Commit 408d898a authored Apr 07, 2021 by Hridya Valsaraju

Enforce debugfs restrictions for S launching devices and newer

Starting with Android R, debugfs cannot be mounted on production
devices. In order to minimize the differences w.r.t debugfs between user
and userdebug/eng builds, enforce a set of run-time and build-time
restrictions on debugfs access for S launch devices and newer. For
non-user builds, debugfs can still be accessed by root and by the
dumpstate HAL during bugreport collection.

Bug: 184381659
Test: build/boot
Change-Id: I2af49acd8a5b3440c6ecbf365ab43cdb33ff897a

parent ffa65ba8

core/product_config.mk

+8 −0

Original line number	Diff line number	Diff line
		@@ -359,6 +359,14 @@ ifeq ($(PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS),)
		endif
		endif

		ifeq ($(PRODUCT_SET_DEBUGFS_RESTRICTIONS),)
		ifdef PRODUCT_SHIPPING_API_LEVEL
		ifeq (true,$(call math_gt_or_eq,$(PRODUCT_SHIPPING_API_LEVEL),31))
		PRODUCT_SET_DEBUGFS_RESTRICTIONS := true
		endif
		endif
		endif

		ifdef PRODUCT_SHIPPING_API_LEVEL
		ifneq (,$(call math_gt_or_eq,29,$(PRODUCT_SHIPPING_API_LEVEL)))
		PRODUCT_PACKAGES += $(PRODUCT_PACKAGES_SHIPPING_API_LEVEL_29)