OxygenOS prior to 4.0.3
The attacker can persistently make the (locked) bootloader start the
dm-verity disabled, by issuing the
fastboot oem disable_dm_verity command. Having dm-verity disabled, the kernel
will not verify the system partition (and any other dm-verity protected partition), which may allow for persistent code execution
and privilege escalation.