From 81a1b3ec235fa0a9d09c6b2156b623523a12678f Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Mon, 20 May 2024 22:31:11 +0000
Subject: [PATCH] init: enable 'user root' check at build time

For visibility.

We could make this only for new API levels, but it isn't
currently exposed at build time, and visibility is good
on upgrades.

Bug: 340953047
Test: build, on device passing and failing requirements
Change-Id: I3a0ea47560c65114bc1b8685954d1fb7687cb8df
---
 init/Android.bp         | 10 ++++++++++
 init/host_init_stubs.h  |  1 +
 init/service_parser.cpp | 15 ++++++++++++++-
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/init/Android.bp b/init/Android.bp
index dd1f9aa3d..6992da4b0 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -571,6 +571,11 @@ cc_library_static {
     ],
     export_include_dirs: ["test_utils/include"], // for tests
     header_libs: ["bionic_libc_platform_headers"],
+    product_variables: {
+        shipping_api_level: {
+            cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],
+        },
+    },
 }
 
 // Host Verifier
@@ -625,6 +630,11 @@ cc_defaults {
             enabled: false,
         },
     },
+    product_variables: {
+        shipping_api_level: {
+            cflags: ["-DBUILD_SHIPPING_API_LEVEL=%s"],
+        },
+    },
 }
 
 cc_binary {
diff --git a/init/host_init_stubs.h b/init/host_init_stubs.h
index 753ed6bb2..2fef9d349 100644
--- a/init/host_init_stubs.h
+++ b/init/host_init_stubs.h
@@ -32,6 +32,7 @@
 #define __ANDROID_API_S__ 31
 #define __ANDROID_API_T__ 33
 #define __ANDROID_API_U__ 34
+#define __ANDROID_API_V__ 35
 
 // sys/system_properties.h
 #define PROP_VALUE_MAX 92
diff --git a/init/service_parser.cpp b/init/service_parser.cpp
index de902e6a8..6781c7083 100644
--- a/init/service_parser.cpp
+++ b/init/service_parser.cpp
@@ -52,6 +52,18 @@ using android::base::StartsWith;
 namespace android {
 namespace init {
 
+#ifdef INIT_FULL_SOURCES
+// on full sources, we have better information on device to
+// make this decision
+constexpr bool kAlwaysErrorUserRoot = false;
+#else
+constexpr uint64_t kBuildShippingApiLevel = BUILD_SHIPPING_API_LEVEL + 0 /* +0 if empty */;
+// on partial sources, the host build, we don't have the specific
+// vendor API level, but we can enforce things based on the
+// shipping API level.
+constexpr bool kAlwaysErrorUserRoot = kBuildShippingApiLevel > __ANDROID_API_V__;
+#endif
+
 Result<void> ServiceParser::ParseCapabilities(std::vector<std::string>&& args) {
     service_->capabilities_ = 0;
 
@@ -680,7 +692,8 @@ Result<void> ServiceParser::EndSection() {
     }
 
     if (service_->proc_attr_.parsed_uid == std::nullopt) {
-        if (android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {
+        if (kAlwaysErrorUserRoot ||
+            android::base::GetIntProperty("ro.vendor.api_level", 0) > 202404) {
             return Error() << "No user specified for service '" << service_->name()
                            << "', so it would have been root.";
         } else {