Background

I’ve been doing a bunch of work recently trying to fix up and improve our Android CI setup. I’m planning on doing a future series of posts on the topic, but I thought this warranted its own post since it concerns a recent update.

If you’re running CI tests on an emulator, you’re going to need to restart it - ideally you want a freshly started emulator for every test run. This helps minimize the effects of bugs in the emulator itself, which are a fact of life for the time being.

SDK Tools 25.1.6 (May 2016) includes this note in the release notes:

To improve the security of the Android Emulator and to address a reported security vulnerability, the Android Emulator Console now requires authentication before you can enter commands. Enter the auth auth_token command after you telnet to an emulator instance. auth_token must match the contents of the .emulator_console_auth_token file in your home directory.

Great - they fixed a security vulnerability!1 Great, right?

The problem

Unfortunately the extra auth requirement breaks adb emu kill, which has long been the proper way to kill an emulator instance (though weirdly this doesn’t appear in the current documentation). The command just fails silently now.

Since adb emu kill doesn’t work, we’re left with these options:

  1. Disable the new authentication feature. You can do this by replacing the .emulator_console_auth_token file with an empty file. (Source)
  2. Kill the emulator process with kill -9.
  3. Telnet in to the emulator, authenticate, and issue the kill command there.

Disabling authentication

Disabling the authentication would probably be OK - since we’re just talking about CI tests we probably don’t care too much about securing it. The problem here is that the .emulator_console_auth_token file lives in the user’s home directory. This system-level config is a pain in the arse for portability - you have to remember to change the system setting for every environment you want to run the CI scripts on. That also means exposing dev machines to the security vulnerability (if they ever want to run CI scripts locally).

Killing the process

kill -9 is considered bad practice because you don’t give the process the chance to do any cleanup. That could mean a variety of bad things: corrupting the filesystem image, not closing ports correctly, etc. You’re opening the door to a host of potential issues.

Doing it the right way (hopefully)

So, option 3 it was! The below Expect script opens a telnet session to the emulator, authenticates, and then issues the kill command (this is different to kill -9 since it allows the emulator to shut down correctly). There’s not much else to say really, other than I hope you find it useful.

Oh, and it’s my first Expect script, so please be kind. :)

  1. I’ll save my amazement that we have to worry about emulator security for another day.