Use property ro.product.enforce_debugfs_restrictions to enable debugfs
restrictions Use the property ro.product.enforce_debugfs_restrictions to enable debugfs restrictions instead of checking the launch API level. Vendors can enable build-time as well as run-time debugfs restrictions by setting the build flag PRODUCT_SET_DEBUGFS_RESTRICTIONS true which in turn sets ro.product.enforce_debugfs_restrictions true as well enables sepolicy neverallow restrictions that prevent debugfs access. The intention of the build flag is to prevent debugfs dependencies from creeping in during development on userdebug/eng builds. Test: build and boot Bug: 184381659 Change-Id: If555037f973e6e4f35eb7312637f58e8360c3013
This commit is contained in:
Hridya Valsaraju
parent
007d7941c8
commit
6b7311fc99
2 changed files with 2 additions and 17 deletions
|
|
@ -849,21 +849,6 @@ int SecondStageMain(int argc, char** argv) {
|
|||
auto is_installed = android::gsi::IsGsiInstalled() ? "1" : "0";
|
||||
SetProperty(gsi::kGsiInstalledProp, is_installed);
|
||||
|
||||
/*
|
||||
* For debug builds of S launching devices, init mounts debugfs for
|
||||
* enabling vendor debug data collection setup at boot time. Init will unmount it on
|
||||
* boot-complete after vendor code has performed the required initializations
|
||||
* during boot. Dumpstate will then mount debugfs in order to read data
|
||||
* from the same using the dumpstate HAL during bugreport creation.
|
||||
* Dumpstate will also unmount debugfs after bugreport creation.
|
||||
* first_api_level comparison is done here instead
|
||||
* of init.rc since init.rc parser does not support >/< operators.
|
||||
*/
|
||||
auto api_level = android::base::GetIntProperty("ro.product.first_api_level", 0);
|
||||
bool is_debuggable = android::base::GetBoolProperty("ro.debuggable", false);
|
||||
auto mount_debugfs = (is_debuggable && (api_level >= 31)) ? "1" : "0";
|
||||
SetProperty("init.mount_debugfs", mount_debugfs);
|
||||
|
||||
am.QueueBuiltinAction(SetupCgroupsAction, "SetupCgroups");
|
||||
am.QueueBuiltinAction(SetKptrRestrictAction, "SetKptrRestrict");
|
||||
am.QueueBuiltinAction(TestPerfEventSelinuxAction, "TestPerfEventSelinux");
|
||||
|
|
|
|||
|
|
@ -985,7 +985,7 @@ on boot && property:ro.config.low_ram=true
|
|||
write /proc/sys/vm/dirty_expire_centisecs 200
|
||||
write /proc/sys/vm/dirty_background_ratio 5
|
||||
|
||||
on property:sys.boot_completed=1 && property:init.mount_debugfs=1
|
||||
on property:sys.boot_completed=1 && property:ro.product.enforce_debugfs_restrictions=true
|
||||
umount /sys/kernel/debug
|
||||
|
||||
on boot
|
||||
|
|
@ -1263,7 +1263,7 @@ on userspace-reboot-resume
|
|||
on property:sys.boot_completed=1 && property:sys.init.userspace_reboot.in_progress=1
|
||||
setprop sys.init.userspace_reboot.in_progress ""
|
||||
|
||||
on early-init && property:init.mount_debugfs=1
|
||||
on early-init && property:ro.product.enforce_debugfs_restrictions=true
|
||||
mount debugfs debugfs /sys/kernel/debug
|
||||
chmod 0755 /sys/kernel/debug
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue