From d51883bb09f53bf912f1428b8ef28707216d6a8f Mon Sep 17 00:00:00 2001 From: Hridya Valsaraju Date: Fri, 2 Apr 2021 11:33:45 -0700 Subject: [PATCH] sm6375-common: Set PRODUCT_SET_DEBUGFS_RESTRICTIONS Starting with Android R launched devices, debugfs cannot be mounted in production builds. In order to avoid accidental debugfs dependencies from creeping in during development with userdebug/eng builds, the build flag PRODUCT_SET_DEBUGFS_RESTRICTIONS can be set by vendors to enforce additional debugfs restrictions for userdebug/eng builds. The same flag will be used to enable sepolicy neveallow statements to prevent new permissions added for debugfs access. Test: build, boot Bug: 184381659 Change-Id: I45e6f20c886d467a215c9466f3a09965ff897d7e --- holi.mk | 3 +++ rootdir/etc/init.qcom.rc | 18 ------------------ rootdir/etc/init.qti.kernel.rc | 5 ----- sepolicy/vendor/init.te | 1 - 4 files changed, 3 insertions(+), 24 deletions(-) diff --git a/holi.mk b/holi.mk index f28d9d5..a027e8a 100644 --- a/holi.mk +++ b/holi.mk @@ -225,6 +225,9 @@ PRODUCT_PACKAGES += \ ipacm \ IPACM_cfg.xml +# Kernel +PRODUCT_SET_DEBUGFS_RESTRICTIONS := true + # Keymaster PRODUCT_PACKAGES += \ android.hardware.keymaster@4.1.vendor diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc index f2e9851..ebc5d12 100644 --- a/rootdir/etc/init.qcom.rc +++ b/rootdir/etc/init.qcom.rc @@ -33,28 +33,14 @@ import /vendor/etc/init/hw/init.qcom.factory.rc import /vendor/etc/init/hw/init.xiaomi.rc on early-init - mount debugfs debugfs /sys/kernel/debug - chmod 0755 /sys/kernel/debug - # create symlink for vendor mount points symlink /vendor/firmware_mnt /firmware symlink /vendor/bt_firmware /bt_firmware symlink /vendor/dsp /dsp - # Change ownership of hw_recovery related nodes - chown system graphics /sys/kernel/debug/dri/0/debug/dump - chown system graphics /sys/kernel/debug/dri/0/debug/recovery_reg - chown system graphics /sys/kernel/debug/dri/0/debug/recovery_dbgbus - chown system graphics /sys/kernel/debug/dri/0/debug/recovery_vbif_dbgbus - chown system graphics /sys/kernel/debug/dri/0/debug/recovery_dsi_dbgbus - # Change ownership of sysfs power control node chown system graphics /sys/class/drm/card0/device/power/control - # Change ownership of sw_sync node - chown system graphics /sys/kernel/debug/sync/sw_sync - chmod 0666 /sys/kernel/debug/sync/sw_sync - #Disable UFS clock scaling write /sys/bus/platform/devices/1d84000.ufshc/clkscale_enable 0 @@ -80,8 +66,6 @@ on init write /sys/bus/msm_subsys/devices/subsys2/restart_level related on post-fs - chmod 0755 /sys/kernel/debug/tracing - mkdir /mnt/vendor/dsp 0770 root root copy /vendor/dsp/cdsp/fastrpc_shell_3 /mnt/vendor/dsp/fastrpc_shell_3 chmod 0644 /mnt/vendor/dsp/fastrpc_shell_3 @@ -123,8 +107,6 @@ on boot chown bluetooth bluetooth /sys/module/hci_smd/parameters/hcismd_set chown system system /sys/module/msm_core/parameters/polling_interval chown system system /sys/module/msm_core/parameters/disabled - chown system system /sys/kernel/debug/msm_core/enable - chown system system /sys/kernel/debug/msm_core/ptable chown system system /sys/kernel/boot_slpi/ssr chown system system /sys/module/radio_iris_transport/parameters/fmsmd_set chmod 0660 /sys/module/bluetooth_power/parameters/power diff --git a/rootdir/etc/init.qti.kernel.rc b/rootdir/etc/init.qti.kernel.rc index 77f4d2c..5ece729 100644 --- a/rootdir/etc/init.qti.kernel.rc +++ b/rootdir/etc/init.qti.kernel.rc @@ -32,9 +32,6 @@ import /vendor/etc/init/hw/init.qti.kernel.test.rc on early-init - mount debugfs debugfs /sys/kernel/debug - chmod 0755 /sys/kernel/debug - chown root system /dev/kmsg chmod 0620 /dev/kmsg @@ -58,8 +55,6 @@ on init write /dev/cpuctl/top-app/cpu.uclamp.colocate 1 on post-fs - chmod 0755 /sys/kernel/debug/tracing - # set aggressive read ahead for dm-0 and dm-1 during boot up write /sys/block/dm-0/queue/read_ahead_kb 2048 write /sys/block/dm-1/queue/read_ahead_kb 2048 diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te index 15d9b68..33eca8b 100644 --- a/sepolicy/vendor/init.te +++ b/sepolicy/vendor/init.te @@ -1,4 +1,3 @@ -allow init debugfs_tracing_debug:dir mounton; allow init vendor_sysfs_graphics:file mounton; # Allow init to set read_ahead_kb and discard_max_bytes on /data partition