Skip to main content

Android

We have successfully tested Pulsar on Android 13 with kernel 5.15.

In order to run Pulsar on Android, you need to build a custom kernel adding extra configuration options.

Building custom kernel

Download kernel sources:

mkdir android-kernel && cd android-kernel
repo init -u https://android.googlesource.com/kernel/manifest -b common-android13-5.15
repo sync

Build kernel and modules:

  • enable CONFIG_FTRACE_SYSCALLS and CONFIG_BPF_LSM
  • disable CONFIG_TRACEFS_DISABLE_AUTOMOUNT

For x86_64:

BUILD_CONFIG=common/build.config.gki.x86_64 build/build.sh
BUILD_CONFIG=common-modules/virtual-device/build.config.virtual_device.x86_64 build/build.sh

For aarch64:

BUILD_CONFIG=common/build.config.gki.aarch64 build/build.sh
BUILD_CONFIG=common-modules/virtual-device/build.config.virtual_device.aarch64 build/build.sh

Then you will find the output in ./out/android13-5.15/dist in the current directory ready for your Android ROM build.

Running Pulsar

At this time only static builds are supported, so you have to build Pulsar using aarch64-unknown-linux-musl or x86_64-unknown-linux-musl depending on your device architecture.

On host:

  • connect your device
  • copy Pulsar on the device, for example: adb push pulsar-exec /data/local/tmp/
  • exec ADB as root: adb root
  • remount the file system in rw mode: adb remount
  • get a shell on your device: adb shell

On device:

  • mount debugfs: mount -t debugfs debugfs /sys/kernel/debug
  • mount securityfs: mount -t securityfs securityfs /sys/kernel/security
  • create Pulsar rules directory, for example: mkdir /data/local/tmp/rules
  • create a rules file, for example /data/local/tmp/rules/default.yaml with the following content: 
- name: Opened test file
  type: FileOpened
  condition: payload.filename == "/data/local/tmp/test"
  • create configuration file /data/local/tmp/pulsar.ini according to your directory structure, example:
[pulsar]
api_socket_path=/data/local/tmp/pulsar.sock

[rules-engine]
rules_path=/data/local/tmp/rules
  • run pulsar with your configuration file:
cd /data/local/tmp
./pulsar-exec pulsard --config-file=./pulsar.ini
  • test your rule:
cat /data/local/tmp/test