diff --git a/init/Android.bp b/init/Android.bp
index cd5f38702..57e5a681a 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -569,6 +569,11 @@ cc_library_static {
     ],
     export_include_dirs: ["test_utils/include"], // for tests
     header_libs: ["bionic_libc_platform_headers"],
+    product_variables: {
+        shipping_api_level: {
+            cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],
+        },
+    },
 }
 
 // Host Verifier
@@ -623,6 +628,11 @@ cc_defaults {
             enabled: false,
         },
     },
+    product_variables: {
+        shipping_api_level: {
+            cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],
+        },
+    },
 }
 
 cc_binary {
diff --git a/init/host_init_stubs.h b/init/host_init_stubs.h
index 753ed6bb2..2fef9d349 100644
--- a/init/host_init_stubs.h
+++ b/init/host_init_stubs.h
@@ -32,6 +32,7 @@
 #define __ANDROID_API_S__ 31
 #define __ANDROID_API_T__ 33
 #define __ANDROID_API_U__ 34
+#define __ANDROID_API_V__ 35
 
 // sys/system_properties.h
 #define PROP_VALUE_MAX 92
diff --git a/init/service_parser.cpp b/init/service_parser.cpp
index de902e6a8..6781c7083 100644
--- a/init/service_parser.cpp
+++ b/init/service_parser.cpp
@@ -52,6 +52,18 @@ using android::base::StartsWith;
 namespace android {
 namespace init {
 
+#ifdef INIT_FULL_SOURCES
+// on full sources, we have better information on device to
+// make this decision
+constexpr bool kAlwaysErrorUserRoot = false;
+#else
+constexpr uint64_t kBuildShippingApiLevel = BUILD_SHIPPING_API_LEVEL + 0 /* +0 if empty */;
+// on partial sources, the host build, we don't have the specific
+// vendor API level, but we can enforce things based on the
+// shipping API level.
+constexpr bool kAlwaysErrorUserRoot = kBuildShippingApiLevel > __ANDROID_API_V__;
+#endif
+
 Result<void> ServiceParser::ParseCapabilities(std::vector<std::string>&& args) {
     service_->capabilities_ = 0;
 
@@ -680,7 +692,8 @@ Result<void> ServiceParser::EndSection() {
     }
 
     if (service_->proc_attr_.parsed_uid == std::nullopt) {
-        if (android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {
+        if (kAlwaysErrorUserRoot ||
+            android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {
             return Error() << "No user specified for service '" << service_->name()
                            << "', so it would have been root.";
         } else {