Pockr | Part 2 — Executing Binaries on Android

Executing Binaries on Android — The SELinux Problem Part 2 of 6 — building Pockr, a single APK that runs Docker on non-rooted Android. ← Part 1: The Idea and Architecture The First Wall: Permission Denied The most obvious approach is to bundle the QEMU binary inside the APK and extract it to app storage on first launch, then execute it with ProcessBuilder . On Android 10+, this silently fails: Cannot run program ".../files/qemu/qemu-system-aarch64": error=13, Permission denied This isn't a file permission issue. chmod +x won't fix it. Why: SELinux W^X Policy Android 10 enforces a W^X (Write XOR Execute) policy via SELinux. Any file in getFilesDir() — the app's private data directory — is labelled app_data_file . That label does not allow execve() . Directory SELinux Label Executable? getFilesDir() app_data_file ❌ getCacheDir() app_data_file ❌ nativeLibraryDir exec_type ✅ The native library directory is the exception — it's specifically labelled to allow execution. This is where Android

Pockr | Part 2 — Executing Binaries on Android

Related Articles

How to Install and Start Using LineageOS on your Phone

What Should Kids Learn After Scratch? Comparing Programming Languages

BYD rolls out EV batteries with 5-minute ‘flash charging.’ But there’s a catch.

Trump gets data center companies to pledge to pay for power generation

Building an Interactive Fiction Format with Codex as a Development Partner

Related Articles

How-To
How to Install and Start Using LineageOS on your Phone
Lobsters • 57m ago

How-To
What Should Kids Learn After Scratch? Comparing Programming Languages
Medium Programming • 4h ago

How-To
BYD rolls out EV batteries with 5-minute ‘flash charging.’ But there’s a catch.
TechCrunch • 4h ago

How-To
Trump gets data center companies to pledge to pay for power generation
Ars Technica • 6h ago

How-To
Building an Interactive Fiction Format with Codex as a Development Partner
Medium Programming • 8h ago