Skip to main content

Jolla C2 / Xperia AppSupport PIN Workaround

As detailed by nekron https://forum.sailfishos.org/u/nekron on the forum: 

 

This is what needs to be done for Jolla C2 / Xperia devices with the latest appsupport runtime: https://forum.sailfishos.org/t/unable-to-set-lock-pin-for-android-apps-requiring-it/15806/61?u=poetaster

Notes:

Technically speaking the Android security settings application will talk to gatekeeperd service that will connect with the gatekeeper HAL service. The HAL service will use hardware keystore (TEE) or in case of appsupport a software-based keystore for storing your PIN credential.

The problem in current appsupport is the launch of GK HAL service that’s missing inside the image. There is sadly no init.rc service found to launch the service.

# 
# Jolla C2 / Xperia AppSupport PIN Workaround
#

# 1. enable developer mode, open terminal or ssh into your device. Appsupport container must be running.
# 2. become r00t
devel-su
# 3. launch appsupport shell
appsupport-attach /system/bin/sh
# 4. launch gatekeeper HAL process (GK HAL)
/bin/hw/android.hardware.gatekeeper@1.0-service.software &
# 5. kill gatekeeperd (it will be restarted automatically and connection to GK HAL established, oh well, that's about it for process isolation with SE extension running this as root vs. system)
pkill gatekeeperd
# 6. launch Android security settings 
am start -a android.settings.SECURITY_SETTINGS
# 7. now set a PIN using the security settings UI and your're done!
# NOTE: I tested this with ATOSS Staff Center and after a reboot of C2 without connecting the GK HAL I was able use the application.
# 8. older appsupport runtime for Xperia devices allows you to set the PIN
# via shell command "locksettings set-pin 1234". You can remove the lock PIN
# with "locksettings clear --old 1234".
Back to top