commit e767a71114c289507faeb91b5587e58a043a8d1d
author Steven Moreland <smoreland@google.com> Wed Jun 05 19:23:20 2024 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Jun 05 19:23:20 2024 +0000
tree 4ce3ee9ead113d148d7f82522274fd6f1637fda0
parent 5b09799b9f31ca5e3e9bd55537fa32fe638e7262
parent 81a1b3ec235fa0a9d09c6b2156b623523a12678f

Merge "init: enable 'user root' check at build time" into main

init/Android.bp

diff --git a/init/Android.bp b/init/Android.bp
index cd5f387..57e5a68 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -569,6 +569,11 @@
     ],
     export_include_dirs: ["test_utils/include"], // for tests
     header_libs: ["bionic_libc_platform_headers"],
+    product_variables: {
+        shipping_api_level: {
+            cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],
+        },
+    },
 }
 
 // Host Verifier
@@ -623,6 +628,11 @@
             enabled: false,
         },
     },
+    product_variables: {
+        shipping_api_level: {
+            cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],
+        },
+    },
 }
 
 cc_binary {

init/host_init_stubs.h

diff --git a/init/host_init_stubs.h b/init/host_init_stubs.h
index 753ed6b..2fef9d3 100644
--- a/init/host_init_stubs.h
+++ b/init/host_init_stubs.h
@@ -32,6 +32,7 @@
 #define __ANDROID_API_S__ 31
 #define __ANDROID_API_T__ 33
 #define __ANDROID_API_U__ 34
+#define __ANDROID_API_V__ 35
 
 // sys/system_properties.h
 #define PROP_VALUE_MAX 92

init/service_parser.cpp

diff --git a/init/service_parser.cpp b/init/service_parser.cpp
index de902e6..6781c70 100644
--- a/init/service_parser.cpp
+++ b/init/service_parser.cpp
@@ -52,6 +52,18 @@
 namespace android {
 namespace init {
 
+#ifdef INIT_FULL_SOURCES
+// on full sources, we have better information on device to
+// make this decision
+constexpr bool kAlwaysErrorUserRoot = false;
+#else
+constexpr uint64_t kBuildShippingApiLevel = BUILD_SHIPPING_API_LEVEL + 0 /* +0 if empty */;
+// on partial sources, the host build, we don't have the specific
+// vendor API level, but we can enforce things based on the
+// shipping API level.
+constexpr bool kAlwaysErrorUserRoot = kBuildShippingApiLevel > __ANDROID_API_V__;
+#endif
+
 Result<void> ServiceParser::ParseCapabilities(std::vector<std::string>&& args) {
     service_->capabilities_ = 0;
 
@@ -680,7 +692,8 @@
     }
 
     if (service_->proc_attr_.parsed_uid == std::nullopt) {
-        if (android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {
+        if (kAlwaysErrorUserRoot ||
+            android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {
             return Error() << "No user specified for service '" << service_->name()
                            << "', so it would have been root.";
         } else {