I'm building a custom Android 10 firmware. I want to prevent the user of the device from being able to copy the firmware code from the device via ADB.
It's a USER build variant.
The user must have ADB access and can't limit it to specific commands.
Currently to get the code he could just do, for example:
adb pull /system/framework/services.jar
How can I modify AOSP to limit this access? Preferably l would like to prevent access to any other way to get the code from a running device.
Note:
You can restrict shell process to which all partitions it can get access to. This can be achieved by making the changes in SELinux policy.
Reference: https://source.android.com/security/selinux/customize