How to establish secure connection with Android SDL - CustomSDL/sdl_android_launcher GitHub Wiki

SDL setup solution #1 (works on less restricted Android systems)

  1. Make sure you are using sdl_android_launcher from the main Android branch. Build and deploy it to your emulator according to previous guide

  2. Get valid certificates. Assume that you have sdl_crt folder and mobile_crt folder.

  3. Go to your sdl_crt folder from step 2. You should have 4 files for now. Run command "c_rehash ." It should generate symlinks in this folder.

  4. In Android Studio, open Device File Explorer and navigate to your sdl_android_launcher "Files" folder (shown on MainActivity as External folder)

  5. Create a folder "security" inside of your "Files" folder

Note. Currently android ini file contains the following reference to CA folder - %ANDROID_EXTERNAL_DIR%/security so you should provide exactly the same name to your folder. Also note that it is case sensitive.

  1. Upload all files and symlinks from your sdl_crt folder from step 3 into "security" folder:

security_folder

  1. In a terminal, connect to the same emulator shell using ADB tool:
adb shell
  1. Navigate to the security folder from step 6 (for example):
cd /data/user/0/org.luxoft.sdl_core/files/security/
  1. Reset the security context for all uploaded files:
restorecon -v -R *

  1. Exit from a shell by pressing Ctrl+D

  2. Follow the "HMI and Mobile app setup" steps below

SDL setup solution #2 (works on any Android system)

  1. Make sure you are using sdl_android_launcher from the main Android branch. Build the project according to the previous guide

  2. Once you ran _buildFullSdlApk task from the previous guide, you should notice the following new folder in you project: sdl_android_launcher/app/src/<your_build_variant>/assets/<your_abi>

  3. Get valid certificates. Assume that you have sdl_crt folder and mobile_crt folder

  4. Go to your sdl_crt folder from step 3. You should have 4 files for now. Run command "c_rehash ." It should generate symlinks in this folder.

  5. In your ABI folder from step 2, create a subfolder with the name "security"

  6. Copy all the content from "sdl_crt" folder from step 4 (including symlinks) to the "security" folder from step 5

  7. In Android Studio, click Build -> Build Bundle(s) / APK(s) -> Build APK(s). Now you have the APK with security certificates. The launcher will automatically extract them into the required folder on start.

  8. Deploy the project on your test device and follow the "HMI and Mobile app setup" steps below

HMI and Mobile app setup

  1. Start the SDL Android Launcher app and connect it to your HMI according to the corresponding guide.

  2. Copy file "spt_credential.pem" from your mobile_crt folder to your device with SPT (for example to SD card)

  3. Run SDL-compatible application on any other device

  4. Specify IP and port of your sdl_android_launcher instance to connect (see guides for mobile device and Android emulator). Also specify AppId = spt (this is a hardcoded value from certificates). Then click "More Options" and mark option "External Certificate" and choose "spt_credential.pem" with the button "..." near "Select certificate" row. Note that you also can choose "Enable secure RPC Service" now and skip steps 5-6. Click OK and connect to SDL.

  5. Once the connection is established, go to the menu "More Options".

  6. Mark the option "Enable secure RPC Service" and click "OK". Make sure you received a StartServiceAck(encrypted: true) from SDL

  7. Now you can send any RPC with the option "encrypted" and make sure that you can see "Protected: true" in the corresponding response.

encrypted_command

  1. You also can start a secure service for audio or video streaming from the menu "Stream Services" (see a corresponding guide).
⚠️ **GitHub.com Fallback** ⚠️