Merge "init: enable 'user root' check at build time" into main
This commit is contained in:
Steven Moreland
Gerrit Code Review
commit
e767a71114
3 changed files with 25 additions and 1 deletions
|
|
@ -569,6 +569,11 @@ cc_library_static {
|
|||
],
|
||||
export_include_dirs: ["test_utils/include"], // for tests
|
||||
header_libs: ["bionic_libc_platform_headers"],
|
||||
product_variables: {
|
||||
shipping_api_level: {
|
||||
cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
// Host Verifier
|
||||
|
|
@ -623,6 +628,11 @@ cc_defaults {
|
|||
enabled: false,
|
||||
},
|
||||
},
|
||||
product_variables: {
|
||||
shipping_api_level: {
|
||||
cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
cc_binary {
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@
|
|||
#define __ANDROID_API_S__ 31
|
||||
#define __ANDROID_API_T__ 33
|
||||
#define __ANDROID_API_U__ 34
|
||||
#define __ANDROID_API_V__ 35
|
||||
|
||||
// sys/system_properties.h
|
||||
#define PROP_VALUE_MAX 92
|
||||
|
|
|
|||
|
|
@ -52,6 +52,18 @@ using android::base::StartsWith;
|
|||
namespace android {
|
||||
namespace init {
|
||||
|
||||
#ifdef INIT_FULL_SOURCES
|
||||
// on full sources, we have better information on device to
|
||||
// make this decision
|
||||
constexpr bool kAlwaysErrorUserRoot = false;
|
||||
#else
|
||||
constexpr uint64_t kBuildShippingApiLevel = BUILD_SHIPPING_API_LEVEL + 0 /* +0 if empty */;
|
||||
// on partial sources, the host build, we don't have the specific
|
||||
// vendor API level, but we can enforce things based on the
|
||||
// shipping API level.
|
||||
constexpr bool kAlwaysErrorUserRoot = kBuildShippingApiLevel > __ANDROID_API_V__;
|
||||
#endif
|
||||
|
||||
Result<void> ServiceParser::ParseCapabilities(std::vector<std::string>&& args) {
|
||||
service_->capabilities_ = 0;
|
||||
|
||||
|
|
@ -680,7 +692,8 @@ Result<void> ServiceParser::EndSection() {
|
|||
}
|
||||
|
||||
if (service_->proc_attr_.parsed_uid == std::nullopt) {
|
||||
if (android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {
|
||||
if (kAlwaysErrorUserRoot ||
|
||||
android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {
|
||||
return Error() << "No user specified for service '" << service_->name()
|
||||
<< "', so it would have been root.";
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Reference in a new issue