Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 81a1b3ec authored by Steven Moreland's avatar Steven Moreland
Browse files

init: enable 'user root' check at build time 

For visibility.

We could make this only for new API levels, but it isn't
currently exposed at build time, and visibility is good
on upgrades.

Bug: 340953047
Test: build, on device passing and failing requirements
Change-Id: I3a0ea47560c65114bc1b8685954d1fb7687cb8df
parent cdd4cb7d

init/Android.bp

+10 −0
Original line number Diff line number Diff line
@@ -571,6 +571,11 @@ cc_library_static { 
    ],

    export_include_dirs: ["test_utils/include"], // for tests

    header_libs: ["bionic_libc_platform_headers"],

    product_variables: {

        shipping_api_level: {

            cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],

        },

    },

}



// Host Verifier
@@ -625,6 +630,11 @@ cc_defaults { 
            enabled: false,

        },

    },

    product_variables: {

        shipping_api_level: {

            cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],

        },

    },

}



cc_binary {

init/host_init_stubs.h

+1 −0
Original line number Diff line number Diff line
@@ -32,6 +32,7 @@ 
#define __ANDROID_API_S__ 31

#define __ANDROID_API_T__ 33

#define __ANDROID_API_U__ 34

#define __ANDROID_API_V__ 35



// sys/system_properties.h

#define PROP_VALUE_MAX 92

init/service_parser.cpp

+14 −1
Original line number Diff line number Diff line
@@ -52,6 +52,18 @@ using android::base::StartsWith; 
namespace android {

namespace init {



#ifdef INIT_FULL_SOURCES

// on full sources, we have better information on device to

// make this decision

constexpr bool kAlwaysErrorUserRoot = false;

#else

constexpr uint64_t kBuildShippingApiLevel = BUILD_SHIPPING_API_LEVEL + 0 /* +0 if empty */;

// on partial sources, the host build, we don't have the specific

// vendor API level, but we can enforce things based on the

// shipping API level.

constexpr bool kAlwaysErrorUserRoot = kBuildShippingApiLevel > __ANDROID_API_V__;

#endif



Result<void> ServiceParser::ParseCapabilities(std::vector<std::string>&& args) {

    service_->capabilities_ = 0;
@@ -680,7 +692,8 @@ Result<void> ServiceParser::EndSection() { 
    }



    if (service_->proc_attr_.parsed_uid == std::nullopt) {

        if (android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {

        if (kAlwaysErrorUserRoot ||

            android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {

            return Error() << "No user specified for service '" << service_->name()

                           << "', so it would have been root.";

        } else {