August 11, 2017

Initial Ramdisk Modifications for Educational Use Tablets

This one is for anyone in an educational setting who finds themselves needing to tame the beast of technology before handing its reins over to a group of curious adolescents who may at times be understandably inclined towards shenanery. The specific incarnation I deal with here is the LG V510 tablet running Android 4.4 and endowed with:

  • Camera
  • WiFi
  • Bluetooth
  • GPS
  • MTP over USB
  • MicroSD port

Eliminating all of this requires first unlocking the bootloader and rooting the device as a prerequisite. Here I assume those steps have already been taken, ideally with all non-essential and system applications already removed.

I originally did not want to go so far as to modify the boot image of the device, but eventually I reached the limits of what I could change in /system. For example, removing the Camera app without severing the software link to the actual hardware won’t prevent other uses of the camera via apps with, for example, QR code scanning dependencies. WiFi, BlueTooth, and MTP over USB can be disabled by changing a few lines in /system/build.prop, but I found nothing that would do the same for GPS and the MicroSD slot. Fortunately the files inside the boot image, specifically the initial ramdisk, do touch all of the aforementioned capabilities, giving us enough surface area to disable all functions in one place.

Extract the Boot Image

Flash a custom (non-stock) recovery such as TWRP onto the device:

$ fastboot flash recovery twrp-

and boot into it. Backup just the boot partition, which should be stored somewhere in /sdcard. Pull this to your computer:

$ adb pull /sdcard/TWRP/BACKUPS/<SERIAL_NUM>/<BACKUP_DIR> .

Using the abootimg binary, which can be installed with sudo apt-get install abootimg on Debian-based systems, extract the boot partition:

$ abootimg -x <BACKUP_DIR>/boot.emmc.win

into its constituent boot image configuration, kernel, and ramdisk parts. We’re only interested in the ramdisk here, which we can uncompress with:

$ mkdir initrd; cd initrd
$ cat ../initrd.img | gunzip | cpio -vid

Modify the Initial Ramdisk

Now the ramdisk files are available for modification. I made the following changes, grouped by each of the capabilities I wanted to disable:



# Comment this out to disable:
service qcamerasvr /system/bin/mm-qcamera-daemon
    class late_start
    user camera
    group camera system inet input


# Comment these out to disable:
/dev/cam    u:object_r:camera_device:s0
/dev/s3c-jpg   u:object_r:camera_device:s0
/dev/s3c-mem   u:object_r:camera_device:s0
/data/misc/camera(/.*)?  u:object_r:camera_calibration_file:s0
/dev/media([0-9])+                 u:object_r:camera_device:s0


# Comment these out to disable:
/dev/video*               0660   system     camera
/dev/media*               0660   system     camera
/dev/v4l-subdev*          0660   system     camera
/dev/msm_camera/*         0660   system     camera
/dev/gemini*              0660   system     camera



# Comment these out to disable:
/data/misc/wifi(/.*)?    u:object_r:wifi_data_file:s0

Note however that nullifying the following lines in /system/build.prop is a more meaningful change when disabling WiFi:




# Comment these out to disable:
/dev/socket/bluetooth u:object_r:bluetooth_socket:s0
/dev/socket/dbus_bluetooth  u:object_r:bluetooth_socket:s0
/system/bin/bluetoothd  u:object_r:bluetoothd_exec:s0
/data/misc/bluetoothd(/.*)?  u:object_r:bluetoothd_data_file:s0
/data/misc/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0
/data/misc/bluedroid(/.*)? u:object_r:bluetooth_data_file:s0
/dev/socket/qmux_bluetooth/*       u:object_r:qmux_bluetooth_socket:s0



# Comment this out to disable:
/dev/gss                  0660   gps        gps

MTP over USB


# Remove 'usb' from value below;
# I chose to leave adb enabled.

MicroSD port


# Comment these out to disable:
mkdir /mnt/media_rw/sdcard1 0700 media_rw media_rw
mkdir /storage/sdcard1 0700 root root
service fuse_sdcard1 /system/bin/sdcard -u 1023 -g 1023 -w 1023 -d /mnt/media_rw/sdcard1 /storage/sdcard1
    class late_start


# Comment this out to disable:
/devices/platform/msm_sdcc.3/mmc_host               auto            vfat    defaults                                                        

Create the Modified Boot Image

First create the modified ramdisk:

$ find . | cpio --create --format='newc' | gzip > ../modified_initrd.img

and then incorporate that into the modified boot image, using the unmodified boot image configuration and kernel extracted earlier:

$ abootimg --create modified_boot.img -f bootimg.cfg -k zImage -r modified_initrd.img

You can test this modified boot image with:

$ fastboot boot modified_boot.img

or persist it by flashing it to the boot partition:

$ fastboot flash boot modified_boot.img