No android secured screen in Android 12

[khaledAbbasExperitest]

What is the issue or idea you have?

Have you tried STF?

Using latest JNI update I am still unable to get secured screens(for example, changing pin code) This behavior is only happening on Android 12 devices

[JesseCodeBones]

from my information, visual display for secure screen only available for SYSTEM PROCESS from Android 12. @khaledAbbasExperitest

[hyeongminju]

@JesseCodeBones @khaledAbbasExperitest

Anybody change this code about secure flag? /jni/minicap-shared/aosp/src/minicap_31.cpp

// Create virtual display.
MCINFO("Creating virtual display");
mVirtualDisplay = android::SurfaceComposerClient::createDisplay(
  /* const String8& displayName */  android::String8("minicap"),
  /* bool secure */                 false // i think the secure flag that have to change true. 
);

but i could not build for aosp part.

here is my logs

mkdir -p libs/android-31/armeabi-v7a docker run --rm \ -a stdout -a stderr \ -v /media/aosp/android-12.0.0_r2:/aosp \ -v /Users/1004676/stf/minicap/jni/minicap-shared/aosp/:/app \ -v /Users/1004676/stf/minicap/jni/minicap-shared/aosp/libs/android-31/armeabi-v7a:/artifacts \ openstf/aosp:jdk8 /aosp.sh build aosp_arm-eng minicap /aosp.sh: line 110: build/envsetup.sh: No such file or directory make: *** [libs/android-31/armeabi-v7a/minicap.so] Error 1

i need help.

[varundtsfi]

Hi @hyeongminjum, @koral-- and @JesseCodeBones I am working on it. Will provide you the data soon. It's taking time while building.

[varundtsfi]

Due to some urgency I was not able to build it but tonight with above changes I will build and share the result soon.

[varundtsfi]

Hi @hyeongminjum, @koral-- and @JesseCodeBones

I have build the OS with bool secure */ true, Can you give it a try. I have attached the file with names mincap.zip. Download it and rename it to minicap.so. minicap.zip

[hyeongminju]

hi @varundtsfi thanks for you works. i download and rename file(minicap.zip -> minicap.so) then i try test (ABI = arm64-v8a // sdk = 31 ) but, i can not get secure stream. so, do i something wrong?

[varundtsfi]

HI @hyeongminju sorry for the delay

that means It is not working with the suggestion which you have suggested mVirtualDisplay = android::SurfaceComposerClient::createDisplay( / const String8& displayName / android::String8("minicap"), / bool secure / false // i think the secure flag that have to change true. );

Even If you try Chrome in incognito mode in any Android 12 version device, This solution will not work even the Video Streaming too. Google Have applied some restriction on display.

Right now I am working on Android 13 if I will get the time, I will again try this. Thank you

[childnode]

UPDATE: IT IS IMPOSSIBLE TO "FIX" (bypass) this system security feature

tl;dr: @JesseCodeBones said it a year ago - only System (Services) are allowed to, but minicap in userland is not

reading discussion https://github.com/Genymobile/scrcpy/issues/2129 again (see also https://github.com/Genymobile/scrcpy/issues/36 )

the relevant one is: SurfaceFlinger: Only privileged processes can create a secure display

wether you set this flag or not, it is ignored!

see also same same on AWS DeviceFarm

since no third party gets privileged process access!!

see also https://developer.android.com/guide/topics/permissions/overview https://source.android.com/docs/core/permissions/perms-allowlist https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/permission/Permissions.md#privileged-permissions

somehow perhaps there is a way via a custom work DPC but I don't see anything at first glance and I would be wondering beeing the first digging there https://developers.google.com/android/work/requirements

so, no @khaledAbbasExperitest . unless you get root / customRom you will get the black screen by security-design!

WE CAN FINALLY CLOSE THIS AS "CAN'T BE SOLVED"

---

related to https://github.com/Genymobile/scrcpy/issues/3323 > https://github.com/Genymobile/scrcpy/issues/2129

https://github.com/DeviceFarmer/minicap/issues/34#issuecomment-1403295652 > https://github.com/Genymobile/scrcpy/commit/3183d336088f77cc724751cd3bc1efe1bd5fa65e https://github.com/Genymobile/scrcpy/commit/1fdde490fd2a0b89680a2b5da5e5274192398023#diff-1f17a0a1d204db8634ad7c994f1da34d4c9fb9484bca3289e2a5f22ddaaa78d6

They create a "secure" display

scrcpy android 12 too this in 1.18

Add support for Android 12 (https://github.com/Genymobile/scrcpy/issues/2129, https://github.com/Genymobile/scrcpy/issues/2402)

-even I don't understand anything of this code :D perhaps this helps to fix it in minicap too? -

and that's where @varundtsfi comment comes in back and is absolutely the correct answer:

/ bool secure / false // i think the secure flag that have to change true.

but looks like it is fixed in https://github.com/DeviceFarmer/minicap/pull/29 isn't it?

🎉 https://github.com/DeviceFarmer/minicap/pull/30/commits/eba5a1f6c081bb199e8191e9c0a560c276339b0a missed to be added in https://github.com/DeviceFarmer/minicap/blob/master/Makefile so even in 2.7.1 prebuild https://yarnpkg.com/package/@devicefarmer/minicap-prebuilt?files android-31 is missing

• secure display was not set to true!!! https://github.com/DeviceFarmer/minicap/pull/30/files#r1087746875