Enforce debugfs restrictions for S launching devices and newer Starting with Android R, debugfs cannot be mounted on production devices. In order to minimize the differences w.r.t debugfs between user and userdebug/eng builds, enforce a set of run-time and build-time restrictions on debugfs access for S launch devices and newer. For non-user builds, debugfs can still be accessed by root and by the dumpstate HAL during bugreport collection. Bug: 184381659 Test: build/boot Change-Id: I2af49acd8a5b3440c6ecbf365ab43cdb33ff897a

commit: 408d898a43794ede1214ecae9bd4f66d249fe608 [log] [tgz]
author: Hridya Valsaraju <hridya@google.com> Wed Apr 07 10:37:39 2021 -0700
committer: Hridya Valsaraju <hridya@google.com> Mon Apr 12 16:34:27 2021 -0700
tree: 36d0f9e82849f6a3f2a0b57b301cd8d164ac3399
parent: ffa65ba8f05078a1d4ffa1f9961e0e04a50d6ac9 [diff]
diff --git a/core/product_config.mk b/core/product_config.mk
index d703ee3..eb6f69f 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk

@@ -359,6 +359,14 @@
   endif
 endif
 
+ifeq ($(PRODUCT_SET_DEBUGFS_RESTRICTIONS),)
+  ifdef PRODUCT_SHIPPING_API_LEVEL
+    ifeq (true,$(call math_gt_or_eq,$(PRODUCT_SHIPPING_API_LEVEL),31))
+      PRODUCT_SET_DEBUGFS_RESTRICTIONS := true
+    endif
+  endif
+endif
+
 ifdef PRODUCT_SHIPPING_API_LEVEL
   ifneq (,$(call math_gt_or_eq,29,$(PRODUCT_SHIPPING_API_LEVEL)))
     PRODUCT_PACKAGES += $(PRODUCT_PACKAGES_SHIPPING_API_LEVEL_29)
commit	408d898a43794ede1214ecae9bd4f66d249fe608	[log] [tgz]
author	Hridya Valsaraju <hridya@google.com>	Wed Apr 07 10:37:39 2021 -0700
committer	Hridya Valsaraju <hridya@google.com>	Mon Apr 12 16:34:27 2021 -0700
tree	36d0f9e82849f6a3f2a0b57b301cd8d164ac3399
parent	ffa65ba8f05078a1d4ffa1f9961e0e04a50d6ac9 [diff]