eSIM LPA (Local Profile Assistant) implementation for Android. System privilege or ARA-M allowlisting required.
Find a file
Peter Cai 6e590cfd48 OpenEuiccService: stop confusing AOSP with multiple eUICCs
Unfortunately, AOSP is not really good at handling more than one eUICC
chips per device, even though the EuiccService interface should
technically allow for such a situation.

Let's do the next best thing -- only ever report one eUICC chip to AOSP.
If the device has an internal one, then only report that one; otherwise,
select the first available eUICC chip to report to the system.

We might make this more configurable in the future, but for now I think
this should work for most of the situations.

Note that this does NOT affect how the rest of OpenEUICC behaves. This
does mean however OpenEUICC will keep hold of some APDU channels that it
will never access via OpenEuiccService. A mitigation is to make
EuiccChannelManager close unused channels automatically after some
timeout.
2024-04-03 20:53:48 -04:00
.forgejo/workflows workflows: Run only on runners with android app keystore 2024-02-15 19:07:30 -05:00
.idea refactor: Create OpenEuiccUIContextMarker to facilitate easy access to application-global singletons 2024-02-04 20:26:54 -05:00
app OpenEuiccService: stop confusing AOSP with multiple eUICCs 2024-04-03 20:53:48 -04:00
app-common ui: Use KiB instead of KB for free space 2024-03-30 15:30:40 -04:00
app-deps app-deps: Exclude jetbrains kotlin stdlib 2024-01-20 16:44:59 -05:00
app-unpriv unpriv: Use "SIM <id>" instead of "Logical Slot <id>" 2024-03-30 18:55:14 -04:00
buildSrc buildSrc: Use HEAD rev count as version code 2024-03-05 20:07:49 -05:00
gradle/wrapper chore: Upgrade gradle plugin 2023-11-12 17:01:20 -05:00
libs chore: Uprev lpac 2024-03-29 17:31:06 -04:00
.gitignore .gitignore: Add .idea/deploymentTargetDropDown.xml 2024-01-27 10:59:01 -05:00
.gitmodules refactor: [1/n] Introduce the lpac project and lpac_jni 2023-11-14 20:59:27 -05:00
Android.bp Android.bp: Fix building on AOSP 14 (finally) 2024-01-21 16:51:18 -05:00
Android.mk Implement Android.bp building with AOSP for lpac_jni 2023-11-27 16:54:49 -05:00
build.gradle.kts refactor: Migrate to build.gradle.kts 2024-01-09 21:01:20 -05:00
gradle.properties chore: Upgrade gradle plugin 2023-11-12 17:01:20 -05:00
gradlew initial commit 2022-04-29 17:09:34 -04:00
gradlew.bat initial commit 2022-04-29 17:09:34 -04:00
LICENSE relicense under GPLv2 *only* 2022-05-02 14:25:43 -04:00
privapp_whitelist_im.angry.openeuicc.xml Add privapp permission whitelist for production builds 2022-08-13 10:44:34 -04:00
README.md README: Fix fragments 2024-02-18 14:09:06 -05:00
settings.gradle.kts Generate Android.bp and dependencies with LineageOS's GenerateBp plugin 2024-01-20 16:36:23 -05:00

{Open,Easy}EUICC

A fully free and open-source Local Profile Assistant implementation for Android devices.

There are two variants of this project:

  • OpenEUICC: The full-fledged privileged variant.
    • Due to its privilege requirement, OpenEUICC must be placed inside /system/priv-app and be signed with the platform certificate.
    • The preferred way to including OpenEUICC in a system image is to build it along with AOSP.
  • EasyEUICC: Unprivileged version that can run as a user app.
    • Due to obvious security requirements, EasyEUICC is only able to access eSIM chips whose ARF/ARA contains the hash of EasyEUICC's signing certificate.
    • Prebuilt release-mode EasyEUICC apks can be downloaded here
    • For removable eSIM chip vendors: to have your chip supported by official builds of EasyEUICC, include the ARA-M hash 2A2FA878BC7C3354C2CF82935A5945A3EDAE4AFA

Building (Gradle)

Make sure you have all submodules cloned and updated by running

git submodule update --init

A file keystore.properties is required in the root directory. Template:

storePassword=my-store-password
keyPassword=my-password
keyAlias=my-key
unprivKeyPassword=my-unpriv-password
unprivKeyAlias=my-unpriv-key
storeFile=/path/to/android/keystore

Note that you must have a Java-compatible keystore generated first.

To build the privileged OpenEUICC:

./gradlew :app:assembleRelease

For EasyEUICC:

./gradlew :app-unpriv:assembleRelease

Building (AOSP)

There are two ways to include OpenEUICC in your AOSP-based system image:

  1. Include this project and its dependencies inside the AOSP tree.
    • If inclusion in manifest.xml is required, remember to set the sync-s option to clone submodules.
    • The module name is OpenEUICC. You can include it in PRODUCT_PACKAGES, or simply build it standalone using mm.
    • Compilation of this project is only tested against the latest AOSP release version. The app itself should be compatible with older AOSP versions, but the source may not compile against an older AOSP source tree.
  2. If compilation against AOSP source tree is not possible, consider building with gradle and import the apk as a prebuilt.
    • No official Android.bp is provided for this case but it should be straightforward to write.
    • You might want to include privapp_whitelist_im.angry.openeuicc.xml as well.

FAQs

  • Q: Do you provide prebuilt binaries for OpenEUICC?

  • A: Debug-mode APKs are available continuously as an artifact of the Actions CI used by this project. However, these debug-mode APKs are not intended for inclusion inside system images, nor are they supported by the developer in any sense. If you are a custom ROM developer, either include the entire OpenEUICC repository in your AOSP source tree, or generate an APK using gradle and import that as a prebuilt system app. Note that you might want privapp_whitelist_im.angry.openeuicc.xml as well.

  • Q: AOSP's Settings app seems to be confused by OpenEUICC (for example, disabling / enabling profiles from the Networks page do not work properly)

  • A: When your device has internal eSIM chip(s) and you have inserted a removable eSIM chip, the Settings app can misbehave since it was never designed for this scenario. Please prefer using OpenEUICC's own management interface whenever possible. In the future, there might be an option to exclude removable SIMs from being reported to the Android system.

  • Q: Can EasyEUICC manage my phone's internal eSIM?

  • A: No. For EasyEUICC to work, the eSIM chip MUST proactively grant access via its ARA-M field.

  • Q: Removable eSIMs? Are they a joke?

  • A: No, even though the name "removable embedded SIM" can sound like an oxymoron. In fact, there can be many advantages to these chips compared to fully embedded ones. For example, the ability to transfer eSIM profiles without carrier support or approval, or the ability to use eSIM on devices that do not and may never get the support, such as Wi-Fi hotspots.

Copyright

Everything except libs/lpac-jni:

Copyright 2022-2024 OpenEUICC contributors

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation, version 2.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

libs/lpac-jni:

Copyright (C) 2022-2024 OpenEUICC contributiors

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation, version 2.1.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA