all still work at that time.

Alternatively, you can set the whole system to permissive or otherwise disable SELinux. There are other kernel packages released that indeed do this. The advantage here is that it instantly fixes some apps' issues, as the SELinux based restrictions have all gone the way of the dodo. The disadvantage here is that you've just shut down a major part of the security system of the device.

Some would argue that a device with an unlocked bootloader, root, encrypted modem firmwares of which nobody really knows what they're doing, etc, is inherently insecure, and thus disabling SELinux doesn't make much difference.

I personally disagree with this. While I do agree that these things weaken security down from the ideal level, I would still not disable more security features than I absolutely need to. Just because you cannot eliminate all attack vectors, is no reason to just completely give up on defending against them.

It is of course your own choice if you want to run a permissive system or not. I will strive to keep everything working in enforcing mode though, and I hope other root app developers will do the same - as stated earlier in the post, I believe this is still possible.

(everything in this post is subject to change for retail L release, obviously)

Post has attachment

Post has shared content
In celebration of London's Year of the Bus, today's #GoogleDoodle features an animated version of the iconic Routemaster bus.

The much-loved Routemaster made its first public appearance in London on 24 September 1954, and 60 years later is honoured with this fantastic +Google UK Doodle.
Animated Photo
Wait while more posts are being loaded