This is the SDK for PenumbraOS, the full development platform for the late Humane Ai Pin.
Caution
This is extremely experimental and currently is usable by developers only. See Installation for in-progress instructions on how to set it up.
The PenumbraOS SDK exposes the following restricted interfaces on the Ai Pin:
- DNS - Custom API implementation
- HTTP - Custom API implementation. Hopefully will add
OkHttphandler soon - WebSocket - Custom API implementation. Hopefully will add
OkHttphandler soon - Touchpad
- Hand Gestures
- Speech Recognition
- Shell Tunnel
- eSIM Configuration
- Settings Management - System and app settings with dynamic web UI
Additionally some experimental interfaces are provided:
Due to the locked down nature of the Humane Ai Pin, actually achieving access to "privileged" operations is very convoluted (untrusted_app cannot even access the network). The PenumbraOS SDK is designed to mitigate the setup issues and make a repeatable solution suitable for end users. The general spawn capabilities are provided by the pinitd init system.
This is the actual exposed API surface to developers, run from within your untrusted_app. The SDK maintains the multiplexed connection to the bridge service, making a clean developer experience for the underlying callback-based Binder service. Located in /sdk.
Quite literally just a bridge between the SDK and the privileged world. untrusted_app on the Pin is restricted to making binder connections to exclusively the nfc and radio SELinux domains. Since radio is everything having to do with cellular which is always in use, nfc becomes the obvious choice. pinitd is used to spawn a process as the nfc user and domain, and app_process is used to set up the JVM and run the actual service. Located in /bridge.
The gateway to all actual privileged operations. Currently, all operations are exclusively things that can run in the system domain, so bridge-system also runs in system. Communicates with bridge-core over Binder. Located in /bridge-system.
The management system for all PenumbraOS settings, and notably provides the embedded web server used for development and consumers like MABL to provide a settings UI. Runs as bridge-settings in the system domain, and communicates with bridge-core over Binder. Located in /bridge-settings.
Both a worker in the shell domain and a service for proxying actual sh commands, this service allows PenumbraOS pieces to perform actions that are otherwise restricted to direct ADB access. Runs as bridge-shell in the shell domain, and communicates with bridge-core over Binder. Located in /bridge-shell.
A command-line interface is available at /data/local/tmp/penumbra for managing system settings and executing module actions. Notably, this can be used to configure the eSIM.
# List available settings and actions
penumbra settings list
# Get/set system settings
penumbra settings system audio.volume
penumbra settings system audio.volume 75
# Execute module actions
penumbra settings esim getProfiles
penumbra settings esim enableProfile --iccid 89012345678901234567
penumbra settings esim downloadAndEnableProfile --activationCode LPA:1\$rsp.truphone.com\$QRF-SPEEDTESTThis is an active work in progress and may be difficult to set up. Please reach out to @agg23 for questions or help.
Note
These steps are chosen for active development of PenumbraOS and do not represent what the end user experience should be like. In a normal environment, pinitd is already running and the bridge and bridge-system services are set to run on boot and automatically restart on error.
For general installation, see https://github.com/PenumbraOS/installer. If you want to develop locally, running build.sh from a Bash-compatible shell will set up the entire environment for Pin for you on the actual device.