Devices that launch with Android 12 using kernel
versions higher than v5.4 are required to ship with the GKI kernel. So that
partners can access
DebugFS in userdebug builds while they develop on the GKI
kernel, the kernel config
CONFIG_DEBUG_FS is enabled in the GKI defconfig.
DebugFS in user builds for devices
launching on Android 12.
Userdebug builds have better test coverage than user builds and get heavily
tested throughout the development cycle. The following plan minimizes the
difference between the two build types with respect to
DebugFS access, and
provides these benefits:
- Prevents userdebug builds from accidentally depending on
DebugFSfor new functionality
- Ensures that any existing functionality that's broken by the lack of DebugFS is known early in the development cycle
Debugfs accesses in userdebug builds are categorized as follows:
DebugFSfile initializations during device boot, such as a write access to a file in
DebugFSto turn on debug data collection.
- Bugreport generation: The dumpstate HAL reads
DumpstateBoard()is invoked by
dumpstate. This information becomes part of the bug report.
- Device-specific testing and validation.
The following table describes how each of these three categories is
supported in Android 12. Note that the
following only applies to userdebug builds since
DebugFS can’t be
mounted in user builds.
|Use case||Android 12 userdebug build|
||Dumpstate HAL performs this during HAL initialization. To enable the same,
|Bugreport generation: The dumpstate HAL reads
||Done by dumpstate HAL within
|Device-specific testing and validation||Adb root and shell. Mount
adb shell with
root access, use this command:
adb shell mount -t debugfs debugfs /sys/kernel/debug.
Required Partner Actions
Partners must enact the following based on these changes in Android 12 devices:
- Make all boot time initializations of
DebugFSnodes happen during the dumpstate HAL initialization. For an example of how to do this, see DNM: Example for boot time initialization of
- Don’t allow
DebugFSaccess during runtime. The following exceptions apply:
- Bugreport generation (comes from the dumpstate HAL)
- Testing and validation (accessible by
shell- ensure that DebugFS is mounted first)
Developers can set the debug persistent property
persist.dbg.keep_debugfs_mounted to keep
DebugFs mounted across reboots on userdebug and eng builds.
GTS compliance tests ensure that the
DebugFS filesystem isn’t
mounted in user builds. Sepolicy
neverallow statements ensure that in devices launching on Android 12 or higher, unauthorized processes aren't provided access to