How to root Android 8 in Sailfish OS

Ok, this gives me an interactive root shell within the android chroot. So far so good, now I only need to find out, how to install any kind of privilege management app with this. (Like Superuser)

For most, you can't directly, because the android root tree you see inside the LXC container (including the /system and /system/priv-app where you'd need to install privileged stuff) is mounted from the read-only squashfs image /opt/alien/system.img.

The only way to add things to these directory is to unpack, modify and repack the squashfs, while playing special attention to the extended attributes. (As an inspiration, see the script I use to patch in Mapsv1 support for MicroG)

Now the big question: Why the hell do you need such a thing to begin with ?

From outside the LXC, you can have full root access thanks to the shell command, and have complete access to every single file used by android (everything which isn't in system.img is in /home/.android/, /home/nemo/android_storage, or is a regular Linux folder that gets mounted into Android).

There's virtually nothing you can't do from the outside that you could also do with an app running as root within Android.

There are some things one can do within an rooted Android chroot. For example using an Adblocker App (which uses the hosts-file) to block ads globally within the chroot, without the need to manually update the list every time. Another example would be the installation of different signature-spoof methods, so I can finally use apps, protected by SafteyNet. The only solution I found so far (MicroG + Haystack) does not work at this moment and the dev takes his sweet time fixing it. Other methods of doing this are requiring permanent root permissions within the chroot for installation and/or functioning.

Of course I already thought about unpacking the squashfs, doing stuff and repacking it again, but I'd thought, there could be an easier way to do it.

Adblocking using a hosts file works perfectly fine for me without any android apps or repacking the squashfs: https://together.jolla.com/question/215859/adblock-via-etchosts-on-xa2aliendalvik-v8/?page=1#215903

Like lethe, I use Defender too, and am very happy with it. There's no need to fumble with android root.

With regards to SafetyNet: MicroG hasn't been updated to the latest API version and doesn't work, yet.

Most of the solutions you'll find around are based around Magisk Xposed and other such as fxamework(?) to inject modules that hack Safenet's behaviour. You're going to have a hard time using those:

• They all assume an actual Android phone, which isn't exactly the case of the Sailfish OS's LXC Alien Dalvik.

  e.g.: you don't run a separate Linux kernel, you run a container atop Sailfish OS' kernel, so it's not trivial to patch (unless you got all the way down the Sailfish HDK root and compile your own custom).

• Some assume ability to write into /system. As statem above, that's technically not possible due to squashfs, repacking is the only way to go (and you need to pay attention to the xattr !)
• Others like Magisk use some tricks to layer their modifications atop an untouched system partition. You're thus needing to deploy a whole stack of extra tricks (some of which might not even work on Sailfish - I have very little background in Android, I can't judge how Magisk work) to achieve something that would be trivial by editing /var/lib/lxc/aliendalvik/extra_config to have it mounted (see example here) or by repacking the suashfs

In short, you're in for a rough ride if you want to get SafetyNet working on your aliendalvik. (One which might require you having both expertise in Android and its patching scene, and in the container scene in GNU/Linux)

TL;DR: Adblocking is a solved problem not requiring root. SafetyNet is going to bring you a lot of headaches.