nixos/anbox: use mainline drivers when available

nixos/modules/virtualisation/anbox.nix

@@ -6,6 +6,7 @@ let
 
   cfg = config.virtualisation.anbox;
   kernelPackages = config.boot.kernelPackages;
+  useAnboxModules = kernelPackages.kernelOlder "5.0";
   addrOpts = v: addr: pref: name: {
     address = mkOption {
       default = addr;
@@ -73,13 +74,17 @@ in
 
     environment.systemPackages = with pkgs; [ anbox ];
 
-    boot.kernelModules = [ "ashmem_linux" "binder_linux" ];
-    boot.extraModulePackages = [ kernelPackages.anbox ];
+    # Mainline ashmem/binder drivers not available as modules
+    boot.kernelModules = optionals useAnboxModules [ "ashmem_linux" "binder_linux" ];
+    boot.extraModulePackages = optional useAnboxModules kernelPackages.anbox;
 
-    services.udev.extraRules = ''
-      KERNEL=="ashmem", NAME="%k", MODE="0666"
-      KERNEL=="binder*", NAME="%k", MODE="0666"
-    '';
+    systemd.mounts = optional (!useAnboxModules) {
+      requiredBy = [ "anbox-container-manager.service" ];
+      description = "Anbox Binder File System";
+      what = "binder";
+      where = "/dev/binderfs";
+      type = "binder";
+    };
 
     virtualisation.lxc.enable = true;
     networking.bridges.anbox0.interfaces = [];
@@ -129,7 +134,8 @@ in
             --container-network-gateway=${cfg.ipv4.gateway.address} \
             --container-network-dns-servers=${cfg.ipv4.dns} \
             --use-rootfs-overlay \
-            --privileged
+            --privileged \
+            --daemon
         '';
       };
     };

nixos/tests/anbox.nix

@@ -0,0 +1,37 @@
+import ./make-test-python.nix ({ pkgs, ... }:
+
+{
+  name = "anbox";
+  meta = with pkgs.stdenv.lib.maintainers; {
+    maintainers = [ mvnetbiz ];
+  };
+
+  machine = { pkgs, config, ... }: {
+    imports = [
+      ./common/user-account.nix
+      ./common/x11.nix
+    ];
+
+    environment.systemPackages = with pkgs; [ android-tools ];
+
+    test-support.displayManager.auto.user = "alice";
+
+    virtualisation.anbox.enable = true;
+    virtualisation.memorySize = 2500;
+  };
+
+  testScript = { nodes, ... }: let
+    user = nodes.machine.config.users.users.alice;
+    bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${toString user.uid}/bus";
+  in ''
+    machine.wait_for_x()
+
+    machine.wait_until_succeeds(
+        "sudo -iu alice ${bus} anbox wait-ready"
+    )
+
+    machine.wait_until_succeeds("adb shell true")
+
+    print(machine.succeed("adb devices"))
+  '';
+})

pkgs/os-specific/linux/anbox/default.nix

@@ -76,7 +76,15 @@ stdenv.mkDerivation rec {
     libcap
     libdwarf
     libGL
-    lxc
+    # Broken with lxc 4.0.7 or later
+    # https://github.com/anbox/anbox/issues/1801
+    (lxc.overrideAttrs (old: rec {
+      version = "4.0.6";
+      src = fetchurl {
+        url = "https://linuxcontainers.org/downloads/lxc/lxc-${version}.tar.gz";
+        sha256 = "0qz4l7mlhq7hx53q606qgvkyzyr01glsw290v8ppzvxn1fydlrci";
+      };
+    }))
     mesa
     properties-cpp
     protobuf protobufc

pkgs/os-specific/linux/kernel/common-config.nix

@@ -845,6 +845,12 @@ let
 
       X86_AMD_PLATFORM_DEVICE = yes;
 
+      ASHMEM =                 { optional = true; tristate = whenAtLeast "5.0" "y";};
+      ANDROID =                { optional = true; tristate = whenAtLeast "5.0" "y";};
+      ANDROID_BINDER_IPC =     { optional = true; tristate = whenAtLeast "5.0" "y";};
+      ANDROID_BINDERFS =       { optional = true; tristate = whenAtLeast "5.0" "y";};
+      ANDROID_BINDER_DEVICES = { optional = true; freeform = whenAtLeast "5.0" "binder,hwbinder,vndbinder";};
+
     } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") {
       # Enable CPU/memory hotplug support
       # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot