As part of the project ARCVM (ARC Virtual Machine), Google is developing a new version of the middle layer to launch Android apps for Chrome OS.
The key difference from the ARC ++ layer (Android Runtime for Chrome) now being proposed is the use of a full virtual machine instead of a container. The technologies built into ARCVM are already used in the Crostini subsystem, designed to run Linux-based applications on Chrome OS.
Crostini proposes a kind of seamless virtualization of Debian with which it is possible to overcome the limitations of a desktop designed for the cloud services of your system.
LXD this feature allows a Chrome OS user to install apps from Debian repositories and have them integrated into the main operating system. In the new entry, Graber explains how it all works.
In order to use Linux Apps, it will be necessary to have a Chromebook that continues to have official support from Google. Also, you need the hardware to have enough capacity to run a virtual machine.
There were several reasons for using a virtual machine, but the biggest one was security. Having direct access to the Linux kernel from Chrome OS would create more opportunities for malicious code or possibly even viruses.
For Android, Google controls the app ecosystem through the Play Store, which generally means that the apps can be trusted. And if you want to download Android apps, you have to put your device into developer mode, which allows you to do potentially unsafe things like that.
That is why instead of the insulated container By means of namespaces, Seccomp, the system call, SELinux and cgroups for the implementation of Android in ARCVM a virtual CrosVM machine monitor based on the KVM hypervisor and modified at the image level of the Termina tuning system is used , including minimized kernel and minimal system environment.
On Linux, where Google doesn't have that level of control, there was no way to limit itself to just trusted applications. Using a virtual machine solves this problem, because if you install a malicious app, you can simply shut down the VM, erase it, and start over, without affecting the Chrome OS in general.
Input and output to the screen is organized through the launch of an intermediate composite server within the virtual machine, which forwards output, input events, and clipboard operations between the virtual and primary environments (in ARC ++, a shortcut was applied to the DRM layer via the Render node).
Getting the virtual machine to integrate with Chrome OS so that Linux applications feel "at home" on Chromebooks has not been without its challenges. For example, a great deal of recent work has gone into creating GPU support to enable more graphically intensive Linux applications (and potentially games).
In the near future, Google does not plan to replace the current ARC ++ subsystem with ARCVM, but in the long run, ARCVM is interesting from the point of view of unifying with the subsystem to run Linux applications and provide a stricter isolation from the Android environment.
As well as direct access to system calls and kernel interfaces, a vulnerability in which it can be used to compromise from the entire system container).
Using ARCVM will also allow users to install arbitrary Android apps, not limited to linking to the Google Play catalog and do not require the device to switch to developer mode (in normal mode, only selective applications from Google Play are allowed).
This feature is required to organize Android application development on Chrome OS. Currently, it is already possible to install Android Studio on Chrome OS, but to test the applications that are being developed, the inclusion of Developer mode is required.
Source: https://9to5google.com/