Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c281c145 authored by Steven Moreland's avatar Steven Moreland Committed by Automerger Merge Worker
Browse files

Merge "init: enable 'user root' check at build time" into main am: e767a711 am: 1fe09c73 

Original change: https://android-review.googlesource.com/c/platform/system/core/+/3092789



Change-Id: Ibd2059c641e536be437e3e438835614d05018f33
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents d61da594 1fe09c73

init/Android.bp

+10 −0
Original line number Original line Diff line number Diff line
@@ -569,6 +569,11 @@ cc_library_static { 
    ],

    ],

    export_include_dirs: ["test_utils/include"], // for tests

    export_include_dirs: ["test_utils/include"], // for tests

    header_libs: ["bionic_libc_platform_headers"],

    header_libs: ["bionic_libc_platform_headers"],

    product_variables: {

        shipping_api_level: {

            cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],

        },

    },

}

}





// Host Verifier

// Host Verifier
@@ -623,6 +628,11 @@ cc_defaults { 
            enabled: false,

            enabled: false,

        },

        },

    },

    },

    product_variables: {

        shipping_api_level: {

            cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],

        },

    },

}

}





cc_binary {

cc_binary {

init/host_init_stubs.h

+1 −0
Original line number Original line Diff line number Diff line
@@ -32,6 +32,7 @@ 
#define __ANDROID_API_S__ 31

#define __ANDROID_API_S__ 31

#define __ANDROID_API_T__ 33

#define __ANDROID_API_T__ 33

#define __ANDROID_API_U__ 34

#define __ANDROID_API_U__ 34

#define __ANDROID_API_V__ 35





// sys/system_properties.h

// sys/system_properties.h

#define PROP_VALUE_MAX 92

#define PROP_VALUE_MAX 92

init/service_parser.cpp

+14 −1
Original line number Original line Diff line number Diff line
@@ -52,6 +52,18 @@ using android::base::StartsWith; 
namespace android {

namespace android {

namespace init {

namespace init {





#ifdef INIT_FULL_SOURCES

// on full sources, we have better information on device to

// make this decision

constexpr bool kAlwaysErrorUserRoot = false;

#else

constexpr uint64_t kBuildShippingApiLevel = BUILD_SHIPPING_API_LEVEL + 0 /* +0 if empty */;

// on partial sources, the host build, we don't have the specific

// vendor API level, but we can enforce things based on the

// shipping API level.

constexpr bool kAlwaysErrorUserRoot = kBuildShippingApiLevel > __ANDROID_API_V__;

#endif



Result<void> ServiceParser::ParseCapabilities(std::vector<std::string>&& args) {

Result<void> ServiceParser::ParseCapabilities(std::vector<std::string>&& args) {

    service_->capabilities_ = 0;

    service_->capabilities_ = 0;
@@ -680,7 +692,8 @@ Result<void> ServiceParser::EndSection() { 
    }

    }





    if (service_->proc_attr_.parsed_uid == std::nullopt) {

    if (service_->proc_attr_.parsed_uid == std::nullopt) {

        if (android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {

        if (kAlwaysErrorUserRoot ||

            android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {

            return Error() << "No user specified for service '" << service_->name()

            return Error() << "No user specified for service '" << service_->name()

                           << "', so it would have been root.";

                           << "', so it would have been root.";

        } else {

        } else {