Use ro.product.enforce_debugfs_restrictions to mount/unmount debugfs
The property is enabled with a build flag
PRODUCT_SET_DEBUGFS_RESTRICTIONS which can be set in the device.mk file.
For testing purposes, a persistant property persist.dbg.keep_debugfs_mounted
can be set to keep debugfs mounted after bugreport collection.
Test: build and boot, adb shell an bugreport
Bug: 184381659
Change-Id: I0b7458658a82a6a454004461b036e816e5a0022a
diff --git a/cmds/dumpstate/dumpstate.cpp b/cmds/dumpstate/dumpstate.cpp
index 8fd05fb..039dbc5 100644
--- a/cmds/dumpstate/dumpstate.cpp
+++ b/cmds/dumpstate/dumpstate.cpp
@@ -2174,14 +2174,13 @@
}
/*
- * mount debugfs for non-user builds which launch with S and unmount it
- * after invoking dumpstateBoard_* methods. This is to enable debug builds
- * to not have debugfs mounted during runtime. It will also ensure that
- * debugfs is only accessed by the dumpstate HAL.
+ * mount debugfs for non-user builds with ro.product.enforce_debugfs_restrictions
+ * set to true and unmount it after invoking dumpstateBoard_* methods.
+ * This is to enable debug builds to not have debugfs mounted during runtime.
+ * It will also ensure that debugfs is only accessed by the dumpstate HAL.
*/
- auto api_level = android::base::GetIntProperty("ro.product.first_api_level", 0);
- bool mount_debugfs = !PropertiesHelper::IsUserBuild() && api_level >= 31;
-
+ auto mount_debugfs =
+ android::base::GetBoolProperty("ro.product.enforce_debugfs_restrictions", false);
if (mount_debugfs) {
RunCommand("mount debugfs", {"mount", "-t", "debugfs", "debugfs", "/sys/kernel/debug"},
AS_ROOT_20);
@@ -2289,7 +2288,10 @@
}
if (mount_debugfs) {
- RunCommand("unmount debugfs", {"umount", "/sys/kernel/debug"}, AS_ROOT_20);
+ auto keep_debugfs_mounted =
+ android::base::GetProperty("persist.dbg.keep_debugfs_mounted", "");
+ if (keep_debugfs_mounted.empty())
+ RunCommand("unmount debugfs", {"umount", "/sys/kernel/debug"}, AS_ROOT_20);
}
auto file_sizes = std::make_unique<ssize_t[]>(paths.size());