OS virtualization and emulation on Android

Android devices have the ability to run virtual machines or emulate other operating systems. It does this either via desktop virtualization, platform virtualization, or emulation via compatibility layer.

Desktop virtualization
Desktop virtualization apps are the least resource and space intensive compared to other virtualization types, since the Operating System that is being displayed on the Android device is actually located on another computer on the local network or elsewhere like on the internet. Depending upon how the desktop virtualization app works, they use RDP or can use another protocol of their own. Most business oriented desktop virtualization apps require specific types of equipment or services in order for the app to fully function. For example, VMware Horizon Client requires specific VMware equipment for the app to work.

A major downside that desktop virtualization apps have compared to other types of virtualization or emulation technologies is that they require a network connection to the server as stated previously above.

Platform virtualization
Platform virtualization allows more leverage to the developer as anything that relates to the guest operating system only affects the guest operating system, and not the host operating system. Due to this it is possible for the guest operating system to be rooted, where as the host operating system remains unrooted. Due to the nature of platform virtualization and the fact that it can virtualize a rooted guest OS, it has a greater advantage over emulators as it can run applications or utilize packages that require access to the underlying system itself.

As with all platform virtualization software and applications, they take up a lot of resources of the host in order to do the virtualization.

Emulation of other operating systems
Emulation of other operating systems on Android require the usage of some form of compatibility layer, where the compatibility layer must utilize some form of technologies or APIs to run the OS inside of the app container. This does come with limitations as some emulators utilize PRoot which is a chroot like environment. Unlike terminal emulators that emulate the internal OS with/without any extension package support, it can install actual (for example) Ubuntu packages, as it does not rely too much on the Android system limitations. However, not all packages and applications can run.

Terminal emulation of internal operating system
Terminal emulation of the Android device itself is done via either an actual local loopback to the device, or an emulation that seems to be a local loopback. Most of these terminal emulations of the device itself utilize the native terminal Toybox toolchain's library and functions that come with every android device. However due to the fact that the majority of the functions that are readily available without utilizing a compatibility layer, means that Toybox functions can only be utilized. In order for a user to add any other functions or libraries would require the user to root their own device and add the functions or libraries manually. Some of these terminal emulators allow users to enter Toybox commands implicitly, where those that don't require the usage of "toybox COMMAND".

With enhancements via semi-emulation
Some terminal emulators like Termux allow users to add packages. This is done via semi-emulating a different environment via the usage of PRoot and/or Toybox in the back-end. With the semi-emulating, some predefined ported packages can be used and installed without the need of rooting the device, as they do not utilize Android system files, and reside and run in the apps' own data containers and directories. Because Toybox is used mostly in the back-end, it depends on how the app was developed, for Toybox to be accessed from the semi-emulated enhanced terminal.

Extensions
Many emulators of other OSes allow the use of extensions. Aside from the use of standard SSH, some emulators allow the use of technologies like VNC and XSDL. Via the use of these extensions, the user can have the emulated/virtualized OS running in a desktop-like environment.

Limitations
The majority of limitations are seen in emulation-based apps rather than the platform virtualization based apps, as the emulation apps must utilize a compatibility layer. Thus for libraries and packages to work as expected like in a real OS, the compatibility layer must work properly and must be able to provide accurate information. However, this requires that the compatibility layer or any predefined software it uses (ex. Docker) to have access to many types of system- and device-related information. This can either be done via Toybox or programing language libraries that Android apps can be made from (e.g., Java, C#). However, starting with Android 8, many new security restrictions have been placed on apps; due to these restrictions, some API libraries/classes are no longer available or have been replaced by more restrictive API libraries/classes.

One of the known limitations that was implemented is that apps can only natively access only their own sandbox root directory or sub-directories on an SD card. Apps wanting to access files or folders outside that on the SD card, are required to use Android's own system file selector. Due to this limitation, guest OSes running on, emulation, platform virtualization, or compatibility apps are no longer allowed to access files outside of their own SD card Sandbox.

The majority of these limitations can be bypassed by rooting the Android device. However, utilizing Linux via utilizing an emulator or virtualization app would be redundant at that point as one could turn the device itself into a Linux environment.

OS internal security enhancements
More modern versions of Android have been seen having more internal system security enhancements, such that some system folders and files are no longer accessible or even viewable for that directory's existence. Versions of Android before 9 allowed terminal apps to view Android's root "/" directory (although not allowing modifications or execution).

SELinux
Android utilizes SELinux; due to this, all system configuration files are not editable and some are not even readable. Thus, apps can only utilize Android API's to learn about the device's or system's configuration or settings. However, not all information is available to apps; due to this, many OS compatibility layers or emulation apps are not able to run every package or application.

Here are some known applications and packages that are unable to run:


 * Udisks2 requires udev which does not work well in most compatibility layer environments, as stated in the sub-sub-section below.
 * Snort
 * Open vSwitch
 * mininet (requires open vSwitch to run)

Here are some commands that do not work, due to SELinux:


 * ip link show

ADB, PRoot, $HOME and $PREFIX usage
Because all Android apps run in a non-privileged container space, the virtualization or emulation apps must utilize their own app space to do the virtualization or emulation. This can be done either by ADB, PRroot, or the usage of $HOME and $PREFIX, however majority of these three are utilized by emulation apps as platform virtualization apps usually use different methods. Each of these is used for a different purpose. ADB is used for the emulation of a terminal-like environment for the entire Android system, but usually as an unprivileged user. $HOME and $PREFIX can be using $HOME as "~" and $PREFIX for ".". However, $HOME can not be set outside of the "/data/apps data space" directory on the Android file system, nor can $PREFIX be moved to another place like the SD Card.

For emulators or compatibility layers to emulate or virtualize a Linux-based OS on Android, PRoot must be used. However, when PRoot is used, the environment inside of Proot can act like a Chroot environment, and/or a separate mounted environment. In this scenario (especially in the case of compatibility layer and emulator for Guest OSes), there are packages and applications that can not run as they were never designed to run inside a chroot like environment. Some of these are well known, prominent packages, applications, or commands, including the following:


 * Systemd
 * Libudev (Works alongside Systemd).
 * Init
 * Mutter (software) relies upon systemd

Alternatives
Due to the issue of SeLinux and PRoot, alternatives must be used and not all of the unusable packages or applications have alternatives. Being an alternative, they don't necessarily have all the functions of the original packages or applications. Some of these alternatives include:


 * Eudev
 * Elogind
 * Metacity (Predecessor of Mutter)

Android itself including a modified Linux kernel
Because Android utilizes a modified Linux kernel, not all configuration or system files exist or are the same in Android. Because of this, emulation apps either need to provide either their own version of the configuration or system files in the application's data space, use a pre-modified distribution of ported Linux libraries that do not require the usage of the missing configuration or system files, or not support the usage of those packages. Some well known configuration and system files that are not in Android include:


 * /etc/resolv.conf