search

termux / proot-distro

An utility for managing installations of the Linux distributions in Termux.
GNU General Public License v3.0
1.8k stars 208 forks source link

[Feature]: Keep "/etc/environment" #390

Closed ghost closed 9 months ago

ghost commented 9 months ago

Feature description

Please do not tamper with "/etc/environment"! Not all Chinese phones are native Android. These phones run customized systems in China and may contain jar libraries for backend tracking. For example, They're very dangerous: 

system/framework/vivo-framework.jar:/system/framework/vivo-media.jar:/system/framework/vivo-vgcclient.jar:/system/framework/vivo-coworkclient.jar:/system/framework/vivo-emmclient.jar:/s

Please provide users with a feature not to include Chinese exclusive supplier libraries in the distribution environment variables.

ghost commented 9 months ago

Currently, I am unable to edit "/etc/environment". If I exit the linux and log in again after editing "/etc/environment", "/etc/environment" will be injected with suspicious code again.

# u0_a178 @ localhost in ~ [10:10:05]
$ proot-distro login --isolated --bind /sdcard debian
root@localhost:~# vim /etc/environment
root@localhost:~# cat /etc/environment                COLORTERM=truecolor
EXTERNAL_STORAGE=/sdcard
LANG=en_US.UTF-8
MOZ_FAKE_NO_SANDBOX=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games
TERM=xterm-256color                                   TMPDIR=/tmp
DOTNET_GCHeapHardLimit=100000000
ANDROID_ART_ROOT=/apex/com.android.art
ANDROID_DATA=/data
ANDROID_I18N_ROOT=/apex/com.android.i18n
ANDROID_ROOT=/systemja
root@localhost:~# exit
logout

# u0_a178 @ localhost in ~ [10:11:07]
$ proot-distro login --isolated --bind /sdcard debian
root@localhost:~# cat /etc/environment
COLORTERM=truecolor
EXTERNAL_STORAGE=/sdcard
LANG=en_US.UTF-8
MOZ_FAKE_NO_SANDBOX=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games
TERM=xterm-256color
TMPDIR=/tmp
DOTNET_GCHeapHardLimit=100000000                      ANDROID_ART_ROOT=/apex/com.android.art
ANDROID_DATA=/data
ANDROID_I18N_ROOT=/apex/com.android.i18n              ANDROID_ROOT=/system
ANDROID_TZDATA_ROOT=/apex/com.android.tzdata          
BOOTCLASSPATH=/apex/com.android.art/javalib/core-oj.jar:/apex/com.android.art/javalib/core-libart.jar:/apex/com.android.art/javalib/okhttp.jar:/apex/com.android.art/javalib/bouncycastle.jar:/apex/com.android.art/javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/framework-graphics.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framew
ork/vivo-framework.jar:/system/framework/vivo-media.jar:/system/framework/framework-adapter.jar:/system/framework/soc-framework.jar:/system/framework/vivo-vgcclient.jar:/system/framework/vivo-coworkclient.jar:/system/framework/vivo-emmclient.jar:/system/framework/mediatek-common.jar:/system/framework/mediatek-framework.jar:/system/framework/mediatek-ims-base.jar:/system/framework/mediatek-telecom-common.jar:/apex/com.android.i18n/javalib/core-icu4j.jar:/apex/com.android.adservices/javalib/framework-adservices.jar:/apex/com.android.adservices/javalib/framework-sdksandbox.jar:/apex/com.android.appsearch/javalib/framework-appsearch.jar:/apex/com.android.conscrypt/javalib/conscrypt.jar:/apex/com.android.ipsec/javalib/android.net.ipsec.ike.jar:/apex/com.android.media/javalib/updatable-media.jar:/apex/com.android.mediaprovider/javalib/framework-mediaprovider.jar:/apex/com.android.ondevicepersonalization/javalib/framework-ondevicepersonalization.jar:/apex/com.android.os.statsd/javalib/framework-statsd.jar:/apex/com.android.permission/javalib/framework-permission.jar:/apex/com.android.permission/javalib/framework-permission-s.jar:/apex/com.android.scheduling/javalib/framework-scheduling.jar:/apex/com.android.sdkext/javalib/framework-sdkextensions.jar:/apex/com.android.tethering/javalib/framework-connectivity.jar:/apex/com.android.tethering/javalib/framework-connectivity-t.jar:/apex/com.android.tethering/javalib/framework-tethering.jar:/apex/com.android.uwb/javalib/framework-uwb.jar:/apex/com.android.wifi/javalib/framework-wifi.jar
DEX2OATBOOTCLASSPATH=/apex/com.android.art/javalib/core-oj.jar:/apex/com.android.art/javalib/core-libart.jar:/apex/com.android.art/javalib/okhttp.jar:/apex/com.android.art/javalib/bouncycastle.jar:/apex/com.android.art/javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/framework-graphics.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/vivo-framework.jar:/system/framework/vivo-media.jar:/system/framework/framework-adapter.jar:/system/framework/soc-framework.jar:/system/framework/vivo-vgcclient.jar:/system/framework/vivo-coworkclient.jar:/system/framework/vivo-emmclient.jar:/system/framework/mediatek-common.jar:/system/framework/mediatek-framework.jar:/system/framework/mediatek-ims-base.jar:/system/framework/mediatek-telecom-common.jar:/apex/com.android.i18n/javalib/core-icu4j.jar root@localhost:~#
ghost commented 9 months ago

Not requied. Anlinux is ok.

sylirre commented 9 months ago

PRoot Distro only fetches variable from Termux. So you are already tampered by Termux, not PRoot Distro.

And since it is unclear how libs interact with ART and depend on each other, no jar file exclusion would be done.

Yes, the variable is not user editable. This is done intentionally to sync proot environment with host as otherwise it cause issues for users that installed a distribution before updating their Android.

Normally it is not used as soon as you are not going to use Termux:API, Android activity manager or similar tools inside proot environment.